Do Devices Do Enough To Protect Sensitive Information?

Security has always been a concern with mobile devices, be they laptops or smartphones or something in between. They are easy to leave behind or get stolen depending on where you are. With more and more commerce happening on smartphones, securing the data on your phone is even more critical. Are simple passwords good enough?All smartphones allow you to lock them with a pin or password, though they vary in what they actually accomplish. While they all lock the device itself and the data on internal memory, they don't always do much to protect data on a storage card. Depending on where an ecommerce app is on your device will either be fairly secure or totally insecure, password or not. A lot of apps that have sensitive information in them have little to no security, storing things like passwords in plain text according to viaForensics. Clearly a password in these instances are next to useless if someone has access to your phone.

Oh, you lock the phone with a password? Well, that should help, but it is no guarantee. The iPhone has just been hacked. A new device running iOS 4.2 can be unlocked in 6 minutes. Now all of those plain-text passwords being stored on the phone are a bit more worrisome.

Forget about the phone being locked though. If someone grabs a screen shot of your Starbucks iPhone app that is showing the barcode, they can use your card anytime they want, or at least until you figure it out and call Starbucks. As usual, they "take security seriously" and offer balance protection. They will immediately freeze your account when you call. You are on the hook for everything that happened before then though. Seems the balance they are protecting is theirs, not yours. This type of information makes me rethink the wisdom of having my card auto load when it gets down to a certain level.

It is clear that passwords alone don't cut it. Even if you have a strong password, something over ten to twelve characters with upper and lower case letters, numbers and symbols, it doesn't matter if the rest of the app or device is insecure. It is like putting a steel door with an expensive lock on a rotting barn. You may not get through the door, but you won't have to expend too much effort to get in the barn.

I recommend you lock your phone though. Regardless of the device's security, a password keeps an honest person honest and could very well keep someone not skilled at working with technology out. That doesn't give me great comfort though. Device makers and ecommerce app developers need to take security seriously, and I don't mean by saying "we take security seriously" when a consumer blog calls them on the carpet. I mean seriously like they really care about your data.