I thought it was time to ask a stupid question, so here goes:
So I'm travelling (solo) soon for a couple of weeks across 3 European countries. I do this on a regular basis and to considerably weirder places and have my iPhone with me. This is a principal device for dealing with flight bookings/tickets/emails/itinerary notes/payments/airbnb/travel documents backup etc. It usually gets an eSIM chucked in it which does data and I run off that and WiFi hop. When on WiFi I use it to push all my photos off my mirrorless up to iCloud as well.
However I started looking at tangible risks when travelling which come down to two things:
1. If it gets stolen.
2. If my iCloud account gets hosed.
So the stolen thing is pretty easy, but there's a couple of risks with this I can't seem to work around. Firstly, if it's stolen while it's unlocked or the PIN is observed by someone over my shoulder then it's game over even if I have stolen device protection on. The phone and the iCloud account are a write off. If it is merely stolen and they can't get into it, I thought hey I'll just buy another one and log in with that. Well I can't do that either because (a) my MFA devices (iPad, MacBook) are all at home and (b) the second factor is SMS and the SIM is in the phone that just got stolen. GAME OVER.
Now the second risk is if my account gets attacked remotely. This literally happened to a family member this morning and she still can't get into the account. Literally "someone tried to log in from Moscow" (no joke) and now her phone won't sync email and iMessage stopped working. If I'm in the middle of nowhere then I'm screwed. I can't MFA it again and I probably can't sign in at all if the account is compromised including resetting password. GAME OVER
Unless I have another exit plan, which I can't see, I can only conclude that relying on iCloud here is somewhat a mortal risk. Therefore I'm looking at ways out of this. Anyone got an exit strategy here?
Only thing I can see is to keep principal services isolated (email / password keychain) and put my keepass database into an encrypted zip file on my public web site (with essential travel documents/scans etc). If it's stolen, then that's it: I buy a crap android handset with physical cash/card, get it on wifi somewhere, sideload APKs for keepass, download the zip and decrypt it from password in my memory and set up email again and get an eSIM working.
Then I drift onto that being the default safe operating mode: no cloud, side loaded Android. And I can't really do that on iOS at all because you can't install anything off the store without an apple ID set up on it.
So I'm travelling (solo) soon for a couple of weeks across 3 European countries. I do this on a regular basis and to considerably weirder places and have my iPhone with me. This is a principal device for dealing with flight bookings/tickets/emails/itinerary notes/payments/airbnb/travel documents backup etc. It usually gets an eSIM chucked in it which does data and I run off that and WiFi hop. When on WiFi I use it to push all my photos off my mirrorless up to iCloud as well.
However I started looking at tangible risks when travelling which come down to two things:
1. If it gets stolen.
2. If my iCloud account gets hosed.
So the stolen thing is pretty easy, but there's a couple of risks with this I can't seem to work around. Firstly, if it's stolen while it's unlocked or the PIN is observed by someone over my shoulder then it's game over even if I have stolen device protection on. The phone and the iCloud account are a write off. If it is merely stolen and they can't get into it, I thought hey I'll just buy another one and log in with that. Well I can't do that either because (a) my MFA devices (iPad, MacBook) are all at home and (b) the second factor is SMS and the SIM is in the phone that just got stolen. GAME OVER.
Now the second risk is if my account gets attacked remotely. This literally happened to a family member this morning and she still can't get into the account. Literally "someone tried to log in from Moscow" (no joke) and now her phone won't sync email and iMessage stopped working. If I'm in the middle of nowhere then I'm screwed. I can't MFA it again and I probably can't sign in at all if the account is compromised including resetting password. GAME OVER
Unless I have another exit plan, which I can't see, I can only conclude that relying on iCloud here is somewhat a mortal risk. Therefore I'm looking at ways out of this. Anyone got an exit strategy here?
Only thing I can see is to keep principal services isolated (email / password keychain) and put my keepass database into an encrypted zip file on my public web site (with essential travel documents/scans etc). If it's stolen, then that's it: I buy a crap android handset with physical cash/card, get it on wifi somewhere, sideload APKs for keepass, download the zip and decrypt it from password in my memory and set up email again and get an eSIM working.
Then I drift onto that being the default safe operating mode: no cloud, side loaded Android. And I can't really do that on iOS at all because you can't install anything off the store without an apple ID set up on it.
