KeePassium Made The Cut After All

A couple of months ago I started my search for a good iOS app to replace MiniKeePass; I even wrote about it briefly on November 15th. The situation became very urgent when I switched iPhones two weeks ago: everything moved swiftly from iPhone One to iPhone Two – except MiniKeePass, which had disappeared completely from the App Store!

It took me a couple of hours to read up on the current state of KeePass affairs in the iOS world (thank you, reddit!), and a few more to test and re-test a few candidates. Since my wife will also be using the application, and we both also have an iPad, syncing with the iCloud was a must-have feature.

In the end, KeePassium turned out to be a winner after all. This time (and ever since!) it does open our .kbdx files without issues, and is well integrated with iOS and Face ID. That’s all we need at the moment. Thanks, Andrei!

PS. It must be happening more and more these days: apps that are no longer compatible with current OS versions, or that are no longer actively maintained by their developers. But I feel it might be worthwhile to keep a trace of them in the App Store (and similar repositories), if only when you search for them by name. I’ll give bonus points for a small explanation as to why they disappeared from current search results…

Read Full Post »

A Good Intention For 2019: Improve Your Online Security

The list proposed isn’t perfect, but multiple items on the list are a good start: “Security Checklist: Be safe on the internet“. It’s an “open source checklist of resources designed to improve your online privacy and security“, and it does cover the basics: a password manager, strong passwords, two-factor authentication where possible, device encryption, etc. As a Belgian citizen, I don’t know what a “credit freeze” is, so I ignore that suggestion.

I’m not certain if I should classify it as a minor or a major flaw, but I feel that Keepass (and its variants/derivatives) should have been mentioned explicitly. I have written about Keepass in the past, and in my mind it’s still the best password management solution. Yes, it requires a bit of tinkering, but you really don’t need any advanced computer skills to build a strong, working solution for multiple devices that works online and offline. I prefer that to a paying solution which at the same time stores your precious data in a place that you just have to trust…

Read Full Post »

Good News From The European Front

In the words of Julia Reda, MEP for the German Pirate party:

[On January 18, 2019, the European] Council firmly rejected the negotiating mandate that was supposed to set out Member States’ position ahead of what was supposed to be the final negotiation round with the European Parliament, Politico reports. National governments failed to agree on a common position on the two most controversial articles, Article 11, also known as the Link Tax, and Article 13, which would require online platforms to use upload filters in an attempt to prevent copyright infringement before it happens.

So for the moment the proposal on copyright reform isn’t going anywhere. This is not the end of the battle, however. But in the mean time, many thanks to Julia and to all of the people who helped to increase the pressure on the European politicians. Stay alert, and let’s keep fighting bad legislation!

Read Full Post »

Telegram Banned In Russia? Good News!

It’s all over the Internet: the Telegram messaging application will be banned in Russia. Censorship is never good news, so why am I happy about the news?

It’s simple: if even the russian secret services/hackers can’t break the Telegram encryption, then their protocol and encryption must be very good! That’s good news for Telegram users and privacy lovers all over the world (except Russia, of course). And that makes me a happy user of Telegram.

Read Full Post »

As Usual, Security Stuff Is Hard To Get Right

Want to learn something about SSL and SSL certificates? I sure do, having just encountered an revoked certificate blocking an app at work. So I read “Revocation is broken” by Scott Helme. In summary:

We have a little problem on the web right now and I can only see this becoming a larger concern as time goes by. More and more sites are obtaining certificates, vitally important documents that we need to deploy HTTPS, but we have no way of protecting ourselves when things go wrong.

As you can guess, that didn’t really help to solve our problem – but it’s a clear explanation of the current state of affairs in certificate validation land, at least for browsers!

Read Full Post »

I’m Sticking With MiniKeePass On iOS, Thank You

From time to time, I spend some time (sometimes way too much) to check out the applications I’m using. Certainly on mobile devices the available options for a given function can change quickly, and it’s always useful to see if you’re missing out on something a newer application has to offer.

My most important app on any platform is, of course, a password manager. I have already spoken out in favour of the KeePass family of tools. Currently on the iPad Mini I’m using MiniKeePass, which is not very sexy to look at (or to use). But the app can read your database when stored in the cloud (Dropbox, Google Drive, etc.), and the source code is available on Github – so we are reasonably certain that the app does what it is supposed to do, nothing less and certainly nothing more.

The MiniKeePass settings screen

My search for ‘Keepass‘ on the App Store turned up another candidate: KeePass Touch. Glancing over the specs made me want to try it out. Indeed, the “Touch” part of the name indicates that you can unlock access to the passwords by using Touch ID, and I must admit that I have grown fond of that functionality on multiple mobile devices.

However, a bit of study stopped me from switching from MiniKeePass. Here’s why:

• KeePass Touch displays ads, that can only be avoided by paying.
• KeePass Touch claims to be “Open Source”, but I’m guessing the quotes are there for a reason: I wasn’t able to find the source code of this app, nor did I even find any website for the company that publishes the app.
• As I found out by comparing both apps, MiniKeePass can also be unlocked by Touch ID. That’s perfect for use on my new iPad Pro ;-)

I’m very suspicious of KeePass Touch, since there are no guarantees that your passwords are safe from the eyes of its developers.

I would be very happy if someone made MiniKeePass read and write its files directly from/to Dropbox, Google Drive or a similar cloud service. But even without that I will continue to use MiniKeePass – if only to prove that real Open Source is important to me.

Read Full Post »

Security Flaws In Signal And WhatsApp Aren’t Too Scary

Online security remains a hot topic in 2018. I was alarmed a few days ago, when messages showed up in my RSS feeds about weaknesses in Signal, Threema and WhatsApp. I use Signal almost every day, ever since it replaced its predecessor TextSecure. It’s my default texting app that covers SMS messaging in general and secure messaging with other Signal users. Logic dictates that I pay attention when Signal is mentioned in the news, especially on the subject of its security features.

So I consulted Matthew Green, through his blog post “Attack of the Week: Group Messaging in WhatsApp and Signal“. He writes that things are not as bad as they might have been:

…due to flaws in both Signal and WhatsApp (which I single out because I use them), it’s theoretically possible for strangers to add themselves to an encrypted group chat. However, the caveat is that these attacks are extremely difficult to pull off in practice, so nobody needs to panic.

So one-to-one conversations are still very private, and that’s what I care about most – I don’t think I have ever tried to send a message to a group in Signal.

Still, as Green notes, “The great thing about these bugs is that they’re both eminently fixable“. Now, I trust Open Whisper Systems to correct the issue in a short time (if it hasn’t already been fixed: the issue is seemingly not that complex to solve). But WhatsApp does not seem inclined to do the same, according to Wired’s “WhatsApp security flaws could allow snoops to slide into group chats“. So you have been warned!

Read Full Post »