On 09/09/2015 03:38 PM, Kent Borg wrote: > > P.S. I don't use my Android devices for banking or brokerage accounts. > These enormous, new OSs are too big a target, too scary. I'll stick with > my Linux notebook for that; I run far less "interesting" software there. > Also I don't use any password managers on my daily phone or tablet for > the same reason that I don't trust them, rather I have a very cheap > little brand-x Chinese Android phone dedicated to being a password safe, > with nearly no software is installed on it, and I never let it connect > to the internet nor to any cell systems--I don't need to trust it that > much if I keep it incommunicado. (More likely I will use my Linux > notebook to look up passwords. Good passphrases are hard to enter on a > little touch screen.)
Regarding passwords: I maintain a device-specific password database for things I need on each Android device, and keep separate, device-specific accounts when there isn't a compelling reason to use the same account across devices. This is mostly to limit the damage if my phone is stolen *and* the password manager (I use KeePass variants) is somehow broken into. Malware apps aren't very high on my list of threats, and I firewall the password app itself. I suppose something could traverse the filesystem, look for password databases and exfiltrate them, but the number of cycles they'd have to burn to crack more than a few databases puts this in the realm of targeted attacks. Chris _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
