Recent Features
| |||||||||||||
Password storage on Android devicesPassword storage on Android devicesPosted Aug 4, 2011 3:46 UTC (Thu) by roc (subscriber, #30627)Parent article: Password storage on Android devices
> the OS could "forget" the password only when the user begins the unlock
> procedure that way the background process could continue to check > messages and activate alerts, and a pickpocket would still be locked out > but it still requires the user to enter a passphrase, PIN code, gesture, > or some other form of credential every time he or she picks up the phone > to do anything. That level of inconvenience seems to be anathema to most > consumers.
You can configure Android to request a PIN every time it wakes up. I use this. Seems to me that if you encrypt the persistent password storage, and forget the plaintext password on wake-up until the PIN has been entered as you suggest, this problem is solved for the security-conscious users who use a PIN. Then if you care about security, use the PIN.
(Log in to post comments)
Password storage on Android devices Posted Aug 4, 2011 5:33 UTC (Thu) by martinfick (subscriber, #4455) [Link]
For those who do not use a pin, I suspect that they at least use the 9 dot matrix. Nothing prevents the dots on this matrix to be considered digits for a pin. This just leaves auto boot as a problem, but I think that this would still be a major improvement.
Password storage on Android devices Posted Aug 9, 2011 5:01 UTC (Tue) by sethml (subscriber, #8471) [Link]
If the attacker is able to read the encrypted password file from flash, a 4-digit PIN is likely to be trivial to brute-force. Storing the password on a SIM with lock-out is a decent solution, if you have a SIM card. I'm tapping this out on an Android phone with no SIM.
|
|||||||||||||