GottaBeSecure: Mobile Password Security
Despite the appearance of biometric security devices in many new mobile computing platforms, password security still remains the Achilles’ heel of the computer security world. Why, you ask? Because even if you rely on a biometric device for authentication and / or encryption of your data, nearly all biometric security devices rely on a back-up “master password.” So, you may feel extra safe and secure logging into your tablet PC or ultra-mobile computing device by swiping your finger across its built-in fingerprint reader or other biometric gadget, but unless you choose a strong account passwords for your mobile device, the bad guys might be able to bypass your high-tech security measures.
So, what are “strong” passwords? To illustrate, let’s start with some bad passwords. PC Magazine recently compiled a list of the 10 worst passwords, which are:
- password
- 123456
- qwerty
- abc123
- letmein
- monkey
- myspace1
- password1
- blink182
- (your first name)
As you can see, almost all of these passwords are based on common words that you could find in a dictionary or on a list of common passwords. Some other bad choices for passwords are “test,” “admin,” or “hi.” Most security experts also recommend you avoid picking passwords that have to do with your favorite sports team, a family member’s name, or a hobby-related word that those who know you might be able to guess. Of course, the absolute worst password you can pick is no password at all (most computer systems today won’t allow you to set a blank password, but some devices come that way out of the box).
Several years ago I was hired for a security assessment engagement where I tested an organization’s password security. Among the really bad passwords I found was that of an employee who had just bought a new Volkswagen convertible car; his password—“cabrio.” Another weak password was that of a doting mother who called her son several times a day at the babysitter’s house—her password was her son’s name. Finally, within that same organization, I found the CEO’s password was the name of his boat. Are you beginning to get the picture?
There are many approaches to creating good password security. If you interested in watching a short, entertaining movie on password security, check out this link: https://www.watchguard.com/bud-logs-in. This movie is full of good reminders and shares some excellent tips I’ve used over the years for creating strong passwords. Another good resource is Microsoft’s password strength checker: https://www.microsoft.com/protect/yourself/password/checker.mspx. This web application allows you to type-in a password and receive feedback on how strong (resistance to automated password cracking techniques) the password is.
Why does any of this matter to mobile computer users? As I discussed last week, mobile computing platforms are at considerable risk from theft and network attack simply by virtue of being out in the open (public places and public networks) so often. If you consider all the potentially sensitive information on your tablet PC or UMPC, you’ll quickly realize you need strong passwords to protect the information they hold. None of us would leave our birth certificate, drivers license, credit cards, and Social Security cards on a table in a coffee shop while we leave to get a refill of coffee. However, you may be leaving the electronic equivalent of those documents out for the taking unless you take the proper steps to secure your mobile device with strong passwords and appropriate mobile security measures. That’s why I say, if you GottaBeMobile, you GottaBeSecure.
