Frequently Asked Questions
Find answers for many questions and solutions to common problems.
- What is special about iMobileSitter compared to other software for password management?
- Even though other programs make use of strong cryptographic algorithms they are not resistant against dictionary attacks. In practice, hackers mainly apply the dictionary attack principle when attacking password managers. In contrast, the iMobileSitter software allows users to manage their secrets resistantly against dictionary attacks.
- How many secrets have to be remembered when using iMobileSitter?
- One has to remember just one single secret – the master password.
- Which devices run the iMobileSitter software?
- iMobileSitter runs on Apple iPhone and iPod Touch devices with operating system version 4.3 or later. iMobileSitter also runs on Apple iPad and iPad2, however with iPhone resolution or in the pixel doubling mode.
- Is the software also available for other mobile devices?
- Yes, a port of the iMobileSitter software, the MobileSitter (without i), is available for many mobile devices. An overview of supported devices can be found on the MobileSitter product web site at www.mobilesitter.de.
- Why is iMobileSitter more secure as conventional password management software?
- iMobileSitter protects passwords, PINs, and TAN lists using an innovative technique that offers far greater security than conventional password managers. It provides resistance against dictionary attacks and brute force attacks, which are widely-used approaches for hacking password managers.
- Does iMobileSitter make use of cryptographic standards such as AES?
- Yes, iMobileSitter uses the AES cryptographic standard to encrypt the secret codes. However, AES is applied in a special mode to achieve resistance against dictionary attacks and brute force attacks.
- Can iMobileSitter be attacked successfully with hacker tools?
- iMobileSitter offers such a protection that hackers cannot obtain the master password or stored secrets with todays known methods. With iMobileSitter, each tested master password seems to be correct for an attacking hacker or a hacker tool.
- What is the hackers perspective when attacking iMobileSitter?
- In opposite to conventional password managers, iMobileSitter accepts any entered master password. It decrypts the stored information on the basis of this password, irrespective of whether or not it is correct. The iMobileSitter approach makes sure that neither the hacker nor his tools can decide if the displayed passwords, PINs, and TANs are correct or not.
- How can I recognize that I've mistyped my master password?
- iMobileSitter displays an easy recognizable, graphical symbol (i.e, an optical feedback) depending on the master password entered. The proper user, who memorized the proper symbol will thus have an immediate confirmation of the correctness of his input. On the other hand, this image is of no help to the attacker.
- Can unauthorized persons access stored secrets when forgetting to close iMobileSitter?
- No! After a short time of user inactivity, the iMobileSitter software activates an auto-logout and deletes the master password from memory. Then, access to stored secrets is only possible after entering the master password again.
- Is it possible to modify stored secrets when entering a wrong master password?
- Yes, this is even necessary for security reasons even though this seems to be paradoxical! The most important protection goal of the iMobileSitter software is keeping stored secrets really secret. If modification of stored data is only possible after entering a correct master password, then hackers could easily exploit this security mechanism as a feedback channel for dictionary attacks. If modifications are refused by the software, then a hacker or hacker tool knows immediately that the tested password was not correct.
- How to prevent from consequences caused by data modification?
- Even if iMobileSitter cannot directly prevent undesired modification of stored data for security reasons, protection against consequences of modified data is possible. To do so, users should generate backup copies of the stored data by using the export and import function. In case of undesired data modification, users can work with backup copies that contain original data and restore them.
- Why do I need shake my device in order to encrypt services?
- iMobileSitter uses a so called probabilistic encryption schema. Here, input data is encrypted in a way that if you encrypt the same input data with the master password several times, the encryption results alway differ. Shaking the device is used to collect randam data which is necessary for probabilistic encryption.
Management of Secrets
- How many secrets can be managed with iMobileSitter?
- The number of secrets is not limited.
- Which type of information can be managed with iMobileSitter?
- iMobileSitter allows managing secrets such as passwords, PINs, and TANs securely. It also supports i-TANs as special TAN variant. Additionally, one can store data such as logins and status information for TANs.
- Is it possible to exchange stored secret codes between the Android version of MobileSitter and the iMobileSitter version for Apple devices?
- Yes, this is possible.
- Is it possible to backup and restore my secret codes?
- Yes. iMobileSitter provides a backup function that allows to backup all secret codes via e-mail or via iTunes file transfer. Exported data is encrypted with the same approach as within the iMobileSitter. Thus, the backup file can be stored without further security measures.
- Must the master password be the same for all secrets to be stored?
- This is not mandatory but advisable in most use cases. In general, it is possible to secure secret codes with different master passwords. However, iMobileSitter only decrypts a secret code correctly, if the master password is entered, that has been used for storing the secret code.
- Why isn't it possible to select particular services for import?
- This is in order to prevent accidental overwriting of existing secret codes. For all entries that cannot be selected for import, there already exists an entry with the same name. Please delete this entry first. However, it is possible to completely recover the data from a backup. In this case, all entries are overwritten.
Installation and Configuration
- Does iMobileSitter support devices changes?
- Yes. The iMobileSitter allows exporting stored secrets to be imported on another device, e.g., new device, additionally used device. Export and import are secured such that no data are exchanged in plaintext. These data that are exchanged via export and import mechanism can only be decrypted when using the correct master password.
- Is authorized access still possible when device has been lost?
- No problem! The software allows generation of backup copies. Of course, these backup copies are encrypted based on the MobileSitter mechanism.
- Is the usage of the iMobileSitter software limited in time?
- No, after buying the iMobileSitter in the Apple AppStore, it can be used without limitations.
- Do different users with the same master password have different optical feedbacks after loggin in.
- Yes. The computation of the optical feedback is device dependent. This is necessary in order to prevent certain kinds of attacks. Users with iMobileSitter on different devices simultaneously can unify the optical feedback, see next question.
- Can I get the same optical feedback on all my devices using the same master password?
- Yes. By default, the optical feedback is computated upon a device dependent string. However, users that wish to have the same optical feedback on all their devices can unify this string in the iMobileSitter Settings on all devices to get the same optical feedback. Details can be found in the configuration section of the manual.