I know you all want to use secure passwords especially after reading this weeks hacks of LinkedIn, eHarmony and LastFM. So why don’t you?
If you use LastPass in your browser, it will happily create 16 character gibberish passwords for you and fill them in automatically.
Unfortunately this all breaks down once you start using your smartphone. Yes, initially it’s ok to look up the password and fill it into the settings of your mail or Twitter application. But when you’re on the road and want to share something from an app to Facebook, the app will often pop up a Facebook login. This is when you need to remember and type that gibberish password, and unfortunately neither LastPass nor any other password manager will fill it in for you.
The same is of course true for desktop apps, like your ERP system. So what do you do? You either use simple passwords that you can easily remember _and_ type on a mobile device, or you think of one really good password and start using it everywhere.
From a security perspective – not what you want. But completely understandable.
iOS and Android need to come up with an API to allow passowrd managers to do their thing. Better still, App developers should start using built-in identity providers like Twitter in iOS 5, or Twitter and Facebook in iOS 6. We have to get rid apps asking for a new password all the time, or password hacks will be a topic that will be with us for a long time.