So, iCloud was hacked somehow. I haven't seen any details as to how, but reading about people panicked and confused on twitter led me to a tweet[1] that said:
"Of course people pick terrible iCloud passwords. You can't enter a good password 50x per week on a mobile device. You'll go carpal." Which makes perfect sense. We have the same problem, we have a single sign on system, which is great for some things, but given the introduction of the phone with a touch-screen keyboard and mandatory password re-entry on app purchasing as well as new influx of users who create their account for the first time on the phone, people will tend to pick less secure passwords. Leaving aside 2FA as the answer, as it's clearly not widely adopted (for its complexity?), what can we do to make this a bit better in our platform? Can we confirm purchases and other tasks that are frequently used somehow differently than with the account password, and encourage (and/or force) better passwords for the general account? To try and reduce the scope of the discussion, I'm mostly looking for proposals that would be implementable in the short or mid term, rather than changes that would require 6 or more months to implement across the platform (which we may need to, but I wouldn't want to start off that discussion here and now). Any other ideas? thanks! [1] https://twitter.com/matthew_d_green/status/506427220546826240 -- Martin -- Mailing list: https://launchpad.net/~ubuntu-phone Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-phone More help : https://help.launchpad.net/ListHelp
