LoginBox Debuts A New Kind Of Password Manager That Actually Records Your Workflows (But Is It Safe?)
Loginbox, a new solution aiming to save you from typing in your username and password for various websites when accessed from your smartphone’s small screen, is taking a different approach than most. Though competing with other form fillers and password managers like LastPass or Dashlane, the new mobile app instead has you record your actions, including entering in your information, tapping buttons, checking boxes, or answering security questions. This allows LoginBox to work on larger number of websites than most password managers today.
Sounds handy, right?…But wait, is it safe? Well, we’ll get to that in a minute. First, a bit about the company and product.
LoginBox is a startup founded by two indie developers, Gil Meroz, based in Israel, and Ruby Boyarski, who works in Sydney, Australia. The two have spent nearly 20 years building enterprise and mobile applications, including over 10 years on enterprise platforms and banking software. Over the past few years, they decided to switch to working on consumer products instead, and founded Mygo Software to do so.
The company has released a couple of other applications to date, like mobile usage tracker MyPhoneUsage, whose U.K. version was recently acquired by BetterBill LTD. Another app focuses on helping users save money by offering info about your credit cards.
Explains Meroz, the idea for LoginBox came about because of a real need the co-founders both saw. “We, and other people we know, constantly check protected websites for all sorts of information – getting the latest stats on application sales, checking Google Analytics for website usage, checking if my paycheck has landed, creating a lunch order for our children at school, etc.,” he says. But they didn’t think there was an easy solution for mobile devices.
LoginBox is quite different, and as easy to use as advertised. When you launch the app and enter in the URL in the provided mini-browser, you’ll notice a red “record” button at the top right. After the website appears, you just hit “record” to have the app document your keystrokes and save your current login workflow. You then tap the button again stop recording when you’re done.
The password data is saved on your device itself, using hardware-accelerated AES encryption. There’s also a PIN-protected auto-lock to keep others from being able to launch the app if they gain physical access to your device. And, adds Meroz, the data is not sent to the company’s servers, so hackers can’t access it.
How Safe Is It?
Of course, in a world where 70 million people can have their most personal data compromised just by doing a little shopping at Target, it’s worth getting a second opinion on an app that’s recording highly secure data like this.
Another security researcher, Per Thorsheim, who runs the regular PasswordsCon events, thought it was suspect that startup’s website offered no privacy or cookie policy on its homepage, nor explanations of how the data is secured. He also pointed out that earlier security research has shown that many different password managers built for iOS devices don’t offer “reasonable” security or encryption, which makes him suspect of the whole genre of utilities like this, it seems.
From a real-world perspective, it’s true that something like LoginBox is less secure than just remembering your password and typing it in when asked, but it’s still more secure than methods a bunch of normal people use. You know, like writing them down in insecure apps, like Apple’s Notes app, for instance. Depending on your own comfort level with security risks like this, deciding to use a password manager – and a new one, at that – is really something you’ll have to come to terms with for yourself.
LoginBox offers paid tiers to its service if you want more than the three free websites provided. A pro app for $6.99 is also available for unlimited logins and sync.