Securing Your Digital Life While Traveling (aka How to Not Get F*cked)

The Uruguay coast.

“We got robbed.”

I open my eyes. My friend said what? Was I dreaming? I’d only been asleep for maybe 2 hours.

I look around. My backpack, which was right next to my head, was gone. It contained my MacBook Pro, GoPro, and more.

I dash upstairs. 3 of my friends’ backpacks were gone too. A picturesque weekend in Punta del Diablo, a small beach town in Uruguay, ruined by a bold thief who broke in through our AirBnB window while we were sleeping.

Well fuck. Or more like… we just got fucked. #blessed

😡

This wasn’t my first time dealing with a lost, stolen, or broken device. I’ve lost my iPhone during drunk karaoke. I’ve had random hard drive crashes where I lost all my data.

Every one of these events reminded me that our digital lives and devices are more important than ever. Despite this, the vast majority of people still don’t do anything to protect themselves until it’s too late. It’s not the end of the world, but it’s certainly a huge pain in the ass.

On the bright side, these fateful events inspired me to take a lot of preventative measures, which I’m sharing with you today. Do the things in this guide now and your future self will thank you.

Notes:

• While this guide was honed while leading a long term travel lifestyle where problems are magnified (aka being a digital nomad with Remote Year), it applies to anyone who frequently travels or is on the go.
• My devices are mainly Apple, and while I do include some Windows and Android notes I’m happy to link to or append better versions.
• I wrote this for a general audience. If any part is confusing, let me know and I’ll revise it.

Let’s get to it.

Sections 1–3: Protect Yourself

Your digital life is on cruise control with Gmail, Facebook, Instagram, et al all set up. You access these on your prized laptop, smartphone, and other devices. Sections one through three provide tips on how to lower the probability of having these areas compromised while on the go.

1. Preventing unauthorized account access

🔑 Better passwords

Some obvious and not so obvious. Learn more with this guide.

• Every account should have a unique password. Important so if one service is hacked someone can’t just gain access to your other accounts.
• Passwords should be complex with at least 10+ characters with a mixture of letters, numbers, and symbols. Every additional character adds significantly more security. For example: an 8 character password takes 5 hours to crack, but 11 characters takes 1 decade. The time it takes to crack passwords will go down as computers continue to get faster.

If the above sounds too hard (human memories aren’t great), try these to make it easier.

• Use a password manager. They automate both of the above for you. I use 1Password since it’s well reviewed for iOS and MacOS but there are many other popular ones like LastPass and Dashlane.
• Use a password formula. If you don’t want to use yet another app, try a password “formula” that changes a few characters based on the service you’re logging into. Example: You have a base password of “Jumble178”. You’re logging into Yelp. You can use the last character of “Yelp” (so “p”) and add it to your base so the password for your Yelp account would be “Jumble178p”. This example, however, is too simple. You should definitely make it more complex by adding another part afterwards or before, adding more characters to the base, or using more characters from the service name. More on this.
• Use a sequence of memorable words. Another method: string together 5 or more memorable words (example: “intensive bottle clock shirt dresser”). This is easier to remember than a string of random characters. You can choose your own words, or you can use a popular method called Diceware which is a bit more random. You roll a dice and choose from a set of words. Their website has great instructions.

❓ Don’t set obvious answers to password hint questions

It’s possible for hackers to call into companies, pretend it’s you, and gain account access because your password hint answer is too easy (called social engineering). You can still use an obvious answer, but throw in a curve ball here and there like a random word or switching letters for numbers.

Mr. Robot: an amazing show with examples of social engineering.

📲 Use 2 factor authentication (2FA)

2FA is a step after username/password that asks for another piece of information only you should know. The most commonly known method is a 4 digit code texted to your mobile phone. While a bit annoying, enabling 2FA (especially on critical services like email) significantly reduces the chances of unwanted account access.

There are 2 popular types of 2FA today:

• SMS: A text message to your mobile phone number with a unique 4 to 6 digit code.
• Google Authenticator (GA): Similar to the code you receive through SMS but you don’t need a phone number to receive it, just a device you have with you like your smartphone or laptop.

GA is the better option since you probably won’t have access to your phone number while traveling internationally. SMS is also worse because it’s vulnerable to the social engineering problem of a hacker taking your phone number by calling into the phone company and pretending to be you.

Authy is a great app I use that aggregates GA compatible accounts into one place. Get the Authy app »

Authy

Unfortunately, not all services support GA. For those that don’t, you’re still better off using SMS. If you’re traveling internationally and don’t have access to your main phone number for receiving SMS, I recommend signing up for a VoIP phone service like Google Voice so you can still receive 2FA codes abroad with just internet. While less secure, it’s still better than no 2FA.

Notes:

• Unfortunately some services don’t allow 2FA SMS verification through VoIP services like Google Voice and in those cases I haven’t found a solution yet.
• See which services offer 2FA. GA is listed under “Software Token.”
• Here’s a more comprehensive guide to 2FA.

😮 Set alerts so you can immediately address suspicious activity

• Check if your account’s been hacked on Have I Been Pwned. This site will tell you if your email’s been included in any user data being sold on the black market from hacks. If so, change your password for that account immediately or delete the account if it’s something you don’t use anymore.
• For transactions on your bank account or credit card. Most banks let you set email or mobile alerts for specific events. Example: The Chase mobile app lets you set push notifications when there are charges over a certain amount or international charges.
• When your account is accessed from a weird location. A lot of accounts, like Gmail, will show you a log of where your account has been accessed. You can have it alert you or ask for verification when there’s suspicious activity.

2. Ensuring privacy of data

Make sure the data you’re transmitting or saving on your hard drive can’t easily be compromised and viewed by others.

🔒 Protect yourself while using public wifi

http://www.gocomics.com/theargylesweater/2015/08/07

For wifi in public areas like airports or cafes, it’s very easy for someone to steal passwords. Wireless routers are often easy to hack too because they all use the same administrative account info coming from the factory (i.e., username: admin, no password). Setting a strong password is all for naught if someone just steals it when you’re careless on public wifi.

• Use a Virtual Private Network (VPN): VPNs encrypt your internet traffic so that it can’t just be read by anyone. There are a lot of VPN services. I use Private Internet Access (PIA) because it’s consistently reviewed as a good balance between speed and anonymity. ExpressVPN is also popular, especially for usage in China. Why China? Because the other big benefit of VPNs is overcoming internet censorship, and China is a well known example. They block Google/Facebook/Twitter and more, while many other countries also block certain services like Malaysia blocking Medium, the service you’re reading this on.
• Use the HTTPS Everywhere browser extension: When you visit a website, make sure it starts with “https://“ instead of just “http://“. The “s” denotes it’s secure and safer to use because data is encrypted. This browser extension automatically does it for you (and more). Get HTTPS Everywhere »
• A bit more reading on wifi security.

🛡 Prevent data stolen directly from you and your devices

• Set a password on your smartphone or laptop. Duh.
• Encrypt your laptop hard drive. On Macs, turn on FileVault. On Windows, turn on BitLocker.

• Use a USB condom. Sometimes, random public USB ports you can plug into to charge your devices like at airports can be a ploy to steal data directly from your devices. USB condoms help by preventing data transfer while still allowing power through for charging. The name is also just awesome. Imagine people at the airport yelling: “Hold on, let me put a condom on it.” Buy a USB condom »

• Use RFID blocking sleeves. Prevent people from stealing your credit card and ID info. Color coded ones are better so it’s easier to differentiate your cards quickly. Get RFID blocking sleeves »
• Use a webcam cover. This one might seem silly, but it’s been proven that spyware can turn on your laptop’s webcam without you knowing. If you’ve seen Black Mirror Season 3 Episode 3, then you’ll know what I’m talking about. Buy a webcam cover »

Zuck knows what’s up with his webcam and mic covers.

3. Preventing loss and theft of devices

I’ve both lost my devices and had them stolen, so here are products I’ve bought to help prevent both.

• MacBook lock bracket: MacBooks haven’t had a lock bracket area since the generation before the Retina MacBook Pro, but thankfully there are brackets you can add on. They’re admittedly kind of ugly, but worth the peace of mind. Get the MacBook lock bracket »

• Laptop cable lock: A lock to use with the lock bracket (or if your laptop has an area for it already). I bought the thicker version, but there are thinner, cheaper versions. Get the laptop cable lock »

• Running belt (aka fanny pack): I write more about this in my other post, but avoid pickpockets by storing your phone in this instead of your pockets. Get the SPIbelt running belt »

• Luggage locks: To prevent airport workers from easily stealing your devices (they can still open zippers if there’s a lock, it’s just not as easy). Get the luggage lock » (might want one for all your bags)

• Travel door stop alarm: Stick this under your door when you’re sleeping in AirBnBs or weird hotels so you can wake up in case anyone tries to break in. Get the door stop alarm »

• Pacsafe stainless steel backpack protector: This thing looks a bit ridiculous and is not the easiest to use, but provides peace of mind when leaving a backpack unattended like at parks or hostels. Get the Pacsafe backpack protector »

• iPhone strap bracket & wrist strap: For the truly paranoid, attaching your iPhone to your body ensures it’s hard for people to take it in high risk areas (like music festivals or touristy areas) and can also help you use it more confidently when taking photos overlooking cliffs and other dangerous areas. If you don’t want to get a case that has an area for a keychain (they’re usually thicker), I bought bracket that screws into the bottom of my iPhone 6S Plus. It’s discrete and well made. While the exact one I have is no longer available, this one is similar and here’s the iPhone 5 version from the same company as mine. For the wrist strap, I got a paracord quick release strap. Here’s one similar to mine.
• Your hotel safe: Not something to buy, but make sure to use your hotel’s safe to store important devices and other items because the hotel will often assume responsibility for anything that’s stolen.

Sections 4–6: Crisis Control

You did everything above, and your device is still lost or stolen or something else bad. Shit happens. Sections four through six provide tips on how to minimize the impact afterwards (these need to be done beforehand obviously).

4. Recovering your devices

📝 Notes

If you lost your device and think you have good karma (who knows, might be your lucky day).

• Set a lock screen message on your smartphone or laptop with contact info and maybe an incentive for returning. Instructions: MacOS, iOS, Android, and Windows.
• Include a physical note in your phone case or taped to your laptop underside.

📡 Software tracking

Enable your device’s built in tracking software, which all major platforms have today.

• Apple instructions for Find My iPhone, iPad, Apple Watch, and Mac.
• Android instructions for Android Device Manager.
• Windows 10 instructions for Find My Device.

There’s also well made tracking software made by third parties.

• Hidden App is the one I use. It works across all Apple products and will take photos of your perpetrator and more.
• Prey is another popular alternative which works across all platforms.

📟 Hardware tracking

Use small Bluetooth trackers. I use and like Tile, which recently released a smaller, slimmer version which I need to try. Its “world’s largest lost and found” feature is also very cool, letting anyone else with a Tile look for your lost item (especially helpful in populated, urban areas).

Get the Tile bluetooth tracker »

Tile

5. Backing up your data

Backing up your data is pretty common today, but a lot of people still don’t. If you travel, it’s doubly important. By diligently backing up your data, losing a device ends up only being a matter of time and money and not any of the despair from losing important files like photos and documents (which can be catastrophic depending on what you do). Thankfully I was diligent about this and was back up and running within 24 hours after replacing my stolen MacBook in Uruguay.

☁️ Keep important files in the cloud

• Dropbox: I use it, love it, and pay for its Pro plan. I want to specifically point out the Selective Sync feature, which many people don’t know about. It lets you specify the folders you actually want on your hard drive. Example: Stop a folder full of old family videos from syncing and taking up precious space, but if you still needed them you can access it on dropbox.com or re-sync it. Sign up for Dropbox »
• iCloud: For your iOS devices make sure to enable iCloud nightly back up when on wifi. You’ll never have to think about it after. You can also use iCloud for backing up files on MacOS.
• Crashplan is another popular back up service that works on both Windows and MacOS.
• Use apps that continually sync, like Evernote.

💾 Back up your laptop to an external hard drive regularly

For my MacBook, I do a weekly Time Machine back up to an external hard drive. It’s pretty manual since I have to separately connect an external hard drive, but I keep them separate on purpose so if my MacBook is lost or stolen I know I still have my back up elsewhere (no single point of failure).

Also, you may be wondering why I have a physical back up when I already use services like Dropbox. The benefit of a Time Machine backup over Dropbox is that Time Machine saves all of my system settings like the applications I’ve installed to the speed of my mouse cursor. This way, if I lose my MacBook I can basically buy a new one, plug in the hard drive, and have it be restored to exactly what my previous MacBook was like. This is how I was up and running so quickly after being robbed.

• MacOS instructions for setting up Time Machine backups.
• Windows instructions for their similar feature Backup and Restore.

External hard drives today are relatively cheap too for the amount of space you get so there’s little reason to not get one. I recommend these drives from WD »

6. Financial coverage

Limit the financial hit of losing a device.

☮️ Insurance

If you have the money, I think the peace of mind insurance offers is worth it.

• Device insurance: There are many device specific insurance plans like AppleCare, Squaretrade, and Esurranty (which I’ve used). Specifically look to see if they cover loss or theft because many don’t. Here’s a good guide.
• Travel property insurance: This may be smarter for traveling, which covers everything you own. I have friends that use Clements Worldwide International Property Insurance and recommend it. Not the easiest claim process, but it did work.
• Homeowners and renters insurance: Many forget their homeowners and renters insurance covers events even while traveling. However, the deductible is usually pretty high so only helpful if you lose a lot of items at once.

💳 Credit card purchase protection

Many credit card networks, such as Visa or AMEX, often cover theft and damage within 45 to 120 days of the purchase date. Here’s a breakdown. Check what your card offers.

Example: My Chase Sapphire Reserve card offers purchase protection for 120 days for up to $10,000 per claim. Great card by the way.

👮🏻‍ Police reports

Always get a police report or something in writing if a device is lost or stolen as most insurance providers ask for it.

I wish I had done these all before that night in Uruguay, but so is life. My hope is that my experiences go on to be helpful for others to avoid the same fate. 😀

If you enjoyed this post, check out my new app Wanderium: https://www.wanderium.com. It’s filled with similar travel pro tips on the best gear, apps, and gotchas… but more. Like a lot more. Like so many your brain will explode. Okay actually not that many. You get the idea.