New Posts
- ✔ Download Timetrex 9.1.3 For Mac
- ✔ Mio C250 Usb Driver For Mac
- ✔ Ion Usb Conversion Turntable For Mac
- ✔ Killing Floor For Mac
© 2019 - freenot
In, Apple company has presented new password-related features that are usually developed to make it less complicated for iPhone and users to create strong, protected, and unique security passwords for app ánd website logins. ln this guidebook, we'll present you how to use two of those functions: automated strong security passwords and password auditing. Auto strong security passwords guarantees that if you're also prompted by a web site or app to create up a passwórd on the spot, Apple will immediately provide to produce a safe a single for you.
Security password auditing in the meantime flags weakened security passwords and informs you if a password provides been reused for different accounts login credentials. Here's how to make use of the two features.
This manager also checks the strength of all of your passwords and monitors all of your accounts for security breaches. The one-click password change feature is handy and a convenient way to replace weak and vulnerable passwords. 8 Password Manager Options for Mac and iOS. Posted on September 27th, 2012. That is the Master Password would need to be combined with some decryption key that is stored separately (say a USB device) to derive the actual key that is used to unlock the 1Password data.
How to Use Automatic Strong Passwords in iOS 12. Launch Safari and get around to the web site wondering you to generate brand-new login credentials, or launch a third-party app wondering you to sign up for a brand-new account. Enter a username or e-mail tackle in the first field. Tap on the Security password field - iOS will create a strong password.
Tap Use Strong Password to accept the password suggestion and save it to your Keychain. Professional suggestion: Next period you require one of your passwords, you can request. For instance, you could state: 'Siri, show mé my BBC passwórd.' Siri will after that open up your iCIoud Keychain with thé appropriate admittance, but just after you authenticate your identity with a fingerprint, a Face ID check, or a passcodé. How to Recognize Reused Security passwords in iOS 12. Release the Configurations app on yóur iPhone or iPád. Tap Passwords Accounts.
Authenticate via, Encounter ID, or your passcodé. Scroll down thé list of security passwords and tap on any items with a triangular caution symbol.
Tap Change Password on Internet site to open the related internet site and create the transformation. Notice that the last screen shows you on which additional websites you've utilized the same password.
Pro suggestion: You can share passwords with some other people straight from the iOS Security password Supervisor via AirDrop. Merely touch the password field and an choice to AirDrop thé login will appear.
The login can be AirDropped to any device working iOS 12. Individually I'meters not really a large fan of this type of point for a amount of factors 1) At no period do you, or will you, know your password.
So what do you perform when you need to make use of that auto-génerated password outside óf Safari or sométhing that provides access into the Kéychain? 2) There will be no means to gain access to the ended up saving passwords outside of completely hooking up to your iCloud accounts on an Apple device. Therefore if you shed/damage your iPhoné (or iPad ór Macintosh) and don'testosterone levels have another Apple device obtainable you that you are capable to link to iCloud as a principal account you are usually completely secured out of EVERYTHlNG until you change that Apple gadget with another Apple company device. Clever on Apple company's component but infuriating the time the customer understands it. 3) Each time you desire to access a password you need to use a credential that protects ALL of your additional qualifications. This means that major credential is definitely used even more often producing it more vulnerable to 'breach'.
Qualifications are normal almost all at risk at the point/time of access so the even more you need to use it the even more at risk it is. 4) It is usually all highly presumptive that everything is definitely working best.
The outdated version using 4 groups of 3 figures has a possible maximum of (62^3)^4 or 3.22x10^21 combinations. The fresh version using 3 groups of 6 people provides a possible utmost of (62^6)^3 or 1.83x10^32 mixtures. This takes on that the organizations are made up of ány of the 26 lower situation letters, 26 top case characters and the 10 numbers. If we eliminate i,I,I,L,o,0,1,0 that reduces to 54 achievable people and ideals of 6.14x10^20 and 1.52x10^31 respectively. I'm reasonably assured they're also not going to get guessed by understanding that the dashboard is in a particular location. I choose not really to make use of immediately generated passwords because they eventually are usually reversed designed. There are usually lots of much easier and even more most likely vectors than “réverse engineering” the passwórd era mechanism.
Mainly because long as it doesn't force me to use excessively long and confusing security passwords, I'm ok with this. I know many websites, institute insanely lengthy and complex passwords so this may become useful This is certainly the globe we're started to.
Apart from basic passwords that can become commited to memory and on tó machine-generated security passwords which are complex sufficient to thwart brute-force hacking. Look at SSL/TLS. Certain, these use accreditation, but it's a equivalent idea.
Machine-generated, machiné-stored, machine-éntered authentication. Personally, I allowed it, as I would argue no 1 can fairly create and keep in mind secure, unique passwords for all of the services they use. Can you edit that solid password? There are usually a great deal of stupid web sites that don't take passwords longer than 10 people or take the dashes. lf it doésn't exist currently, this will be a function of upcoming password administrators. It would be insignificant to screen-scrapé and/or maintain a database of password requirements, and generate a compliant password based on that information. Individually I'michael not really a large enthusiast of this type of factor for a number of factors 1) At no time perform you, or will you, understand your password.
So what perform you do when you require to use that auto-génerated password outside óf Safari or sométhing that provides entry into the Kéychain? 2) There can be no indicates to access the saved security passwords outside of completely linking to your iCloud account on an Apple device.
So if you get rid of/damage your iPhoné (or iPad ór Macintosh) and don'testosterone levels have got another Apple company device obtainable you that you are usually able to connect to iCloud as a main account you are completely secured out of EVERYTHlNG until you substitute that Apple device with another Apple device. Clever on Apple company's component but infuriating the time the client realises it.
3) Each time you desire to gain access to a password you require to use a credential that shields ALL of your various other qualifications. This indicates that major credential is certainly used more often making it even more prone to 'break the rules of'. Qualifications are common nearly all at risk at the stage/time of admittance so the more you need to use it the even more at risk it can be. 4) It is all extremely presumptive that everything is usually working best. I make use of 1Password.
Nevertheless, you can draw up passwords in your kéychain if you would like to know what it is certainly, or edit thé password. lf it's i9000 stored in a passwórd manager, I wouIdn't notice the issue. The issue I notice are usually the websites that possess password duration limitations like 8-10 chars and furthermore don't accept several non alphanumeric heroes so the password is usually inherently weaker from the start.
I detest web sites like that. Even worse are the types that give you no touch as to what you are usually doing incorrect or they list guidelines but your generated password breaks a guideline they don't mention. Another problem are websites that instantly cut the length without telling you. You generate a password, everything appears great, you cán't login. Aftér resetting multiple times you amount out it has been only having the initial 16 or so heroes from the autó-generated password ánd ignoring the relaxation.
There should become some specifications. Sites must accept uppercase, lowercase, quantities and specific special personas and some common maximum restriction. That way password generation devices can effortlessly generate passwords for any website. Also internet sites must clearly tag password and username areas so a passwórd manager can readily fill them. Plus enable pasting passwords. I furthermore wouldn't brain if apps on devices like Televisions all permitted a basic time limited access program code delivered to an authorized device and obtainable for era on their web sites to login a new app. Lengthy usernames and complex passwords are a massive pain when adding something to á FireTV or AppIeTV.
I see today (right now I discover it) that Apple has made the decision to use five character types separated by dashes to create a 'solid' password. Earlier variations of Safari only generate three characters implemented by dashes Iike this (8CJ-dke-uiB-FQ7) So is this Apple's way of telling us (by not really telling us) that previous variations of Safari produced passwords that aren't 'solid'? They sure made a hassle during the kéynote when it had been introduced yrs ago that the password generated was protected. Apparently they wear't think so any more.
Normally they wouldn't have got upped it to five personas. Security is certainly a shifting landscape. Just about anything that had been secure many years back is at danger nowadays.
And generally one should be updating security passwords on some sort of regular base in inclusion to originality.
Advert The best password is one that's hard to split and quick to keep in mind. Even so, some of are absurdly easy to think, like as “password” or “123456”. Good times @chancletasbeachresort for mac os. Put on't let security passwords like these provide you concepts! Create a solid password instead.
Actually if you perform possess a complicated password, making use of one and the same password for aIl of your online accounts is definitely dangerous. Think about When you listen to 'protection breach,' what comes to mind? A malevolent hacker?
Some basement-dwelling child? The truth is usually, all that can be needed will be a password, and cyber-terrorist have 7 ways to get yours.
To be secure, you should make a exclusive and difficult-tó-crack password fór all of yóur accounts. So do you know how to generate a great password? And hów can you remember more than one of them? Right here are some guidelines and tips to sustain individual solid passwords for all of your on the internet accounts. How to Create a Strong Security password Since you'll always have to keep in mind at minimum one password, we'll move over how to by hand create a secure password first.
Further lower, we'll also show you how to use a device that can create almost uncrackable security passwords and remember them for you. The Features of a Safe Security password Each password should fulfill the sticking with criteria:. You can't discover the passwórd in a dictiónary. It consists of special characters and numbers. It consists of a blend of uppercase and lowercase words.
It includes at minimum 10 characters. It can't become easily suspected based on user information, like as a birthdate, postal program code, or mobile phone number Note that some balances gained't allow you to make use of special personas.
In that situation, you should enhance the length and create the password as subjective as achievable. Likewise, if the password length is restricted to 6 or 8 heroes, make certain you cover as several of the various other factors as feasible.
How to Keep in mind Your Password Also if you use a password managér, you'll have to at minimum remember get good at password for that tool. Right now how do you do that, while nevertheless following all of the criteria above? You begin with something you can very easily keep in mind, a bottom password. Then you apply logical guidelines to If your security passwords are not really exclusive and unbreakable, you might mainly because well open up the front side door and invite the robbers in for lunchtime.
Into something almost unrecognizable. Create án Easy-to-Rémember Foundation Security password Your base password could end up being based on a term, the name of a place, or a name and cell phone number. Right now you can use several methods to develop a great base password that you will not forget. Here are some suggestions:. Arbitrarily replace words with figures (elizabeth.gary the gadget guy.
MakeUseOf gets to be Mak3Us30f). Choose a sentence in your essay and reduce it to 1st words of each term only (e.gary the gadget guy.
The Golden Rule “Do to othérs what you want them to perform to you” turns into Dtowywttdty). Get a word and reverse spell it (y.g. Technologies gets to be ygolonhcet) The good examples above are usually not especially safe. While you won't discover any of the resulting base security passwords in a dictionary, they are usually still declining other features of a secure password. Therefore make certain your preliminary phrase or phrase is adequately lengthy (minimum amount 10 figures) and combines all of the principles above to expose numbers, specific people, and top and lower situation spelling.
That's when you'll have a safe base password. The bottom password I'm heading to make use of for here is the Golden Principle phrase with title case spelling, figures, and special character types: Chemical20wYWT7D2Y!(^^) Be aware that my foundation password meets all of the over requirements. It cannot end up being found in a dictionary, it includes special figures, a blend of upper and lower situation letters, it is usually 17 people longer, and you cannot guess it based on my personal information. Make use of Flexible Guidelines for Your Security password A personal computer may estimate and recognize designs a great deal quicker than the human human brain. But one issue humans are still better at will be being creative. That is definitely your excellent benefit over hacking equipment!
As you observe, in my password I replaced some words with quantities or exclusive characters. Nevertheless, I didn't use a stiff collection of guidelines.
I changed the testosterone levels with a 2 or a 7. Making use of rules for changing figures, i.elizabeth. Always replacing an a new with the @ symbol will damage your password. Right here are usually some concepts how you can create it actually harder for a hacker to break your password:. Put on't use common alternatives (age.h. @ for A or a).
When you have got recurring letters within your password, combine your substitutions (age.gary the gadget guy. 8 or ( for W or n).
Have a phrase and touch kind it with your fingers in the etpmh (“mistaken” shifted over) area. Choose a pattern on your keyboard and kind it with alternating use of the Shift essential (age.g. Xdr%6tfCvgz/) Develop Individual Security passwords for Every Accounts As soon as you have got a solid bottom password, you can make use of it to generate individual passwords for each of your online accounts. Merely add the first three letters of the services, e.g.
N20wYWT7D2Y!(^^)GMa for your GMail accounts or G20wYWT7D2Y!(^^)eBa for eBay. Note that while this type of password will be hard to crack on its personal, it is certainly easy to recognize. Should your customized base This great tool lets you examine any password to discover if it'h ever been part of a data leak., you would have got to change all security passwords structured on it, before somebody numbers out your program. We highly recommend that you make use of truly special and secure security passwords for all your balances. And that'beds why you need a password manager.
Make use of a Security password Manager Now that you developed a safe foundation password, make use of it as the get good at password for yóur password manager. Yóu can also make use of it whenever you have got to produce a password on the place, while not having access to your passwórd manager. For éverything else, By right now, everyone should become using a password manager.
In truth, not making use of a password manager puts you at better danger of becoming hacked! To develop and shop your ultra-safe and special passwords. The password manager can furthermore tell you how hard and hence secure your security passwords are. You could actually use it to check the problems of your base password. I use, which is certainly a cross-pIatform password manager thát's free of charge to make use of.
We possess earlier While the fog up means you can effortlessly gain access to your important information wherever you are, it furthermore means that you have a lot of passwords to maintain monitor of. That's why LastPass has been produced. And described how to You might become using LastPass to take care of your several online passwords, but are you using it best? Here are usually eight steps you can get to make your LastPass accounts even even more protected. LastPass comes with a feature known as Generate Secure Security password.
Notice how in thé screenshot below, thére will be a complete green club underneath the password? This means it's a strong password. A as well short and/or too simple password would provide you a very much shorter red- or orange-colored bar. To produce rock-solid passwords, stick to this mini manual to. Sticking with a collection of safety scares in early 2017, we also suggested to. As a result, we have got also put together some Several people consider LastPass to become the king of password supervisors; it't packed with functions and features more customers than any of its competitors - but it'h much from being the just option!
Once you have started using a password managér, you'll get that it can do a lot even more than just Password managers bring a great deal of excellent functions, but did you understand about these? Right here are usually seven factors of a passwórd manager you shouId take advantage of.
Upgrade Passwords Regularly This is certainly the toughest component. To sustain basic safety with a solid password, you have got to revise your password every several weeks or months. The even more often, the much better. You can perform this in many different methods.
Here are some ideas that will maintain it simple. Change Only Your Base Password. Shift the exclusive character substitutions you're using. Reverse make use of of upper and lower case letters. Kind the password with Shift lock flipped on. Transformation the Whole Password.
Shift how you identify the accounts you're making use of (e.g. Make use of the final three rather than the first three letters, so GMa would become ail and eBa would become Bay).
Modification the position of the words identifying the account (at the.g. Put them to the entrance or in the middle of your bottom password). Include the date of when you last transformed the password at the back again and mark it in your date In additional words, make use of your individual advantage: become innovative and believe out of the container. And make use of a password manager to reduce the quantity of passwords you have got to modify manually. Strong Passwords Just about everywhere We showed you how to make a secure and easy-tó-remember password. Wé furthermore explained why password managers help you increase the protection of your accounts.
Today it's up to you tó put that information into action. How perform you Without a solid password you could quickly discover yourself on the receiving finish of a cybér-crime. One way to develop a memorable password could end up being to fit it to your character.? Possess you actually experienced an accounts hacked because the password had been weak? Please share your stories and advice in the feedback below!
+ 8 Password Manager Choices for Macintosh and iOS Submitted on September 27th, 2012 by and Passwords are usually like underwear: it'h great to keep them concealed, and you should modify them usually. Furthermore, if someone sees your password it may leave you experiencing exposed and unpleasant. As we described in our post, it's essential to create complex, distinctive passwords so they're more challenging to split. However, the even more challenging your security passwords, the less difficult they are usually to ignore. How do you safely keep track of all your various security passwords? With a passwórd manager, of training course! There't a great deal even more to enjoy about password managers than not getting to remember so several security passwords.
The blog site connected above (“Even 1Password doesn'capital t measure up to LastPass on security features alone”) shows up to base its entire security claim on the make use of of multi-factór in LastPass. lt'h kindof an apples-to-oranges evaluation, though, because 1Password data (stored in your area) does not need “authentication”, but “decryption” as described at the final subheading right here: (1Password customers should wait a little bit before attempting Dropbox's two-step verification). LastPass is definitely not authenticating you in order to uncover your encrypted blob, it is usually authenticating you in order to choose whether you can obtain the blob from the remote control machine where it is usually kept. Both systems perform the actual decryption of thé keystore on yóur nearby machine, and the safety of that is definitely controlled completely by the protection of your passphrase. Also, while the connected article is definitely over a year old (and so maybe LastPass offers captured up by now), it does be aware that 1Password uses PBKDF2 and LastPass doesn'capital t.
I'n rather have got the security of PBKDF2 efficiently stopping brute-force episodes against my kéystore, than the orthogonaI and irrelevant “protection” that 2-factor auth with LastPass presents. As Tommy Knowlton talked about, 1Password formally doesn't actually perform “one-factor” authéntication since it can be an.encryption. app. 🙂 Multistep authentication offers obvious and apparent security advantages.
So it is certainly more than natural for individuals to ask why 1Password doesn'testosterone levels utilize it. We're preparation to create a more detailed explanation of our building ideas on it, but allow's talk about the distinction between authentication ánd decryption.
When yóu link to some services, like Dropbox, yóu or your system has to verify that it actually has the rights to log in as you. That process is known as “authentication”.
It can be the procedure of proving to the Dropbox computers in this situation that you are actually you. You can perform this through á username and passwórd; you can do this through a username, password, and program code sent to your phone; you can do this by getting a particular “token” saved on your computer. Authentication usually entails (at minimum) two events talking to each various other. One celebration (the customer) is certainly under your control; the other (the server) can be under someone else's i9000 handle.
1Password, nevertheless, consists of the 1Password application (under your handle) talking to your 1Password information (under your handle) on your nearby cd disk (once again, under your handle). This is certainly not an authentication procedure. Therefore 1Password doesn'testosterone levels even do one-step authentication. It does no authentication át all. 1Password doesn't gain its safety through an authentication process.
Rather the protection is through encryption. Your data on your storage is usually encrypted. To décrypt it you need your 1Password expert password. There are great benefits to this design: Your data and your décryption of it doésn't require our participation in any way once you have got 1Password. Your information is yours. Also if AgileBits had been to obtain abducted by aliens tomorrow, you would still have accessibility to your data since we never shop it on our servers.
However, one disadvantage of this design is definitely that the kinds of techniques used for multi-step authentication are usually completely inapplicable to 1Password. Those techniques are developed to include needs to an.authentication. procedure, but unlocking yóur 1Password data is.not really an authentication process at all. Because there is usually no 1Password “server”, there are usually no (additional) steps we can demand on as component of a (nón-existent) login procedure. 1Password is certainly decrypting information stored locally on your program, it is usually not really authenticating against some program. Therefore in reality, we put on't also possess 1 element authentication, as there will be no authentication in the first place. So typical approaches to MFA won't function.
However that doesn'capital t mean to say that it is certainly difficult for us to perform something that.appears like MFA. There are approximately two methods (each simpler thán PKI). One óf them is usually key splitting. That is definitely the result of processing your Professional Security password doesn't actually get you a working key to decrypt further, instead that outcome would need to be XORed with another 128-little bit key.
So it can be basically a case of storing that additional “half” of the essential on some additional device. 1Password would require to be capable to read through that gadget, which may end up being tricky on i0S, but it isn't insoluble. Thé additional technique would be to shift the keyfile. 1Password (on the desktop computer) has a file called encryptionKey.js. That document consists of an encrypted key, which is certainly what gets decrypted by the crucial made from your get good at password.
That document (and some báckups of it) are part of your 1Password.agilekeychian (which is certainly actually a folder package, which appears like a individual file on the Mac). It would end up being possible for us to enable that file (and its backups) to reside on some gadget or place. Both that file and the Master Password are usually needed to obtain any further. We are usually more likely to do key splitting instead than getting a movable keyfile. The true technical problems is getting this to function on every platform.
Again, because this is all about information decryption and.not really authentication., we can't just carry out this on one platform (if it were to end up being anything some other than just for show). Therefore while this isn'capital t insurmountable it indicates that actually the “simple” consults with that I defined would be complicated. But the actual reasons that we haven't put in considerable work in that direction is certainly because for every situation where somebody reviews that their pc or device has been recently taken, we obtain most likely a hundred more of “I did not remember my Professional Password” or “I broken my data and didn'testosterone levels have usable backups”. My dread is certainly that key splitting or keyfile moving wouldn't simply double the rate of people getting secured out, but would raise it very much even more. The risk of data lose turns into very considerable. Again, because we aren't operating a program that individuals authenticate against, there is nothing at all we can do the help people recover their data if they damage a key or forget about their Master Passwords. Now of course we could make it an superior choice with lots of alerts, but we understand that individuals will constantly dial upward security settings to 11 whether it is usually in their interest or not.
Keep in mind that 1Password is certainly a mass market product. It's great that safety geeks use and regard it, but we put on't need to give our users rope to suspend themselves with. I'm just spelling out why, to date, we have got resisted calls for MFA. lt's harder tó obtain best for a decryption program than for an authentication program, and we think that it might perform more damage than great.
Nothing of this is usually written in stone. The threat landscaping, designs of use, and gadget capabilities modify. Therefore while there are usually no immediate plans include this, we are leaving the doorway open in the design of our fresh data format. Khad Little, AgileBits,. Disclosure: I function for AgileBits, the makers of 1Password.
You are absolutely correct that there is certainly growing need and need for stuff like multi-factór authentication for passwórd managers, and this is usually something that 1Password doesn't provide. But I find it odd that you composed, “It's not really apparent why, but 1Password will not support multi-factor authentication.” There are usually factors for this referred to in our blog page, but the major summary is that unlocking yóur 1Password information isn't an authentication process; instead it can be a decryption procedure.
So we put on't actually even do “single aspect auth”, as authentication simply isn't component of the process. Thus the normal methods for including a second factor are usually not relevant. This is usually because you in no way move through any support/server of ours to get at your information; therefore there is usually no “more” gate we can include to getting certified by some assistance of ours. Also because a user will be decrypting data stored locally, several of the dangers that MFA défends against arén't dangers to 1Password data.
When you authénticate to a assistance, you may end up being doing therefore over an inferior network or actually from a personal computer that you can't trust. Those situations put on't occur nearly as very much with 1Password's design of just decrypting local data. Of training course, those information may not matter to common customers, but this is usually exactly why many users must depend on professional evaluation.
In any case the analogue fór multi-factor áuth when using decryption instead of authentication is usually “key splitting”. That will be the Master Password would need to become mixed with some decryption essential that is usually stored individually (state a USB gadget) to obtain the real key that can be used to open the 1Password data. I gained't do it again why we haven'capital t transferred on this (yét), but it is definitely something that is under thing to consider. Essentially we need to discover a way to perform this that earned't guide to unacceptable prices of people losing entry to their information. Unlike authentication where bridal party can end up being reset to zero server aspect, if someone manages to lose or damages this second aspect there is certainly completely no method to actually open the data once again. I also found it unusual when you stated, “But for its cost, it much better focus greatly on protection in addition to searching excellent on Macs, perfect?” Just because 1Password is certainly attractive don't imagine thát it doésn't possess brains. In analyzing the protection of password managers, it can be important to look at the real design of the program cautiously.
It'beds not just a list of consumer visible protection features. Everyone utilizes AES, therefore position it as a “protection” function of some password administrators while ómitting it from othérs can end up being confusing for readers. From a safety perspective questions like what encryption settings are utilized with AES ór how initialization véctors are usually generated is certainly often considerably more essential that issues of key dimension. (This is certainly, everyone utilizes AES, but it is certainly in these various other kinds of design queries where individuals make mistakes.) There are usually many other issues mainly because well. There are problems of how much data can be ever decrypted at any one period, or important derivation, or source of entropy fór initialization vectors, ánd therefore on. To recommend that 1Password can be “less secure” bécause it doésn't do MFA is certainly, I think, a disservice to your readers, particularly if yóu didn't considér therefore many various other stuff that proceed into data security. If you perform a proper evaluation of the protection of password administrators, it will certainly be possible to discover problem with 1Password (and the others).
Indeed, there are usually a quantity of significant changes that need to end up being made in our information format design. We've completely acknowledged those and are preparing a new data style.
But despite those, I'meters confident that 1Password will come out nicely in any organized and appropriate analysis of the safety of password mangers We are usually all operating to assist Mac users remain protected. There will become occasions (like this) whén we (at AgiIeBits) differ with you (at Intego) on some stuff.
But I understand that individually, I will continue to point people right here for excellent news and explanations about Macintosh security. Cheers, -j. So, is usually Intego vouching fór these apps? Have got they been fully vetted from a safety standpoint?
Best off the softball bat I notice some problems - Budget by Acrylic Software provides ceased advancement based to their internet site. SplashID offers been recently around for several yrs yet it has been only lately uncovered that the password defense was basically non-existant, as it apparently relied on a general key that was difficult coded into the app!
Evidently, that issue has been fixed, but it will go to show that simply because an app includes terms about like AES, protection, military quality encryption, that there are lots of potential errors that can become made resulting in an inferior password manager.