DEV Community

Cover image for Mobile Password Management
Rémi Lavedrine
Rémi Lavedrine

Posted on • Edited on

Mobile Password Management

Regaining control over these passwords is essential.

The idea of ​​this post, and most of the post on my account, is to help you regain control over your security and identity.

Whether it is through defensive methods, as you can see here, or even offensive methods to understand how quickly a hacker can exploit a breach in your data.

After regaining control of your passwords on your computer, the next step is naturally to do it with your phone. The idea of ​​this post is that it is not complicated to set up.

By following the steps in the video below, you will have all of your passwords synced to your phone whether you are on iOS or Android.
Or if you more of the reader kind, just read the article and follow the steps.

Video with French Audio & English Subtitles

We are going to see :

  1. which are the best apps on iOS and Android to manage your passwords and why.
  2. How to synchronize them with your computer.
  3. And finally what is the method that I recommend.

Intro

Credentials are important. Wwe often see data leaks and this leads to passwords. One of my first videos was about passwords.
But how to synchronize this with his mobile because now we use a lot of services through our mobile phones.
To have a synchronized password base between our computer and our phone, we can use a service like Dashlane, LastPass, etc...

But it will then be necessary to pay a subscription, but above all to trust these companies because our password base will pass through their infrastructure.

It's simpler but it quickly becomes expensive in the long run.
And after a few months, you could have bought yourself what I'm going to show you.

For my part, I preferred to use an Open Source solution, Keepass.
First of all, because it works on all platforms, it is a basic open standard of password. And everyone can therefore create an application that manages the kdbx password databases.
So I have applications for Linux, MacOS and Windows.

I personally use KeepassXC on the Desktop, and this is mainly where I edit my password bases. The mobile version is only there to consult and connect to my services and not to edit passwords.

Because it is much more comfortable to do it through the computer.


Mobile Application Choice

We must now choose the right application on mobile.
My criteria for finding the right application are as follows.

The code needs to be available for audit (I don't want any proprietary code that the community can't look at) to make sure my passwords aren't exfiltrated.

I want to be able to synchronize my password databases without going through a third-party service, whether it is the infrastructure of a company, as is the case for Dashlane for example, or then going through any cloud, such as Dropbox for example.

It is often a method that is proposed to synchronize the password bases between terminals.
So I need to be able to transfer the basic password file between my computer and my phone.
The ideal is to synchronize it automatically.

So if I sum up, the iOS app should:

  1. Have auditable source code
  2. Have a mobile application that allows you to synchronize the password database locally.

My choice is therefore to use KeepassTouch on iOS, which meets all these conditions.


Synchronize the Passwords

How do I synchronize my password files between my computer and my phone?

There are three main methods.

AirDrop

If I have a Mac and an iPhone, I can share my password file from my Mac to my phone via AirDrop.
I store it in a folder on my phone, locally. I certainly do not synchronize this folder with iCloud (because the files sent to iCloud are not encrypted).

You can see the AirDrop sharing described here in the video, if you want to follow along.

KeepassTouch Local Server

I use the KeepassTouch feature which creates a local server on which I can deposit my Password Base file.

This works perfectly with any OS, Windows, MacOS or Linux.

You can see the KeepassTouch Local Server feature described here in the video, if you want to follow along.

Sharedrop.io

Otherwise I can use sharedrop.io and use the same method as Airdrop with any OS.

As well, you can see the sharedrop.io sharing described here in the video, if you want to follow along.

Once you have the Passwords database on your phone, you just have to use it normally.

The ideal is to use Touch ID or Face ID to unlock its password base. It simplifies everything.
I also advise you to take the in-app purchase of this application as it will simplify the way you're handling with passwords
Because it allows you to take advantage of the automatic password filling interfaces on the services you use.

That means, it let you log in to all these services, via your fingerprint while the services do not support this connection method and I use a different and very complicated password for each service.


How am I synchronizing my passwords?

At the beginning of the post, I told you that it was not necessary to pay for a password synchronization service.
Indeed, I use what is called a NAS to play the role of a cloud.

It's just that this cloud is hosted at my house. And that changes everything. Because I am the only person responsible for the security of my server, it is only on my local network. And for a hacker, it's less interesting than Dropbox.

The idea is to have a NAS and to synchronize the folder in which I put all my Password Base files.

NAS have applications that synchronize files between computers and phone.

If ever your NAS does not allow this, you can always install a Raspberry Pi with Syncthing and you have a NAS for 35 €.

Follow this, if you want to do it at your home.

It is the easiest way to have your phone which has your password database synchronized with your computer(s).

By using Keepass and the kdbx files, you can keep your Password Database up to date on all the platforms you use.


On Android, I use Keepass2Android.

It performs the two essential functions I'm looking for in a mobile app.

  1. Have auditable source code
  2. Have a mobile application that allows you to synchronize the password database locally.

GitHub logo PhilippC / keepass2android

Password manager app for Android

Keepass2Android LogoKeepass2Android

What is Keepass2Android?

Keepass2Android is a password manager app. It allows to store and retrieve passwords and other sensitive information in a file called "database". This database is secured with a so-called master password. The master password typically is a strong password and can be complemented with a second factor for additional security The password database file can be synchronized across different devices. This works best using one of the built-in cloud storage options, but can also be performed with third-party apps. Keepass2Android is compatible with Keepass 1 and Keepass 2 on Windows and KeepassX on Linux.

Where to get it?

Regular stable releases of Keepass2Android are available on Google Play.

Beta-releases can be obtained by opting in to the Beta testing channel or Beta testing channel for Keepass2Android Offline.

How can I contribute?

  • Help to translate Keepass2Android into your language or improve translations at our Crowdin

It is very easy to share files on Android.

  • If I have an SD card in my phone, I can take the SD card from my phone, put it in my computer, copy the password base to my phone and then open this file from Keepass2Android.
  • I can connect my phone to my computer and use the phone's mass storage. The phone is identified as a USB stick with the computer. Likewise, I copy the file to the phone.
  • Or I can use ADB to push the Passwords file to the phone

If I have a NAS installed, I can use the apps to sync the base Passwords file between my NAS and my phone and use that file on my phone.


With these methods, I can easily have a different password for each service I use and really simply use them on my phone whether it's Android or iOS.

I can even use a biometric identification of my phone to unlock the password base.

Above all, I remain in control of the management of my basic Password files.

There is no middleman.


 To sum up:

If I have a NAS, I set up file synchronization management.
Then I just have to load the right file on iOS or Android.

If I don't have a NAS, I have to share the password files to store them locally on the mobile.

On iOS I can use AirDrop, sharedrop.io, or KeepassTouch's local server.

On Android I can use sharedrop.io, USB mass storage or ADB.

Then I can load the Passwords file into the KeepassTouch or Keepass2Android app.

I recommend to use Biometric identification.

And I recommend taking the in-app purchase on KeepassTouch because it greatly simplifies the management of your passwords. And it's cheaper than a single month of a service like Dashlane.


Hope you enjoyed that very long post and that you take control of your passwords on your computer and on your mobile.

Tell me in the comments if so, if you're using another method to achieve it, etc...

Share it to your love ones as it can help get secure.

Enjoy your day.


Video produced by Wild & Secure, your consulting firm to all things security and real estate.
If you want to receive weekly quality content about security, subscribe to our newsletter on our website.

Top comments (1)

Collapse
 
fajarnuha profile image
Fajar Ulin Nuha

you might wanna look into pass, it is encrypted using gpg, git support thus can be configured in the cloud, and has amazing client support (for Android I use github.com/android-password-store/... )