Sunday, September 21, 2008

Review of Password Safe Programs for iPhone

(As always, this article assumes a non-jail-broke iPhone 3G)

There are a number of password safe programs in the Apps store nowadays. Picking the right one involves a lot of different criteria. Personally, I use KeePass whenever possible, since it's a widely used open-source program. However, KeePass does not currently have an iPhone version of itself and because of Apple's short-sightedness the Java version of KeePass is not an option.

The password safe programs currently available in the App Store are:
  • 1 Password v1.3.2 by Agile Web Software for FREE
  • LockBox by Gee! Technologies for FREE
  • Mecrets Password Manager v1.0.1 by NormSoft Inc. for $9.99
  • SplashID v4.04 by SplashData for $9.99
  • eWallet v6.1.2 by Ilium Software for $9.99
  • Saphir v1.2 by Prometoys Liimited for $7.99
  • Firebox v1.1 by ClownWare for $4.99
  • Passwords v1 by for $0.99
  • Keeper 1.2 by Craig Lurey for $0.99
  • My Eyes Only by Software Ops for $8.99
  • Safe by phnsft for $5.99
  • Passwd by Thomas Kilmer for $0.99
  • SecretBook by Bookshelf Apps for $9.99
  • SecureNotes by Triple Creeks Studio for $6.99
  • Secret Safe by Samurai Code Monkey for $9.99

To be considered a password safe, a program must be able to store entries that contain a username, a password, and a reference to where the username and password are used. It must also encrypt these entries with one master password.

Additional features for a password safe include:
  1. Categorize passwords. (half point) Add/modify/delete categories (half point)
  2. Abililty to generate random passwords (1 point)
  3. The ability to identify the type of sensitive information (i.e. instead of a username and password, change the title to bank card and PIN). 1 point
  4. Storing of other sensitive information with an entry. 1 point
  5. Store URLs and link to Safari (half point) Insert username and password into web fields (half point)
  6. Store phone numbers and link to Phone. 1 point
  7. Ability to import/export passwords. 1 point
  8. Ability to synchronize with a PC/Mac application. 1 point
  9. Keep backups of old passwords. 1 point
  10. Search function. 1 point

Since I'm doing this on my own, I'm only trying out the free ones. For the paid programs, I evaluate them based on the information they provide in the App store, screen shots, and any supporting documentation they provide on the developer site. Since my list above contains 10 items, I'll simply use a score of 0-10 for the applications.

1 Password
This program has no category function, and no ability to generate passwords. Has the ability to change the field headers, and you can store additional information with each entry. It links to Safari, and will attempt to automatically fill in the web page fields (bonus point). It can sync to an application running on the Mac only (half point), but otherwise has no import/export features. It does not keep a history of passwords. No search function.
Score: 4

LockBox has categories, but only 6 fixed ones. It doesn't generate passwords. It has areas to store username/password, or anything else you want since it isn't labeled (only half a point then). It can store other information with each entry. It has no links to Safari or the Phone, and is generally pretty lacking in features. It has some sound effects, which I personally find annoying. Thankfully you can turn them off.
Score 2

Mecrets Password Manager
Mecrets can generate passwords. It links to Safari and can supposed fill in the web page fields for you. It can store additional information with each entry, and you can change the field names. You can organize the passwords into categories, and it looks like you can add your own categories. It doesn't link to the Phone, and it doesn't have any importing/export capabilities, or syncing with separate applications. No search functions. A good application, but it is also one of the most expensive.
Score 5

SplashID is one of the few password safes that doesn't use AES. It instead uses Blowfish for encryption. It has categories, and you can add your own. It will perform wireless syncing to your MAC or PC version of SplashID. It will generate random passwords. It links to Safari, but it can't automatically fill in the web page fields. You can customize the field names, and you can use fields to store additional information. It has a search function. You can also create new templates for types of password entries, which is a really nice feature. It doesn't link with the Phone. While the iPhone app can't do importing/exporting, the desktop application can. (I'll give a half point for that) The user documentation is excellent too!
Score 7

eWallet is geared more towards bank cards than passwords. It only synchronizes with a PC application. It can sort the entries into categories, and it can launch Safari, the Phone or email. You can also store notes with the entries.
Score 3.5

Saphir sets itself apart by using image based passwords to protect its entries. (It can use text based passwords as well). It can also store photos. The encryption is blowfish, rather than AES. It supports customized categories. It can store extra information with the entries.
Score 2

Uses blowfish instead of AES for encryption. It fully supports categories. It lets you add and delete fields for storing additional information or different types of information. Otherwise pretty basic.
Score 2

Passwords doesn't use categories, but instead has some alphabetical indexes. I can open Safari, but doesn't seem to have auto insert.
Score 1

It can store notes. The master password only seems to be numeric, and for that reason a self-destruct of the passwords has been built in. Doesn't seem to be much else.
Score 1

My Eyes Only
My Eyes Only biggest claim to fame seems to be that it's colourful. It comes with some built in categories, but it doesn't look like it lets you add your own. Based on the category choosen, it givens you specific templates (i.e. computer logins, bank cards, etc) It can store some extra information about an entry. Expensive for what it offers.
Score 2.5

Safe allows you to manage categories. It has predefined templates for entries, and can store extra information in the entries.
Score 2

SecretBook has full category functions. It can store extra information with the entries. Seems expensive for such a limited app.
Score 2

SecureNotes has full category functions. It has search functions. It can store extra information with the entries.
Score 3

Secret Safe
Secret Safe comes with a preset list of categories, and has a keyword search. It will store extra information with each entry. Seems expensive for what it offers.
Score 2.5

Passwd indicates that it links to Safari, but no indication if it auto inserts. Otherwise, very basic.
Score 0.5

SplashID is the clear winner from a features point of view.

No comments: