Skip to content

Illustration by iStock; Security Technology

Device Security 101: Best Practices for Phones

Threat actors are increasingly targeting mobile devices to steal people’s credentials, to gain access to corporate networks, or simply to spy on victims’ activity.

To help you maintain your device's security, the U.S. National Security Agency recommends following these best practices:


1. Create a strong lock-screen pin or password (at least six digits) and set your phone to lock automatically after 5 minutes.

2. Consider also using biometrics (face recognition or fingerprints) for authentication to unlock your device.

3. Disable Bluetooth when you’re not using it.

4. Don’t connect to public WiFi, disable WiFi when unneeded, and delete unused WiFi networks.


5. Use a protective case that can drown the microphone to block room audio and cover the camera when not using.

6. Don’t have sensitive conversations near your phone unless it is configured to handle secure voice.

7. Update phone software and applications as soon as updates are available.

8. Don’t have sensitive conversations via text message.

9. Disable location services when not needed and do not bring your phone with you to sensitive locations.


10. Don’t open unknown email attachments or links.

11. Only use original charging cords or charging accessories purchased from a trusted manufacturer.

12. Don’t jailbreak or root your phone.

13. Power your phone off and on weekly.

14. Maintain control of your phone—don’t lose it!


Source: Mobile Device Best Practices, National Security Agency, September 2021