How to protect mobile app and browser passwords

PasswordMobile/website data breaches are in the news these days, so for the benefit of my readers this post will focus on securing your mobile website/app passwords. In most instances hackers are looking for scripting exploits on a website and/or via a browser (and this includes mobile apps) to key log/scrape data or inject malicious code.

Hackers are also looking for back-end access to the user centre database (SQL) to steal username and password credentials and upload them to sites such as Pastebin. Exposing a hack this way, damages the reputation and credibility of a website/business and in some instances can also affect its commercial operations. It also exposes your user credentials!

What makes a database hack all the more serious, is that users tend to use a single password for a number of websites (and mobile too as they will use the same passwords). One password can provide access to a multitude of user information including address, mobile and financial data, so it’s important users consider using different passwords for different sites.

There are two main problems with this approach. One problem is passwords you create are in clear text (before being hashed/salted by the website/mobile app & server) and the second you need to remember each password for each website/mobile app. The latter problem deters users from creating a unique password for a mobile/website app.

Here are mobile apps I recommend that will create a one-way hashed password for each mobile/website app you visit (reference:

Note: All these apps save the one-way hashed password to the clipboard. IMPORTANT: The Android clipboard is only stored in memory where the Android OS saves information that’s copied/cut. This function by default only saves the last clipboard copy/cut instance and is therefore overwritten with each new copy/paste.

Here are mobile apps I recommend that will securely store your one-way hashed password for each mobile website/app you visit (reference:

Remember, it’s impossible to 100% guarantee user credentials if the database has been hacked. One suggestion I have always liked is using a ‘one-way hash’ as a password which actually provide s high-level of protection from phishing scams. Phishing (the mobile equivalent is called “smishing”) sends an email and/or SMS with a malicious link (URL) which directs the user to a spoofed website (or JavaScript hacked genuine website) which then asks you for your username and password credentials.

Safe surfing folks!

This entry was posted in android, apple, blackberry, google, malware, mobile, privacy, windows and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *