Writing a mobile password manager

I miss developing mobile apps. With the exception of the never-ending tweaks and revisions to my mobile wiki app, I’ve not done any mobile development in weeks. (Is it very sad that I missed it? 😉 )

Until tonight. Hurrah – back to playing with fun stuff.

One of the things I typically want to use on my phone is a mobile password manager – particularly as I do more web browsing on my phone, and mobile browsers like Pocket Internet Explorer and Opera Mobile don’t remember passwords.

I’ve tried several existing password managers – I’ve even paid for a couple, like eWallet (love the way it shows credit card details to look like a pretend credit card) and SplashID (always loved the desktop version). But I never found one that I really liked. At the moment, I’m back to storing passwords in a text file, and using mobile Notepad to access it.

There were problems with all of them…

One-handed or stylus-free navigation is bad – Teeny-tiny controls. Drop-down lists that you need to not only touch the screen to open, but then scroll up and down in. Basically, take a look at a design doc like this and do the opposite of pretty much everything 🙂

Too many clicks/presses to get to a password – SplashID for example: to get a website password, you touch the screen to open the category drop-down list, touch the screen to scroll to the “Web Logins” category, scroll through the list to the website you want, touch the screen to select it, press the “Tools” button, then press “Unmask Fields”. Too much.

No clipboard access – Unforgivable, this one. I like to use randomly generated passwords where possible. Once you’ve used the fiddly controls, and gone through all the steps, you can see the password on the screen – hurrah! Can you copy it to the clipboard for pasting into a web form? Nope. Even Ctrl-C / Ctrl-X / Ctrl-V don’t work – and most apps at least leave that basic Windows clipboard support in. So you have to remember your password after reading it. And with my passwords, that’s a pain. I used to find a scrap of paper, and write it down to make it quicker to type back in. So secure(!)

Actually, to be honest, even after all that, the final straw that stopped me using SplashID was the fact that it’s sync plugin consistently hosed my ActiveSync. Not only would it not sync, but it’d crash ActiveSync and stop everything else from syncing too. The day I uninstalled SplashID, my phone became a million times more useful from that alone!

This was all enough of an excuse to try throwing together my own password manager.

bLADE ID - Mobile I also wanted a reason to write some encryption code, but didn’t get around to it in the end… will save that for another night.

This is what I managed to come up with. It continues to amaze me how easy it is to quickly throw together very usable applications with Visual Studio.

This was the work of an evening’s dragging and dropping, with a little code added to handle showing/hiding controls, and moving things around to handle switching screen orientation. The rest was just reading and writing XML files, the code for which I already had kicking around anyway.

Choose a category by jabbing one of the big buttons, instead of fiddling with a drop-down.

When you choose a category, the list on the right is filled with those items.

Pick one of the items in the list, then press the left “Open” soft-key and the details for that item are displayed.
bLADE ID - Mobile bLADE ID - Mobile

Next to each text box is another big button. Press that and the contents of the text box are copied to the clipboard.

Some fields can be set as passwords, so they can’t be looked at by people looking over your shoulder. But they can still be copied to the clipboard fine.

The category selected when you create a new item is used to identify the labels to use for each text box, and which text boxes should be treated as passwords. This can be customised for each individual item.

bLADE ID - Mobile Getting the controls to rearrange to suit the orientation of the screen is a little fiddly.

You can let the managed code handle resizing objects automatically, but I prefer to move them around a little too. 🙂

It means you’ve also got to handle resizing controls to adjust to the screen resolution – so controls still look okay on a VGA screen.

From the menu, you can also see that I’ve added some list controls like sort, and move up or down.

bLADE ID - Mobile

A benefit of writing managed code for Windows Mobile is that porting the C# to a desktop app requires very little new code.

Most of the same code can be reused – I could separate out the code that handles the interface behaviour like when to show or hide a control, or how to manage the list of items. This could then be shared between the mobile project and a second project to build a desktop Windows app.

bLADE ID - Desktop

The only difference is that I took advantage of having more screensize on the desktop.

The two mobile screens – list view and single item view – can be shown side by side.

The rest of the code was just to handle syncing the items so that changes in the desktop version get copied to the mobile version and vice versa.

Again, this was code that I had to hand from previous projects already, so was quite straightforward.

bLADE ID - DesktopAs I said, I’ve not written anything to encrypt the stored passwords – they’re just stored in plain text XML files. It’s not a major concern – the filesystems on both my mobile and my desktop are secured, so if you can get to the text file used by the app, then I’m a bit screwed anyway.

That said, as I mentioned above, one of the motivations of writing a password manager in the first place was to try writing some mobile-friendly code to encrypt/decrypt data using a password.

But I spent too much time tweaking the interface and then writing this over-long post so that will have to wait!

That said, for a thoroughly un-original app, it’s been kinda fun to write! 🙂


Update: Chris pointed out that SplashID has been improved with the release of version 4 before Christmas. The version I paid for was 3.4 and I gave up on it back in August. To be clear, my comments were based on that. In particular, they’ve apparently come up with a new approach to syncing that addresses the problems that I was having. I’ll have to give the new version a try sometime. Next time I should try checking for new versions before writing my own replacements!

Tags: , , , , , , , , , , , ,

2 Responses to “Writing a mobile password manager”

  1. […] wrote last week about an evening I spent throwing together a password manager for Windows and Windows Mobile. As I […]

  2. Hi Dale,

    Its a nice article you have written. I believe Windows mobile is still not popular internationally. To solve password management problem for people with ordinary phones I have written a password manager Java named pwMGR with link specified above.

    May I request you to find some time to review it and give your kind feedback.