Laridian Account Security Updates

We don’t talk much about security issues at our website for obvious reasons – any information we provide could inform a hacker and provide them a shortcut to circumventing security on our site. We’ve recently made some changes that we want you to be aware of for a couple of reasons: First, the changes are comprehensive and as a result, could affect you in ways we haven’t anticipated. Second, we want to reassure you that your information is and always has been secure.

Let’s take that last point first: Laridian doesn’t store your PayPal username or password, nor do we store your credit card number on our servers. When you make a payment, you are interacting directly with either PayPal or our payment processor, Authorize.Net. Your financial information does not even pass through our server on its way to those companies. So we have no opportunity to store it even if we wanted to.

This is important. It means that your financial information isn’t here, even if someone did break in looking for it. It is being handled by companies that are significantly more sophisticated and more security-conscious than we are. The data breaches you read about don’t generally happen at banks and credit card processors. They are almost always the result of a retail store or online shopping site with lax security. Laridian avoids these attacks by simply not being in possession of any of that information.

The first point, that the changes are extensive and at least in some small degree affect all users, is addressed below.

What Changed

The changes we’ve made are fairly comprehensive and as a result it’s possible that you’ll have trouble signing into your account if you have inadvertently been taking advantage of a shortcoming in our previous account security methods.

Prior to about January 4, 2020, your Laridian account password was stored in our database in plain text. That’s a little unusual (and arguably unsafe), but it’s the result of the fact that our original website and database implementation was done by an outside company over 20 years ago when security standards for the Internet were very different. While standards have changed, making changes to security protocols while allowing thousands of users acquired over more than 20 years to continue to access their accounts is very challenging. So addressing this issue is something we have avoided for a long time.

Even though passwords were stored in plain text, they were (and are) encrypted when transmitted from PocketBible, and the database itself is behind a firewall. The encryption makes it unlikely that someone could grab your password by monitoring your Internet traffic, and the firewall isolates the database from the Web. Both the database and the server it is hosted on require secure account login, so it would be relatively difficult for someone to access it and view user passwords. Since we weren’t protecting any financial information, we weren’t strongly motivated to make this change.

There were three main problems in the old implementation:

  1. Passwords used to be case insensitive. If your password was PASSword, you could log in with password, Password, or PaSsWoRd. This was apparently caused by the original programmer not understanding that the database was configured to do case-insensitive searches. When we discovered it later, we already had users who were inadvertently taking advantage of this misbehavior, so it became at least difficult, if not impossible, to easily change.
  2. We used to truncate all passwords to 10 characters even if you entered more than that. If your password was password1234, you could log in with password12, password12#$, or password1234567890. The original programmer allowed for longer passwords in the database and in his code, but accidentally limited the length of password fields by the way pages on our website were written. Again, once we figured this out we already had thousands of users who were taking advantage of this without realizing it, so we couldn’t easily change it.
  3. As mentioned before, passwords were stored in plain text in the database. This was the result of the naïve belief by the original implementor that password-protecting the database and the server was sufficient to secure this information. This turned out to be true, but we felt we could do better.

The new method addresses all of the above issues:

  1. Passwords are now case sensitive. If your password is PASSword, then you must enter PASSword or you don’t get in.
  2. The new method does not put a practical limit on the length of passwords. There is a limit, but you won’t encounter it unless you want to type for a long, long time. You could create a 1,000,000-character password if you want. It just wouldn’t be practical.
  3. Your password isn’t stored anywhere.

Wait, what? If the password isn’t stored, how are you able to log in?

The way the new system works is that your password is run through what’s called a hash algorithm. This algorithm calculates a unique value that represents your password. So even if a hacker were able to gain access to the database, they would only have indecipherable numbers, not your password.

The has algorithm is one-way. That is, it’s trivial to calculate the hash value from your password, but it is theoretically impossible to generate your password given the hash value. Again, if our theoretical hacker had a list of hash values, they could not reverse-engineer those values and figure out the passwords that generated them.

When you log into your account, we run the password you give us through the same algorithm to produce a hash value, then we compare that number to the number in the database. If they match, you get in. If not, you don’t.

How You Are Affected

Because of the way we phased in the changes, you shouldn’t notice anything different unless you were accidentally using upper/lower case in a way that didn’t match your original password. If your password is longer than 10 characters, we’ll still use just the first 10 characters to log you in. If you create a new password that is longer than 10 characters, we’ll use the full password.

As mentioned before, changing the way passwords are stored and used on our site and in our apps affects virtually everything we do:

  • Obviously, logging into your account on our website is affected.
  • Viewing the list of books you own from inside one of our apps depends on PocketBible being able to log into your account.
  • Synchronizing your notes/highlights/bookmarks with the Laridian Cloud depends on PocketBible being able to log into your account.
  • PocketBible for Windows Desktop uses an older version of synchronization with our server, which is different than the other apps use and takes a different path to log into your account.
  • Requesting a password-reset link from our site works the same way as before but internally is significantly different.

As a result, there could be problems in some remote corner of one of our apps or on our website that we haven’t discovered yet. If you run into any problems, contact us at

Is Your Bible “Missing” Verses?

We occasionally receive reports from PocketBible users that a PocketBible Bible is missing a verse (or verses). These “errors” are usually discovered in a group Bible study situation. Following along as someone else reads, you realize that a verse appears to be missing in your Bible. But in this case, there is more to this than meets the eye.

What are these “missing” verses and why are they missing?

The numbering scheme for verses in the English Bible was first used in the Geneva Bible in the year 1560. This pattern was followed in subsequent English translations including the King James Version, published first in 1611. In the years since these Bibles were translated, many additional manuscripts have been found which predate those used by the translators of the Geneva and King James Bibles. Because of their age, these older manuscripts are believed by many scholars to more accurately represent the original documents. In many cases, however, they do not include all the verses that are in the more recent manuscripts.

Translations such as the New International Version, Revised Standard Version, and other newer translations take advantage of these more recently discovered manuscripts and therefore do not include all of the verses found in the older translations. Rather than reinventing a numbering scheme for the whole Bible, the translators decided to use the same verse numbers as the older Bibles but leave the missing verses blank (or move them into footnotes). The result of this is that several verses in these newer translations appear to be “missing”.

The affected verses are:

  • Matthew 17:21; 18:11; 23:14
  • Mark 7:16; 9:44,46; 11:26; 15:28
  • Luke 17:36; 23:17
  • John 5:4
  • Acts 8:37; 15:34; 24:7; 28:29
  • Romans 16:24

For the Revised Standard Version, in addition to the above list, there are other verses and points of interest:

  • Matthew 12:47; 21:44
  • Luke 22:43,44
  • The order of Exodus 22 in printed form is 1, 4, 2, 3, 5. PocketBible displays these verses in numeric order: 1, 2, 3, 4, 5.
  • James 1:7,8 was combined in verse 7 leaving 8 blank. 3 John 14 was split into 14 and 15.

Another point of view

Some are quick to jump on the idea that the newer translations are removing text from God’s Word and therefore are not to be trusted. It is important to note that it could just as correctly be argued that the older translations added text to God’s Word. Where one comes down on this argument depends on the nature of one’s own research, or on which scholars one decides to trust. We’ve determined it’s best to present a variety of options to you so that you can come to your own conclusions when choosing the Bible (or Bibles) that you find to be the most beneficial to your own spiritual growth.

If you enjoy learning about the history of the Bible, consider the PocketBible book: The Origin of the Bible by Philip Comfort.

“Side-loading” or “Manual Install” Instructions for Android

This is an old article but the general idea still works not just for Kindle, but for installing PocketBible for Android onto any Android device from our website instead of from Google Play.

If you have the option of using Google Play on your device – even if it didn’t come with it already installed – that is the easiest way to install PocketBible. But if you must do a manual installation of PocketBible, this is how you do it.

You need to make sure you’ve enabled “third party apps” on your Kindle. Go to Settings and look for “Device” (it may be in the “More…” menu). Look for “Allow Installation of Applications” and turn it on. On the HDX, this option is under Applications in Settings. You’ll get a warning message but that’s OK – they’re just trying to scare you into only buying software from Amazon. 🙂

For newer Kindle devices, swipe down from the top and select Settings. Under Personal select the option for Security. Under Advanced select the option to enable Apps from Unknown Sources and accept the security warning.

Once you’ve done that, just go to the Web browser on the Kindle and type in this:

PocketBible should automatically download. On some devices, you’ll be prompted to install the app but on the Kindle devices, you’ll have a few more steps

Original Kindle Fire and HD: You may have to tap the notification number next to your name in the upper left corner of the screen. You will then see a list of notifications. One of them should say something like com.laridian.pocketbible or pocketbible.apk and “download complete”. Select that one. You’ll be asked if you want to install PocketBible and it will ask if you want to allow PocketBible to use network communications and some other things. Choose the “install” button and when it’s done choose “open”.

Kindle Fire HDX: After you download from the Silk Browser, tap on the menu icon in the top left corner. Choose the Downloads option and you should see PocketBible.apk listed there. Tap on it and choose the install option to finish the process. If you prefer, you can watch of video of this.

On newer Kindle devices we have found that you may not be able to just tap on the downloaded file after it is downloaded, but rather you need to go to the File Explorer (or Kindle equivalent thereof), locate your Downloads folder, then locate the downloaded apk file for PocketBible and select it there to run it.

Once PocketBible is installed you can choose it from the carousel like any other program. The PocketBible icon may look “blurry” but that’s OK — Amazon uses low-resolution icons for third-party apps because they’re upset that you didn’t give them any money to run the software on their device, so they want to make you think there’s something less than professional about our app.  🙂

Once again, if you have the option to install Google Play on your Kindle or other Android device, that is the easiest way to install PocketBible. We can’t help you do this because of the large variety of Android devices out there, but if you google it you should find instructions for installing Google Play on your particular device.