Using Password Apps Safely

[DollyP]

I am using a Moto G with Android 4.4, but this query probably is relevant to any phone either Android or IOS.

I have only recently acquired a smart phone so the ability to get my passwords onto it seems a no-brainer. I currently use Keepass on my Linux box but because Android's Keepass apps use Keepass v2 databases and I can't convert from my existing v1 database, I am considering a move to Roboform (besides which I'm not sure of Keepass's ability to fill in browser logins).

Now my query is about the safety or security of password manager apps in general on smartphones. The way I see it is that I give the password manager access to my password datafile to access passwords within both the browser and separate apps that need passwords. The password manager presumably sits in the background, always signed in and waiting to leap in with logins and passwords when needed. If that is the case, then the security of my passwords is no better than that of the phone itself, easily opened with a swipe on the pattern grid to activate. And available without swiping for any criminal who grabs my phone when I am using it.

Am I correct in this reasoning, and if so what do folk do to protect passwords on smartphones?

REgards
David

[StuartR]

I use Roboforms. It has a user configurable timeout period after which you must re-enter the password that allows it to access your passwords. I keep mine set to a very short timeout, but you could set it to a longer interval if you want. You can also set it to "Auto-logoff on Sleep or Stand-By" and use your normal screen lock timeout.

BUT PLEASE NOTE: The Android version of Roboforms can only fill in passwords in it's own browser, not in the stock Android internet app.

[DollyP]

I use Roboforms. It has a user configurable timeout period after which you must re-enter the password that allows it to access your passwords. I keep mine set to a very short timeout, but you could set it to a longer interval if you want. You can also set it to "Auto-logoff on Sleep or Stand-By" and use your normal screen lock timeout.

Thanks. Useful to know these options exist. I've never integrated any password manager into any browser on the desktop but it seems to be better to do this on my smartphone. Only trouble with your very short timeout is that you presumably enter the manager's password almost as often as you would enter original passwords. I'll try Roboforms.

BUT PLEASE NOTE: The Android version of Roboforms can only fill in passwords in it's own browser, not in the stock Android internet app.

I use Dolphin browser on my smartphone (won't use Chrome) and there is an add-on for Roboforms.

David

[StuartR]

...
I use Dolphin browser on my smartphone (won't use Chrome) and there is an add-on for Roboforms.

That sounds useful, I'm off to the app store...

[StuartR]

I installed "Dolphin Browser for Android", and "Roboform Addon for Dolphin browser", but I can't find the Addons configuration in Dolphin to hook them together!

Edited to add
However you prompted me to search around and I have now installed Firefox and the Roboform Addon for Firefox seems to work fine. (and I found out where to add the Roboform Addon for Dolphin, but I'm happy with Firefox so didn't bother.