Apple Device Security: Big Temptation to Dumb-Down
Merlin Mann | Jul 22 2008
Chairman Gruber recently discovered (via his sharp-eyed reader, Earl Misquitta), that the aforementioned iPhone Remote application can also be used as a virtual keyboard for entering search text, login information, and what have you on your AppleTV. Seeing the typed characters appear on the TV screen as you type them is simply magical. So, if, like me, you’re in the amazingly tiny sliver of the Venn diagram for people who own both these products, this is hugely convenient, and what a welcome trick it is.
As I’ve alluded to before, the AppleTV’s torturous keyboard entry (via the hardware Apple Remote’s 4-way joystick) is abysmal. In 21 uninterrupted years of using Apple products, it’s probably the most consistently frustrating and poorly-designed interface I’ve encountered. I literally hate using it.
The ability to enter text via the superior (but far from perfect) iPhone keyboard is wonderful but it doesn’t and can’t address a deeper problem with the keyboard-challenged devices Apple are focused on vending right now: assy and annoying text entry encourages the use of crap passwords. This is bad, and here’s why.
We’ve all heard the lectures about not using your ferret’s name as The Single Password™ for everything you do, and my sense is that, over the years, a lot of us have tried to get better about password hygiene — especially as more of our stuff moves into an online cloud.
But my entirely anecdotal opinion is that the iPhone, the iPod Touch, and the AppleTV each tempts their users to slide back to dumbing-down their passwords in exchange for better ease-of-use. The most annoying device in your chain ends up driving the passwords you use for everything. Right now, it’s such a pain to enter a secure password on a device like the iPhone or the AppleTV, that I’m betting a few of you have already fallen back on your ferret. Or “pencil.” Or your ATM PIN.
This is an unbelievably bad idea, but what are the options if this is a device you need to use a lot?
A real-world problem
I’m a fervent 1Password user and (unpaid) evangelist, so I don’t suffer from this conundrum quite as badly when using Safari on the iPhone. 1Password generates and remembers secure passwords for me, then lets me enter them on my phone in a few seconds via a password-protected bookmarklet. Imperfect, but a big step up over nothing.
Of course, I’m still SOL when the iTunes App Store wants me to (again again again) manually re-enter my password in order to download apps on my iPhone. I’m not made of stone. This sucks. I’ll even be the first to admit — solely on the basis of how vexing the AppleTV (and non-Safari on iPhone) password entry is — that I’ve been sorely tempted to move to a more trivial password. But I’ve held out.
If you’re using MobileMe, or Google’s apps like Gmail, or any of the other myriad cloud functionalities that store a lot of personal information, it’s just not worth assuming the risk in return for a bit of convenience.
”Four digits? What a pain.”
To make this nuttiness even more frustrating, every day I watch friends entering 4 or 5 character passwords over an iPhone that they don’t even bother to auto-lock (“Meh, I use it too much. It’d be a pain.”). Understand: this is a portable device on which all their email, contact information, and logged-in web accounts live. They’re one drunken taxi ride away from a potentially significant privacy crisis.
While leaving a phone unlocked in public does blow my mind, I think I understand how we got here. For 30 years now, banking customers have tolerated four-digit ATM PINs because a) they’re convenient, and b) our bank assumes some of the risk associated with replenishing a generic pile of money whenever anything goes wrong. After all, it’s not your money that gets stolen; it’s the bank’s electronic representation of your money. And that’s easy enough to replenish.
But is four digits (or a trivial password) enough to protect your irreplaceable private data? Are you willing to assume that risk? It’s unbelievable that the question even needs to be asked. But, I’m going to say, no. But, that’s where we are right now. In a place where ease-of-use is trumping the good sense we’ve developed to take this shit seriously.
Help a brother out, Apple
I think it’s time for Apple and its users to start treating a device such as the iPhone like the powerful little computer that it really is. That means having to risk introducing some inconvenience and complexity by looking at things like:
How to Auto-Lock your iPhone
If you’re out and about right now consider doing this on your iPhone:
At least now your screen door is latched. Go, moblog, and prosper with at least a bit more security in your life.
The Question to You
Has iPhone or AppleTV changed your practices around passwords? Any features you’d like to see to make your Apple device more secure?
|EXPLORE 43Folders||THE GOOD STUFF|