How does this app work
The app achieves password memorization by picture your real password as a pattern. You as an enlightened user know to mix your passwords with lower and upper case letters, digits and some special characters. If you remember a password, you maybe have these four types at each position in mind. You know when to hold SHIFT or move your finger to the number block. This app only stores this four types and pictures them as an easy to recognize visual pattern.
So it is important to know these four types:
Type | Example | Representation |
---|---|---|
Lower case letters | a-z |
|
Upper case letters | A-Z |
|
Digits | 0-9 |
|
Special characters | %!?/"... |
Let’s illustrate this by an easy example. You have a password abcD12&
. The pattern of this password is visualized like that:
.
If you see this pattern, you should be able to remember the real password. To help to remember, you can also reveal some of the password’s single characters. E.g. you could reveal the fourth character, which is an D
.
But isn’t this unsecure? What happens if somebody gets the app data? Sure, this app decreases in fact the security of your passwords. It is easier to hack a password if you know its length, and each type per position, even you revealed some characters.
But the app provides help for that. To ensure your data, you should specify a master password which is used to encrypt your data and to lock the app. To make it tougher for the hacker, you can choose to not store this master password. That leads to no feedback if you type a whatever master password to unlock your data. Each password will unlock your data, but in different ways. Only you know the right master password and if you misspell it, you will recongnize it immediately because you will see other patterns as usual. A hacker doesn’t know your usual patterns and needs to try all possible passwords which would take millions of attempts, depending on your master password strength. The only information the hacker will get is the password length. If you don’t want this, you should store the master password in the app (which is done PBKDF2-hashed, for sure!) to only allow you to access all data of the app.