So I have a password to log into the web app, but I never use it because I'm set up for wi-fi only sync. Is it possible to have a distinct password for my platform installs (Android, Mac, Windows), and another one for whenever I need to log-into the website? I suspect no, but the arrangement makes me a bit nervous for several reasons -- one being that sync settings (going from wi-fi to cloud sync, for example), can be changed from the web.
Thanks for contacting us. No, your SplashID master password rules all the clients. If you use WiFi sync, there isn’t much reason to login to the website at this time. You can view account status and invoices, but other than that, all other tasks can be accomplished in one of the native client apps.
No, there are no plans to create separate login passwords. Your SplashID account has just one password, and the entire architecture depends on that.
We understand your concerns, so let me provide some helpful information:
- We do not store your password on our servers. A one-way hash is generated and stored on the server to be compared for authentication purposes only when you sign in on a new client.
- This is done to protect your data from being compromised, now that we are a cloud service.
- If we didn’t do this, there would be no way to allow you to switch to cloud services in the future if you so choose.
- Since you are talking about staying a local or WiFi sync user only anyway, your data is not stored on our servers, so in the practically impossible event that the one-way hash was compromised, that would not compromise your database security if you only have it locally.
- If you want more info about our cloud server security in general: https://splashid.com/security
Yes, it’s theoretically possible that someone could login on the web app and change your sync method to cloud, but you would probably notice the cloud sync happening when you logged in on your client app, and then you could change it right back and the cloud data would be immediately removed.
What we should do is add an email notification when your sync method is changed, similar to the way Apple emails you when you use iMessage on a new device or something.
We also plan on supporting 2-factor authentication for WiFi sync as well in the future.
SplashData has been a leading provider of security applications and services for over 10 years. The company's secure password and record management solution SplashID Safe has over 1 million individual users worldwide as well as hundreds of business and enterprise clients. SplashData was founded in 2000 and is based in Los Gatos, CA.