With the increasing reliance upon mobile devices for access to secure systems such as Slate, we are publishing several facts and best practices associated with the management of mobile devices with respect to Slate.
Mobile devices are typically no more or less secure than any modern desktop browser when interacting with Slate.
All communications occur over HTTPS, with a minimum 128-bit SSL, so even if a mobile device is connected to an insecure network, such as a public wi-fi or hotel network, there is no risk of data exposure or leakage. The same single sign-on systems are used when accessing Slate from a mobile device, and the same login session inactivity thresholds apply, wherein a user is automatically logged out after a period of inactivity. No sensitive data whatsoever is stored on a mobile device, so should a device be lost or stolen, there is no sensitive data that would reside on the device. (There are limited offline capabilities within Slate that must be specifically enabled by an institution and carry different risks, which are discussed with the institution prior to enablement.) We do not recommend that you set any mobile device to remember your password, however, since a lost or stolen device could potentially be used to log in on your behalf if your password has been saved and you have not changed it.
- Do not save passwords to secure resources on your mobile device.
- Enable "Find My iPhone" or equivalent service to enable lost/stolen device location and remote wipes.
- Set a PIN on your mobile device. Even a 4-digit PIN provides an additional layer of security and can lockout an attempted user who does not have your PIN.