Rss

Archives for : passwords

Encryptr

Every now and then something comes along where you can see somebody’s put some serious thought in to what they’re designing. The Raspberry Pi is probably the first thing that comes to mind, the Pebble watch is another. Lego is a brilliant example.

With apps, it’s lesser so. Not because people don’t think about what they’re doing, but because there are so many out there that are either sloppy/lazy, through no fault of their own the developers don’t have the experience, or because they’re looking at a means of making money (adverts, data theft etc.). Some apps really do shine through though, Tasker, AutoRemote, Titanium Backup, Spideroak. [See an early list]

Latest to the list must be Encryptr. Like Spideroak, at its core it is built on the ZeroKnowledge principle. This got Spideroak some criticism because with ZeroKnowledge systems, only the end user (that’s you) can read what’s stored. Not GHCQ, not David Bloody Cameron, not the FBI, not even Spideroak themselves. All associated data is encrypted and can only be decrypted with a passcode, password, phrase, or similar.

For a little while now (since Dropbox was hacked for the second time) I’ve been looking for something that uses Spideroak’s approach, end point decryption for keeping passwords secure. After a quick search I decided the best way was to use Spideroak’s Hive. Spideroak has a couple of options, data is stored per machine or shared with all machines signed in to that account. Hive is the latter, so my passwords are securely synced with every machine I choose to sign in with. It meant that if I didn’t have a phone signal I was a bit stuck, but only passwords for internet based systems were being stored. It also meant that I had to be at a PC to create the file but Spideroak are currently looking to implement this as an option in an upcoming release.

Encryptr is the solution to the problem. It doesn’t matter if your phone gets lost, stolen, soaked or damaged because no data is stored on your phone. Every password, PIN, credit card number and note that’s stored is done so securely online. With cross platform availability, the same passwords on your phone can be synced with your Windows or Linux PC or even your Mac. It even offers a secure, randomly generated password for you when you input an entry. Best of all, it’s free. There’s no advertising, no sign up, no personal details required to use it, just a user name and a passphrase/password. That’s it.

As Encryptr’s web site states, there’s a down side. If you forget your username and/or passphrase you’re locked out. No ‘forgot my password’ option as they don’t ask for your email address. Taking this into account, you have to acknowledge the advantages far outweigh any risk of forgetting your username and passphrase.

Encryptr’s developers have obviously thought about what they’re doing. While basic, the app and its ethos have a solid foundation. I’d like to be able to put entries in folders, toggle the courtesy password on/off and select its length and complexity (upper/lower case, numbers, symbols etc) and be able to copy the password in to the clipboard, but these are suggestions for a later version.

Considering the app is only at version 1.1.0, what Encryptr have achieved is impressive.

 

Weaker passwords

So many web sites, so many passwords.  Unless you’re willing to risk using fewer than ten (or possibly only one) password for every site you use, you probably have the browser save the passwords and use a random password generator.

There are a number of apps which will generate passwords for you.  You can set the password strength and it will give you a unique password each time you ask for one.  If you’re hoping to get the same one twice, you’re probably going to die before it happens.  The apps give you nice, strong passwords.  Other apps will save the details for you, password keepers.

It’s not often, but from time to time I’ll come across a site which doesn’t allow the 40-50 digit passwords I tend to use.  Sometimes I’ll add a more, sometimes take a few off.  When I exit the app, the contents of the phone’s clipboard are sent to the PC.  From there I’ll often drop the password in to a .txt file and save it in Spideroak.  For those who don’t know, Spideroak is much like Dropbox but is fully secure, only decrypting the contents at the user’s device.

For the first time I’ve come across a web site which not only limits the length of the password, but doesn’t allow most of the special characters (for example !£$%^&*{[]}@’#~<>?/`¬\|etc.).  Eon Energy only allow the basic 0-9, A-Z, – and _.  For the first time since using password generators I’ve been effectively told my password is too strong, please use a weaker password, twice!

We’re living in a world where everyone is using stronger and stronger passwords.  Those with Microsoft qualifications need at least two special characters in their lengthy passwords.  Google, Twitter and Dropbox are amongst many sites using 2-step security, requiring a password and a code either generated by / sent to your phone.  These sites don’t require payments or personal information to use them, but they still offer 2-step security.

I didn’t sign up with Eon.  I was tempted to type in ‘password’, but in the end I was afraid it would be accepted.
Eon - too longEon - invalid format