SafeInCloud password manager mini-review May 20, 2015 — BarryK Preamble We all have this problem: heaps of passwords to remember. Heck, not just passwords, but lots and lots of personal and business data, stuff that is sensitive and could be used for identity theft if an unscrupulous person got hold of it. I found SafeInCloud to be one of these modern secure information managers, very customizable, and a delight to use. Blackweb gaming mouse right click. However, as I explained in the review, I decided to discontinue its use, due to lack of a virtual keyboard for entering the master password. Since then, I have been testing more password managers, and finally I have found one that. If a password manager that is easy to use and costs a very small one-time fee is what you want, SafeInCloud seems like an excellent option. The fact that passwords are never transmitted to company servers is a plus, and retaining full control over your keys is excellent.
B-Folders password manager review
I recently wrote a mini-review of SafeInCloud, a very nice password manager:http://bkhome.org/news/201505/safeincloud-password-manager-mini-review.html
These days, a 'password manager' holds much more than just usernames and passwords, and can be used to keep a wide variety of information secure. I found SafeInCloud to be one of these modern secure information managers, very customizable, and a delight to use.
However, as I explained in the review, I decided to discontinue its use, due to lack of a virtual keyboard for entering the master password.
Since then, I have been testing more password managers, and finally I have found one that ticks all the boxes: B-Folders.
Security
The developers of B-Folders have put a lot of thought into security, and I cannot see anywhere that might be a potential weakness.
The Android version uses an internal webkit-based browser, to take care of secure auto-filling for login, though external browsers can be used, even the clipboard (which is cleared immediately after use).
B-Folders can use a virtual keyboard for entering the master password, the lack of which worried me with SafeInCloud and many other password managers.
However, the virtual keyboard is only for numeric input. For alpha-numeric entry, the standard Android keyboard is used.
Hmmm, a numeric password will have to be very long to be uncrackable -- see further notes on this at the end of this review.
B-Folders does not support a fingerprint sensor for login. There is probably a good reason for this, as B-Folders does not want to store the master password. Using a fingerprint scanner means that the master password has to be stored locally, encrypted of course, but that is still a potential weakness.
Installation
I obtained B-Folders from the Google Play Store:
https://play.google.com/store/apps/details?id=com.jointlogic.bfolders.android
OK, it is free, but offers an in-app purchase. This is a 'Utility pack', that cost me $6.20, with some useful, though not essential, extras.
Usage
B-Folders does not have the 'bling' of SafeInCloud, and in a few places is less intuitive. So, I had a good read of the online docs. I found that it actually is easy to use, and was soon entering data and testing online logins.
It is the 'card' paradigm, in this case with folder hierarchy. There are ready-made cards, which can be customised for each instantiation, and new card templates can be created. Overall, extremely flexible for entering any kind of textual data.
Safeincloud Edge Extension
B-Folders is touted as a password manager, notepad, task manager, contact manager, bookmark manager, and journal. Or anything else requiring secure textual storage.It runs on the desktop also, on Windows, Mac and Linux --for a price of US$30 each. Here is a desktop snapshot:
Running on Android though, the UI is a bit more constrained. Showing the equivalent of the above picture, this first snaphot shows the top-level:
Here are cards inside the 'Banking' folder:
This is the content of one of the cards:Clicking on a URL in a card, there is an offer to open with internal or system browser (or any other browser that is installed) (this is all customizable):
Sync and backup
SafeInCloud uses the Cloud for storage and consider it safe, as the database is a single encrypted file. The very fact of it being in the Cloud may be seen as a security threat, but if the password is uncrackable, all should be OK.
B-Folders takes a different approach, achieving syncing with its own wi-fi direct connection (or USB cable) between two devices. I haven't yet tried this, however, I have read user feedback, and they are positive reports.
Backup creates a copy of the database file. I tested this, and it reported a file 'storage/sdcard0/backups.dat/2015-06-10_10-15_56.jrb' has been created.
There is also a restore from backup option.
Perhaps it would be nice to have send-to (share) for backup. Individual cards can be shared (which I think requires the paid Utility pack), and this sends a .vcf (Electronic Business Card) text file.
Master password
This is a snapshot of the virtual keypad for entering the master password:
Yes, it is good to have a virtual keyboard, I am happy about that. Numeric-only though, hmmm. I did some experiments, and yes, I can create a very secure numeric-only password, but it has to be quite long.
Here are some password strength checkers, that also estimate time to crack:
https://howsecureismypassword.net/
https://www.comparitech.com/privacy-security-tools/password-strength-test/
..warning, do not enter your actual proposed master password into these checkers! They could be sneakily collecting passwords. These sites are probably OK, but you never know.
In the case of a numeric-only password, a 18-digit to 24-digit non-repetitive, non-sequential password is very secure, taking centuries to crack. Of course, this depends on the hardware that is thrown at it.
The challenge though, is to create a long numeric password that can be remembered. And it must be remembered, as your entire life is in that file!
Conclusions
I love this app, the best password manager that I have found so far.
I would like to make some recommendations to the developers:
1.
Safeincloud Pro
A custom folder for 'Login list'. Just as there already exists 'Task list', 'Contact list' and 'Journal', which are effectively folders in which tasks, contact and journal cards can be created.2. Send-to or sharing of the database file, as another way to backup or archive.
3. Markup for notes and journal cards.
Number 3 would be a nice enhancement, I think. Currently, the notes field in a card is plain-text only. It would be nice to be able to specify things like bold, italic, list, which can be saved as RTF, BBCODE or something similar.
I already tested entering a URL into a note, and it got recognised and became a link. Well, this principle can be extended, even perhaps to displaying images (img link, perhaps not embedded images).
Developer JointLogic website:
http://www.jointlogic.com/b-folders/
Comments
Perhaps a more generic implementation for number-1 in my wish-list:When creating a new folder, allow assigning it a custom icon, and specify what cards can be opened in it.
That would be completely open, so the user can create any kind of folders. Including, if desired, a 'Login list' type that only allows 'Login' cards inside it.
1password and authy. Tags: light
SafeInCloud password manager mini-review
PreambleWe all have this problem: heaps of passwords to remember. Heck, not just passwords, but lots and lots of personal and business data, stuff that is sensitive and could be used for identity theft if an unscrupulous person got hold of it.
There is an alternative. As I discovered recently, password managers have come a long way. Modern ones are not just for passwords, they can store everything. That is, they do not just have the traditional old 'login:password' fields. Now, they are completely customisable, allowing you to add many types of fields, including, login, password, URL, email, phone number, pin, notes.
Furthermore, in phones, they integrate with the system and link automatically with the email client, phone dialer, sms messenger, etc.
So, we can 'put all our eggs in one basket', have a single encrypted file with our entire identity in it, and one master password.
Typically, this file is saved online, using a Cloud service such as Dropbox or Google Drive, so you can access it from multiple phones and computers.
This is exciting, but isn't it also a bit scary? That master password has to be uncrackable. Unlike other passwords -- if you try to login to PayPal for example, you can only try so many times -- so it seems reasonable that a less-than-uncrackable password will suffice.Then your uncrackable master password has to be something that you can remember. Actually, these are two opposing goals. Anyway, you can devise a reasonably uncrackable password of 8 or 9 characters, that you can train yourself to remember.
SafeInCloud
So, I read lots of reviews of the main password managers for Android in the marketplace. I settled on SafeInCloud, purchased for AU$6.49 from here:
https://play.google.com/store/apps/details?id=com.safeincloud
A nice overview is to be found at the developer's website:
https://safe-in-cloud.com/en/android.html
Actual usage is extremely easy, in fact a pleasure. It is a very good idea to spend some time thinking about what 'templates' and 'tags' you want.
For example, I created a 'Contact' template, and assigned it a default 'People' tag. This means that SafeInCloud has also become my people database, and a very nice job it does of that -- I tested the phone-number and email fields, they work great -- clicking a phone-number field brings up the Android dialer, with option to phone or sms. A URL can launch the internal browser.
I am saving to Google Drive, though it can also save locally -- so you can back it up to an SD card if you wish.
Regarding online logins, there are security issues with using the clipboard, as discussed here:
http://arstechnica.com/security/2014/11/using-a-password-manager-on-android-it-may-be-wide-open-to-sniffing-attacks/
SafeInCloud gets around this by using a builtin browser. I tested this, it works fine.
There is auto-fill for Android Chrome, but only for Lollipop. I have KitKat. I presume that Lollipop has a more secure way of performing auto-fill.
Conclusions
Absolutely love it, however, I decided to stop using it, for now anyway. There is something that to me seems to be the achille's heel of SafeInCloud, and that is entry of the master password.
For security reasons, the program will time-out, or after having lost focus, and need the master password to be re-entered. So, I found myself typing in this master password many times ..which got me thinking, and worrying.
Malware can sniff the keyboard. Can you guarantee that you don't have such a sniffing malware in your phone or PC? This problem is discussed here:
http://www.makeuseof.com/tag/four-ways-you-can-protect-your-password-managers-from-malware/
SafeInCloud uses the Android keyboard, and this is what I identified as the achille's heel. I contacted the developer and asked if there is any plan to implement a 'virtual keyboard' -- the developer Andrey promptly replied, yes, but he cannot say when.
There are some other password managers that do have a virtual keyboard, such as DataVault, Steganos, LastPass, KeePass2Android and Password Safe.
Oh, I should add that SafeInCloud supports the fingerprint scanner in Android and iPhones. If the developer can expand that to some of the other Android phones now emerging with fingerprint scanners, that will be great.
However, a master password is still required, and it is saved in the phone. So, the master password will still need to be entered once, via a keyboard. Then there is the security issue of it being stored, encrypted, in the phone.
The master password
I played around, trying to find that elusive master password, both uncrackable and rememberable. One problem is that different password checkers give different results.
Here is some discussion on password strength:
https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/
And here is the author's 'zxcvbn' online checker:
https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html
-- this is the estimator that SafeInCloud uses.
I came up with a 9-character password that the zxcvbn checker reported will take centuries to crack. However, another checker reported it as weak. Hmmm. My password has a slightly repetitive pattern, non-phonetic, non-English, but I reckon that a cracker algorithm could hunt for such patterns, so I doubt the accuracy of the zxcvbn checker.
Comments
I am currently not using SafeInCloud, now using B-Folders, see review here:http://bkhome.org/news/201506/b-folders-password-manager-review.html
I was using B-Folders and found it was unable to recognise the login/password fields for a couple of websites:
http://m.aliexpress.com
http://my.virginbroadband.com.au
So I tested with SafeInCloud, and it has same problem with Aliexpress, but works with Virgin.
I also noticed that the in-built browser in SafeInCloud is better integrated than with B-Folders. Such as the Back button to go back from browser to SafeInCloud card, and SafeInCloud-specific menu items in the browser.
It made me realise that the level of sophistication of SafeInCloud is well above that of B-Folders.
Google+ SafeInCloud beta testing community:
https://plus.google.com/communities/116800119793272104126
SafeInCloud blog:
https://safe-in-cloud.com/en/blog.html
I still like B-Folders. There are strengths and weaknesses of each, but overall I decided that SafeInCloud suits my needs. Also, SIC supports the fingerprint scanner in iPhone and Samsung phones -- and I have just about decided that I will purchase the Samsung Note 5 later this year.
For newcomers to SafeInCloud, a bit of advice: do spend some time thinking about
Safeincloud Password Manager Reviews
Labels before jumping in and creating lots of cards.SIC does not have a hierarchical folders structure, instead it is 'flat' but with Labels. Labels are kind of like folders, as you can choose to view cards of one type of Label, but it is not a nested (multi-level) hierarchy.
These are the Labels I created, for my simple needs:
Business, Misc, Notes, People, WWW
Just think of those as folders, in which you will create cards.
Apart from creating cards, you can also create what is called a Note, which is just a card without any specific fields, just one field for typing any notes.
However, any URLs or email addresses that you type into the note 'card' will be automatically recognised as-such, and you can click on them to open a browser or send an email.
..It would be nice if that could be extended to auto-recognise phone numbers also.
In fact, all of the cards have a Note field, so on any card you can type in any extra stuff.
Also at the bottom of all cards, you can append a photo.
Tags: light Download hay day for mac.