How to properly organize the storage of passwords in Android?
Let's talk about how you can't store passwords in Android. The first thing that cannot be done is to store (save) passwords in the browser, and this applies not only to mobile devices, but also to personal computer users. Also, you cannot store passwords in text files or notes. The best way to store Android passwords is by using password managers.
Well, now let's talk about how to properly organize the storage of Android passwords. I will tell you how to choose a password keeper for Android and show you how to download, configure and use the popular and beloved free password manager for Android.
You may also be interested in the article "", in which we told you how to use the application "Firewall without root" to protect a mobile device.
- Foreword
- KeePassDroid password store
- Installing KeePassDroid
- Adding a new entry
- Working with passwords
- Editing a record
- Complex password generator
- Password Database Lock
- Database backup
- Change master password
- Buffer flush timer
- Base lock timer
Why KeePassDroid?
It is the most reliable password manager today. Recent applications for storing passwords on Android have shown that most of them have big problems and are not safe to use.
As it turns out, the password managers My Passwords, Informaticore Password Manager, LastPass, Keeper, F-Secure KEY, Dashlane Password Manager, Keepsafe, Avast Passwords, and 1Password store passwords in clear text, and encryption keys can be found in their code.
Conclusion: Store Android passwords with the KeePass app! And everywhere both on Android using KeePassDroid and on a PC using KeePass.
Storing Android passwords in KeePassDroid
KeePassDroid is a small free application for securely storing passwords and confidential data in encrypted form. Supports working with * .kdb databases of KeePass 1.x / 2.x and higher.
Installing KeePassDroid
To get started, you need to download KeePassDroid. Follow the link to Google Play and click the install button.
The app requires the following permissions. We agree and click "Accept".
After installation, launch the program by clicking on the "Open" button.
You can also download the KeePassDroid APK file from the source, from the official website.
Note. Don't download APKs from warez sites and forums. From my experience I can say that half of them are infected with malware.
If you have a password store file, open it with the "Open" button. If this is your first time using the application, then you will have to create a password database first.
The "Change base password" window will open. You need to come up with a password that will protect the password database from unauthorized access (master password).
This password must be unique and. This is the only password you have to remember. Only with its help will you be able to open your KeePass password database.
The master password can be changed in the future. The main thing is not to forget it!
Repeat the password on the second line.
The field "Key file" can be left blank. This item serves to open the password file using both a master password and a link to a specific (chosen by you) file. If the file you selected is missing, an attacker will not be able to open the password store.
After creating the KeePass database, the main program window will appear:
Adding a new entry
For convenience, the KeePassDroid password manager can store information about passwords in groups. By default, the program creates two groups Email and Internet.
You can change the names of these groups or delete them altogether. And of course, you can create your own groups for the convenience of working with passwords.
To do this, click on the "New group" button and enter the name of the new group.
You can also change the group icon.
There are several fields in the add record window.
None of the fields other than the first are required.
- Name. Each password entry should have a name by which it can be identified and found in the database. In my case, Gmail.
- Login. Username, which, together with the password, serves for authorization on the site.
- Link. The address of the website to which you will be logged in.
- Password: Password to access your account on the sites. On the right side there is a password generator button - a convenient way to create a complex password.
- The confirmation. Re-enter the password.
- Comment. In this field, you can specify any information regarding the account.
Note. Changing the password in the KeePassDroid database, you do not automatically change it on the site. KeePassDroid is a secure password storage. The app only stores your data locally and nothing else.
After filling in the required fields, click "Save" and your new password will appear in the group.
Working with passwords
The password saved in the manager can be quite long and complex, it is certainly not easy to remember such a password, but fortunately, you can copy the password from the database to the clipboard, and then paste it into the browser on the site.
It's easy to do. Open the password store and find the entry with the desired password. Tap (press) on the program menu button.
Then a window with several items will appear. Click on the item to place login or password in the memory buffer.
Now open the desired site or application, tap on the appropriate field, and then on the pop-up word "Insert".
Editing a record
The user can change the password or other data of the authorization account on the site. For security reasons, I recommend changing passwords occasionally (at least once a year).
Click on the group and find the desired entry.
Then we press “Edit”, make changes and press “Save”.
Complex password generator
Long passwords consisting of random characters from different sets are a reliable means of protection against hacking, but in reality they are not so easy to create. As a rule, for memorization, the user brings his own logic to the password he comes up with. After which the password becomes less strong. The password keeper we are considering has its own password generator that helps to overcome this problem.
Open the window for creating or editing a record. Click on the button with three dots next to the password field.
The password generator window appears.
By default, you will be prompted for an 8-character password, but I recommend choosing more complex passwords, that is, more authentic and using special characters: upper and lower case letters and numbers, as well as hyphen and underscore, to increase password strength.
"Quick buttons" provide a choice (6, 8, 12, 16 characters). You can also set the password length manually. If the site for which you create an account does not set special restrictions on the length of the password, then I advise you to choose a 20-character or longer password. In my example, the password is 28 characters long.
We click on the button "Create password".
If for some reason you do not like the password, you can click this button again to re-create the password.
At the end, tap on the "Accept" button.
Password Database Lock
Why do you need to block the base?
This is necessary in cases where you are using KeePassDroid and want to interrupt, move away, etc. and you will have to leave your phone unattended for a while. From the point of view of information security, this is an unjustified risk. In such cases, you can lock the database without terminating the application.
This is done like this: click on the lock icon at the top of the window.
KeePassDroid returns us to the entrance to the database, where you need to enter the master password again.
Database backup
The KeePassDroid base is a file that by default has the .kdb extension. By default, the database is located in the keepass folder. Here is the full address:
/ mnt / sdcard / keepass
Important. The .kdb extension "gives out" the password database. It's pretty easy for an attacker to guess this. If he gets access to your phone even for a short time, he can copy or mail himself the password file in order to try to find out the master password in the future and get your data. Better if the attacker does not know exactly where your password file is stored. Therefore, I recommend:
- Rename the .kdb file, giving it an unrelated name and extension.
- Move the password store file from the default folder to another folder where it will not attract attention. (Do not store the password file in a folder that can be deleted!).
To do this, you can use any file manager or do it by connecting your phone to your computer.
To back up your passwords, just copy the .kdb file to your computer (USB flash drive or other media). Remember that the file can also be opened in KeePass on different operating systems. You can learn how to use KeePass on Windows by following the link at the beginning of the article.
Change master password
You can change the master password at any time. I recommend doing this as often as possible, even if the password has not been compromised.
Open the Password Database (as usual).
Click on the menu call icon in the upper right of the screen.
In the menu that appears, select "Database password".
Surely each of us is registered in a social network, or at least just has an email account. And each of us should understand that simple passwords are easy to guess and should be discarded. But, unfortunately, not all people follow this and can simply dishonestly treat the choice of a password by setting deliberately weak passwords, like "123456" or very common "Qwerty"... Yes, such passwords are easy to remember, but if they store personal information for you, then most likely you will have to say goodbye to it soon. As for the services that store our passwords, they appeared a long time ago, but the mobile versions appeared not so long ago.
So, today's review of the most popular password storage applications includes: mSecure Password Manager, RoboForm, KeePassDroid, Last pass, 1Password Reader and Safebox.
mSecure Password Manager
- Category: Work
- Developer: mSeven Software LLC
- Version: 3.5.3
- Price: 10 $ - Google Play
mSecure Password Manager - an application that differs from the others presented in the review in that it has just a huge functionality and the most structured interface (it is convenient to view it not only on a smartphone, but also on a tablet).
If this is your first time running this application, you will be prompted to enter a password and remember it. By setting a password for the application, you thereby protect your data, which can later be added and set separate passwords for them. A distinctive feature of this application is the availability of several methods for creating backup copies of data and the possibility of synchronization, both with mobile devices and personal computers. If desired, a copy of the data can be sent to you by e-mail, saved to a memory card, or even uploaded to the cloud storage Dropbox.
It is worth saying a few words about encryption methods, because it is thanks to the 256-bit encryption using the Blowfish algorithm that your data is well protected. As already mentioned, the application has received a very convenient and well-structured interface that allows you to easily add files or find the information you need. In addition, one of the 200 available icons can be assigned to each of the files.
The application is distributed on a paid basis, you can purchase it at Google play at a price of $ 10. The price, in my opinion, is overpriced, especially since the desktop version for Windows it costs even more - about $ 20.
pros:
- Convenient application interface;
- 256-bit data encryption;
- Several ways to create backup copies of data;
- Fast and stable operation of the application.
Minuses:
- High price.
RoboForm
- Category: Personalization
- Developer: Siber Systems Inc
- Version: 4.04
- Price: Free - Google Play
RoboForm Is a very old service designed to store the most confidential data. This service was released so long ago that it managed to become popular on such operating systems as Palm OS and Windows Mobile, but the developers did not stop there and released a version for both iOS and Android.
As for the available functionality, everything is standard here: the ability to store passwords, divide information into different categories, automatic generation of passwords, and, of course, synchronization with well-known cloud storages (this function is automatically performed when the application is first launched on a mobile device).
For more functional work on the network, the application prompts the user to install the necessary extensions on such popular browsers as Firefox and Dolphin, without which you can only create password-protected notes.
This service is best used in constant synchronization with the desktop version of the program. And the most important point is the fact that you can do it for free. The RoboForm app for Android can be downloaded from Google Play absolutely free.
Pros:
- The server is absolutely free;
- Convenient extensions for mobile browsers;
- Good functionality.
Minuses:
- Lack of Russian;
- Not the most user-friendly interface.
KeePassDroid
- Category: Tools
- Developer: Brian Pellin
- Version: 1.99.11
- Price: Free - Google Play
KeePassDroid - another password storage manager, the functionality of which can be tested absolutely free of charge, while the application source code can be used by absolutely any user. This feature can be called a huge plus and I would like to thank the author of the application for this opportunity.
The app's features are pretty classic. The first run means creating a key file that will store all information about accounts and passwords. All passwords will be encrypted using a pre-prepared AES encryption algorithm.
Despite its convenient and simple interface, the application can easily group records. This feature allows you to store data from multiple services in one application. In addition, the application can easily copy the login and password in just one click. After the data is copied in the status bar, you can see a notification about the successful completion of the data transfer.
Another useful function in the application is the ability to create an automatic password, while you need to specify which characters will be indicated in the password, its length, the presence of special characters and other parameters.
It is thanks to its free and free distribution that the application KeePassDroid has several third-party clients for working on a personal computer under control Windows, Macand Linux.
pros:
- Absolute gratuitousness and freedom of distribution;
- Simple and user-friendly interface.
- Auto-generation of passwords.
- There are desktop versions of the program for a variety of operating systems
Minuses:
- Morally outdated interface;
- There is no ability to work with bowsers.
Last pass
- Category: Work
- Developer: LastPass
- Version: 3.2.18
- Price: Free - Google Play
Last pass Is one of the most convenient cloud password manager. This service boasts a huge number of plugins for most popular browsers, including mobile ones. This manager can easily fill in the login and password on any website.
To a greater extent, the maximum functionality of the application can be achieved in the most popular mobile browser Dolphin for which several plugins have been created at once to facilitate the work with the service.
Almost all basic browser functions can be used absolutely free. I would like to point out the possibility of installing this application on such operating systems as Windows Phone, BlackBerry, Symbian, Windows Mobile and even WebOS.
application Last pass for android you can download absolutely free, but if you need to use the available plugins, then you need to buy a subscription for 1 dollar per month or 12 per year of use.
pros:
- Convenient interface;
- The presence of the Russian language;
- Storing all passwords in the cloud;
- Synchronization with the desktop version.
Minuses:
- Using a mobile plugin for money only;
- Low functionality of the application compared to its main competitors.
1Password Reader
- Category: Work
- Developer: AgileBits Inc
- Version: #1.8.5.2
- Price: Free - Google Play
1Password - if anyone does not know, then this application was at one time the most popular among all on the iOS platform. The developers quickly created an application for Android, but for unknown reasons, the functionality turned out to be not much stripped down than in the iOS version.
An application that can be downloaded for free at Google play allows you to easily access information that has been added using a PC. We can use this data for our own purposes, but unfortunately, we do not have the ability to add new capabilities from a mobile device.
The application interface is really modest. But it is this application that remains the only one that can easily work with the desktop version of the program. 1Password.
pros:
- Full synchronization with the desktop version of the program.
Minuses:
- There is no possibility to add new files;
- Inconvenient and little-functional interface.
- Category: Tools
- Developer: Aleksey Zholdak
- Version: 1.22.9
- Price: Free - Google Play
- Pro version - Google Play
Outcome:
Of all the above managers for storing passwords, I would like to point out the very first, namely mSecure Password Manager, I liked it more in terms of design, and in terms of functionality it seemed the most practical. Yes, it is more expensive than all the other programs presented in the review, but if we are talking about confidential data, then there is no trifle here. In any case, the choice will always be yours, dear users.
Articles and Life Hacks
Everyone knows that in the bowels of a mobile device you can find a section, where passwords are stored in android... However, many people think that these passwords are still in the public domain, and if the phone is lost, someone can use the account simply by opening the "account.db" folder. In fact, this is a huge misconception. This is much more complicated than that, since everything is tied to the hardware.
When you sign up with Google, you enter your email address and password. Then your device sends an imei code to the server, which is unique for all phone models, and in response receives an authorization token (auth token). This token will be valid only for your phone and it is he, and not the password from the account, and will be in the account.db folder. "
If you lose a device that was registered, you can log into your Google account, for example, from a computer and turn it off. Now no one can enter your personal account from a lost device.
Saved passwords in android browser
Using the mobile Internet, we often visit sites where registration is needed, and to save time we press the "Remember" button. At the same time, we do not think about where passwords are stored in android, which we indicate at the same time. And they are saved in the browser that we use, for example, Opera mini. And if you have the right programs, this data is easily viewed. And for this it is not at all necessary to know, everything is made easier.
To see the saved passwords, you need a special program that provides administrative rights. It could be Universal Androot or any other similar service. You also need to download the SQLite Editor application and run it. At the first start, the program may scan your device for the presence of a database, after which it will display a list of applications that have their own database. Find the browser you are using in the list and click on it. Now a menu will appear in front of you, in it you need to select “webview. db ". In the "password" window that appears, you can find all the passwords that have been saved in the browser.
Is it possible to hide passwords in android
You will hardly be able to hide saved passwords. Therefore, if someone else has access to your mobile device besides you, then adhere to the following rules:
1) Refuse the "Remember" item when registering a new account.
2) After each visit to the Internet, delete your browsing history.
3) Clean your cache at least once a week.
Surely everyone has forgotten their password from email or account of any of the social networks. Many Internet resources that provide an authentication procedure offer the user in such a situation the ability to recover a forgotten password. This can be a security question specified during registration, an SMS message sent to a phone number, etc.
However, it is possible that the phone number or the same e-mail is lost. Then, for example, having forgotten the password from the VKontakte account, the user will not be able to send a special code by a message due to the fact that the subscriber number has already been linked to another page, and the mail account has not been used for a long time.
In such cases, the password recovery procedure takes quite a long time and consists in compiling a whole questionnaire with passport data, sending a screenshot from the display, where the completed page would be visible.
It turns out that owners of Android devices have the ability to recover the password for their VK page much easier. How to find out the password from "VK" on Android? To do this, you need to know where the passwords are stored. We will talk about this now.
If you used the function of saving passwords on your device, then it will not be difficult to see the forgotten password:
The fact is that the saved passwords are located in the browser, where, as a rule, it is possible to see the password, which is hidden behind the asterisks. What should we do:
Using system functions
Open the browser (in the screenshot of Google Chrome) in the search bar, enter the link passwords.google.com In the opened window “ Saved passwords"We find the required application or site, in our case, it is" Vkontakte ", we see the login (email address) and the password hidden behind the asterisks. To see the password itself, you need to click on the icon that looks like an eye:
Via a browser on a computer
If you have one account in VK on all devices and the login was carried out automatically (ie the password was saved), then you can see the password hidden under the asterisks on your computer. This method will be relevant if, for some reason, you cannot use the previous instruction.
The first way
Open a browser window. In the upper right corner, click the icon to call the settings (three parallel lines). In the "Settings" section, at the very bottom, click on "Additional settings", find the item "Passwords and forms", select the second line "Offer to save passwords for sites", click on the "Configure" item. In the window that opens with passwords in the search bar, enter the address of the desired site or login:
Now in the list of sites with saved passwords, click on VK and then activate the "Show" button, after which, in the field where the asterisks were, we will see our password:
Second way
We are happy to publish instructions for those users who are not used to looking for easy ways to solve a particular problem. This is exactly the case. Although, it is quite possible that this particular method will be the most convenient for you. So.
We go to our page in VK. To log in, a window will open with a login (phone or email) and a password hidden by asterisks, select them with the left mouse button and click on the highlighted password with the right button. A line appears with the parameter type.Double-click the left button on its value password(or pass.From the list of actions that opens after this, select “ View item code«.
Now, in the page code we make changes - replace type \u003d ‘password’ on type \u003d ‘text’
After this simple manipulation, instead of asterisks, we will see our saved password.
Finding Forgotten Password with Traffic Analyzer
Using Wireshark (PC)
We need any program that analyzes network packets (sniffer). You can use one of the most popular in this segment - "Wireshark". It is a cross-platform tool that works on almost all operating systems, including Windows.
The program has a logical and intuitive interface and works with most protocols.
We will not talk about the program itself and its merits now (whoever is interested will easily find the necessary information on the Internet). We are now interested in the opportunity to solve the problem with finding a password in "VK". To do this, download Wireshark from the official website:
Installation on Windows OS is extremely simple (next-\u003e next-\u003e next).
We connect our Android to a PC via USB. Now we need to configure the program for the network to be analyzed and enable it to search for packets:
Then from the smartphone we send the form with the password. After receiving packets, turn off Wireshark and look for the keyword "password" among the received data, where the login and password will be displayed.
It is important to say the following here. Working with sniffers is a topic for a separate conversation, and quite voluminous at that. Therefore, an unprepared user should not take this method as a guide to action. We briefly talked about Wireshark, just to indicate to our audience the existence and such an opportunity for solving the issue under study.
If you consider yourself to be an advanced user, and even more so, had experience with such software, you can easily solve the problem of a forgotten password.
Video tutorial on using Wireshark:
With Intercepter-NG (Android)
Another representative of the sniffer line that will need to be installed on Android is Intercepter-NG.
The program is a multifunctional network sniffer ported to OS Android. Intercepter-NG successfully copes with the task of intercepting and analyzing network traffic, allowing you to recover files that are transmitted over the network, messages from various messengers and, which is important for us in the context of the problem under consideration, recover passwords.
The mobile version turned out to be quite lightweight, which greatly simplifies management. Conditions required for work:
- Android version 2.3.3 or higher
- Availability
For more details on setting up the program and its operation, watch the video:
I've been using the great password storage service LastPass for years and I think it's the best of its kind. However, for the Android platform, this service only offers a paid use case, which is not suitable for everyone. Therefore, in this article, we will look at how to get your passwords out of LastPass, transfer them to Android and organize them securely and conveniently.
1. Export passwords from LastPass
It is very easy to extract your passwords from this service, the process only takes a few clicks. To do this, go to the web interface of the service and select the "Export" item in the main menu. After that, you need to specify the name of the file and the location where it is saved on your computer.
2. Convert LastPass passwords to KeePass passwords
To work with passwords on a mobile device, we will use the program. It has clients for almost all platforms, has proven itself well in terms of security, is convenient and free. But before you transfer your passwords to your mobile device, you need to convert them into a form that this program understands. This feature exists in the desktop version of KeePass.
Install KeePass on your computer and create a new password database with one of your Dropbox folders as the location. Next, import the LastPass password file into the password database you created.
3. Keepass2Android
Once your passwords are in a way that KeePass understands, you can transfer them directly to your mobile device. To do this, it is best to use the Keepass2Android mobile client, which can synchronize the password database via Dropbox. Install this program, and then open the password database you created earlier.
4. Automatically fill passwords
One of the most handy features of LastPass is the ability to automatically fill in credentials on saved sites. Keepass2Android also has a similar feature, although it is implemented in a slightly different way. The program has a special keyboard with which passwords are entered. It happens as follows.
- You open the authorization page in the browser (almost all browsers for Android are supported).
- Use the "Send" menu to forward this page to Keepass2Android. The program finds a password suitable for this page in its database.
- Then you are prompted to select a keyboard. We select the Keepass2Android option.
- A special keyboard appears, on which, using special keys, you can enter your username and password for the open page in the required fields in one click.
Now you will have on your mobile gadget a well-protected and synchronized database containing all your passwords. In addition, we get the ability to conveniently enter passwords using a special keyboard, which allows you to very quickly and conveniently enter the sites you need.
