07 March 2013

Reader Question - Keeping Filofax contents safe - Louise

We received this question from Louise in our in-box last week. Please take a read and let us know your thoughts in the comments.

I am a long-time Filofax user and a long-time Philofaxy lurker - what a wonderful blog!

I have been wondering for a while about the security of the information we note down in our Filofaxes, I would be interested to know whether others are concerned by this, and any steps that they take to mitigate the risks.

For many (most?) of us, our Filofax will contain many of the details we keep locked in our home filing cabinets and if it were to fall into the hands of a 'baddie' the repercussions could be grave. 

The kind of issues that spring to mind are:
  • My name and address together with my diary - shows when my house will be empty
  • My name and address together with reference to key personal information (name of my pet, wedding anniversary etc) - could be used for identity theft
  • The name, addresses, phone numbers and emails addresses of friends and family in my address book - could be used for the theft of their identity
  • Details of the banks I use, dates of direct debits and amounts etc in combination with the above information - could be used to take money from my bank account (and possibly indicate my wealth)
  • Details of internet passwords - could be used to access my online accounts and my online identity
Naturally, if we also use our Filofax for work purposes, we may note down sensitive commercial or client information that we wouldn't wish anyone else to see.  Perhaps it wouldn't be a disaster on the same scale as some of the 'civil service usb stick left on the train' incidents, but it could be unpleasant nevertheless!

Of course, the chance of this happening is slim and I have laid out the worst case scenarios to illustrate my case.  

The same arguments could also be made about losing your phone or laptop.  However, electronic devices require a password where a Filofax can be read instantly, and there are a variety of security apps that can be installed on electronic devices that aren't available for paper planners.  It strikes me that Filofaxes are uniquely vulnerable because they inspire such intimacy from their users but could be accessed by anyone who has it in their hands.

There is a balance to be struck between maintaining a useful Filofax that contains all of the information that we need, and sharing details that  could compromise our security, or those of others.  There is also a balance to be struck between a state of reckless abandon and one of constant paranoia! 

I don't believe that there will be many Filofax users who write out their on-line banking details in full under the Finance tab, but I do believe it is worth reflecting on the repercussions of losing your Filofax.  I have read comments from Philofaxers who encrypt their login details before noting them down for example; I'd be interested to know of any other similar strategies that folk use. 

Louise

Thank you Louise for your excellent question.

23 comments:

  1. It strikes me that some of the issues raised could be ameliorated by improving general security measures rather than those relating to a filofax. For example, any account names or passowrds that relate to a pet name and wedding anniversary are weak passwords to start off with. Use something random or unrelated to your life but memorable like London2012 or whatever.

    Second, you know your address so why write it in your filofax? In case it gets lost? Note that it should be returned to your work or the local Police Station or a post restante address combined with an email to notify you its there.

    If passwords are written down encrypt them. Names and addresses of freinds and phone numbers are readily available anyway and not enought for identity theft alone. For your direct debit info rather than writing 'Paid Orange' you could just write Mobile Bill paid. You give your bank details away everytime you write a check or do an online payment so theres no more risk putting that in a filofax really

    ReplyDelete
  2. Thank you Helen for some excellent suggestions. As you say, just a few small tweaks to what we write down could make a big difference.

    ReplyDelete
  3. I encrypt my written-down passwords in my Filofax anyway - where I really need to make a change is that my monthly finance logs (where I go through and work out how much got spend on what) are in my daily Filo. What ameliorates that is that I don't have any tabs, so someone wanting that information would have to go to through loads of lists about films and books and exercise routines before they got to the financial info - which as I'm a student just proves I don't have money to burn!

    ReplyDelete
  4. I don't write down too much serious stuff anyway. At least not yet. What I do with passwords is select one fantasy word - One that is in no dictionary but which I (and only I) can memorize. I then create a second part for each site and that is what I write down - If I ever write it down, that is.

    I also don't write down any addresses, but I registered my Filo anyway. And I don't do online banking (yet), so that's no problem either. Just common sense, but we all should have enough of that, right?

    ReplyDelete
  5. There is very little in my FF that would be of use to anyone. No birthdays/anniversaries (they are all on the wall calendar in the kitchen). Any pins are disguised as phone numbers. I don't have my address written down and there is no financial information at all. On the other hand a thief could have a good laugh at the list of all the things that need doing to the house and my appalling habit of ruining a good food day by eating three slices of banana and walnut loaf in the evening! My FF goes everywhere with me and I have always been very aware that I don't want to leave any sensitive information around.

    ReplyDelete
  6. I don't write my address, phone number or bank details in mine and all my passwords are random words which I write in a shortened code version. If anybody has the patience to go through the minutiae of my diary entries well good luck to them lol.
    I've also registered my filofax and the page with that info on is right at the front, though people are inherently nosey and I think that if you're taking a thing out in public then don't put anything in it that you wouldn't want strangers to know. Personal info at home, general info out and about, unless you're terrifically good (like MI5 good) at codes and things.

    ReplyDelete
  7. I have a few addresses and a few phone numbers in my Filofax - only numbers that someone would need as a "next of kin" thing - and they're all mobile numbers anyway so they're easy enough to change. The addresses are for my benefit 'cause I write letters, and most of that information as Helen said, is probably readily available anyway. I do also have my own number and my email address but, again, it's a mobile number and both are easily changeable.

    I don't' store bank details, or cards or cash or anything like that in my Filofax, 'cause if I lose the Filofax, I lose the lot. Which i think is a bit stupid myself, but if it works for you, it works for you. I just wouldn't do it.

    Danni

    ReplyDelete
  8. This comment has been removed by the author.

    ReplyDelete
  9. Never write down a password in plain text. I use one of three key words at the heart of every password I make and can therefore encrypyt fairly easily. For example, if my key words were Bicycle, Tantamount and Evidence, I'd be able to encrypt like this:

    B_215 = Bicycle125
    x1b_ = x1bicycle
    e_b_ = evidencebicycle
    t_66E_ = tantamount66Evidence

    ReplyDelete
    Replies
    1. Great examples! I've been meaning to do this. Thanks!

      Delete
    2. Ray, that's a top tip! I know a lot of people encrypt their password hints, but I hadn't thought of using this particular method.

      Delete
    3. I use a similar system with four words which I write as (1) (2) (3) or (4) to indicate which one I use. Unless you know what the four words are you wouldn't be able to decode the password.

      Delete
    4. Cunning plan... currently I just store my passwords in my head, which knowing my brain isn´t the safest place for them as they may just fall out :-) Time to get organised and change all my passwords I think...

      Delete
  10. I personally don't keep any sensitive data in my filofaxes & it would be more frustrating if stolen/lost as I'd lose my to-dos, notes & project info.

    However, I do keep login details etc. electronically & tend to only write hints for myself as a reminder, which wouldn't mean much to anyone else.

    ReplyDelete
  11. I once found a Filofax lying in the gutter outside my front door!!
    I lived on a main street in Bristol, above a parade of shops, so it was obvious that it had fallen out of the side door glove compartment of a car door, or fallen out of a handbag. It was a well used, well loved, stuffed to the brim Filofax. What was important was that a contact phone number was printed clearly at the very front, so I was able to drop the Filofax off to its rightful owner. Turned out it belonged to a locum GP visiting our area and that she had her emergency pager in there too.... so somewhat important.She sent me the most gorgeous bouquet of flowers to say thank you. I was so, so touched by that.....now I wonder if she reads Philofaxy!!!!?????

    ReplyDelete
    Replies
    1. What a great story! I think, as others have mentioned above, that printing your mobile phone number on the front page is a great compromise between being secure and being practical.

      Delete
  12. What I have done since using a smart phone and a Filofax (which covers the same time span) is to split information between the two places.
    My iphone carries my phone numbers and encripted passwords. I use a password on it at all time.
    My bank is on a mobile app on the phone, and provides a safe recording area for memorializing my purchases.
    So basically I am just splitting information up, which insures its safety. My calendaring and daily to do lists use about 50% of my Filo, and a second Filo is used for a daily diary for my goals, future plans, and that type of thing.

    ReplyDelete
  13. I must admit that I've never worried too much about this. As Helen points out above, much of this information is already freely available elsewhere. If I lost the filofax, a few quick phone calls could result in newly issued account numbers and/or frozen accounts. My name, address, and phone numbers are freely available to anyone with a phonebook or internet connection. I don't have my own birthdate written into my filofax but that, too is a public record here in the US. Passwords are certainly a concern which I should probably address. My passwords have become increasingly complex and difficult to recall, especially for services I don't access often.

    ReplyDelete
    Replies
    1. I wrote a general article about it here
      http://thisbugslife.com/2013/02/15/dealing-with-confidential-information-in-your-filofax/
      ---- I work a lot with classified information so I guess I am a bit paranoid.

      Delete
  14. One way of reducing the chance of having your filofax stolen, is to avoid using it to store bank cards. I have a notepad in my M2, to use as an occasional input device, but my "data" is carried in a slimline, safely out of sight.

    If you must use your filofax as a wallet, aim to have your bank card in your hand, before you arrive at the "checkout", keeping your filofax out of sight.

    ReplyDelete
  15. It's interesting that personal information in the public domain is dependent on where you live, I hadn't really considered that before although it's obvious now I think about it!

    I have always had it drummed into me that I should shred my name and address from the front of envelopes so I suppose that is why I extend the same caution to keeping that information in my Filofax. The guidance on identify theft in the UK is here:

    http://www.actionfraud.police.uk/support-and-prevention/protect-yourself-from-fraud

    It seems as though most of us are very savvy about all of the obvious safety concerns - personal details/passwords etc. Does anyone worry about their diary appointments being exploited because it is obvious when you are out of the house? If so, do you encrypt your appointments too, or is that going a bit far in your opinion?!

    ReplyDelete
  16. I make sure to never have anything in my wallet that speaks of my home address. All the 'Please return to...' info relates to my phone and email so that I can be readily contacted to arrange pick-up of the filofax if such a loss occurs. I agree with the comment that the risk of loss is increased if your planner is your wallet. I never could work the two together so it's not a problem for me to keep sensitive info (eg drivers licence with home address) out of it.
    Ray, I love your password method.

    ReplyDelete
    Replies
    1. **I make sure to never have anything in my FILOFAX that speaks of my home address! :)

      Delete