Mobile/website data breaches are in the news these days, so for the benefit of my readers this post will focus on securing your mobile website/app passwords. In most instances hackers are looking for scripting exploits on a website and/or via a browser (and this includes mobile apps) to key log/scrape data or inject malicious code.
Hackers are also looking for back-end access to the user centre database (SQL) to steal username and password credentials and upload them to sites such as Pastebin. Exposing a hack this way, damages the reputation and credibility of a website/business and in some instances can also affect its commercial operations. It also exposes your user credentials!
What makes a database hack all the more serious, is that users tend to use a single password for a number of websites (and mobile too as they will use the same passwords). One password can provide access to a multitude of user information including address, mobile and financial data, so it’s important users consider using different passwords for different sites.
There are two main problems with this approach. One problem is passwords you create are in clear text (before being hashed/salted by the website/mobile app & server) and the second you need to remember each password for each website/mobile app. The latter problem deters users from creating a unique password for a mobile/website app.
Here are mobile apps I recommend that will create a one-way hashed password for each mobile/website app you visit (reference: http://crypto.stanford.edu/PwdHash/):
- Android – pwdhash
- Blackberry BB10 – PasswordHash
- Windows Phone – PwdHash
- iPhone – Hashapass password generator
Note: All these apps save the one-way hashed password to the clipboard. IMPORTANT: The Android clipboard is only stored in memory where the Android OS saves information that’s copied/cut. This function by default only saves the last clipboard copy/cut instance and is therefore overwritten with each new copy/paste.
Here are mobile apps I recommend that will securely store your one-way hashed password for each mobile website/app you visit (reference: http://crypto.stanford.edu/PwdHash/):
- Android – Keeper Password & Data Vault
- BlackBerry BB10 – Password Keeper
- Windows Phone – Password Manager (Windows Phone 8/7.5
- iPhone – MiniKeePass – Secure Password Manager (you can also use this app to generate one-way hashed passwords)
Safe surfing folks!