Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Mobile devices lowering web security

iphone_kbd1It’s been over a month now since I finally made the move to an iPhone. For the last 6 months or so I’ve been using a Blackberry (with mixed results) but this was mostly business use. The one thing that struck me when I started using the iPhone for Internet use, reading blogs, and access services like twitter, was the keyboard. I know it sounds strange, but having to click through 3 different menus just to get to the special keys portion of the keyboard puts a serious dent in your typing speed. Once you’re used to things, then it’s OK to work with. However this started me thinking how many average users of the iPhone (or blackberry, Nokia, G1, <insert current mobile device of the week here>) have given up constantly typing their suitably complex web-mail or forum password and changed it to something easier and quicker to enter on a mobile keypad.

With things constantly moving towards mobile computing (like it or not) the input of passwords will become more and more of an issue. Devices are getting smaller and smaller, keyboard and input is moving from the standard layout, to miniature input, gestures, and handwriting recognition. These are difficult enough to deal with as it is, without having to make sure you get it 100% correct. After all, you can’t having a spelling mistake in your password and get away with it.

So, how long before we start to see a shift in password use on web-services to more mobile friendly passwords. For example, those displayed on the main iPhone keypad. This means no special characters or numbers. Unless the web-service forces strong passwords, users will go with convenience over security most of the time. This is just human nature. This increasingly limited input range will it easier to brute-force the passwords of mobile users and reduce overall security. Just as we’ve finally started to get the general public to embrace complex passwords. One step forward, and two steps back.

Hopefully this doesn’t spell a return to the use of “god”, “sex”, “love” and “secret” as our main passwords of choice.

Advertisements

2 responses to “Mobile devices lowering web security

  1. Pingback: Twitter moves to protect aginast Tinyurl attacks « Ramblings of the änal security guy

  2. Pingback: How To Be Mobile

%d bloggers like this: