ubuntu-phone team mailing list archive

[Martin Albisetti <martin.albisetti@xxxxxxxxxxxxx>]

So, iCloud was hacked somehow. I haven't seen any details as to how,
but reading about people panicked and confused on twitter led me to a
tweet[1] that said:

"Of course people pick terrible iCloud passwords. You can't enter a
good password 50x per week on a mobile device. You'll go carpal."

Which makes perfect sense. We have the same problem, we have a single
sign on system, which is great for some things, but given the
introduction of the phone with a touch-screen keyboard and mandatory
password re-entry on app purchasing as well as new influx of users who
create their account for the first time on the phone, people will tend
to pick less secure passwords.

Leaving aside 2FA as the answer, as it's clearly not widely adopted
(for its complexity?), what can we do to make this a bit better in our
platform?
Can we confirm purchases and other tasks that are frequently used
somehow differently than with the account password, and encourage
(and/or force) better passwords for the general account?

To try and reduce the scope of the discussion, I'm mostly looking for
proposals that would be implementable in the short or mid term, rather
than changes that would require 6 or more months to implement across
the platform (which we may need to, but I wouldn't want to start off
that discussion here and now).


Any other ideas?



thanks!


[1] https://twitter.com/matthew_d_green/status/506427220546826240
-- 
Martin