Security vs. convenience: How do you balance your passwords?

Security vs. convenience: How do you balance your passwords? | iMore.com Skip to main content Android BlackBerry iPhone / iPad Windows Phone webOS SIGN UP|LOG IN iMore Forums Apps Games Accessories Reviews How-To Podcasts Contests iPhone iPad mini iPad iPod touch Apple TV iOS iCloud iTunes Mac Hot: iPhone 5S Guides: iPhone buyers | iPad buyers | iOS users Free: Wallpaper | iPhone apps, games | iPad apps, games Shop Online Cases Chargers Screen protectors Headsets & More Free shipping on orders over $50 Security vs. convenience: How do you balance your passwords? By Rene Ritchie, Saturday, Apr 6, 2013 a 11:10 am 21

Security is at constant war with convenience. The stronger the passwords we use to keep our data safe, the more steps we take to lock down what we own, the less accessible our data and our devices become -- even to us. Balancing it all can be tough, and a lot depends on what the platforms and services we use do to help us. And nowhere is this more evident than mobile.

Multitouch keyboards, in large part, rely on things like like character pair prediction and auto-correct to make entry acceptable. Neither of those things are possible with passwords, and strong passwords require far higher than normal frequencies of shifting between upper and lower case, and between letters and numbers and symbols. It's the worst possible experience.

A 4-digit passcode lock, or weak password, gets around that by reducing the complexity at the expense of security. Intervals can also be set, so that your passcode is only required minutes after you last used your device instead of seconds. A short interval offers better protection should you lose your device or should a friend try to prank you during an unguarded moment, but it can be maddening if you need to complete a long series of intermittent tasks.

On iOS, ironically, Apple's security policies prevent password managers from working through Safari browser extensions the way they do on OS X, thus requiring more cumbersome copy-paste procedures, or the use of an in-app browser instead of Safari. Some websites, flabbergastingly, use JavaScript to block copy-paste, increasing the difficulty of using strong passwords.

2-step verification requires the use of an authenticator app, or the transmission of a token. Sometimes tokens don't work for no apparent reason, or network connectivity is spotty, complicating transmission. Sometimes it ends up being so secure, even you can't get in.

It's not an iOS-only problem either by any means. BlackBerry Z10 passcode entry is such that Adam Zeis of CrackBerry has stopped using a password to secure his phone.

It's possible future technologies like biometrics might make security more convenient, for example letting a thumbprint automagically allow access to a device. But what happens if your thumbprint is hacked or phished or otherwise compromised? You can't change your body as easily as you can a password.

Where do you stand between convenience and security? Do you use a passcode? A strong one? A password manager? 2-step verification? And what could be done to make being secure even more convenient for you?

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, ZEN and TECH, MacBreak Weekly. Cook, grappler, photon wrangler. Follow him on Twitter, App.net, Google+.

More Posts

 

5 6 86 0 More of: Featured, Poll
More of: Security, Passwords, Passcode ? PreviouslyDebug 12: iCloud and Core Data sync Next up ?iMore Editors' Choice: Badland, Soundcloud, Veronica Mars, and more There are 21 comments. Add yours. raptorstv says: Apr 6, 2013 at 11:19 am - 1 day ago

That's why we need to see the biometric scanner in the new iPhone 5S
http://www.youtube.com/watch?v=LM-0EbS2O38

Reply MsLoveTech says: Apr 7, 2013 at 1:20 pm - 7 hours ago

Well when i'm at home my 4S is open but i do have a App thats Called Big brother Security and i love it if some steals my phone it takes pics of the person and sends it to my Email. But when i'm out and about i do Lock my Phone

Reply Nick Arnott says: Apr 6, 2013 at 11:29 am - 1 day ago

A nice feature in iOS is that if you turn Simple Passcode off, but then only enter numbers for your passcode, when you unlock your device it will still give you the number pad, rather than the full-blown keyboard. The biggest deterrent for me on using a complicated passcode is I fat finger iOS' keyboard far too much to make its use every time I need to unlock my phone impractical. However, using a longer, numeric passcode adds a little more complexity while still keeping it fairly easy to enter.

Reply Exwindzz says: Apr 6, 2013 at 12:51 pm - 1 day ago

Did this myself, but it keeps people from being able to guess as most think its 4 digits.

Reply impaler says: Apr 6, 2013 at 2:18 pm - 1 day ago

Didn't know that, nice!

Reply cardfan says: Apr 6, 2013 at 11:45 am - 1 day ago

I bought 1password but never got around to finding the time to set it up. It'd be nice if Apple worked with them to integrate it into safari.

Reply vianar says: Apr 6, 2013 at 11:50 am - 1 day ago

Really it depends what you use your phone for and security features for the individual apps. I have a pass code for the phone to protect others from getting my contacts but I only have their publicly available info on the phone. Otherwise content I access is in the cloud or on work servers (with 2step authorization). Each app with their own password. I have memorized four 8-digit alphanumeric passwords and cycle them between all my apps and memorize a new set every 6 months. Tedious but I don't trust password managers.

Reply K Sec says: Apr 6, 2013 at 11:51 am - 1 day ago

Well it is not even just the passcode. Have you tried setting up a Apple ID recently? Telling others using an Apple devices is simple is no longer true. Since you cant do anything without an Apple ID.

Apple ID force you to have alphabetic and numbers and Capital letters for password. Great that is good for security. But 99% of people i set up for them simply forgotten their password and write it down somewhere. ( Now that is not secure )

Then you have to setup three security questions! And 90% of times i see people just stop and find someone to help or totally give up.

Security vs. convenience, Apple was used to be good at the later, ( and pretty crap on the other ), now it is just not good at both.

Reply SOV says: Apr 6, 2013 at 11:55 am - 1 day ago

1Password for iPhone and Mac. Plus two step verification when applicable.

Reply gc916 says: Apr 6, 2013 at 12:05 pm - 1 day ago

Agreed. For now, at least, it's the best compromise between security and convenience.

Reply metllicamilitia says: Apr 6, 2013 at 1:39 pm - 1 day ago

Well, I hope it let me vote for all the choices. I have apps that I lock down with a 4 digit passcode as I should do my phone itself. Most sites I use 1Password for and some I still need to make a password for with 1Password and for WoW it was a self created password but I also have 2 step verification and have their authentication app. I literally use all the options and it's only inconvenient when logging in to things ok my laptop and not on my phone, but completely worth it.

Reply SockRolid says: Apr 6, 2013 at 1:54 pm - 1 day ago

Just set up 2-step verification for my iCloud account. Took a few days because I needed to improve the strength of my password before even starting the process. I highly recommend doing it, even if you don't have a credit card associated with your account.

re: "2-step verification requires the use of an authenticator app, or the transmission of a token. Sometimes tokens don't work for no apparent reason, or network connectivity is spotty, complicating transmission."

Fortunately, you rarely ever need to go through that 2-step process (typing your password into Apple's login page, waiting for Apple to display a 4-digit code on a "trusted device," then typing that code into Apple's login page). You only need to do it when you want to view or change your actual Apple ID account info. My guess is that most people won't need to do it until they change their credit card expiration date every few years.

Re: "But what happens if your thumbprint is hacked or phished or otherwise compromised?"

I've read that some fingerprint scanners can detect temperature and density of the finger. So a severed finger won't work. Of course, all that does is prevent unauthorized access with the severed finger. It won't stop the bad guys from severing your finger(s) in the first place. :-(

Reply shinuyuki says: Apr 6, 2013 at 5:57 pm - 1 day ago

I read somewhere that they didn't detect temperature. Did this change recently?

Reply anthonyjpv says: Apr 6, 2013 at 2:23 pm - 1 day ago

Hey Rene, update your stock photos! using the same for your black wallpaper article, i see. Dec 6 :o

Reply PassOutPete says: Apr 6, 2013 at 3:06 pm - 1 day ago

Another good thing to consider adding to passwords: à,á,â,ä,æ,ã,å,a and so on and so forth.

Reply Derrick4Real says: Apr 6, 2013 at 3:42 pm - 1 day ago

"none" should be an answer as well. well at least considering the lock screen.

Reply asuperstarr says: Apr 6, 2013 at 5:31 pm - 1 day ago

I used 1password for all my passwords. I allow it to create the password. I would rather have complicated password than, what used to do prior. Before I would use the same password to almost everything. Thanks to 1password, my life has changed!

Reply shinuyuki says: Apr 6, 2013 at 5:56 pm - 1 day ago

I didn't know it had this ability. I've downloaded it illegally, and I'm already loving it. I'll probably purchase it legally by day's end. Up until now, I didn't like using security codes because I hate having to unlock it each time I turn on my phone.

Reply Randy Appointment says: Apr 6, 2013 at 9:01 pm - 1 day ago

I Use LastPass it is cross platform and integrates into almost anything that connects to the internet
Source: http://bit.ly/XwpqXP

Reply nolhayes says: Apr 7, 2013 at 12:46 am - 20 hours ago

I use msecure to track passwords. I am not trustworthy enough to allow browsers to link to these password managing apps tho. So I still memorize. The apps mainly keep track of the passwords for me.
Four digit numeric passwords for the iPhone and iPad.

Reply ndogdrumz says: Apr 7, 2013 at 11:40 am - 9 hours ago

Passwords are pointless. They are easy to get by.

Reply Contact iMoreSEND US NEWS  |  SUBMIT AN APP

Shop iMore

THE #1 ACCESSORY STORE | 2 MILLION+ ORDERS SHIPPED

Browse All Accessories Cases and Skins Chargers Cradles Bluetooth Headsets Screen Protectors See all accessories Browse Accessories For Your Phone iPhone 5 Cases Chargers Car Kits & more iPhone 4S Cases Chargers Car Kits & more The new iPad Cases Chargers Screen Care & more iPhone 4 Cases Chargers Car Kits & more iPad 2 Cases Chargers Screen Care & more iPhone 3GS Cases Chargers Car Kits & more Shop iMore

THE #1 ACCESSORY STORE | 2 MILLION+ ORDERS SHIPPED

View All Devices STORE AD CONTENT Follow iMore(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&appId=213678485361751"; fjs.parentNode.insertBefore(js, fjs);}(document, 'script', 'facebook-jssdk'));

Follow @iMore!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");


Facebook
Twitter
Google+
RSS
YouTube
iTunes Download iMoreiMORE APP  |  iMORE FORUMS  |  MOBILE NATIONS

Watch iMoreMORE SHOWS  |  MORE VIDEOS

Tell iMore

Team iMore
Rene
Georgia
Leanna
Chris
Ally
Simon
Chris
Michelle
ABOUT iMORE

Wear iMoreORDER YOUR T-SHIRTS NOW!

Mobile Nations YouTube Channel Follow Us on Twitter Join us on Facebook Mobile Nations RSS Feed 13,102,764 Readers Per Month Mobile Nations brings you the very best of Android Central,
CrackBerry, iMore, webOS Nation, and WPCentral   This week's iMore show (ironically) not live from New YorkEditor's desk: Big Apple AppleFacebook's not-a-phone gets not-a-commercialiMore Editors' Choice: Badland, Soundcloud, Veronica Mars, and moreSecurity vs. convenience: How do you balance your passwords?Debug 12: iCloud and Core Data sync   Bootloaders have been unlocked on the Droid RAZR HD, Atrix HD, RAZR MFrom the Editor's Desk: A few answers from (and more questions for) FacebookNew Google Play Store app sighted on Google+Kyocera Torque reviewFacebook shows us what life can be like with Facebook Home front and center Vote for the BlackBerry Z10 to win in the Smartphone Madness 2013 Finals!From the Editor's Desk - There ain't no party like a CrackBerry party!N.O.V.A 3 review for the BlackBerry Z10: It's about to get messyCreate some banging tunes with SurfaceDJ Lite for BlackBerry 10Fancy some free puzzle action? Check out Trid for BlackBerry 10 Video: Chillingo announces Contre Jour and more Xbox games coming to Windows 8Xbox Windows Phone games AlphaJax and Galactic Reign get all the updatesTemple Run gets rapid “light theme” fix for Windows PhoneNew Nokia RM-877 caught on AT&T’s network, destined to be new flagship Lumia?Wikipedia app updated to Windows Phone 8 with new features, improvements Coming soon: The Great webOS Nation GiveawaySet an AlarmTurn your phone into a Star Trek communicatorSwitching to Android? It'll probably feel familiarAnswer a phone callMonday Brief: BlackBerry Q4 earnings, a Google Watch, and the last Monday Brief ever!   iPhone / iPad ForumsAndroid ForumsBlackBerry ForumsWindows Phone ForumswebOS Forums Copyright 2013 Mobile Nations ? Terms and Conditions ? Privacy Policy

View the original article here