HighCrypt, a strong password generator and manager for Android smartphones
The first written evidence on the use of watchwords dates more than 2200 years ago. They were used by the Roman military for important commands. If watchword doesn’t seem familiar, you’ll recognize it for sure by its modern name, password. It’s what you might have used as a child when playing guard by the tree-house (‘say the password if you want to get in’), but since the invention of the computer passwords are for sure part of your life. Introduced in computing about 50 years ago, passwords are strings of characters used for authentication purposes. You use them when you login to various online websites, to access your email, computer, phone and even to get money off your card (PINs are numeric passwords).
Yet, even if we use passwords for our most important assets, we choose them poorly and become easy targets for skillful hackers. Even if you choose a good password there’s still a chance that the system you’re using it in can be breached and your details revealed. It happens more than it should to read in the news about such-and-such major website was hacked and millions of passwords exposed. Sony was hacked (2011) revealing 1+ million passwords, Yahoo was hacked (2012) revealing 450k passwords, Linkedin (2012) was too and revealed 6.5 million passwords – and the list could continue. These hacks have an interesting lesson, as they also showed how poor are users’ habits in choosing passwords. You can click on the infographic floating on the right to see some statistics based on the analysis of Yahoo/Linkedin leaks.
So what would qualify as a safe password? One tip would be not to use your pet name as a password for all your accounts. Here’s some more tips on picking up a secure password and protecting your accounts:
- Minimum 8 characters. The password you choose should have at least 8 characters in a combination of uppercase/lowercase letters, numbers and symbols.
- No easy guesses. Don’t include in your password simple words or combinations such as names (of family or pets), birthdays or telephone numbers. A hacker that knows you might guess them easily.
- Use acronyms. When picking a password think of an important sentence and then create an acronym out of it, using special symbols to avoid full words (i.e. @ instead of ‘a’, ‘1’ instead of ‘i’, ‘&’ instead of ‘and’). So for instance a sentence like ‘My password is too safe!’ would become a strong password as ‘Mp@ss1s2s@fe!’.
- One password per account. Don’t use the same password for all your accounts, ideally you’d have one for each of your accounts. This way if a leak happens and one becomes compromised, your other accounts won’t be affected.
- Use a password manager. A password manager is a Godsend in having your complex passwords protected. It saves you tremendous time as you don’t need to remember all your passwords.
The statistic above showed that less than 1 in 10 people use a password manager. Yet this is one of the safest solutions to generate complex passwords and keep them safe. HighCrypt is a password manager for Android that can help you store your passwords directly on your smartphone.
Once HighCrypt is installed on your device you will be able to generate strong passwords and store your existing ones. All passwords are stored on the device itself but they are encrypted using a master password. Since the encryption protocol is 256-bits, that’s very secure – but still, my advices on choosing a strong password apply for this master one too. Your passwords can be organized in folders and several templates are available so you can save those passwords faster (i.e. templates for credit cards, emails, website logins, online banking, FTP accounts, …).
You can personalize each password stored by attaching an icon to it (120+ icons available now) but of course the best way to manage them is to create folders. If you are worried on losing your phone and thus all your passwords, there’s a ‘paranoia’ option that will allow HighCrypt to self-destruct if someone tries to guess your password and enters the wrong one.
After your logins are stored into HighCrypt you can either open each one individually if you want to see quickly the stored data, or visit the associated website for which it was stored to pre-fill your signup form.
Here’s a full list of features that HighCrypt offers:
- Master password. HighCrypt is protected with a master password thus on one can get access to your logins if they don’t know this master password. When you first start HighCrypt you’ll be prompted to enter and confirm a master password. After that, everytime HighCrypt is locked (i.e. your phone entering standby, auto-lock) when you want to see one of your passwords you’ll see the keyboard opening and an input waiting to see if you remember your administration password. Even if you lose the phone your passwords will be protected as the app uses 256-bit encryption for its own master password. How safe is 256-bits? Well, to put things into perspective, to crack a 256-bit password that’s perfectly chosen you would need the power of about 40 trillion suns, not to mention the hundreds of thousands of years it would take to crack it. So yes, AES is that secure.
- Organize passwords. When you create a new password you have the option to put it in an existing or a new folder. Organizing them by folders will ease the process of finding a particular one, especially if your list of stored passwords just keeps growing.You can create folders for your work-related passwords, home ones, banking data and so on. Passwords that you consider the most important can be added as favorites and you’ll quickly find them in a special folder (Favorites). Folders can be easily managed so you can create a new one, edit or delete an existing.
- Strong password generator. Generating a strong password for each online account you have should become a habit. With HighCrypt you are given this option of creating strong passwords that include symbols, numbers and all caps/small caps. The internal password generator will show you how strong is the password you created by coloring its background and displaying text that says if the password is strong enough. You have the option to exclude symbols and numbers when generating a password, but doing so would only reduce the security. A password can have up to 256 characters.
- Password templates. What you store in a login can vary from site to site. For FTP/SFTP logins you’ll need to store a hostname too, for credit cards you have the bank number and same goes with other types of logins. HighCrypt offers a selection of 18 different templates you can start using to add passwords easier.
- Personalize passwords. Each of your stored password can have, aside its key information such as username/password, a personalized icon. There are literally hundreds of icons that you can associate to a particular password. These icons help when you open the app and see a listing of all your passwords – you will quickly notice the icon of Yahoo, Facebook or Gmail for instance, since those are already brands you recognize.
- Highcrypt password bar. When you open one of the passwords stored in the app, you can visit the associated URL for that listing. The website will be opened in a browser and at the top you’ll notice a HighCrypt bar. This lets you quickly copy/paste the username/password for that website, which means that you don’t have to switch between 2 different apps to get the logins, they’re right there at the top. That top bar can be closed and from the app’s settings you can disable it completely if you don’t find it useful. But this would mean that you’ll have to open the entry for a password and tap to copy the details, then switch back to your browser.
- Backup to SD. HighCrypt will ask you when it first starts if you want to create a new database with logins or just open an existing one from your SD card (sort of a restore process). So it is useful to have your database backed up to the SD card as if you want to move the app to another phone you will be able to restore all your logins at once.
- Other options. HighCrypt offers other options that you can change from its settings: possibility to lock the app automatically (or only when the screen goes offline), get an alarm when the login is entered incorrectly, wipe everything if someone tries to hack your password and so on.
HighCrypt lets you store important information and ‘understands’ the value of those details. All logins are stored in a database which is protected by a master password you have to define when the app first starts (but you can change later). Everytime the app goes in lock mode, either if you lock it manually or if it auto-locks after idle time, you can unlock by entering its password.
After you unlock it you’ll see a list of the entries you’ve created previously. You can set it to show the Favorites ones for instance, and if each has its own icons you can quickly tap on one to open its details. By default the password/sensitive areas are masked by asterisks, but you can tap on the ‘eye’ at the bottom of the passcard to unmask and see it. If it’s an website you’ve stored the login for, just tap on the URL and you’ll be able to open that in your browser. HighCrypt will dock at the top with an user/password section that you can tap on to copy to your clipboard and paste into the login form of the website you’re visiting.
Since you can have so many passwords of course a search feature comes handy and HighCrypt delivers. You can search within all your passcards for a particular keyword. That’s when the ‘Notes’ field that you can add optionally to a passcard becomes handy, as you can enter in there other searchable information to find that passcard easier.
The Lite version of HighCrypt is free but if you need additional features you can upgrade to the Pro one. There are upcoming features, such as the possibility to synchronize with third party services (i.e. Google Drive) or being able to install the app on a tablet (right now it only works on smartphones) which I assume will only be available in the Pro edition. You can visit the developer’s website for details or download the app directly from Google Play here: Download HighCrypt Lite.