Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® OS Smartphones


Thank you for visiting the BlackBerry Support Community Forums.

BlackBerry will be closing the BlackBerry Support Community Forums Device Forums on April 1st (Developers, see below)

BlackBerry remains committed to providing excellent customer support to our customers. We are delighted to direct you to the CrackBerry Forums, a well-established and thorough support channel, for continued BlackBerry support. Please visit http://forums.crackberry.com or http://crackberry.com/ask. You can also continue to visit BlackBerry Support or the BlackBerry Knowledge Base for official support options available for your BlackBerry Smartphone.

"When we launched CrackBerry.com 10 years ago, we set out to make it a fun and useful destination where BlackBerry Smartphone owners could share their excitement and learn to unleash the full potential of their BlackBerry. A decade later, the CrackBerry community is as active and passionate as ever and I know our knowledgeable members and volunteers will be excited to welcome and assist more BlackBerry owners with their questions."

- Kevin Michaluk, Founder, CrackBerry.com

Developers, for more information about the BlackBerry Developer Community please review Join the Conversation on the BlackBerry Developer Community Forums found on Inside BlackBerry.


Reply
Highlighted
New Contributor
Posts: 2
Registered: ‎08-24-2009
My Device: Pearl 3G

Password vs. SureType = INSECURE in AppWorld 3.1.0.56 (BlackBerry ID?)

I downloaded AppWorld 3.1.0.56 and successfully updated BlackBerry ID.  (No problems there, unlike for many others here).

 

However, now when I log into AppWorld (maybe this is actually BlackBerry ID?) the password field shows up in clear text (even when the "Show password" box is not checked).  Not the most amazing from a security point of view, but much more annoying is that since it displays in clear text, SureType tries to be clever about turning the password into an English word.

 

Choosing actual words for a password is also a bad idea, and in fact I have chosen passwords for all accounts I use on BB to use only numbers or the leftmost of two letters so that I can type them pressing each button once (with ALT for the numbers) - but that only works if SureType is not enabled (and generally for passwords, SureType is disabled and multi-click mode is used).

 

As an added insecurity bonus, I suspect that at some point I might end up teaching SureType to recognize my password, meaning that it will show up in its dictionaries - also not good.

 

When will RIM fix this problem for SureType phones (ideally including the touchscreen ones in SureType mode but I would be happy with a fix for just Pearl)?  The password field should have a conventional *****x password display where only the most recent character is visible for a second, in multi-click mode, with SureType turned off by default.  The current mode is insecure (even on non-SureType phones, clear-text password display is a bad idea) and extremely annoying for SureType users.

 

 

@alex
[Pearl 3G 9100 v5.0.0.921]