CeBIT: Password manager for your mobile
The Fraunhofer Institute SIT is exhibiting its MobileSitter password management software for mobile phones and PDAs in hall 7, stand D22/10 at CeBIT, Hanover. MobileSitter aims to enable users to be able to administer securely all their PINs, passwords, TANs and i-TANs whilst having to remember just a single master password. If the wrong master password is entered, MobileSitter does not display an error message. Instead it generates false passwords, which are not, however, recognisably false. An attacker who is not in possession of the correct master password is not able to determine that the details displayed are incorrect simply by trying different passwords. When the correct password is entered, the software displays a graphic which is easily recognisable for the user, but which does not offer an attacker any kind of clue that the master password has been selected.
MobileSitter should allow users to manage as many secrets as they wish and to transfer these between devices. The software was specially developed for mobile devices and works on PCs, mobile phones and PDAs which support Java ME (Micro Edition) and have a display width of at least 160 pixels. The model being exhibited at CeBIT is, however, still a prototype. It should eventually be available for around 10 euros per licence.