Is Password Complexity Threatened by Smartphones?

I fried my BlackBerry Tour yesterday updating it to the new OS. I trying hacking it myself, but couldn’t, so shamefully I called Verizon technical support. Their solution after 30 seconds of script-based trouble shooting, was to send me a new BlackBerry. Although that was tempting, I was approaching a full-blown-I-don’t -have-instantaneous-mobile-access-to-everything-panic-attack so I refused their solution, whereupon they bumped me up to second level support, who unsuccessfully spent 30 minutes on script-based support until finally getting me to RIM itself, where I went through 2 levels of support before finally getting the problem fixed.

Whew. We ended up wiping the device and starting fresh like with the new OS. It actually felt kind of good – like a spring cleanse.

Anyway, today as I was reinstalling apps and setting up email accounts, and entering my properly-complex password over and over, and wondered what, if any, effect the growing popularity of smartphones is having on password complexity. Over the past couple of years I have moved more and more of my online life to my phone  –  reading articles, BBM, FaceBook, Twitter, WordPress updates, etc. But what I find interesting is that many of my online accounts and subscriptions are now “born smartphone,” i.e., I originate and manage them completely on my BlackBerry.

Although I have pretty good password hygiene, the temptation to choose simpler passwords that are easily type-able on my BlackBerry keyboard is great (one exception is a password that I type dozens of times a day: if you ever find my BlackBerry, the unlock password is “ooop”). Typing capitals, symbols, and numbers in a password is a pain in the butt on a smartphone-and that is on a device lauded for its keyboard.

What are others who have less of an information security background or less usable keyboards doing? If someone can guess Obama’s Twitter password, what chance do people without a Secret Service living in their house have?

So, what do you think? Are smartphones a threat to password complexity, and thus to information security overall?

2 comments

  1. PeterK

    simple answer? yes a huge threat IMHO
    most folks aren’t like you and won’t establish a complex password nor will they change that password every 90/120/180 days

    my belief is that you limit what critical websites/accounts you access from your smartphone. Personally I wouldn’t access any financial accounts via a smartphone

    • Barclay

      Yeah, good point Peter. How many people even have basic password protection on the device itself? In my experience most big companies do password protect the device, but he passwords (like mine) don’t comply with their standard password complexity standards. Frankly, is kind of fascinates me that the world still largely operates on username/pasword for everything.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s