Security vs. convenience: How do you balance your passwords?

Security is at constant war with convenience. The stronger the passwords we use to keep our data safe, the more steps we take to lock down what we own, the less accessible our data and our devices become -- even to us. Balancing it all can be tough, and a lot depends on what the platforms and services we use do to help us. And nowhere is this more evident than mobile.

Multitouch keyboards, in large part, rely on things like like character pair prediction and auto-correct to make entry acceptable. Neither of those things are possible with passwords, and strong passwords require far higher than normal frequencies of shifting between upper and lower case, and between letters and numbers and symbols. It's the worst possible experience.

A 4-digit passcode lock, or weak password, gets around that by reducing the complexity at the expense of security. Intervals can also be set, so that your passcode is only required minutes after you last used your device instead of seconds. A short interval offers better protection should you lose your device or should a friend try to prank you during an unguarded moment, but it can be maddening if you need to complete a long series of intermittent tasks.

On iOS, ironically, Apple's security policies prevent password managers from working through Safari browser extensions the way they do on OS X, thus requiring more cumbersome copy-paste procedures, or the use of an in-app browser instead of Safari. Some websites, flabbergastingly, use JavaScript to block copy-paste, increasing the difficulty of using strong passwords.

2-step verification requires the use of an authenticator app, or the transmission of a token. Sometimes tokens don't work for no apparent reason, or network connectivity is spotty, complicating transmission. Sometimes it ends up being so secure, even you can't get in.

It's not an iOS-only problem either by any means. BlackBerry Z10 passcode entry is such that Adam Zeis of CrackBerry has stopped using a password to secure his phone.

It's possible future technologies like biometrics might make security more convenient, for example letting a thumbprint automagically allow access to a device. But what happens if your thumbprint is hacked or phished or otherwise compromised? You can't change your body as easily as you can a password.

Where do you stand between convenience and security? Do you use a passcode? A strong one? A password manager? 2-step verification? And what could be done to make being secure even more convenient for you?

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.