I have lost or forgotten my master password, is there any way to access my safe
I’m afraid there is absolutely no way to get into your safe without the master password.
Unless Biometric ID (Touch ID or Face ID) is still working to open your safe. Even in this case, you should always know your master password in case of biometric failure. If you are using biometric id to open your safe and you do not know the master password, it is critical that you at once change the master password to something you will not forget.
There is absolutely no email (“I forgot my password”) reset. This is by design. The security of the your safe is paramount, and the only way it can be opened is with your master password.
If you have forgotten your password, I’m afraid there is nothing Strongbox support can do for you. Our only recommendation is to try to remember it. We wish you luck, and hope you understand the security design decision made here.
What kind of cryptography does Strongbox use?
Strongbox implements many cryptography algorithms.
For Password Safe based files use TwoFish in CBC Mode, SHA256 and RFC2104 HMAC. This is all put together following the Password Safe design which you can learn more about here: https://en.wikipedia.org/wiki/Password_Safe
How secure is Touch ID or Face ID?
While Touch/Face ID is very convenient, it is not a perfect system for protecting your passwords. It is provided for convenience only. It is within the realm of possibilities that someone with access to your device and your fingerprint or photo, can produce a good enough fake to fool Apple’s system. Therefore you should be aware that a strong passphrase held only in your mind provides the most secure experience with Strongbox.
How do I select a good master password?
A vital and important question. There are varying opinions on this, but one of the best guides around can be found here:
The weak link in the security chain with Strongbox is always going to be the master password. It can be difficult to come up with one, but it’s always better to use a multiple word phrase instead of a single word and to thrown in some numbers too. The above guide should help.
Always, always, ALWAYS remember your master password, there is no getting into your safe without this. No one can.
Can I store images, videos or other files with Strongbox?
This depends on the underlying file format you choose to use. You can choose to use KeePass or Password Safe formats.
For the KeePass format, yes, you can add any attachment(s) you like to each entry in the safe. It is recommended that you keep the file size small in general, particularly if you are using a cloud based safe, as synchronizing a large file may take a while.
For Password Safe formats, the answer is No, unfortunately not, since this is not supported currently by the Password Safe file format, these items are not supported, though there are plans to add this capability.
Is Strongbox Compatible with other Password Safe Clients?
Yes, Strongbox is compatible with any application that supports version 3 of the Password Safe file format. You can find a list of clients for various platforms at the official Password Safe site here:
What version of Password Safe does Strongbox support?
Strongbox supports version 3 of the Password Safe format. In particular it implements version 3.31, though not all features maybe supported or exposed in the UI. In particular Linked entries, Credit Card fields and other less used features are not supported, though Strongbox will respect that data and not edit or change it. So your data is always safe, it’s just that Strongbox does not display it in the interface.
Where can I find the source code for Strongbox?
Online at Github here: https://github.com/mmcguill/StrongBox
Has Strongbox been audited for security?
A full security audit of the Password Safe design can be found here:
Strongbox is a client built for the Password Safe file format, and is compatible with any other password safe applications. This format was designed by renowned security expert Bruce Schneier. A more general answer to the question can be found here:
You can also find all the code for Strongbox online at:
That said, Strongbox as a client itself has not had any independent official audit, however, the security of the Password Safe file does not depend on Strongbox.
Is Strongbox Free?
Strongbox operates on the Freemium model. That means there is a Pro version of Strongbox and a Free version of Strongbox, and you are encouraged to upgrade to the Pro version by paying a small fee. This helps me to keep developing the app, adding new features, fixing bugs, providing support and other nice things. The source code is available for free under the AGPL licence and is kept on Github
What information is shared with Cloud Providers (e.g. Google Drive) by Strongbox?
This is up to the cloud provider and how they define the interaction of third party apps with their storage API. In brief this is likely to include your email address or account username, the name of the third party app (in this case Strongbox) and probably data like the current date/time and IP address.
To be very clear, Strongbox will never send any confidential information or your passwords to a cloud provider.
I paid for the Mac app upgrade but I cannot restore the upgrade on my iOS device (or vice versa)
The Mac app and the iOS app are separate products and require separate upgrade purchases. I hope you will like the applications enough that this is something you will be happy to pay for.
Can I open my safes on my Android, PC, other device? Is there a Strongbox for those Platforms?
Yes, you can open your password safes on many different platforms. Depending on whether your safe is in Password Safe or KeePass format, you can find a client that is compatible.
For the Password Safe format, here is a link to a short list of compatible clients, you can probably find many more with a search for ‘Password Safe client for [insert platform here]’.
For safes in one of the KeePass formats you can find many clients here:
Strongbox is only available for iOS and Mac at the moment but there are many clients for many other platforms available as you can see from the above.
Is this system compatible with MacOS/MacBook?
Yes, you can find the Mac version in the App Store, linked from the homepage here.
Can my safes be set to sync between Mac and iOS (my iPad, iPhone etc)?
Yes, probably the easiest way to do this is to use an iCloud based safe. You can create a new iCloud safe in both the Mac and iOS versions of the app and it will automatically appear in your other devices in Strongbox. Your safe(s) will then be automatically be synchronised and updated automatically across all of your devices.
Otherwise you can use one of the other cloud providers, like Google Drive, Dropbox, or OneDrive. This is relatively straightforward.
You could even store your files locally on each device and manually manage updates and synchronisation via iTunes, File Sharing, Email or URL Import, though this might be a little inconvenient.
Can I use my own passwords or do I have to use passwords generated within the app?
Yes, you can use whatever you like as your passwords. Strongbox will helpfully generate and suggest good passwords (which can also be configured) but you are free to ignore these suggestions.
I cannot see a safe I added to iCloud, where is it?
It is not possible to directly add an iCloud safe by dropping it into your iCloud drive. Unless of course you drop it in the correct folder. iCloud safes will automatically appear in the iOS app once they are located in the correct Strongbox folder on iCloud. This folder has the Strongbox icon, though it is possible it has not been created yet.
So if you already have a safe on your iCloud drive, it needs to be in the specific Strongbox folder before it will appear in the app. This is because Strongbox is only allowed to look in this folder and not at the rest of your iCloud drive.
The Strongbox folder should be in the root of your iCloud drive. If you do not see it there it is possible it has not yet been created. If you create a new iCloud safe from the iOS app, it will create the folder and place the new safe in there. You can create a new safe by tapping the ‘+’ icon in the top right corner and selecting ‘New Safe’.
Once the folder is created you can move any existing safe you might have into that folder and it should appear (with maybe a little delay) in the app automatically.
Why, every now and then, do I get asked to login to Google Drive, Dropbox or OneDrive?
If you are storing your safe on one of the cloud providers like Google Drive, Dropbox, or OneDrive, then Strongbox needs to maintain a session with that provider to access your safe. After a while Strongbox’s session will expire and the cloud provider will want you to sign in again to allow Strongbox to access the safe file. This is typically every few weeks to every couple of months depending on the provider. This is entirely driven by the Cloud Provider.
How do I access my cloud safes?
It depends on your cloud provider.
If you are using iCloud, then you will be able to save or open your safes from the Strongbox iCloud folder in the usual fashion. You should click File > Open or File > Save as appropriate and select the location as usual from the dialog.
For other providers you should use their specific Drive synchronisation software. Google Drive uses ‘Backup and Sync’, Dropbox and OneDrive have their own Mac syncing application. You will find these applications on their respective websites.
Once you have installed that synchronisation software, you will find the Dropbox, OneDrive or Google Drive folder in Finder, where you can load or save your safes.