Mobile security is important.
It’s personal. Unfortunately no one really cares about it until they get compromised because it’s a pain in the ass. I have shortcuts for my email addresses defined in the keyboard settings because everywhere I go, I need to log in or agree to an OAuth with FB, Google, Twitter, you know the routine. When you think about it, that attitude…of not giving a damn…its only a reaction to how security around users has been stipulated. The security industry just continues to make tougher and tougher encryption that’s harder to defeat. Eventually you, or someone you know will be compromised. It is not a matter of if. It will have nothing to do with anything you did or did not do, (aside from giving out personal data on and to Facebook. and Google and Twitter), it is simply a matter of time. It’s a realization that so many Corporate IT folks have, but instead of hiring some skilled Security Consultants to create a buffer, they tighten the leash on their own employees with policy that can be foolish, and even masochistic.
This was a decade ago:
Perhaps they didn’t have iDict bashers (a script that sequentially attempts to exploit a network user account with regular dictionary words placed in a text file, autonomously) back then. But proper spelling, punctuation grammar?
A culture that enforces a password policy that is so obtuse that most would have absolutely no alternative but to scribble it down if you did intend to try to commit it to memory, punishes the resource you are supposed to protect. Making it difficult for employees to do their job in an environment where everyone is hand documenting credentials.
It is odd when a culture of people who are genuinely concerned about security, elevate its risk of being compromised by enforcing rules that require more and more complex passwords. Heck, they aren’t even passwords anymore it is a pass-speech…a pass-soliloquy. Then it gets auto expired monthly…you haven’t even stopped needing to read your 3 week old gum wrapper with the Klingon inside that is your password.
Heaven help you if you did lose it. Not because someone might find it., but because it’s going to take you the next 3 hours creating a new password that cannot contain any of the characters in the 3 previous passwords.
And you have no idea what those are.
The insanity stops below.