Update 2011-02-08: New versions of both 7Pass and PassKeeper have been released. I have updated this post accordingly as well as corrected some errors from the original post. Also, read the comments for a message from Ilium about eWallet vs eWallet GO!
As a long-time Ilium Software eWallet user on both my Windows desktops and my Windows Mobile devices, I was very thrilled to see this blog postannouncing eWallet for Windows Phone 7 back in October 2010. eWallet is one of the applications that I use that I consider ‘key’, so I eagerly anticipated this release and was really hoping it would be out before the new year. It did not, but was announced shortly after, on January 5, 2011.
In that post, Ilium announced eWallet GO! for Windows Phone 7 (click this link to open Zune directly to the Marketplace listing). Awesome! Almost. Reading through their post (and a FAQ), I quickly became disappointed for a few reasons:
1. No synchronization with eWallet 7
Clearly stated in Ilium’s FAQ:
“eWallet GO! for Windows Phone 7 does not synchronize with eWallet 7. We hope to release a free conversion tool soon that will allow customers to move wallets from eWallet 7 on Windows PC to eWallet GO! on their Windows Phone 7 device. We have not set a release date for the conversion utility”
A few things in there are important. 1) No current synchronization support 2) No planned synchronization support 3) No release date The third item does not bother me as much as the first two. Stating that the tool will allow users to “move wallets from eWallet 7 on Windows PC to eWallet GO! on their Windows Phone 7 device.”, means that this is a one-way conversion (desktop –> phone). If I make changes or additions to the data in eWallet GO! on my phone, I’m stuck. I would have to manually re-enter that data on the desktop.2. No trial version.
eWallet GO! for Windows Phone 7 sells for US$4.99 in the WP Marketplace and there is no trial. To be clear, I am not complaining about the price. Given how many people who balk at spending $0.99 on applications, I think it tough to sell one for $4.99 without a trial. There are currently issues with updating trial version apps on WP7 (hopefully this is addressed in the first update), and some developers are choosing to not release trial versions at this time because of this issue. The workaround for this issue, by the way, is to uninstall the app, and then re-install the trial version via Marketplace. Is this why Ilium did not make a trial available? I do not know. I have no problem paying for software, but like to try things out first to make sure it function as expected and I am satisfied with it.
I can only imagine the volume of email Ilium has received over these issues from long-time eWallet users. Perhaps they are reconsidering their approach and re-planning. Time will tell. Regardless, I felt that I could no longer wait for a password manager that I could use on both my desktop and my device and the time was at hand to abandon eWallet.
Migration to KeePass
As an alternative to eWallet, the first candidate that came to mind was KeePass. Having used the excellent KeePass software many years ago (but then dropping it due to device support issues in favor of eWallet), I decided to see if there were any WP7 apps, so I searched Zune Marketplace for “keepass”. Two results: PassKeeper and 7Pass. Now that I had found WP7 support, I moved forward.
The first thing I did was download KeePass 2.14(download page) and install it. KeePass has a large set of community contributed plug-ins, and two for importing from eWallet, but only one that supports KeePass 2.x. This one is called the eWallet Data Liberator. Note that this plug-in only works with eWallet 7.1. If you do not have eWallet 7.1, you may download the trial here.
Next, I unzipped the eWallet Data Liberator and opened the readme. I followed the steps in the readme explicity, and it worked without issue. I now had a .xml file I could import into KeePass (leveraging the plug-in). Continuing with the instructions, I imported the file without issue.
KeePass on Windows Phone 7
While my first thought, as I mentioned earlier, was of KeePass, I also wanted to see what else was available on WP7. So, I searched the Zune Marketplace using the criterion “password”. I received forty-eight (48) results. As I started looking at the candidates in detail, I quickly realized that nearly all of them are device only, so no desktop synchronization (or even file import). That said, if you want a device-only password manager, there are several excellent candidates (such as Password Padlock by gkcSoft).
Also as I mentioned previously, I found only two apps that supported KeePass: 7Pass and PassKeeper. It is important to note that neither PassKeeper nor 7Pass support any sort of synchronization, but rather promote a model where you download your KeePass database file (.kdbx). Therefore, in order to use one of these with KeePass on the desktop, you would need to host your .kdbx somewhere that both could access it such as Dropbox, or your own website. This approach can create its own concerns, and the security trade-offs of this decision are out of the scope of this post.
Let’s compare the candidates:
| PassKeeper | 7Pass | |
| Allows adding entries on device | Yes | No (not yet) |
| Allows editing entries on device | Yes | No (not yet) |
| Supports KeyFile | No | Yes |
| Allows viewing entries on device | Yes | Yes |
| Supports .kdbx directly | No (requires zipped .kdbx unless you are using DropBox) | Yes |
| Supports password generation | Yes | No |
| Supports viewing of attached files on device | No | No |
| Supports icons | No | Yes |
| Supports multiple databases | No | Yes |
| Supports custom fields | Yes | Yes |
| Supports .kdbx file with compression (gzip) | No | Yes |
| Supports .kdbx file with # transform rounds > 0 | No | Yes |
| Supports DropBox | Yes | Yes |
| Supports web server download | Yes | Yes |
| Supports web download requiring authentication | No | Yes |
| Source available | No | Yes |
| Trial | Yes | Yes |
| Cost | US$0.99 | US$0.99 |
| Website | n/a | http://7pass.wordpress.com/ |
After looking at that feature comparison, it is truly a mixed bag. Do you go with the application that is currently read-only, or do you deal with the restrictions required to use the application that allows on-device .kdbx edits?
I used both of these applications for approximately one week before making a decision. Here are some thoughts:
PassKeeper
I was very frustrated by the limitations imposed by PassKeeper, and frankly found the need to place my .kdbx inside of a .zip rather odd. This requirement also prevented me from connecting to my .kdbx since it was inside of a .zip file. Furthermore, if I wanted to host my database file on Dropbox (or SkyDrive), I would need to do so via the public folder, which I’m not keen on. PassKeeper now has DropBox support, which comes with the added bonus of dropping the requirement for the .kdbx to be zipped. Lastly, the restrictions on the security of the .kdbx file itself were disappointing as they reduce the effective security of the password database file.
That said, PassKeeper is the only one of the two that allows for creating new entries and editing existing ones. If you do a lot of editing of your entries on your device, and you want this feature today, your choice is made.
7Pass
The big issue with 7Pass v2.0 v2.2 is that it is read-only. This fact might make the decision for you right now. If not, keep reading. The Dropbox integration worked without a hitch, and the ability to support multiple databases can be helpful. I also liked that I could keep the KeePass defaults of 6000 transform rounds and using gzip compression on the .kdbx file. I found 7Pass to be a higher quality application and it has a UI that I prefer over PassKeeper. I have no interoperability issues with 7Pass and KeePass, and am thrilled I can point both to the same file.
7Pass will be get editing capability as soon as WP7 gets cut & paste, so says the author of 7Pass in the 7Pass FAQ(first question, but I think you should read the whole thing). I understand his position, but I respectfully disagree while look forward to the release that contains this functionality. The other nice thing about 7Pass is that the source is available. So, if you wanted to implement editing yourself, you could do that, build the .xap, and then deploy to your developer-unlocked device. I would also encourage you to checkout the 7Pass site at http://7pass.wordpress.com/
Summary
Given my usage patterns of 90% read and 10% write to the password database file on my device, I am comfortable waiting for cut & paste on WP7 in order to get entry editing in 7Pass. Additionally, I think that 7Pass is a higher quality application with a better UI. So, there you have it, I’m going with 7Pass, and will look into the source to see what the effort would be if I wanted to implement entry editing myself. Despite the source being available, I still bought the application (hey, it was only $0.99) as I felt the author deserved at least that for his efforts.