I fried my BlackBerry Tour yesterday updating it to the new OS. I trying hacking it myself, but couldn’t, so shamefully I called Verizon technical support. Their solution after 30 seconds of script-based trouble shooting, was to send me a new BlackBerry. Although that was tempting, I was approaching a full-blown-I-don’t -have-instantaneous-mobile-access-to-everything-panic-attack so I refused their solution, whereupon they bumped me up to second level support, who unsuccessfully spent 30 minutes on script-based support until finally getting me to RIM itself, where I went through 2 levels of support before finally getting the problem fixed.
Whew. We ended up wiping the device and starting fresh like with the new OS. It actually felt kind of good – like a spring cleanse.
Anyway, today as I was reinstalling apps and setting up email accounts, and entering my properly-complex password over and over, and wondered what, if any, effect the growing popularity of smartphones is having on password complexity. Over the past couple of years I have moved more and more of my online life to my phone - reading articles, BBM, FaceBook, Twitter, WordPress updates, etc. But what I find interesting is that many of my online accounts and subscriptions are now “born smartphone,” i.e., I originate and manage them completely on my BlackBerry.
Although I have pretty good password hygiene, the temptation to choose simpler passwords that are easily type-able on my BlackBerry keyboard is great (one exception is a password that I type dozens of times a day: if you ever find my BlackBerry, the unlock password is “ooop”). Typing capitals, symbols, and numbers in a password is a pain in the butt on a smartphone-and that is on a device lauded for its keyboard.
What are others who have less of an information security background or less usable keyboards doing? If someone can guess Obama’s Twitter password, what chance do people without a Secret Service living in their house have?
So, what do you think? Are smartphones a threat to password complexity, and thus to information security overall?