Mobile apps, passwords, and security

As I move more and more towards using my phone for tasks that I might otherwise use a laptop, I can't help but notice that passwords are a problem. Strong passwords, like wI34$Rg5%Ttg (obviously, not one of mine) are fine when you have a normal keyboard, but on any mobile device, they're a real pain to enter. Even the best mobile keyboard requires lots of patience and exacting finger placement to get right, all

As I move more and more towards using my phone for tasks that I might otherwise use a laptop, I can't help but notice that passwords are a problem.

Strong passwords, like wI34$Rg5%Ttg (obviously, not one of mine) are fine when you have a normal keyboard, but on any mobile device, they're a real pain to enter. Even the best mobile keyboard requires lots of patience and exacting finger placement to get right, all while dealing with apps that may or may not echo the actual character back to the screen while you're typing. Combine this with the fact that many mobile apps and browsers do not or will not save passwords, and you run the risk of an awful lot of people simplifying their passwords for entry on mobile devices. This quickly turns strong passwords into weak passwords, if it doesn't run awfoul of corporate password-strength restrictions.

It's a damned-if-you-do-damned-if-you-don't scenario. The obvious solution to this would be biometrics, but I've yet to see a mainstream mobile device other than Lenovo's just-announced P960 that offers a fingerprint scanner. Another solution might be to allow saved passwords in mobile apps and browsers, but given the possibility of losing a phone containing that information, that's probably not a good idea.

I wish I had a better solution, especially since it might be difficult to keep a fingerprint scanner clean and operational on a mobile device -- I know that my phone tends to get pretty dirty and beat up from being in my pocket, on the table, or dropped in the grass, among a wide variety of other potential pitfalls.

Perhaps a phone with a touchscreen could integrate a password management solution that would recall encrypted, saved passwords using gestures. For instance, a two-finger swipe down the middle followed by four horizontal swipes and a tap in the middle would open access to the password vault. That would be appropriate for the iPhone, say, and could even turn into a third-party app.

Hmmm. Maybe I'd better brush off that iPhone SDK...

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies