Leadership

Kanye West's 000000 iPhone password and 7 other things you should never do

Rapper Kanye West speaks during his meeting with US President Donald Trump in the Oval Office of the White House in Washington, DC, on October 11, 2018.
Saul Loeb | AFP | Getty Images
Rapper Kanye West speaks during his meeting with US President Donald Trump in the Oval Office of the White House in Washington, DC, on October 11, 2018.

During Kanye West's well-publicized visit to the White House on Thursday, he may have revealed more about himself than he intended to.

The rapper joined President Trump for a working lunch and, at one point, pulled out his phone to show the president a GIF. The cameras behind him caught his iPhone PIN, "000000," and broadcast it live.

By now, West has probably changed his PIN. But the reveal could have broader implications for his security.

"Even if his other PINs aren't 000000, knowing that he has poor cyber hygiene I think helps an attacker go, 'I bet his Gmail password isn't very good, either,'" says Jared DeMott, founder of VDA Labs and a former NSA analyst. Regardless, once your PIN is out there for the world to see, it's definitely time to change it.

CNBC Make It asked experts to share some of their top tips and best practices for finding a secure way to lock your phone.

1. Don't forget to use a PIN

Users on Twitter called out West for having such a simple password. But, DeMott says, it could have been worse: "At least he has a PIN. It was a bad PIN, but he did have a PIN, and that's better than no PIN."

Generally, he says, a PIN built from predictable numbers, like "123456" or "000000," isn't as secure as a random code. And since high-profile people like West are at greater risk of theft or hacking than others, they should be extra careful.

"Being a VIP in any sort of domain makes you a higher risk," he says. "You're a more valuable target because you probably have more money in your bank account and whatever people are after."

2. Don't keep it too simple

Thomas Etheridge, vice president of services of cyber security company Crowdstrike, says the longer the password, generally, the more secure it is. If you can't go for something long, like with a phone PIN, Etheridge says a combination of numbers and letters is the next best thing.

Easy-to-remember PINs like your birthday or zip code are tempting, but experts agree you should avoid anything that can be guessed easily.

Cyber security adviser Joseph Steinberg recommends using three simple but unrelated words to build a password or PIN no one will guess. One of those words should be something that isn't in the dictionary, like a last name.

3. Don't reuse PINs

Experts agree that using the same PIN for your iPhone and your debit card is not a good idea. DeMott says it's a mistake he sees often because phone and debit cards pins have to be entered manually, without help from a password manager like LastPass.

4. Don't assume your device locks automatically

Etheridge recommends securely locking your device each time you set it down, instead of depending on it to lock automatically. iPhones have an auto-lock set setting, which locks your phone after a specified period of inactivity. There is a "Never" option, too, that keeps your phone unlocked at all times but, in addition to draining your battery, this isn't very secure.

Steinberg says it's important to develop a habit of locking your phone because, if someone steals your phone while it's unlocked, they can easily access all of your information: "What if if locks after 30 seconds and someone comes and immediately grabs it?"

"At least he has a PIN. It was a bad PIN, but he did have a PIN, and that's better than no PIN." -Jared DeMott, founder of VDA Labs

5. Don't change your PIN too often

Some experts recommend changing your PINs as often as once every three months to a year, and others say not to change them at all, unless they've been compromised.

Having to remember multiple codes means we're less likely to choose strong ones. "Humans don't choose good passwords," DeMott says. "Basically, making them change them often doesn't help. In some cases, it could actually make it worse."

6. Don't show your PIN in public

While most people aren't being followed around by a group of reporters and TV cameras, West's experience can be a lesson to us all, Etheridge says. Don't share your PIN with other people, and make sure your phone screen is hidden when you enter it.

Steinberg notes that West may have anticipated the media coverage and cameras at the White House and temporarily changed his PIN for the visit. He advises anyone who will be in an area with lots of cameras to pick a temporary PIN in case it's seen. In some cases, it may not be important to hide your screen.

"Just be cognisant of what you're doing," he says. "So if you're on your phone and you're doing normal game playing or you're reading something, OK, what's the big deal. But on the other hand, if you're trying to do online banking from your phone in the subway station and there's cameras and people walking around, that may not be so wise."

Even if there aren't cameras around, be discreet in public places. Steinberg says a thief is more likely to steal a phone whose code they've learned from watching you over your shoulder in a crowd, for example. He recommends using a screen protector for additional privacy.

7. Don't use your old PIN on a new device

Rebecca Herold, CEO of the Privacy Professor consultancy and president of SIMBUS, suggests you change PINs when you sell your old phone. "Even if you think you removed your PIN from your phone before selling it, you may have the PIN stored somewhere in memory or storage, or in an app cloud, that you weren't aware of," she says.

Limit the number of apps you keep on your phone, too, because they are "notoriously" lacking security measures and some even track your keystrokes, which can include your PIN, she says.

"Other apps you don't use are often lurking and sucking up data, sending it to multiple third parties, who may be doing things with it that you wouldn't want them to do," she says.

8. Don't think of your smartphone as a phone

Steinberg urges you to think of smartphones not as phones but as pocket-sized computers full of personal information, and guard them accordingly.

"Understand that just like a computer, it needs security software, it needs to be thought of as a device that needs to be protected," he says. "Don't think of it as a phone, think of it as a computer with sensitive information."

Like this story? Subscribe to CNBC Make It on YouTube!

Don't miss: The surprising thing Elon Musk, Kanye West and Steve Jobs all have in common