Mobile Devices Need Strong Password Protection

Posted on January 15, 2013 by

passwordIn October, SplashData scrutinized files containing millions of passwords stolen by hackers. It released its annual Worst Passwords of 2012 list. The number one worst password last year was “password”. VMC Senior Solutions Architect and Manager Stephen Crabtree knows the vulnerabilities a faulty password exposes. He and his team have created a test to help circumvent security issues.

Simply put, passwords give people access to hidden areas. There are many standards for setting up passwords and that’s why we often run across applications or devices that have different password requirements. Sometimes, this is a pain point for end users, as they are in and out of many types of systems; it can be very difficult to remember which password gets inputted where. Multiply that times several web sites, multiple devices and several application specific passwords, and you begin to comprehend why people understandably become lax with password protection.

However, mobile devices are important to protect because they move around and utilize wi-fi, where information is easy to gather with a sniffer. This vulnerability also potentially affects wired networks, as our current businesses often allow us to log into networks with our mobile devices. Thus, it’s important to strengthen security by password protecting a device. Password check tests are part of the mobile security suite for devices, applications, and/or systems that my team and I have developed. There are four tests: capability, presence, utilization, and strength.

Password capability is about determining whether a device can have a password – believe it or not, some devices don’t have this feature. This test also determines the number of password, or doors, that protect information on a device. For instance, whether there are secondary and tertiary passwords for banking applications on the phone.

Password presence is whether the option to have a password is turned on and configured and, if there, whether or not a password actually exists.

Password utilization is concerned with the ongoing maintenance and use of passwords, if users are changing their passwords on a regular basis, whether they are prompted to or whether they do it of their own volition. This test also checks whether the same kind of password is being used across other devices or applications.

We also check the password strength. It’s important to create passwords that are hard to guess – that’s why many systems prompt us to create ones with special characters. A password of “password”, for instance, is much easier to guess than a password like “FYrV#79!4”.

When we run this test for a developer or manufacturer, we walk down the list of tests and back up it with every credential for every application or system. Then, we explore the various ways to strengthen the password protection and make our recommendations.

Creating strong mechanisms around password protection is a relatively easy way to guard against security breaches. What steps have you taken to ensure your customers feel secure in entrusting your system with their information?

Stephen Crabtree can be reached at StephenCr@vmc.com. Read other mobile security posts by Stephen.

About VMC Consulting and VMC Game Labs

VMC Consulting is a technology consulting and outsourcing company that provides flexible and scalable build, run and support solutions. VMC Game Labs is the world’s leading partner for games quality assurance and support.
This entry was posted in Mobile Services, Project Management, Software Development and Testing and tagged , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s