How creative are you when it comes to ordering a drink at Starbucks? Apparently, you are just as likely to keep ordering the same beverage as you are to use the same password for multiple websites. In an article in Computerworld Evan Schuman notes the security shortcomings of the Starbucks app:
The Starbucks mobile app, the most used mobile-payment app in the U.S., has been storing usernames, email addresses and passwords in clear text, Starbucks executives confirmed late on Tuesday (Jan. 14). The credentials were stored in such a way that anyone with access to the phone can see the passwords and usernames by connecting the phone to a PC. No jailbreaking of the phone is necessary. And that clear text also displays an extensive list of geolocation tracking points (latitude, longitude), a treasure trove of security and privacy gems for anyone who steals the phone.
This security vulnerability highlights the reality that convenience usually trumps security. We tend to prefer the usability of the app in saving the password, while continuously reusing the same password, since people don’t normally remember complex passwords for different apps. The moment one app reveals our password, we’ve left open doors to many other accounts.
In the world of touchscreens and multi-device applications, Tricerion SafeLogin is a perfect solution for a login mechanism that can never disclose login credentials, because a graphic password simply does not exist in an alphanumeric format. A SafeLogin credential isn’t shareable, and cannot be reused if the user record is compromised. Watch a video to see effective mutual authentication in action: