Securely Store Passwords and Other Sensitive Data with Pocket for AndroidBy Maurice Cherry
Keeping track of sensitive information like login credentials and account numbers used to be a huge challenge for me. Between my laptop, my desktop, my smartphone, my iPad, and my Chromebook, it was hard for me to remember every single password and login for all of the different websites and services that I use with my clients. And, when I travel for work, sometimes that means I’ll end up using a computer at a hotel or at a client location where I have limited access. What I needed was an app that could store my passwords and other important information on my smartphone.
Pocket (not to be confused with the recently-reviewed reading app Pocket) is an Android app which allows you to securely store all your sensitive data on your phone with automatic cloud backup to Dropbox. While there are similar apps out there like KeePassDroid and MobileKnox, Pocket is worth a try because of its intuitive design and excellent usability.
When you first start using Pocket, you’ll be guided through the setup wizard, which includes some information about Pocket and how it works. Pocket encrypts your data using the industry standard AES-256 algorithm to keep your information safe and secure. Your password — a simple text password — is not stored on your device, but rather as an SHA-512 hash. (If you set up online syncing with Dropbox, this hash is also stored there.) Pocket will also lock the program after a short timeout period (two minutes by default) and it clears the clipboard to ensure your data is protected. You don’t have to set up online syncing with Dropbox, but it’s necessary in case you want to use your Pocket database on multiple Android devices.
As you continue through the setup, you can either create a new Pocket database, import data from Dropbox, or import data from your SD card. Start a new Pocket database and create a password (4+ characters). Once you’re done, you’ll be taken to the home screen.
To get you started, Pocket will create the following default groups for you in the application: Bank Accounts, Cars, Combination Locks, Computers, Credit Cards, Email Accounts, Frequent Fliers, Glasses/Contacts, Inoculations, Insurance, License, Logins, Memberships, Notes, Passports, Prescriptions, Serial Numbers, Tax, and Web Logins. If you don’t find a need for any of these groups, simply longpress on any row and you can delete them. Most groups don’t have any fields included, so you can create your own fields based on the information that you want to store.
Before we get to adding and editing groups and fields, let’s look at the rest of the home screen. Tapping the green “@” sign at the top left brings up the About screen. You can upgrade the app here to the ad-free version, view any frequently asked questions, browse the Pocket user forum, and view the terms of conditions for using Pocket. The three buttons at the bottom of the screen allow you to add a new group, bring up the Settings menu, and search through all of your groups. In order to manually lock your Pocket database, drag the lock bar from the bottom of the screen (see below). If you have online sync set up, your Pocket database will automatically sync upon locking.
Adding and Editing Groups and Fields
Adding groups to Pocket is simple; just tap the Add Group button at the bottom of the home screen. (You can also longpress any group and select “Edit” from the context menu to edit a current group.) Type in the group name, select any of the available 35 icons and tap the “Add Field” button to add new fields. Tap the eye icon to the far right of each field to select the visibility of the field. Fields which are masked will be presented as asterisks, and you can tap the eye icon to reveal the text. (As you can see below, I created a category called “Frequent Fliers” to keep track of all my airline rewards programs.) Pocket also includes a password generator on password fields that lets you create alphanumeric passwords up to 30 characters in length.
There is also a Pocket Desktop application where you can view and edit your stored data from any Windows, Mac, or Unix machine. The desktop application only works if you have online sync setup on the Pocket app, since it does use your machine’s local Dropbox directory in order to sync data. You can do everything on the Pocket Desktop application that you can do on the mobile app, including adding and editing groups and fields.
Tap the Config button at the bottom of the home screen in order to bring up the settings menu. Under Preferences, you can change the alphabetization of groups or fields and change the timeout period before Pocket locks and syncs. Back on the main settings page, you can change your master password, setup online sync (in case you didn’t during setup), force sync your Pocket database, import or export your Pocket database, or reset the app.
Pocket has a lot of great features, but it’s not without a large set of drawbacks. While Dropbox works great as an online syncing option, it is the only syncing option available. It would have been great to have the option to sync to Box or Google Drive as well, especially since online syncing is crucial to using Pocket on multiple Android devices and to have a clean, automatic backup.
Pocket also hasn’t been updated in nearly a year, and according to the Pocket user forum, the developer hasn’t been responding to user’s inquiries since January 2012. It’s hard to say whether or not the developer has abandoned this project (I hope not!), but it is a cause for concern since there doesn’t seem to be an active support channel if you run into an issue.
Speaking of the Pocket user form, some users have experienced syncing issues with Dropbox. Other issues with Pocket fall mainly around security and exporting of your data. While Pocket uses sophisticated algorithms to protect your data, any of it can be accessed using a text password. This isn’t a huge drawback, but some different options for unlocking the app such as face detection or gestures would add another layer of security.
Importing any data is a bit of an issue since the import format isn’t specified (I’m assuming it does this from an online sync). I did a search on the Pocket user forum and discovered that you can import a previous Pocket database (encrypted SQLite database or unencrypted XML) or you can import a KeePass CSV. The only way you can import a database is through the mobile Pocket app; you can’t import using the Pocket Desktop application.
Pocket stores important credentials using powerful encryption and syncs easily with Dropbox. It’s well-designed with a quick learning curve, and the corresponding Pocket Desktop application is a nice complement. The app has not had any active updates in almost a year, so your mileage may vary when it comes to getting developer support should you run into any problems.
Pocket is available on Google Play for free and requires Android OS v2.6 or higher to run. Download the app from the Google Play Store link below or by clicking on the Google Play badge provided.