Tim (@oraclebase) points out something Rich (@rmanalan) and I have previously discussed. Soft keypads foster weak passwords.
Do virtual keyboards promote weak passwords? | The ORACLE-BASE Blog
Having to shift for capital letters and switch keyboards for some special characters is bad enough, but when coupled with the inconsistent implementation of keyboards between OSes, a strong password is maddeningly difficult to enter.
For example, I’ve noticed that Android’s stock keypad considers # important enough to be on the primary number keypad. IOS, however, does not, forcing you to find the extended symbol keypad.
The alarmingly frequent hacking of service providers like Gawker, Trapster and over the weekend Plentyoffish (Update: And SourceForge and even Amazon), has shone an unpleasant light on two facts:
- Services get hacked. It happens.
- People are frightening cavalier with passwords and don’t understand the implications of using weak passwords.
I’m glad Tim blogged this because soft keypads only exacerbate the weak password problem. If people are too lazy to use stronger passwords when presented with a real keyboard, imagine how lax they are when using a small, touch or tactile one.
One possible solution is 1Password, coupled with Dropbox. If you read here, you’ll know all this already. If not, spend time researching the combination. Well worth it.
Then there are those for whom passwords on mobile devices seemed such a problem that an option to turn off masking was considered http://www.useit.com/alertbox/passwords.html. In the enterprise space with the value of the data being protected I really think strong passwords are essential. Perhaps we need to move past this whole typing in thing and use the onboard cameras to detect retina signatures, OCR for finger prints etc.
A lot of apps support a “show password” option, which is a h/t to defeating masking. Does seem like a crutch that only makes the root problem worse.
I expect you’re right that we’ll see facial recognition or other fuzzy logins like Facebook’s new identify a friend (i.e. help us improve our facial recognition technology) to recover your password.
Uvox, Jake,
1) 1Password for Android lets you view the password as you type it, if you want.
2) With biometrics you still need someway of getting in without me there – how do you retrieve my email or cloud docs, or manage my banking for me, if I’m unavailable (or heaven forbid, dead) ? I know it wouldn’t be my problem any more, but the missus might be worried !!!
Yup, I’m a big fan of 1Password on all platforms. I use it on Android and iOS. Biometrics would have to augment strong passwords I suppose. The only really good answer is a password store and random, individual passwords.
1Password FTW!
Or back up your biometrics.
(Yes, I read too much science fiction).
Nice one.