Using different passwords for different web sites and applications is a simple way to add layers of identity theft protection to your online world. The reason that many don't do it is obvious; you end up with more passwords to forget.
A password keeper is a helpful solution, allowing you to store your passwords, PINs, etc. in an encrypted file on your mobile device. A new iPhone app called MobileSitter takes that concept a step further by returning a bogus value if someone attempts to hack, say, your ATM PIN.
The false answer is designed to fool the hacker into ending their attack on your device and then wasting their time trying to use bad information. An interesting concept that may be a good way to harden your iPhone security.
Comments
I use the (Java-) application since 2008 on different cell-phones (Nokia, Sony Ericson). After installing you have to define one master password which is used to encrypt the database. The application offers three different types of entries: PIN, Password and TAN. Each entry is tagged with an individual name. PIN allows to save numeric values, Password allows combining of a user-ID and a Password (numeric, upper- and lowercase and special characters allowed), TAN allows lists of up to 100 numeric entries with a definable lengths.
The concept is to encrypt only the entries, but not the labels or user-ids, with the selected master password, but to decrypt it with any password without an error message. Therefore anyone who isn’t in possession of the correct master password won’t notice that all entries are rubbish before he tries to use them.
The application works well, but has some unpleasent limitations:
- you’re automaticely logged off after one minute, which is a short time if you use TANs and have to fill out more than one money transfer form
- it doesn’t support iTAN, that means you won’t be able to validate the verification code of the bank for your transaction
- there’s no data interface, that makes it very exhausting to copy a list of 100 6-digit-TANs – and you have to copy all of them if your bank uses the iTAN process, because the idea of iTAN is to ask a specific TAN
Above all the application requires to be licensed again after one year, otherwise you won’t be able to get access to your passwords.
Since 2008 there was no update (still release 1.0) neither for the software nor in the license-policy.