Frequently Asked Questions (FAQ)

 

General Questions

What is special about MobileSitter compared to other software for password management?
Even though other programs make use of strong cryptographic algorithms they are not resistant against dictionary attacks. In practice, hackers mainly apply the dictionary attack principle when attacking password managers. In contrast, the MobileSitter software allows users to manage their secrets resistantly against dictionary attacks.
How many secrets have to be remembered when using MobileSitter?
One has to remember just one single secret – the master password.
Which devices run the MobileSitter software?
MobileSitter runs Android smartphones with OS version 4 or later as well as on Apple's iPhone and iPod Touch devices with operating system version 4.3 or later. MobileSitter also runs on Apple iPad and iPad2, however with iPhone resolution or in the pixel doubling mode. An overview of supported devices can be found on the MobileSitter product web site at www.mobilesitter.de.
 

Security

Why is MobileSitter more secure as conventional password management software?
MobileSitter protects passwords, PINs, and TAN lists using an innovative technique that offers far greater security than conventional password managers. It provides resistance against dictionary attacks and brute force attacks, which are widely-used approaches for hacking password managers.
Does MobileSitter make use of cryptographic standards such as AES?
Yes, MobileSitter uses the AES cryptographic standard to encrypt the secret codes. However, AES is applied in a special mode to achieve resistance against dictionary attacks and brute force attacks.
Can MobileSitter be attacked successfully with hacker tools?
MobileSitter offers such a protection that hackers cannot obtain the master password or stored secrets with todays known methods. With MobileSitter, each tested master password seems to be correct for an attacking hacker or a hacker tool.
What is the hackers perspective when attacking MobileSitter?
In opposite to conventional password managers, MobileSitter accepts any entered master password. It decrypts the stored information on the basis of this password, irrespective of whether or not it is correct. The MobileSitter approach makes sure that neither the hacker nor his tools can decide if the displayed passwords, PINs, and TANs are correct or not.
How can I recognize that I've mistyped my master password?
MobileSitter displays an easy recognizable, graphical symbol (i.e, an optical feedback) depending on the master password entered. The proper user, who memorized the proper symbol will thus have an immediate confirmation of the correctness of his input. On the other hand, this image is of no help to the attacker.
Can unauthorized persons access stored secrets when forgetting to close MobileSitter?
No! After a short time of user inactivity, the MobileSitter software activates an auto-logout and deletes the master password from memory. Then, access to stored secrets is only possible after entering the master password again.
Is it possible to modify stored secrets when entering a wrong master password?
Yes, this is even necessary for security reasons even though this seems to be paradoxical! The most important protection goal of the MobileSitter software is keeping stored secrets really secret. If modification of stored data is only possible after entering a correct master password, then hackers could easily exploit this security mechanism as a feedback channel for dictionary attacks. If modifications are refused by the software, then a hacker or hacker tool knows immediately that the tested password was not correct.
How to prevent from consequences caused by data modification?
Even if MobileSitter cannot directly prevent undesired modification of stored data for security reasons, protection against consequences of modified data is possible. To do so, users should generate backup copies of the stored data by using the export and import function. In case of undesired data modification, users can work with backup copies that contain original data and restore them.
Why do I need shake my device in order to encrypt services?
MobileSitter uses a so called probabilistic encryption schema. Here, input data is encrypted in a way that if you encrypt the same input data with the master password several times, the encryption results alway differ. Shaking the device is used to collect randam data which is necessary for probabilistic encryption.
 

Management of Secrets

How many secrets can be managed with MobileSitter?
The number of secrets is not limited.
Which type of information can be managed with MobileSitter?
MobileSitter allows managing secrets such as passwords, PINs, and TANs securely. It also supports i-TANs as special TAN variant. Additionally, one can store data such as logins and status information for TANs.
Is it possible to exchange stored secret codes between the Android version of MobileSitter and the iMobileSitter version for Apple devices?
Yes, this is possible.
Is it possible to backup and restore my secret codes?
Yes. MobileSitter provides a backup function that allows to backup all secret codes via e-mail or via file system. Exported data is encrypted with the same approach as within the MobileSitter. Thus, the backup file can be stored without further security measures.
Must the master password be the same for all secrets to be stored?
This is not mandatory but advisable in most use cases. In general, it is possible to secure secret codes with different master passwords. However, MobileSitter only decrypts a secret code correctly, if the master password is entered, that has been used for storing the secret code.
Why isn't it possible to select particular services for import?
This is in order to prevent accidental overwriting of existing secret codes. For all entries that cannot be selected for import, there already exists an entry with the same name. Please delete this entry first. However, it is possible to completely recover the data from a backup. In this case, all entries are overwritten.
 

Installation and Configuration

Does MobileSitter support devices changes?
Yes. The MobileSitter allows exporting stored secrets to be imported on another device, e.g., new device, additionally used device. Export and import are secured such that no data are exchanged in plaintext. These data that are exchanged via export and import mechanism can only be decrypted when using the correct master password.
Is authorized access still possible when device has been lost?
No problem! The software allows generation of backup copies. Of course, these backup copies are encrypted based on the MobileSitter mechanism.
Is the usage of the MobileSitter software limited in time?
No, after buying the MobileSitter on Google Play, it can be used without limitations.
Do different users with the same master password have different optical feedbacks after loggin in.
Yes. The computation of the optical feedback is device dependent. This is necessary in order to prevent certain kinds of attacks. Users with MobileSitter on different devices simultaneously can unify the optical feedback, see next question.
Can I get the same optical feedback on all my devices using the same master password?
Yes. By default, the optical feedback is computated upon a device dependent string. However, users that wish to have the same optical feedback on all their devices can unify this string in the MobileSitter Settings on all devices to get the same optical feedback.