Smarter Phones, Weaker Passwords

By JakeJanuary 31st, 2011 6 Comments

Tim (@oraclebase) points out something Rich (@rmanalan) and I have previously discussed. Soft keypads foster weak passwords.

Do virtual keyboards promote weak passwords? | The ORACLE-BASE Blog

Having to shift for capital letters and switch keyboards for some special characters is bad enough, but when coupled with the inconsistent implementation of keyboards between OSes, a strong password is maddeningly difficult to enter.

For example, I’ve noticed that Android’s stock keypad considers # important enough to be on the primary number keypad. IOS, however, does not, forcing you to find the extended symbol keypad.

The alarmingly frequent hacking of service providers like GawkerTrapster and over the weekend Plentyoffish (Update: And SourceForge and even Amazon), has shone an unpleasant light on two facts:

  1. Services get hacked. It happens.
  2. People are frightening cavalier with passwords and don’t understand the implications of using weak passwords.

I’m glad Tim blogged this because soft keypads only exacerbate the weak password problem. If people are too lazy to use stronger passwords when presented with a real keyboard, imagine how lax they are when using a small, touch or tactile one.

One possible solution is 1Password, coupled with Dropbox. If you read here, you’ll know all this already. If not, spend time researching the combination. Well worth it.


Possibly Related Posts

  • uvox

    Then there are those for whom passwords on mobile devices seemed such a problem that an option to turn off masking was considered http://www.useit.com/alertbox/passwords.html. In the enterprise space with the value of the data being protected I really think strong passwords are essential. Perhaps we need to move past this whole typing in thing and use the onboard cameras to detect retina signatures, OCR for finger prints etc.

  • http://theappslab.com Jake

    A lot of apps support a “show password” option, which is a h/t to defeating masking. Does seem like a crutch that only makes the root problem worse.

    I expect you’re right that we’ll see facial recognition or other fuzzy logins like Facebook’s new identify a friend (i.e. help us improve our facial recognition technology) to recover your password.

  • http://basissap.com martin_english

    Uvox, Jake,
    1) 1Password for Android lets you view the password as you type it, if you want.
    2) With biometrics you still need someway of getting in without me there – how do you retrieve my email or cloud docs, or manage my banking for me, if I’m unavailable (or heaven forbid, dead) ? I know it wouldn’t be my problem any more, but the missus might be worried !!!

  • http://theappslab.com Jake

    Yup, I’m a big fan of 1Password on all platforms. I use it on Android and iOS. Biometrics would have to augment strong passwords I suppose. The only really good answer is a password store and random, individual passwords.

    1Password FTW!

  • http://www.garry.to joel garry

    Or back up your biometrics.

    (Yes, I read too much science fiction).

  • http://theappslab.com Jake

    Nice one.