Thoughts About: Security and Logging into Mobile Sites

One of the things that I find hard to do is type out my password on my mobile phone. The way Netfront handles password text boxes is by replaceing the last character entered with a *. I'm not complaining about this as I think it's a good feature. Being security conscience though I tend to use an alphanumeric passwords and not having a full keyboard to type my password has caused me some minor head/thumb aches, but not enough to forgo logins on my mobile.

My concern is for the masses that will be using their phone to access sensitive data like checking accounts as seen in the recent Chase commercial. There have been tons of whitepapers and blog posts about users having insecure passwords. What type of passwords are people going to choose if they have to triple-tap the password. The guys accessing Paris Hiltons sidekick account and getting her contact list and pictures was portrayed as comical, but I'm sure if it was her bank account it wouldn't have been portrayed the same.

Biometrics could solve some of the problems, but they were supposed to solve them on the desktop but I haven't seen them really used anywhere.

Well this post was more to toss out the topic for discussion. I've got my brain turned to this now so maybe I'll have more on this topic soon or some links to sources of information on the web.