User: Password:
Subscribe / Log in / New account

Password storage on Android devices

Password storage on Android devices

Posted Aug 4, 2011 3:46 UTC (Thu) by roc (subscriber, #30627)
Parent article: Password storage on Android devices

> the OS could "forget" the password only when the user begins the unlock
> procedure — that way the background process could continue to check
> messages and activate alerts, and a pickpocket would still be locked out —
> but it still requires the user to enter a passphrase, PIN code, gesture,
> or some other form of credential every time he or she picks up the phone
> to do anything. That level of inconvenience seems to be anathema to most
> consumers.

You can configure Android to request a PIN every time it wakes up. I use this. Seems to me that if you encrypt the persistent password storage, and forget the plaintext password on wake-up until the PIN has been entered as you suggest, this problem is solved for the security-conscious users who use a PIN. Then if you care about security, use the PIN.

(Log in to post comments)

Password storage on Android devices

Posted Aug 4, 2011 5:33 UTC (Thu) by martinfick (subscriber, #4455) [Link]

For those who do not use a pin, I suspect that they at least use the 9 dot matrix. Nothing prevents the dots on this matrix to be considered digits for a pin. This just leaves auto boot as a problem, but I think that this would still be a major improvement.

Password storage on Android devices

Posted Aug 9, 2011 5:01 UTC (Tue) by sethml (guest, #8471) [Link]

If the attacker is able to read the encrypted password file from flash, a 4-digit PIN is likely to be trivial to brute-force. Storing the password on a SIM with lock-out is a decent solution, if you have a SIM card. I'm tapping this out on an Android phone with no SIM.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds