|
|
|
|
|
|
by zorlem
4112 days ago
|
|
|
Take a look at Keepass2Android, I like it a lot. > An "acceptable" alternative would be to implement an indirect clipboard in which a trusted keyboard application can replay the string for a short duration but that's not going to happen either. Actually Keepass2Android does just that - it provides an (optional) dedicated keyboard layout that you can install and activate. > Whats worse is that probably most people who use a PWM on a mobile device choose to have a PIN lock on it after supplying the initial PW which reduces the PW complexity even further. Some password managers have the option for using a part of your password after the database is unlocked - you get a limited number of tries (configurable) and the database locks if you don't guess the short code. |
|
|
I use Keepass with an eToken on my PC, found too many things about the Android version if it that i don't like :)
As for the PIN part, most people will setup a 4 or 5 digit pin, you would be surprised how many PIN locks can be broken with using the 10 most common PIN's avoiding most lockouts. If you have the device it self then avoiding the PIN lockout is a trivial thing to begin with. IF you talk about the Keepass2Android then it has many issues including not encrypting the the DEK in memory while being active, caching way too much shit on disk, and overall having quite questionable other implementations so there's a good chance you won't have to brute force anything.