Print

Introduction

Thank you for choosing the iMobileSitter. iMobileSitter protects your passwords, PINs, and lists of transaction numbers (TAN lists) using an innovative technique that offers far greater security than conventional password managers. Hackers get crazy due to iMobileSitter's resistance against common attacks such as dictionary attacks or brute-force attacks. Backup and restore features provide additional reliability of the stored secrets in case of defect or loss. With iMobileSitter your secrets codes are safe and always available.

This user manual describes the functions of the iMobileSitter software. In addition to the manual, we have prepared a list of answers to frequently asked questions (FAQ).

System requirements

To use the iMobileSitter the following requirements must be met:

  • Apple iPhone or iPod Touch with operating system version 4.3 or higher
  • Current version of the Apple iTunes software for backups using the iTunes file sharing feature
  • Configured email account on your mobile device for backups using email

Installation

Download and install the iMobileSitter software using the Apple AppStore. After installation a start icon is added to your mobile device.

Update and reinstall

On updating the iMobileSitter software, your services and settings stay unchanged. There is no need to uninstall the previous version of the iMobileSitter software first.

Please note that when you uninstall the iMobileSitter software and reinstall it subsequently, all services, folders and settings are lost.

Note: Please always run a backup before updating or reinstalling the iMobileSitter software. Details are described in the section on Importing and exporting.

Getting started

The user interface of the iMobileSitter is based on standard elements and interaction schemes that you already know from other applications. Thus, iMobileSitter can be used without a long training period.

Start and log-in with the master-password

After starting the iMobileSitter software a dialog for entering the master password is displayed (see figure below). Please enter your master password here. If you are using iMobileSitter for the first time, choose a new master password and enter it. All your secret codes are encrypted with this master password.

Warning: Please select a strong master password. Do not use trivial master passwords that can be easily guessed. Make use of different character sets (i.e. lowercase and uppercase characters, digits and special characters). Please remember you master password or deposit it in a safe place. The iMobileSitter software does not provide any means to recover a forgotten master password.

In contrast to conventional password managers, the iMobileSitter allows the user to log-in with any master password. On entering a wrong master password, the iMobileSitter does not show an error message, but lets the user enter. However, the secret codes that are shown inside are wrong. How legitimate user can recognize that they have entered a wrong master password is described later.

Overview of the main screen

After logging in you get to the main screen – the list view. Here you have direct access to all stored secret codes. This section will give you an overview of the main screen. The particular details of the various functions are described in subsequent sections. The figure below shows a typical main screen.

Upper area

  • Optical feedback: After logging in a symbol with a specific colour combination is shown in one of the four grey fields. This symbol is calculated from the entered master password and other information. If this symbol looks different than usual, you have good evidence that you have entered a wrong master password. The following pictures show examples for different optical feedbacks.

              
  • "Edit" button: By pressing this button you enter the global edit mode. Here, you can edit, delete or sort your secret codes and folders.

Middle area

In this area, the list of your services is shown. Move your finger across the screen to scroll up and down. The services can be sort in different folders. You can enter a folder by tapping on the respective folder entry. When tapping on a service entry the details are shown. There are three different types of services (passwords, PINs and TAN lists). Each of the three symbols below represents one service type.

  

Lower area

The bottom of the screen contains the following symbols:

  • "List" symbol: In the list view, the services are sorted according to your preferences. Folders can be used to group services. When logging in this view is selected by default.
  • "Search" symbol: In the search view, all services appear in alphabetically order. The search function helps to find services easily.
  • "Options" symbol: Tapping this symbol gives access to the settings, backups and support functions.
  • "Log out" symbol: Use this symbol to log out and go back to the master password entry screen.

Log-out

In order to log-out, tap the "Log out" symbol. After logging out you have to enter your master password again in order to access your secret codes.

Note: Please note that after pressing the home button on your mobile device the iMobileSitter software is still running in the background. Activating the iMobileSitter again will still provide access to your secret codes. For security reasons, you are automatically logged out after some time period. The duration can be set in "Options" → "Settings" (details in section Tips for advanced).

Service types

iMobileSitter supports three different types of services. Depending on the type, different information can be managed.

  • Passwords: Service name, user name, password, URL
  • PINs: Service name, numeric PIN
  • TAN lists: Service name, list of numeric transaction numbers, validity flag per transaction number

Warning: Please note that due to the iMobileSitter's special encryption function only the fields for passwords, PINs and transaction numbers are encrypted. Service names, user names, URLs and validity flags leave unencrypted, please do not enter confidential information there.

Detail view

Depending on the type of service, the presented details vary. The following figure shows an example detail view of a password entry.

Warning: Beware of shoulder surfers when opening the details view in order to keep your secrets secure.

By tapping the user name, the password or the PIN field, the fields are zoomed in (see figure below). This may help you if you need to manually type the information into some other device (e.g. your computer or an electronic door lock).

In TAN lists only the selected TAN is display in plain text, all other TANs are masked. By tapping the green symbol on the right side you can toggle the validity flag. Invalid TANs are displayed in grey colour.

Transfer information to other applications

iMobileSitter allows you to transfer stored information like user names and passwords to other applications on your mobile device. For that, make use of the clipboard copy and paste the information.

In the detail view, particular information can be copied to the clipboard by tapping the grey copy icon (see figure below).

Now you can switch the application and paste the copied information there. For information that is needed in a browser there is a simplification. For this, copy the required information as described above and then click on the entry's URL field (not on the copy button but the URL itself). The URL will be opened in the Safari browser and the copied information can be pasted into the appropriate input field.

Global edit mode

Adding, modifying and deleting entries is usually done in the global edit mode. Below you can see a typical illustration of this mode.

The middle area of the screen containing the list view with the services and folders can be used like lists views of other applications on your mobile device (e.g. the bookmarks in your Safari browser). Additionally there are two buttons for adding new folders and services.

By tapping the "Done" button you leave the global edit mode. You can also leave the edit mode by tapping one of the four buttons on the lower screen area.

Saving new services

Basic procedure

Please follow the steps below to save a new service:

  1. Tap the "Edit" button in the list view to enter the global edit mode.
  2. Tap the "New service" button at the bottom right.
  3. Choose one of the service types password, PIN, or TAN list.
  4. Enter the service specific information (depends on the chosen service type, details below).
  5. Tap the "Save" button. The button is activated when all necessary information is entered.
  6. Upon request shake the device to collect random data.
  1. Wait until the encryption process has finished.


Entering service specific information

Service type password

  1. Enter the service name.
  2. Enter the user name (optional).
  3. Select the necessary character sets.
  4. Enter the password or let the iMobileSitter generate a new password.
  5. Enter an URL (optional).
  6. Select a folder (optional, details about managing folder are described below).

Note: iMobileSitter shows secret codes upon entering any master password. When a wrong master password is entered, the shown secret codes were also wrong. However, neither the attacker nor its tools should be able to recognise whether the entered master password is wrong or not. Therefore, even wrong service passwords must look as if they could be correct. I.e., a service password must not contain characters that were not allowed with the service. This especially holds for the supported special characters. Please select only character sets and special characters that were supported by the particular service. The figure below shows the special character selection screen.

Service type PIN

  1. Enter the service name.
  2. Enter the numeric PIN.
  3. Select a folder (optional).

Service type TAN list

  1. Enter the service name.
  2. Set the length of the TAN list and the length of each transaction number (see figure below).
  1. Select a folder (optional).
  2. Tap the "Next" button.
  3. Shake your device.
  4. Enter the particular TANs. You do not need to enter the full list of TANs at once. Remaining TANs may be entered later. Every TAN that has been entered will be immediately stored.
  1. Tap the "Done" button to finish the TAN entry.

Generate strong passwords and PINs

If you need a new password or PIN for a service and prefer a strong and random one, iMobileSitter can help.

In the password entry dialog, tap the "Generate Password" button (or the "Generate PIN" button, respectively). After that choose the necessary length, shake the device upon request and retrieve a strong password (or a strong PIN).

Editing services

If you want to edit a service, follow the next steps:

  1. Select the entry to be edited. The detail view is shown.
  2. Tap the "Edit" button to enter the edit mode of the service (see figure below).
  3. Enter your changes.
  4. Tap the "Save" button.
  5. Shake the device upon request to collect new random data.
  6. Wait until the service has been saved.

Note: Please note that the current version of the iMobileSitter does not support changing the service name of TAN lists. However, the transaction numbers itself can be changed.

Note: Depending on whether the changed information is used in the calculation of the service password or not, the entry must be optionally re-encrypted. Changing a URL, e.g., does not result in re-encryption.

Note: You can also change services by entering the global edit mode and selecting the respective service.

Deleting services

The deletion of a service is performed as follows:

  1. Move the folder that contains the service to be deleted (optional).
  2. Tap the "Edit" button above right to enter the global edit mode.
  3. Tap the minus symbol of the service to be deleted. Confirm the deletion by tapping the "Delete" button.

  1. Tap the "Done" button.

Managing folders

iMobileSitter supports folders to group your services. Folders may contain other folders.

Adding new folders

To create a new folder, please perform the following steps:

  1. Move to the folder which is used as the parent folder of the new folder (optional, parent folder may be selected also later).
  2. Tap the "Edit" button above right.
  3. Tap the "New folder" button below left.
  4. Enter the folder name.
  5. Optional: Select the parent folder (if not previously done).
  6. Tap the "Save" button.
  7. Tap the "Done" button to leave the global edit mode.

Note: Please note that the folder name needs to be unique. If a folder name with the entered name already exists, an error message is shown.

Moving services

The order of services (and folders) within a folder can be changed in the list view by entering the global edit mode. Tap and hold the symbol with the three bars on the right side of an entry and move it up or down (analogous to the editing of bookmarks in your Safari browser, see figure below).

To move a service to another folder, please follow the next steps:

  1. Tap the "Edit" button in the list view to change to the global edit mode.
  2. Tap the service to be moved to another folder.
  3. Select the new parent folder.

  1. Tap the "Save" button.
  2. Tap the "Done" button to leave the global edit mode.

Editing and moving folders

To edit a folder, please change to the global edit mode and select the folder to be edited. In the edit view you can either change the folder name or the parent folder. Press the "Save" button and then the "Done" button to save the changes.

Deleting services

Follow the steps below to delete a service:

  1. Move to the folder's parent folder.
  2. Tap the "Edit" button to enter the global edit mode.
  3. Tap the minus symbol in front of the folder to be deleted.
  4. Confirm deletion by tapping the occurring "Delete" button.
  5. Tap the "Done" button to leave the edit mode.

Note: If you want to delete a folder that is not empty, a warning appears.

Note: You can also delete a folder by selecting a folder in the global edit mode and tap the "Delete folder" button.

Importing and exporting

Mobile devices can be lost by being misplaced, lost, or stolen. Therefore, it is advisable to backup your secret codes. It is of advantage to create a new backup each time you edit your service.

Backups are encrypted with the same approach as within the iMobileSitter. Thus, the backup file can be stored in your emails or computer without further security measures.

Note: To have your backup always accessible, create a backup, send it to your email address and let this email stay on the server.

Creating a backup

For creating backups, please proceed as described below:

  1. Tap the "options" symbol at the bottom of the screen.
  2. Select the entry "Backup and restore".
  3. Tap the "New" button top right (see figure below).

Now, the backup can be transferred to other devices using two different approaches, email or file sharing via iTunes.

Option 1: Send backups via email

After backup creation an information dialog appears giving you the option to send the backup via email. By tapping the "Yes" button, a new email compose window appears. You only have to fill in your email address and submit the email.

Note: Please note that sending your backup via email requires that you have already configured an email account on your device.

Note: If you have not sent your backup immediately after creation you can do later by tapping the backup and selecting "Send backup file by email".

Option 2: Save backups with iTunes file sharing

You can transfer backups also with iTunes. For that, connect you mobile device with your computer and select the device in iTunes. Now select the "Apps" tab to show the installed apps on your mobile device. Scroll down to the "File Sharing" section and select the iMobileSitter application. The backups are shown in the right column. Backups can be saved using the "Save to" button (see figure below).

Restoring backups

When restoring backups one has to differentiate whether the backup file is already on your device or whether it needs to be transferred first. The following to two sections explain how to import external backups from your email or external computer into your mobile device. Afterwards, the backup can be restored inside the iMobileSitter, either as a whole of in parts.

Importing backups from email

Start your email client on the mobile device and open the email containing your backup. Tap the attached backup file (see figure below).

Tap on the arrow symbol at the top right (see figure below)

Select the button "Open in 'iMobileSitter'".

Afterwards, the backup can be imported within the iMobileSitter as described below.



Import backups with iTunes file sharing

If your backup file is located on your computer, it needs to be transferred using iTunes file sharing. For that, connect your mobile device to your computer. In iTunes, select the mobile device and click on the "Apps" tab. Scroll down to the "File Sharing" section. Select the iMobileSitter application and use the "Add" button to choose and upload the backup file. Now, the backup is available for restoration in iMobileSitter



Option 1: Restore all services

When the backup is available to the iMobileSitter, you have two options. Either you choose to restore all services or restore only selected services. Restoring all services will also recover the folder structure, while selective recovery does not.

Warning: Restoring all services from a backup will delete all currently stored services first.

To recover all services proceed the following steps.

  1. Tap the "Options" symbol at the bottom of the screen.
  2. Select the entry "Backup and restore".
  3. Select your backup file.
  1. Tap the button "Restore all services".


Option 2: Selective Recovery

In contrast to a full recovery, importing selected services will preserve all existing services. Entries cannot accidentally be overwritten, but need to be deleted first. The selected services are restored to the main folder.

For importing selected services proceed the following steps.

  1. Tap the "Options" symbol at the bottom of the screen.
  2. Select the entry "Backup and restore".
  3. Select your backup file.
  1. Tap the button "Import selected services".
  1. The list of services with the backup is show. You can now select the services to be imported.

In order to prevent accidental overwrites, services can only be selected, if there is not already an entry with the same name stored in the iMobileSitter. If you are sure that you want to overwrite them with the backup, please delete the particular services first.

Exchange of services between mobile devices

iMobileSitter allows you to transfer your services between different mobile devices. For that, use the backup and recovery features described above. Create a backup on one device, send it by email, open the email on the second device, and import the services.

Changing master password

If you assume that your master password is no longer secure, you should change it immediately. For that, all services have to be re-encrypted with the new master password. Please proceed the following steps to change your master password.

  1. Tap the "Options" symbol at the bottom of the screen.
  2. Select the entry "Change master password"
  3. Enter your new master password twice and tap the "Next" button.
  4. Select the services that should be re-encrypted. In most cases you should select all service. Tap the "Next" button.
  1. Upon request shake the device to collect random data.
  2. Wait until the re-encryption has finished. Depending on the number of services, the process may take some time.
  1. After the master password has been changed, the old and the new optical feedback are shown. In the future, the new optical feedback is shown after logging in with the new master password.

Now, the new master password is already active. The new optical feedback is shown in the list view.


Warning: All services that have not been selected for master password change cannot be decrypted correctly using the new master password. Instead, you need to log in with the old master password to get the corresponding secret codes.

Hint: After changing the master password it is advisable to create a new backup, which is encrypted with the new master password. Please note that any old backups still use the old master password.

Tips for advanced

Changing the sync name

iMobileSitter uses a special encryption method in which any master password is accepted when logging in. For that reason, the legitimate user may not recognize whether the master password was entered correctly or not. He may not even recognize typos from the presented secret code. Especially, if the user followed to the security advices to choose randomly generated strong passwords.

For this reason, iMobileSitter shows an optical feedback in the upper screen area after logging in. If this feedback looks as usual, you have good evidence that the entered master password was correct. If not, the master password was probably had a typo wrong. You should log out and try again.

To increase the security, the optical feedback is not only dependent on your master password, but additionally uses a so called sync name. The initial sync name is derived from the MAC address of your devices network adapter and can be adapted. If you are using the iMobileSitter on multiple devices with the same master password, you should set the same sync name on all devices in order to get the same optical feedbacks.

Note: Changing the sync name has no implications to the encryption or decryption of services. Changes can be performed and reversed at any time.

Please change the sync name as follows.

  1. Tap the "options" symbol at the bottom of the screen.
  2. Select the entry "Sync name".
  3. Tap the button "Edit" and set the new sync name.
  4. After pressing the "Save" button, information about the old and the new optical feedback is shown.

Switch devices

If you plan to switch your device and want to transfer the services within the iMobileSitter to the new device, proceed as follows.

On your old device:

  1. Start the iMobileSitter and login with your master password.
  2. Create a new backup and send it either via email or use the file sharing of iTunes to send the backup to some other device.
  3. Record the current sync name in order to have the same optical feedbacks on your new device.

On your new device:

  1. Install the iMobileSitter software from the AppStore.
  2. Import the external backup into iMobileSitter (either by opening the attachment in your email or by using the file sharing of iTunes).
  3. Start the iMobileSitter and log in with your previous master password.
  4. Restore all services via "Options" → "Backup and restore".
  5. Select the backup and choose "Restore all services", follow the steps and press "Close".
  6. Set the sync name to the value used on your old device.

Reset application

If you want to delete all service and folders stored in the iMobileSitter you can use the reset function. Please proceed the following steps.

  1. Tap the "Options" symbol at the bottom of the screen.
  2. Select the entry "Reset".
  3. Confirm deletion by pressing the button "Delete all".

Note: The sync name is not changed by the reset. Additionally, existing backup files are not deleted, i.e. existing backups can immediately imported after reset.

Hidden master password entry

In order to prevent shoulder surfers from reading your master password when logging in, the master password is masked by default. In this mode, only the last entered character is shown in plain for a short period of time. If you want to see the master password when logging in, proceed to following steps.

  1. Tap the "Options" symbol at the bottom of the screen.
  2. Select the entry "Settings".
  3. Toggle the "Hide characters" option.

Automatic log-off time

For security reasons it is advised that the iMobileSitter automatically logs off after some period of inactivity. Log off even works, if the application is running in the background. Only during encryption the feature is temporarily deactivated.

By default, the inactivity duration is set to two minutes and can be adapted as follows.

  1. Tap the "options" symbol at the bottom of the screen.
  2. Select the entry "Settings".
  3. Select the entry "Inactivity duration" and choose the desired option.