I am normally using keepass and feel very comfortable with this. On my new android tablet, I chose Keepass2Android and still start to get familiar with it. One issue I noticed is that a master keyword is only as useful if it is long/strong enough. On my desktop using a normal keyboard, I don’t care – my fingers type even a long password quickly. On a touch screen this is still quite cumbersome for me. Interestingly the program allows for opening the manager by “only” entering the last 4 (or any specified number) digits. I am trying to think about the implications of that. I think someone standing behind me looking over my shoulder would have a good chance to catch me typing these but assuming I am only using the tablet at home in a safe environment, that ‘s not a problem. If a stranger got access to the tablet and using brute force to crack it, would this also mean my 20 digit password is de facto a 4 digit password?
Why would they offer this option or why allow the creation of a strong password and then only using parts of it for access? I think I am missing something here.
Edit: Looking at it again, it seems this is a feature to keep the password manager running in the background even when the database is locked. In that case the full password is not required to reopen the program again. I think in that case it seems fine unless your tablet gets stolen while you were next to it.
