So far I've always seen that the security in the android phones is (OR) PATRON or FINGERPRINT or IRIS or PASSWORD or FACIAL RECOGNITION, something that in my view is not the most advisable given that we have demaciada personal information in the devices mobile.
I would like to know if there is a way to change this by another security algorithm that rewards the (AND) FACIAL RECOGNITION if this level happens then IRIS after overcoming this FINGERPRINT surpassing this PASSWORD, that would be the global idea of my doubt.
The idea would be to have more than one authentication factor in our devices as we do in our email accounts that we have the password and as a second factor of authentication we have a code by SMS or another.
I liked someone to help me know if this is possible.
Thank you.
To be honest. Mobile security is a myth and unless you are the president of the US or Putin then your data is not the focus of the theft to begin with.
Bio metrics are not secure as law enforcement can force you to unlock those, as can any thief. A password is about as secure as most people can get. There is better security. But that is not for 99.9% of people.
Related
Hi there,
Been a frequent reader of the formus for a long time, though I can usually get the information I need without having to annoy anyone with questions... Guess there's a first time for everything!
I have a question about Device Security Policies. Specifically, Lotus Notes Traveller.
All of our users have the option of having their company email accounts on their mobile devices. All of them use iOS devices, but sadly, we apply the same policy rules and all of the same administrator settings to all operating systems. So here's where I have the problem...
I like the convenience of having the Lotus Notes Traveller suite on my phone. Mainly for To-Do and Calender sync, but occasional email is useful. Our Lotus Notes policy reques a password of a certain strength to be enabled on all devices - it must consist of letters, numbers, lower case, upper case and can contain symbols. My issue is that it is frustratingly slow an inconveninece to enter such a complex password every single time I take my phone out of my pocket(a lot!) but I don't want to disable the android policies since there could be some users switching from iPhones to Galaxy S4/S5s.
What I am wondering is, can I do something on my Android device(Galaxy S4 GT-i9505 LTE) that will fake or spoof the secuirty strength and let Lotus Notes still sync with the server even if I don't have a password on my device?
In summary:
- Lotus notes needs a complex password to operate
- I don't want one
- Can I have a less complex password(PIN) or even no unlock secuirty but fool Notes into thinking my device secuirty meets policy.
Sorry if I haven't explained this clearly enough. If you need any more informaiton, please let me know.
If you feel some additional information on the Lotus Notes side could be useful you can get more information by Google searching "Enabling Android device security via Lotus Notes Traveler" there will be an IBM link with all the info. Sorry I couldn't give you a URL - apparently I need to have 10+ posts to my name before I can use external links! :angel:
For now I have uninstalled the Lotus Notes Traveller suite so I could go back to my handy 4 digit unlock PIN :good:
Any help or guidance would be greatly appreciated.
Thanks in advance,
Ace
P.S. I am comfortable with Flashing updates and/or custom ROMs if that's a posible solution. I currently run PAC ROM AIO Black Power-Edition NG 4.4.2.
Maybe something like this: http://forum.xda-developers.com/showthread.php?t=2398934 ?
Another idea: Maybe you could use something like KeePass or LastPass to be able to both have complex passwords and be simple to enter?
Hi. I'm glad to finally be here.
Let me explain the context of my question. I'm designing an application in Android that works consuming a web service. For all inquiries carried out to that web service, you must authenticate to each perform.:silly:
I tried to use SSL certificates for greater security, but at the moment it is too advanced for me just knowing how to create a certificate, then install it on the server and on the client and the connection between them that way (If anyone has a tutorial will be welcome).
For now, I managed to connect via http without any protection. To authenticate the device that performs, IMEI shipping plus a random password (created in the registry).
Well, my question is whether this is an acceptable way or is there more optimal way that take care information that those using the app.
Thank you very much for your help, since I have no one else to turn.
My employer is about to rollout Office365 and abandon GoodTechnology.
I have registered my Samsung Tab 10s through Intune and am now able to use corporate OneNote and OneDrive. The downside, as I understand it, is that the Samsung Fingerprint Scanner sits on top of the Android O/S and the security requirements invoked by my employer means that the scanner is not recognised/accepted/compatible. As a result I now have to use a 6+ alphanumeric password to use my tablet. I have also had to encrypyt the internal memory. Overall I can live with this for the benefits I get by being able to use my tablet in my role.
My concern is that I am now faced with the dilema of having to do the same with my Samsung S5. Normally to access my Goodtechnology emails I swipe my thumb and then enter a password to the Good app. I'll swipe my thumb 50 times a day but will only access email, say, 10 times per day. The idea of having to enter a 6+ digit password to make a call, sent an SWS, use personal email and look at Facebook/Tapatalk is not at all appealing.
I understand that iOS has an integrated fingerprint scanner and that there is no need to use a password.
Is the issue a Samsung issue or do all android smart phones with fingerprint scanners have this issue?
I wont move to Apple but I may move to Sony or HTC or..... if the scanner works.
Meantime I am now about tell my employer I will be without mobile email for the first time in almost 15 years.......... that will not go down well.
Like many prior android fingerprint readers, the V10 appears to be interpreting the ActiveSync policies of an exchange server that force a PIN/Password entry as disabling the fingerprint reader for unlock. (No EAS policy doesn't restrict fingerprint, it only enforces password unlock.)
Does anyone have insight into the technical whys and hows of what is being implemented that results in this suckage? Is it the reader? The LG software? Something in the android permissions?
Hello everyone,
I am looking forward on using the Face-Unlock feature to not have to manually write all my different 27 digit password for banking, keepass,...
How ever, I really wonder how all this works and how this is still secure. For example "KeePass":
- I have a Keepass database with a master password for the database
- No one except me knows what password and it isn't saved or written down anywhere else
- Currently I enter the password, KeePass will test if it is the correct input for decryption, and if so, it will decrypt.
This is the point where I would want to use Face-Unlock in the feature.
So does my KeePass database then have two password (1x master password and 1x my facial scan)?
Or will I will to tell "Android" my master password for all my apps and it will store it somewhere in Android and simply "pass it on" to KeePass if the Face-Unlock is verfied?
I am asking because I do not want any app or system or whatever to save my master password as this might cause security risks that no one can really evalute.
Also I wouldn't want to add a second unlocking feature to my KeePass databe (the facial scan). Because it might be less secure than my master password and there for weaken the encryption of my database?
Thanks in advance!