If you have MobileMe account, all the more reason to use Find My Phone feature to erase it remotely as soon as you realize it's lost or stolen. You can always restore it if you get it back.
Not much chance that a randomly lost phone would find its way into the hands of someone with jailbreaking "tools" in hand within 6 minutes of loss. The only real risk would be from a thief who has this in mind and is ready to jailbreak and extract what they want before you can get to the web to find and erase your phone.
If I have my laptop with me when I find your phone, I have the jailbreak tools in hand. If not, all I need to do is shut off your phone or pull out the SIM. After I have your data, I pop the SIM back in an Mobile Me will give you a reassuring message that your phone was successfully wiped.
The good news is most people who steal your phone or find a lost one will not care about your data. The problem lies with someone who is intentionally after it. A coworker, a disgruntled spouse, etc. They could grab the phone, steal data and passwords and get it back to you before you notice. If they are smart and leave Cydia off it, they could leve it jailbroken and most people would have no idea. Future data pulls would only take seconds, and could be done over the air with SSH.
And what stops Apple from linking the password to the iPhone's keychain to the unlock-code for those users that have set an unlock-code in exactly the same way as it does it on Macs?
And how are you suppose to get your emails, push notifications, and VOIP calls when your iPhone is locked?! Your iPhone will not be able to get access to those passwords and certificates when it is locked because your keychain is encrypted and won't decrypt without inputing the passcode manually.
This is why - for my most sensitive sites such as banks - I never store passwords. It is fine for scale sites - but never for anything financial or for email.
Meh - I use 1Password and consider it more than adequate. More importantly it enables me to have a different password for each site I am on, financial or otherwise. And it also allows me to have them be nice a long. Those are the most important things.
Comments
If you have MobileMe account, all the more reason to use Find My Phone feature to erase it remotely as soon as you realize it's lost or stolen. You can always restore it if you get it back.
Not much chance that a randomly lost phone would find its way into the hands of someone with jailbreaking "tools" in hand within 6 minutes of loss. The only real risk would be from a thief who has this in mind and is ready to jailbreak and extract what they want before you can get to the web to find and erase your phone.
If I have my laptop with me when I find your phone, I have the jailbreak tools in hand. If not, all I need to do is shut off your phone or pull out the SIM. After I have your data, I pop the SIM back in an Mobile Me will give you a reassuring message that your phone was successfully wiped.
The good news is most people who steal your phone or find a lost one will not care about your data. The problem lies with someone who is intentionally after it. A coworker, a disgruntled spouse, etc. They could grab the phone, steal data and passwords and get it back to you before you notice. If they are smart and leave Cydia off it, they could leve it jailbroken and most people would have no idea. Future data pulls would only take seconds, and could be done over the air with SSH.
Far too many words
Secure different.
And what stops Apple from linking the password to the iPhone's keychain to the unlock-code for those users that have set an unlock-code in exactly the same way as it does it on Macs?
And how are you suppose to get your emails, push notifications, and VOIP calls when your iPhone is locked?! Your iPhone will not be able to get access to those passwords and certificates when it is locked because your keychain is encrypted and won't decrypt without inputing the passcode manually.
Because the key has to be on the phone, otherwise the owner couldn't read the file.
I was assuming the key would be a hash of the users password, the very one they never enter in the video. Not the case I guess.
This is why - for my most sensitive sites such as banks - I never store passwords. It is fine for scale sites - but never for anything financial or for email.
Meh - I use 1Password and consider it more than adequate. More importantly it enables me to have a different password for each site I am on, financial or otherwise. And it also allows me to have them be nice a long. Those are the most important things.