If all your website, cloud service, application, investment, banking, credit cards, and other sensitive account information falls into the wrong hands, that's a crisis situation.
mSeven Software, which creates and maintains the mSecure password management application that's popular with many MacOS and iOS users, is pursuing a bold strategy to protect such information. However, some users are complaining after the company removed support for Wi-Fi and Dropbox synchronization from the new version 5 platform released in early May 2017.
Password management tools provide a local application that runs on your smartphone, tablet, desktop, and laptop computer. Leveraging some mechanism—typically a service such as Dropbox or iCloud or even Wi-Fi connectivity—the application can also synchronize its data across multiple devices. Therein lies the threat: This is data no user wants compromised, and placing the data in the cloud increases the data's vulnerability.
SEE: Password Management Policy (Tech Pro Research)
Users that forego cloud synchronization—previously available using Dropbox, iCloud, Wi-Fi, or even via a shared file in the previous edition—and who store the program's data on their Mac can be confident and rest assured the password information is secure. In such cases, the application's data is stored only on their local system and benefits from AES 256-bit encryption, a technology that's incredibly difficult to crack and most expert commentary I've read states has never been compromised. But much convenience is lost, namely the ability to synchronize changes across various devices, without some synchronization option.
And that's where mSecure's new strategy proves bold: The company is providing its own mSecure cloud to fulfill that purpose. The first question is: What happens if mSecure's cloud service is compromised? I'm sure the company's taken great pains to protect its users, as evidenced by the firm's use of QR codes sent to authenticated email addresses to require logging in to its software for the first time on a new device. But following well-publicized breaches of major institutions, it's likely best to adopt the old adage never say never.
mSecure's making no apparent apologies for its forthright approach. While some users may worry tying their Apple and even Windows and Android devices to mSecure 5 forever ties them to the company, my understanding is that is true only for the cloud synchronization feature, which many admittedly paranoid users are going to forego, anyway. Data can still be backed up and stored locally on a Mac, for example.
What has been refreshing is viewing mSeven's approach. mSecure 5 was originally announced earlier in the year and missed its original stated ship date. I paid only $9.99 for my upgrade, so I wasn't too worried about it; but I monitored the situation as other users began occasionally posting frustrating notes within the firm's forums, most of which mSeven (to its credit) appears to have left online without censorship. The company's forums and its response demonstrate the firm is working hard to support its new release and respond quickly to users, even when users were repeatedly requesting refunds due to the original release date having been pushed, for example.
I'm uncertain how secure cloud-synchronization strategies will prove in the future, but it's reassuring that mSeven states the mSecure 5 program doesn't store the application's master password within the program. With additional features, including weak password identification, Touch ID, Nexus Imprint compatibility, and a variety of built-in templates for entering new account information quickly, mSeven is doing what it can to build a convenient and reasonably secure method for solving one of the most challenging tasks that's only going to become more difficult: managing passwords.
- Apple's iCloud Keychain: The smart person's guide (TechRepublic)
- 1Password: The smart person's guide (TechRepublic)
- LastPass: The smart person's guide (TechRepublic)
- Five password management apps that will work on all your devices (TechRepublic)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Password security: The one simple step pros use to lock down their accounts (ZDNet)
Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president of Eckel Media Corp., a communications company specializing in public relations and technical authoring projects.