App developers who work on sensitive projects like banking apps, e-commerce or e-payment apps, and other apps dealing with personal information and/or financial information, know that strong passwords are just one small part of an overall secure app. However, if the user’s device winds up in the wrong hands or gets hacked on a public Wi-Fi, it could be the most important part. Here are some policies to require users to choose and use the most secure passwords possible.
1. Longer Passwords are Better Passwords
Make the password longer to boost security. The potential number of combinations for a 4-digit password is 10,000, but the number of possible combinations for an 6-digit password skyrockets to 136,080.
While it isn’t the only way to break a password, one of the most common means is to use a program that cycles through millions of potential passwords until it hits the right combination. It takes significantly more time and effort to crack an 8-character password than a 6-character one. Similarly, 10-character passwords are considerably more secure than 8-characters, and a 16-character password is a tough nut to crack, indeed! Pick a length based on the level of security you need.
2. Diverse Characters are Preferable
Even a 16-character password is easier to crack if it is made of all lower case letters, or all letters and no other characters. The strongest passwords contain a variance of four types of characters: upper case letters, lower case letters, numbers, and special characters (like the ampersand, pound sign or hashtag symbol, at symbol, etc.).
3. No Repeating Characters
Sequences like 55555 or 12345 are easier to guess than random ones like 51324. It’s best not to allow repeating characters in a password and to discourage ridiculously easy patterns like sequential numbering or popular numbers and sequences like 8675309 or 0U812.
4. Change Passwords Frequently
Since data breaches have become the norm and it’s always possible that someone observed you enter a password or otherwise found a way to guess or crack a passcode, it’s best to create new passwords rather regularly. Depending on how critical security is for your particular app, consider requiring password changes every 30, 60, or 90 days. No passwords should remain the same more than 6 months.
5. Consider Using Pass Phrases to Add Complexity and Randomness
Many people complain that they have trouble remembering long, difficult passwords. There are password managers to help, but many worry about using a cloud-based password manager. One trick that can help is to use the first letters of a song, movie title, or popular phrase. For example, create a password using the first letters of, “I Feel The Need, The Need For Speed.” Users can substitute certain symbols for letters (such as the dollar sign for S) or enter special characters between each letter.
6. Do Not Allow Users to Use Passwords Based on Real Identifying Information
Fido and Fluffy make excellent names, but not good passwords. You might not be able to enforce a policy of disallowing pet names, children’s names, etc., but you can make it clear to the user that those aren’t good choices.
While it is impossible to enforce this policy, adding the requirement probably deters most users from doing so. You won’t know that Buffy2009 is their dog’s name and birthday, but they’ll feel silly using that if you’ve made it clear they shouldn’t.
When it’s time to develop your super-secure mobile app, visit Glance. We have the knowledge and experience you need to develop a secure app that’s safe for your users and for your company. Contact us to get started today.