Let users have different passwords for web logins and mobile logins.
Why? Because in my desktop browser I can use a password manager to store strong passwords. In your proprietary mobile app, I will (almost certainly) have to type the password in manually, and on a tiny keyboard, which makes it almost impossible to use a strong password in that context. Also, it's actually not necessary to use a strong password in a mobile app because you can use the device identifier as an additional security factor.
And for the love of God, don't deliberately undermine the use of password managers by disabling autofill in your login forms. (I'm looking at you, Citibank!)
LastPass is a password manager that is free for desktops, but also has a mobile version (for a premium price). That may solve your problem.
ReplyDeleteOf course, they recently had a security break-in. So nothing's perfect.
It sounds like you might like XKCD's Password Strength comic strip.
ReplyDelete1Password does exactly what you want on iOS but I'm guessing you don't use an iPhone.
ReplyDelete