New Audit Feature Released (iOS 1.48.0)

A brand new and very handy Audit feature has just been released to the App Store! Here’s a little more detail on this much request feature.

Details screen indicating a weak password (‘princess’ is a very common password!)

The Audit feature is designed to detect and highlight weak or compromised passwords so that you can take whatever action you feel is necessary to maintain your security. The Audit is performed by a new component imaginatively named the Auditor. When you unlock your database using your master credentials (or Face ID/PIN code), the auditor begins checking your entries for weaknesses. If it finds an issue it highlights it in the UI like this:

Browse Screen showing an entry with an audit issue

Audit Checks

The Auditor checks for 4 types or categories of weak passwords:

  • No or empty password
    • This checks for entries that have no password at all. This may not suit some users. Some people do not set passwords on all entries.
  • Duplicated passwords
    • This checks if a password is ever duplicated, i.e. used by more than one entry in the database. Ideally one should never reuse a password.
  • Well known or common passwords
    • The Auditor is smart and knows some of the most commonly used passwords, just like the hackers do. It checks each entry for well known and weak passwords. There’s never really a good excuse to use one of these.
  • Similar passwords
    • This is another smart feature of the Auditor, it is able to detect similar passwords, e.g. ‘Princess’ and ‘princess1’. Hackers are aware of these minor variations on a theme, and they should not be used to mask the underlying weakness of your passwords.

All of the above checks can be configured individually on or off, see below under Configuration for further details.

Technical Overview

The Auditor runs in the background at low priority (it’s usually very quick/instantaneous but will depend on the number of entries in your database) so it never gets in your way.

All of the above checks are done completely offline, there is no network activity. It goes without saying that your passwords are never sent to any super smart server for checks. The auditor is smart enough to be able to do this all on your device only. Switch on Airplane mode and give it a try!

Configuration

Of course all of these checks may not suit your usage. So you can configure the individual checks the Auditor performs or just switch the whole feature off entirely. It’s up to you. The configuration screen can be found by tapping the ‘Preferences’ button (little gear icon in the bottom left corner). Tap on ‘Database Auditing’:

The Audit Configuration screen will then appear:

Here you can control the Auditor!

We hope you enjoy the new Audit feature, let us know what you think!

-Mark (Strongbox Founder)