There have been some movies going around lately showing how to compromise an iPhone and reveal all the stored passwords in the Apple keychain in minutes.
David from our engineering team talks about how the Secret Server password app for iPhone is not susceptible to this type of attack because it uses its own files for encryption along with a randomly generated key that includes device specific information.
A little known feature in the new dashboard is the ability to “save searches”. I didn’t know about this until one of the engineers showed me … it isn’t exactly a saved search but it is close.
Steps
That’s it. You now have a tab called Cisco that holds a saved search to find all your Cisco devices. You can come back to this tab at any time to see the results of that search.
We will soon be releasing a new user interface as a replacement for the Home page, called “Dashboard”. Dashboard is a modern approach to displaying and managing data, one best described as an “interactive console” approach. Central to the idea of a “console” is the ability to drag and drop different components on the screen. Dashboard implements a widget based system which allows fluid customization of data, reports and the functionality shown. Dashboard will be part of the next release, 7.3.
Thycotic brings Password Management to TechEd Australia 2010
Thycotic will be at Gold Coast, Australia next month exhibiting at TechEd Australia for the third year in a row. Stop by our booth and learn about how Secret Server integrates with RADIUS in version 7.0 .
Are you responsible for end-user passwords? Ask to see a demo of self-service password reset tool,Password Reset Server.
Come visit us to talk about password management or information security.
See you there!
Here is a movie showing the basic proof of concept application working on the Android Phone simulator. It demonstrates authenticating to Secret Server, pulling down a list of Secrets. Then adding a Secret Server using the web browser and seeing it appear in the app.
This app should be available within 2-3 months.
Here are some sneek screenshots of the new folder capabilities in the iPhone password manager app:
This will allow you to browse folders for customers, teams, servers or different parts of your organization and easily find Secrets within those folders. You are also able to search by folder, create new folders and assign Secrets to folders.
We are also working on offline caching capabilities for the next iPhone app release. Stay posted – the new version will be out before the end of May 2010!
Here are a few teaser screenshots of our new Secret Server Password Management BlackBerry app that will be going into beta within the next two weeks. The initial beta will only support viewing of data (no adding or updating of Secrets) but the final release version will have adding/editing capability.
The Secret Server Password Management BlackBerry app will work with your existing Secret Server or can be used with our Online Edition (hosted version).
The team has copied the design of the iPhone app for the most part with some differences to fit better with the BlackBerry platform (such as a context menu to jump to different screens in the app). We are also exploring options for offline caching within both the BlackBerry app and the iPhone app – stay posted for more on this.
Please click here http://www.thycotic.com/beta.html if you are interested in joining our Beta program.
While there are many iPhone password managers available for home and personal use, Secret Server Password Manager iPhone edition brings privileged password management to the IT professional. And it’s free! With an already-established password management platform, Secret Server iPhone provides the security and convenience needed for you to efficiently manage and track your organization’s most critical passwords from your phone and PC.
Here’s a look under the hood
The Secret Server Password Management iPhone app allows you to view, edit, and create Secrets for multiple accounts. You can also see which Secrets were recently accessed, add favorites, and lock the application with a pin code. If you lose your iPhone, you are still be able to access your Secrets from a computer because the application synchronizes with both Secret Server (installed) and Secret Server Online.
The applications that Apple delivers with the iPhone all share a consistent UI and provide an intuitive user experience, so we went to great lengths to emulate this in our application. For example, when you press a table cell and are brought to a new screen, you expect to see a button in the top left that returns you to the previous screen. You also expect certain animations and screen layouts in other familiar situations. One of the challenges of programming the Secret Server iPhone application was meeting these expectations while still providing a powerful web-based application.
What makes iPhone programming different from .NET programming is that you have to be more particular about performance and memory management. iPhones are far less powerful than servers, and large memory allocations should be avoided at all costs. For example, in our application the same memory block is used whenever a Secret is created or edited. This may make the code a little harder to read, but it provides a great boost in performance.
In conclusion, writing the iPhone application was a creative, challenging experience and introduced us to a new language, API, operating system, and way of thinking about code. I am very excited about the Secret Server Password Manager iPhone edition, and will be using it on my iPhone every day.
Have an iPhone? Sign up for the Secret Server Password Manager iPhone app Beta today!
