Going mobile with PasswordWallet

Let's face it, the number passwords we all have to keep track of is growing rapidly. Not only is it harder to keep track of them because of their sheer number, as good security practices become more common we are forced to change passwords more frequently and can't keep using the same, poorly-formed password, over and over.

And I frequently find that I need to know a password when I'm away from my computer. For example, I might be traveling and want to change the outgoing message on my voice mail at home. I need a password to do that, and it's one that frequently seems to leak out of my brain and get forgotten.

Truth be told, forgetting passwords has been happening to me for a long time. That's why I've been using Selznick Scientific Software's PasswordWallet application since before Mac OS X existed. Not only was it was one of the first password-keeping apps, it has long offered the ability to sync a secure copy of your password list to Palm devices. And back in the day, I didn't go anywhere without my trusty Palm V.

But these days, it's an iPhone I carry everywhere, so that's where I need my password list. In fact, even more so, thanks to the usefulness of Safari. Thankfully, the latest version of PasswordWallet now includes the ability, at extra cost, to export an encrypted copy of my password list to iPhone. It's a handy solution that's cleverly implemented. It works by wrapping the entire password list inside of a Blowfish-encrypted HTML document which is then encoded as a data:// URL. This URL is added to the desktop Safari bookmarks, so it can be synched to iPhone. You can even set up so that every time you change your password list, the bookmark is automatically updated.

(A data:// URL is a self-contained resource so no web connectivity is necessary. I have over 200 items in my password list, and while the resulting, encoded URL is incredibly long and complex, it renders and synchs just fine.)

In other words, you don't need to install any special software or hack your iPhone. When you want to view a password, you select the bookmark in Safari, enter your password to open the list, and then find the password you need. In my opinion it works well and I'm happy with it. But here are some tips to make it work a bit more smoothly.

Categorize your passwords. Despite the alphabetical navigation affordances in the exported HTML, a long list is too cumbersome to navigate. To help with this, use PasswordWallet's categorization ability. In all my years using the desktop version I never felt compelled to do this, but with the iPhone export I think it's a must—it helps you find a particular entry much easier. At the very least, create just one category for those passwords you're most likely to use when mobile.

Customize the Export. The template used to create the HTML for the iPhone is located in the PasswordWallet.app bundle. Look in Resources/[language].lproj for a file named iPhoneTemplate.html. You can edit this file to your heart's content, but the only change that I make is to change the password-entry field to a standard text field.

On the desktop, PasswordWallet is locked with, well, a password. I use a strong one, which means its long and includes some non-letter characters. This same password is necessary to open the password list on iPhone. But typing a long, complicated password with the onscreen keyboard is tedious and prone to error because, in the password field, every letter is replaced with a bullet character. You can easily make a typo and not even know it.

To make it so that you can see your password when you enter it, find this portion of the HTML template file:


<input style="font-size: 18px;" type="password" id="password" size="12" maxlength="255" />

Change the Type definition from 'password' to 'text'. The result will look like this:

<input style="font-size: 18px;" type="text" id="password" size="12" maxlength="255" />


Re-export your password list to iPhone, and you'll find that now you can see your password as you enter it. Of course, you'll want to make sure that no one is peering over your shoulder while you do this, but I consider the moderately increased risk of this approach better than the alternatives of being frustrated by mistyping my password, or selecting a less secure and easier to type password.

Sanford Selznick, author of PasswordWallet, further suggests that you might want to keep a copy of your modified template outside of the application bundle and make a symbolic link to it in the same location as the original. This will preserve your changed template during application upgrades. (But you'll have to re-do the symbolic link.)

There are other password-keeping applications for Mac OS X, but for me the ability to create a secure, mobile version of my password list is a killer feature. If you feel the same way, check out the PasswordWallet website for more detail.