The database they use is encrypted with a 'master password' which one has to enter on ones' Android (or iPhone, etc) or Desktop everytime to I am a long-time user of their SplashID (Mac) Desktop and Android app to store all my credit card, bank acount and yes, many systems passwords in. Forcing this into users without permission or warning is almost criminal. It is even a very bad idea to user the same password for s cloud service as one uses for securing one's private data. Note that changing the password on one's own copy of SplashID us a good idea after that, but any old copy of one's encrypted database that might still live on any old disk backup, cloud service (dropbox etc) or SD card somewhere, us now vulnerable.Īnd because splashdata in their 'wisdom' associated one's email address (and thus identity) with that password, it's easier for hackers to fund it.better companies than splashdata have lost password in the past. It's burnt.in the wild, out of one's own control There is no info whether the password is stored securely (doubt it), whether it is in ask cases transmitted securely (doubt that too) and anyhow, once this has happened one had lost control over that most important password. So, splashdata leaks the master password which one uses to secure one's most private data (credit card pins, login password etc) into their cloud, without telling that this will be fine, not asking permission. (In fact as further part of the upgrade procedure one needs to log into those cloud servers using that password after receiving an activation link in email. Then the upgrade asks whether one wants to try the cloud sync feature.Įven if one declines and opts to stay with the existing Wi-Fi sync feature only(which does not need a cloud account), the upgrade goes ahead and automatically creates such a cloud account on splashdata's servers.*and it uses the same password* for this. When first starting the upgraded version (which may have been installed automatically on Android if one allows auto upgrades!), one first has to again enter one's email address/username, and then the password (which is the one used to encrypt one's database containing all one's private, sensitive data!). The new SplashID version 7 had a cloud sync feature (30 day free trial, then for a fee). Besides the issues SplashData has with their SplashID v7 android upgrade losing many customers data, there is also a very worrying security issue which splashdata ignores = and actively censors, my messages regarding this on their FB page have been deleted and I am blocked from commenting our writing there)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |