Re: Mobile passwords
I don't know if this relevant but I tend to use last pass and it let's me paste passwords into apps. But maybe this is only relevant for android. Anyway I'd make sure any app I write will not stop users using a tool like that too. On 11 Nov 2015 19:44, "Joseph Cooney"wrote: > If > On 11 Nov 2015 3:59 PM, "Mark Hurd" wrote: > >> >> On 11 November 2015 at 16:05, mike smith wrote: >> >>> Device entry of passwords is a nightmare. If you multi-hit the virtual >>> keyboard even slightly you get accented characters which of course do not >>> work. This is one time the *** to represent a password field is >>> infuriating. Yes, I know its wrong, now show it to me so I can see where >>> it is wrong! Some apps have a check box to display the password or not. >>> ++1 for these! >>> >> >> The only mobile device I've used (that was smart enough to browse >> anywhere that I cared how passwords are entered) is my Windows Phone, and >> the default password UI there seems to show the last typed key just long >> enough to note if it's wrong, due to fat or slow fingers. >> >> I assumed that would be the "obvious" compromise for the ** UI. >> >> > snip >> >>> >>> >>> -- >>> Meski >>> >>> http://courteous.ly/aAOZcv >>> >>> "Going to Starbucks for coffee is like going to prison for sex. Sure, >>> you'll get it, but it's going to be rough" - Adam Hills >>> >> >> -- >> Regards, >> Mark Hurd, B.Sc.(Ma.)(Hons.) >> >
Mobile passwords
Folks, I just got feedback from the first semi-live usage of an ASP.NET app that has been designed for pleasant appearance on tablet devices. The first users have iPads and ... *no one could sign in!* It turns out they all have mixed case passwords and the iPad is rather clumsy with case changing. Once the problem was explained to them it all came good, but it gave us a hell of a fright. So what do you do? Train people on how to live with the quirks of keyboards on various brands and models of tablet devices? Use case insensitive passwords? Are there mobile usage or coding conventions I'm not aware on this issue? *Greg K*
Re: Mobile passwords
I like how some apps (banking in particular) map the login details to a 4 digit pin on the device. Gets rid of this problem. On Wed, Nov 11, 2015 at 11:25 AM, Greg Keoghwrote: > Folks, I just got feedback from the first semi-live usage of an ASP.NET > app that has been designed for pleasant appearance on tablet devices. The > first users have iPads and ... *no one could sign in!* > > It turns out they all have mixed case passwords and the iPad is rather > clumsy with case changing. Once the problem was explained to them it all > came good, but it gave us a hell of a fright. > > So what do you do? Train people on how to live with the quirks of > keyboards on various brands and models of tablet devices? Use case > insensitive passwords? Are there mobile usage or coding conventions I'm not > aware on this issue? > > *Greg K* >
Re: Mobile passwords
On 11 November 2015 at 16:05, mike smithwrote: > Device entry of passwords is a nightmare. If you multi-hit the virtual > keyboard even slightly you get accented characters which of course do not > work. This is one time the *** to represent a password field is > infuriating. Yes, I know its wrong, now show it to me so I can see where > it is wrong! Some apps have a check box to display the password or not. > ++1 for these! > The only mobile device I've used (that was smart enough to browse anywhere that I cared how passwords are entered) is my Windows Phone, and the default password UI there seems to show the last typed key just long enough to note if it's wrong, due to fat or slow fingers. I assumed that would be the "obvious" compromise for the ** UI. > snip > > > -- > Meski > > http://courteous.ly/aAOZcv > > "Going to Starbucks for coffee is like going to prison for sex. Sure, > you'll get it, but it's going to be rough" - Adam Hills > -- Regards, Mark Hurd, B.Sc.(Ma.)(Hons.)
Re: Mobile passwords
If On 11 Nov 2015 3:59 PM, "Mark Hurd"wrote: > > On 11 November 2015 at 16:05, mike smith wrote: > >> Device entry of passwords is a nightmare. If you multi-hit the virtual >> keyboard even slightly you get accented characters which of course do not >> work. This is one time the *** to represent a password field is >> infuriating. Yes, I know its wrong, now show it to me so I can see where >> it is wrong! Some apps have a check box to display the password or not. >> ++1 for these! >> > > The only mobile device I've used (that was smart enough to browse anywhere > that I cared how passwords are entered) is my Windows Phone, and the > default password UI there seems to show the last typed key just long enough > to note if it's wrong, due to fat or slow fingers. > > I assumed that would be the "obvious" compromise for the ** UI. > > > snip > >> >> >> -- >> Meski >> >> http://courteous.ly/aAOZcv >> >> "Going to Starbucks for coffee is like going to prison for sex. Sure, >> you'll get it, but it's going to be rough" - Adam Hills >> > > -- > Regards, > Mark Hurd, B.Sc.(Ma.)(Hons.) >
RE: Mobile passwords
I think the PIN idea is good, as long as you’re able to tie it to some unique device hardware ID. Then you have a form of two-factor authentication (something you have + something you know). This does limit the end user to only being able to use their PIN with a single active/authorised device though. Another alternatives would be to use one-time pad or token (e.g. SMS a unique security code for each login) From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Greg Keogh Sent: Wednesday, 11 November 2015 2:25 PM To: ozDotNet <ozdotnet@ozdotnet.com> Subject: Re: Mobile passwords I like how some apps (banking in particular) map the login details to a 4 digit pin on the device. Gets rid of this problem. Hey Dude, I had a chat the person managing this app and they said the customer wants to stick with mixed case passwords. So for now, it's reduced to a human problem that's solved by emailing out some instructions to the users. iPads are a bit too slick with the keyboards though, and case changing does require caution. Although I think my iOS might be a bit old and I vaguely recall reading that Apple recently changed the behaviour slightly. In future though I'm going to remember this problem and consider using PINs where it's suitable. GK
Re: Mobile passwords
Device entry of passwords is a nightmare. If you multi-hit the virtual keyboard even slightly you get accented characters which of course do not work. This is one time the *** to represent a password field is infuriating. Yes, I know its wrong, now show it to me so I can see where it is wrong! Some apps have a check box to display the password or not. ++1 for these! Secondly make sure your max password char count when you enter a new pw is the same as when you're entering it. Expect users to use cut and paste into your pw field. "Remember me" buttons are a probable security loophole, depending on how they are done. Fingerprints. Coders don't have fingerprints on the tips of their fingers. If you have a Samsung S6 you can set a fingerprint that won't be usable. Finger about 1cm from the end works :) On Wed, Nov 11, 2015 at 4:22 PM, Ken Schaefer <k...@adopenstatic.com> wrote: > I think the PIN idea is good, as long as you’re able to tie it to some > unique device hardware ID. Then you have a form of two-factor > authentication (something you have + something you know). This does limit > the end user to only being able to use their PIN with a single > active/authorised device though. > > > > Another alternatives would be to use one-time pad or token (e.g. SMS a > unique security code for each login) > > > > *From:* ozdotnet-boun...@ozdotnet.com [mailto: > ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Greg Keogh > *Sent:* Wednesday, 11 November 2015 2:25 PM > *To:* ozDotNet <ozdotnet@ozdotnet.com> > *Subject:* Re: Mobile passwords > > > > I like how some apps (banking in particular) map the login details to a 4 > digit pin on the device. Gets rid of this problem. > > > > Hey Dude, I had a chat the person managing this app and they said the > customer wants to stick with mixed case passwords. So for now, it's reduced > to a human problem that's solved by emailing out some instructions to the > users. > > > > iPads are a bit too slick with the keyboards though, and case changing > does require caution. Although I think my iOS might be a bit old and I > vaguely recall reading that Apple recently changed the behaviour slightly. > > > > In future though I'm going to remember this problem and consider using > PINs where it's suitable. > > > > *GK* > -- Meski http://courteous.ly/aAOZcv "Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough" - Adam Hills
Re: Mobile passwords
> > I like how some apps (banking in particular) map the login details to a 4 > digit pin on the device. Gets rid of this problem. > Hey Dude, I had a chat the person managing this app and they said the customer wants to stick with mixed case passwords. So for now, it's reduced to a human problem that's solved by emailing out some instructions to the users. iPads are a bit too slick with the keyboards though, and case changing does require caution. Although I think my iOS might be a bit old and I vaguely recall reading that Apple recently changed the behaviour slightly. In future though I'm going to remember this problem and consider using PINs where it's suitable. *GK*
Re: Mobile passwords
Even a "save credentials for next time" or "remember me" option works ok On Wed, Nov 11, 2015 at 2:24 PM, Greg Keoghwrote: > I like how some apps (banking in particular) map the login details to a 4 >> digit pin on the device. Gets rid of this problem. >> > > Hey Dude, I had a chat the person managing this app and they said the > customer wants to stick with mixed case passwords. So for now, it's reduced > to a human problem that's solved by emailing out some instructions to the > users. > > iPads are a bit too slick with the keyboards though, and case changing > does require caution. Although I think my iOS might be a bit old and I > vaguely recall reading that Apple recently changed the behaviour slightly. > > In future though I'm going to remember this problem and consider using > PINs where it's suitable. > > *GK* >
Re: Mobile passwords
> > Even a "save credentials for next time" or "remember me" option works ok > D'oh, I should have thought of that. I'll ask if the users would like that (subject to security issues about who carries around the iPads where and when) -- *GK*
Re: Mobile passwords
Yeah won't work well if they share the device or if they don't secure the whole device with a PIN or Touch ID On Wed, Nov 11, 2015 at 2:32 PM, Greg Keoghwrote: > Even a "save credentials for next time" or "remember me" option works ok >> > > D'oh, I should have thought of that. I'll ask if the users would like that > (subject to security issues about who carries around the iPads where and > when) -- *GK* >