SplashData Help Desk

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Possible to have different password for local wi-fi syncing?

David Mar 06, 2015 05:35AM PST

So I have a password to log into the web app, but I never use it because I'm set up for wi-fi only sync. Is it possible to have a distinct password for my platform installs (Android, Mac, Windows), and another one for whenever I need to log-into the website? I suspect no, but the arrangement makes me a bit nervous for several reasons -- one being that sync settings (going from wi-fi to cloud sync, for example), can be changed from the web.

Up 0 rated Down
Justin Cepelak Mar 06, 2015 03:03PM PST SplashData Inc Representative

Thanks for contacting us. No, your SplashID master password rules all the clients. If you use WiFi sync, there isn’t much reason to login to the website at this time. You can view account status and invoices, but other than that, all other tasks can be accomplished in one of the native client apps.

Up 0 rated Down
MIchael Mar 13, 2015 02:27AM PDT
I would like to have a separate password for my SplashID account and my actual application. I use the wifi sync so none of my password are in the "cloud" yet my password to access my passwords on my devices and computers are in the "cloud" because I cannot have a separate password for my account and my application. Is this in your roadmap to fix?
Up 0 rated Down
Justin Cepelak Mar 13, 2015 02:28AM PDT SplashData Inc Representative

No, there are no plans to create separate login passwords. Your SplashID account has just one password, and the entire architecture depends on that.

We understand your concerns, so let me provide some helpful information:

- We do not store your password on our servers. A one-way hash is generated and stored on the server to be compared for authentication purposes only when you sign in on a new client.

- This is done to protect your data from being compromised, now that we are a cloud service.

- If we didn’t do this, there would be no way to allow you to switch to cloud services in the future if you so choose.

- Since you are talking about staying a local or WiFi sync user only anyway, your data is not stored on our servers, so in the practically impossible event that the one-way hash was compromised, that would not compromise your database security if you only have it locally.

- If you want more info about our cloud server security in general: https://splashid.com/security

Up -1 rated Down
David Apr 13, 2015 03:52PM PDT
My main concern with how things work is that even if I'm set up for wi-fi only syncing, if someone somehow gets my password, they can log-into the web app and change the setting to Cloud Sync. This system asks if you want to enable Cloud Sync when you request 2-factor authentication. If I understand this correctly, if I then log-into SplashID on one of my devices, the Cloud will update my device to enable Cloud Syncing, and then populate SplashID's web app with my records.

That doesn't seem particularly safe; wouldn't it be better to only allow the changing of sync type from a device? Or better yet, allow two-factor log-in without enabling Cloud Syncing (if that's even possible from a backend perspective)?
Up 0 rated Down
Justin Cepelak Apr 13, 2015 03:56PM PDT SplashData Inc Representative

Yes, it’s theoretically possible that someone could login on the web app and change your sync method to cloud, but you would probably notice the cloud sync happening when you logged in on your client app, and then you could change it right back and the cloud data would be immediately removed.

What we should do is add an email notification when your sync method is changed, similar to the way Apple emails you when you use iMessage on a new device or something.

We also plan on supporting 2-factor authentication for WiFi sync as well in the future.

Post Your Public Answer

Your name (required)
Your email address (required)
Answer (required)

About SplashData

SplashData has been a leading provider of security applications and services for over 10 years. The company's secure password and record management solution SplashID Safe has over 1 million individual users worldwide as well as hundreds of business and enterprise clients. SplashData was founded in 2000 and is based in Los Gatos, CA.

Contact us


9ad29afcb03aad50291525a425db2dde@splashdata.desk-mail.com
http://assets3.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete