Review: PassLocker helps iOS remember your passwords

Like its desktop cousin, Innovationbox’s PassLocker for iOS offers a simple and streamlined interface for managing your logins and passwords. Instead of going for lots of features like its many competitors, the app focuses solely on storing your credentials and helping you retrieve them quickly.

PassLocker’s sleek user interface reflects this primary goal by taking you directly to a list of stored passwords, which you can easily copy to your pasteboard and then use in other apps. Creating new entries is just as simple: All you have to do is provide a username and password, and the name of the service they are for.

Unlike other apps in this space, PassLocker does not implement an embedded Web browser that you can use to inject the various bits of information stored in your password locker onto HTML forms. Instead, you can copy any username to the pasteboard by tapping on a small accessory icon next to it in the app’s main screen. Tapping on the row causes the display to switch to the corresponding password, which can also be copied using a similar mechanism.

Unfortunately, this mechanism also exposes each password in clear text. I must confess that I find this choice a little odd, because I suspect that most iOS users would expect a tap to cause something different to happen—for example, launching a browser to log you in, or perhaps take you to a different screen from where you can then access usernames and passwords individually. Frankly, I would expect the app to require a bit more effort on my part before giving up passwords for everyone to see.

Like its OS X counterpart, PassLocker for iOS requires you to enter a simple four-digit pin in order to gain access to your stored passwords. On a mobile device—and particularly on an iPhone, where the operating system uses a numeric keyboard with large keys that are hard to miss—this makes logging into the app much easier than a full-blown password. Alas, this approach introduces a significant weakness in the security of the mechanism the app uses to store credentials: Despite the use of a relatively strong form of encryption and a mandatory fifteen-second wait period after three failed login attempts, a brute-force attack that goes through all possible PIN numbers is fairly easy to pull off.

Luckily, this problem can be easily mitigated by password-protecting your device itself; even the standard four-digit PIN supported by iOS essentially doubles the security of PassLocker’s built in security mechanism, bringing it to a much more acceptable level.

Thanks to the app’s built-in support for iCloud, syncing your data across multiple devices (including OS X machines) is a breeze. Much like on the desktop, this feature worked without a hitch, quickly synchronizing all my logins in a matter of seconds. Besides, if you forget your PIN, iCloud makes it possible for you to recover all your stored credentials by simply reinstalling PassLocker and choosing a new secret number.

Bottom line

Despite its simplicity and ease of use, PassLocker for iOS shares many of the shortcomings that afflict its desktop-bound cousin. The lack of an internal browser, in particular, greatly reduces its usefulness by forcing you to constantly copy-and-paste multiple pieces of data between apps—an operation that can be time consuming on a mobile device. Still, the app, which requires iOS 5.0 or later and is compatible with both iPhones and iPads, costs just $2, making it a reasonable choice if you can live with its limitations.