Security of Master password using a custom keyboard on Android

slainer68
slainer68
Community Member

Hi everybody,

I've done some search but haven't found any topics on this subject.

So, I'm bringing the subject on the security of your master password on Android when using a custom keyboard.

I know the same problem exists for keyloggers on physical machines but the issue is more relevant on Android (and soon iOS) : the number of people using custom keyboards is much more higher than people having to deal with keyloggers.

You really have to trust the company making your custom keyboard, because they could easily store all your passwords somewhere with some bad security/security flaws or even send them on the Internet. By default, keyboards with predictive technology like Swiftkey don't memoize passwords fields, but they could easily do that in the background without nobody knowing. This may be true for everything you type.

What is your opinion on this subject? What should we do to prevent custom keyboards to keylog/record the master password? Is it safer to switch back to the Android stock keyboard when entering the master password?

Comments

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    I have not researched the specifics of this on Android, but my inclination is to agree with you. One should think twice before using a custom keyboard for something like a Master Password.

    It is worth noting that for the forthcoming iOS 8, custom keyboards cannot be used for "secure text input". I think that Apple got this right.

This discussion has been closed.