One of the biggest issues for me - and other ex-Symbian users - was the lack of an encypted home for my passwords and other little useful snippets of information. HandySafe Pro gave me a (paid) synchronised Windows and Symbian where I had access to my passwords on 2 Windows PCs (home and work) and a Symbian handset, and synchronisation between them - in this case via the phone, using PC Suite. I needed something that would give me the same functionality with an Android handset.
Yes, Evernote (at least the Premium version) allows me to encrypt snippets of text for privacy, but I had a whole database of information already in HandySafe Pro that I needed to migrate to a solution that would allow me to access the same information on my desktop PCs and Android handset.
Android/Windows software candidates
The biggest hurdle to cross appeared to be the fact that HandySafe Pro will only export in XML format ... and almost everything else I could find in the Android Market will only import from CSV files (and they would no doubt involve a lot of tweaking in Excel - or in my case OpenOffice Calc - before I could actually transfer the data, even if I could do the initial, non-trivial conversion from XML to CSV - not an option I relished taking on).
One option that I looked at was LastPass - an online encrypted system. It's free for Windows / Mac / Linux, and the Premium version ($1 per month) gives you access to imports from other systems, plus the Android client (which is also available as a free 14-day trial). I wasn't entirely sure that I wanted to commit my data to an online service, but given Lastpass's assurances, I was prepared to give it a go (with the thought that I would perhaps restrict storage of really sensitive stuff such as banking information to only those bits I couldn't remember, thus still making it difficult for anybody to access my financial info just using the information stored there). Their website suggested asking them if there was an import option that wasn't already available, so I fired off a question to support asking whether they currently support or had plans to support import from HandySafe Pro / XML files. Now maybe something has gone wrong in the submission process, but I still haven't received an answer.
So, back to the drawing board.
I looked at B-folders, which has a free Android appand paid ($29.95) Desktop version, but I never got around to trying it, as it wouldn't import Handysafe XML files. Note that B-Folders styles itself a general note-taking / GTD app, as well as a secure password repository. Synchronisation is done using SSL with no intermediary. In practical terms, I'm not sure how I'd sync my home and work computer using this model, since (apart from the simple issue of them being able to "find" each other) my work PC is normally logged off when I'm at home and my home laptop is switched off when I'm at work. And I don't have WiFi at work to synchronise with/via the phone.
Then I found KeePassDroid in the Marketplace. I had already tried the Open Source KeePass Windows application a few years ago, but never found a compelling reason to use it while I had HandySafe working so well for me. KeePassDroid only supported the .kdb file format used by KeePass 1, but there were requests to support KeePass 2's .kdbx files. With all this in mind, I had another look. KeePass 2 on Windows is a little more user-friendly than I remember the original being (although I may be kidding myself - it was a few years ago), but unlike KeePass 1 it does use the .NET framework. However, its trump card was that KeePass 2 could import HandySafe pro XML files. There's a full list of other file formats and password managers that KeePass can import from and export to on the Import/Export help page. Also, it's possible to export from KP2 to the older .kdb format (and CSV and others), so if nothing else, I could use KeePass2 as a stepping stone to another solution.
Then, before I'd got round to doing the conversion, I got a notification that the latest KeePassDroid had (beta) read-only support for .kdbx files. What's more, I came across an old LifeHacker article on using Dropbox for KeePass synchronisation across machines. In fact, KeePass Droid's FAQ page also suggests Dropbox for synchronisation. I was already a long-time (free) Dropbox user on Windows, and had the Android Dropbox client too, so all of a sudden, this was starting to sound like a workable solution.
Synchronisation and Security If the thought of even your encrypted data being in the cloud worries you, both KeePass and KeePassDroid support the use of Keyfiles - either instead of or in addition to your keyphrase. If you use a keyphrase AND a keyfile, then you can add an extra level of security by putting your keyfile on the devices you want to access your password database from, and DON'T put it on Dropbox (or your chosen online syncing solution) - no access to the data IN the cloud, because the keyfile isn't there. Just make sure you have a safe backup of it somewhere you CAN retrieve it from if disaster strikes.
Both the desktop and Android versions allow you to save or not save the location of the keyfile, so if you choose not to save it, that makes it even more difficult for people to hack your data. And it goes without saying that the longer and more convoluted your passphrase is, the less easy it will be to hack. Obviously, that has to be tempered with ease of actually entering the passphrase on a small/touchscreen device. There's no reason why you can't have more than one keyfile though, so you could choose an easy-to-enter passphrase for the less sensitive data, and a fiendishly difficult one for the more sensitive stuff.
Note that if you use Dropbox to sync the files, the Dropbox client on Android doesn't monitor and update files on the fly in the same way that it does on Windows, so if you want to make sure you have the most up to date password file, you'll need to navigate to it via the Dropbox UI and open it from there, rather than opening it directly from KeePassDroid. On the other hand, you can use that to your advantage if you don't want to "waste" data by updating the file over 3G to get access to information that you know hasn't changed since the last sync. Just use KeePassDroid directly to open the file that currently exists on your device. You don't have write access to the data, so you can't get out of sync with your up to date master copy.
If you don't fancy sending your data via the cloud at all, there's still good ol' manual file transfer between PC and phone - using either ftp or USB. In this case, since there's no record-by-record sync tool, being read-only on the phone can be considered an advantage, since there's no chance for different things to have been changed in two places since the last sync (something that shouldn't be an issue for the Windows update-on-the-fly Dropbx client).
KeePass for Windows is also available in Portable form, so you can carry both the application and data on a USB stick or SD card (within a file container encrypted with TrueCrypt for good measure, if you like) for a cloud-free, multi-PC solution, with manual syncing to the phone.
As far as I'm aware, there is no Android version of Truecrypt, although I found a web page suggesting that the Linux version of TrueCrypt will run on Android, but it's no longer online, and I have no idea whether you would need to compile the source to get it to work. If it would work, you could create a small encrypted file container within your Dropbox folder, and put your KeePass database in it for a double layer of security on the phone too. However, I suspect that in practical use, it would be a bit of a pain to access the Truecrypt folder and then the KeePass database unless you're particularly paranoid ... or you're planning to leave Government secrets in the back of a taxi.
The import of HandyPro's XML files seemed to go smoothly. However, there isn't a one-for-one correlation between KeePass card fields and HandySafe Pro entry fields. The import does appear to make some reasonable decisions based on the field names though. KeePass is really aimed at website and their logins and passwords, so tries to match HandySafe's web-relevant fields to a card title, user name, password and URL. Anything it doesn't feel it can make intelligent decisions about gets put on an "Advanced" tab in KeePass - and the information in this advanced tab isn't available in KeePass Droid 1.5.3.
Of course, any conversion process will involve some things not going quite as smoothly as you might hope for. In this case, because KeePass is really geared up for website passwords, KeePass Card Titles often appear with several pieces of comma separated information in them, especially for credit/debit/bank account cards (e.g. the HandySafe entry name and the Account name, which are often the same, plus account number in the title). The only obvious thing that I can see that doesn't get converted is the expiry date - that's put on the Advanced tab, rather than in KeePass's own expiry field. But at least all the information is there - as far as I can tell!
It'll take a little tidying up, which I can do piecemeal, as and when I have the time. And of course anything on the Advanced tab won't appear in KeePass Droid, so it's not perfect - but it's still the best solution I've found.
The Android App
KeePassDroid is a little utilitarian. In its current form (1.5.3), it's not going to win any prizes for style, and I'd like to see some more font size choices (including something between the current Large and Medium) and for it to be able to display the icons that are used in the desktop version (including embedded custom icons).
On the other hand, its main function is to show you encrypted data on your handset, so I can live with the lack of frills in the display.
Screenshots courtesy of KeePassDroid's author.
The default font size for the Group list (and items within the group) is enormous, but that can be changed in the settings (with choices of Small Medium or Large). However, there appears to be a bug that requires you to exit and restart the app to see the change. My own opinion is that the large font is way too large, but medium is a bit too small, and the small font makes it difficult to select the item you want from the list.
Once your card is open, the font size for the header info is fine, but the detail is in a tiny font which isn't configurable. And, of course, as already mentioned, it doesn't display anything other than the "standard" KeePass 2.0 fields. What I haven't tried is to convert a .kdbx file to a .kdb file and see if KPD handles that any differently. Development seems to be fairly active, and it's definitely usable if not pretty, so it seems that I have a solution, and one which seems likely to improve.
Functionally, the thing that would make the most difference will be if KeePassDroid starts to provide access to the String fields in the desktop version's Advanced tab.
The best bit of all is that, although the developers of KeePass and KeePass Droid have the facility to accept donations so that we can all choose to support their efforts, this solution needn't cost you penny :o) - unlike HandySafe Pro.
Dropbox desktop is cross-platform (Windows, Max, Linux), and there are mobile clients for iPhone, iPad and Android, with Blackberry "coming soon".
KeePass desktop is Windows only, but is supported under Mono on Macs and Linux boxes, and there are also Portable and U3 (USB stick) versions, and a contributed Linux version. There are contributed mobile apps for PocketPC, iPhone, Blackberry and PalmOS (convertor) ... and, of course, Android.
B-Folders desktop is cross-platform: Windows XP SP2, Windows Vista, Windows 7, Mac OS X 10.5+, Linux 32 and 64bit versions, and it supports import from eWallet - historically my Windows/WinMo solution from years ago. Currently, the only mobile client runs on Android.
Please note that in general I do not accept friend requests from people I do not know in the real world. It's nothing personal!
I've been a bit of a geek for as long as I can remember. I love gadgets - I just wish I had the income to support my habit!
I have a BSc in Computing (more years ago than I care to contemplate), and worked in software support for Hewlett Packard for 9 years after I graduated. I had recurring back problems, and left HP to join Back in Action, having been impressed by the service they provided to me as a customer. 13 years later, in January 2006, I repeated the pattern of happy-customer-turned-employee when I joined The Veterinary Centre in Henley, having become a bit of a fixture during the last year of my dog Jazz's life while he was being treated there for canine lymphoma. I am now Office Manager there, looking after day-to-day admin and the computer systems. In addition to this I have had a part time job since June 2012, helping to support BeyondPod for Android.
My first PDA was a Psion 5, followed by a Psion 5mx - possibly the most advanced handheld gadgets of their time, and with a QWERTY keyboard that in my view has still never been beaten on a pocketable device. I could actually touch type on it. I ran my life on that thing, with no thought of synchronising with anything else - nor any desire to.
I'll post here sporadically (and definitely not regularly) about things that interest me enough in to put pen to paper (or rather, fingers to keyboard).
Current smartphone: Sony Xperia Z3 Compact I also have a Hudl2 and Sony Z-Ultra in regular use, and a variety of other Android devices (most notably an original Moto G and original Nexus 7) which occasionally get used for testing.
How to say thanks
If you've found any of my posts useful (or even just entertaining), there are a number of ways you can say "thank you" in practical terms. Some of them even benefit you too.
GiffGaff offer PAYG SIM cards which can also be used as if they were contract SIMs ... but without being tied in for the long term. Call rates are generally pretty good as a PAYG, and for £12 per month you can get genuinely unlimited data, plus bundled minutes and unlimited text messages. If you need more minutes, you can go up to £25 per month. Oh, and if you're using it as PAYG, you can set up automatic top-ups from your credit card when you get below £3 credit, but with limits on the number of top-ups per month to make sure it's not possible to rack up huge bills without knowing about it. If you use my link, I get a £5 credit, and so do you.
Those of you who follow Kev Wright or listen to Tech Talk UK will already know about Quidco. It's a site where you can earn cashback on purchases. If prices are otherwise the same for an item that you're planning to buy, you might just as well earn cashback on it too. There's no charge to join, but the first £5 you earn each year is retained by Quidco. So, if you don't use it, it doesn't cost you anything. And if you register your credit cards, some stores give cashback when you use that card for in-store purchases too. Oh, and there are Android and iPhone apps that will earn you a few pence just for checking into some stores. I'm afraid using my link doesn't gain you anything, but it does earn me £2.50.
Dropbox is a cloud synching service that has PC applications to automatically sync files in your Dropbox folder to the cloud and all of your other PCs with the software installed. In addition to that, there are mobile apps which allow you to download and upload files from and to your online storage, and folders may be shared with other dropbox users or made public. In February 2012, Dropbox released a version of Dropbox for Android that does automatic uploading of photos to your Dropbox too. You get 2GB free (or can pay for more), plus we both get an extra 250MB if you use my link to sign up.