Move Your Passwords from Bitwarden to KeePass on Mac or iPhone

Moving to KeePass from Bitwarden can provide many benefits. In this post, we’re going to explain why you might want to switch to KeePass and how to do it quickly and easily.

If you’re only interested in the how-to, you can skip straight to the step-by-step guide.

Why

Portability

KeePass is an open standard file format for storing password databases. Databases are stored as KDBX files. These files can be opened and edited by any KeePass compatible app or client.

This has various advantages. For one thing, you won’t have to go through a laborious import/export process the next time you want to use a different password management app! Once you have your KDBX database file, you can instantly and seamlessly open and edit it in various other apps. This allows you to experiment and find the best app for your needs.

You can use different password management apps on your phone and your computer with the same database file. You could do the same thing with different apps for Mac, Linux and Windows computers.

There are many more reasons to switch to KeePass, see here for just a few.

How to Switch to KeePass

In order to follow the steps below, you’ll need to download the Strongbox app on your iPhone iPad or Mac.

Strongbox is a free and open source password manager that uses the KeePass file format. It’s available on iPhone, iPad and Mac.

There’s a Pro version of the app available but the free version has everything you need to import, view and edit your passwords. And if you later decide you don’t want to use Strongbox, it’s easy to use your new KeePass database with another compatible app; there’s no lock-in.

Step 1: Exporting from Bitwarden

  1. Go to Bitwarden on the web and unlock your vault normally found here https://vault.bitwarden.com/.
  2. Click Tools in the top menu bar and choose Export Vault (see Screenshot below).
  3. Make sure you select JSON as the File Format and click Confirm Format.
  4. You will be asked to re-enter your master password. Do so and then click Export Vault.
  5. Save the resulting JSON file in a convenient location available for step 2 below.
Bitwarden Export

Step 2: Import Bitwarden JSON using Strongbox

Choose from the instructions below depending on whether you’re importing using your Mac or iPhone/iPad…

2a) On your Mac (macOS)
  1. Open Strongbox, and click File > Import > Bitwarden (JSON) menu item – see screenshot below.
  2. Locate and select the Bitwarden JSON file that you exported in Part 1 above. Strongbox will confirm the import was successful.
  3. You now need to set a master password for your new Strongbox database. This can be the same as your old Bitwarden master password if you like.
  4. Lastly, save your new Strongbox database either locally or on your favourite cloud drive.
  5. Check your entries in Strongbox to make sure all of your data has been imported successfully.
strongbox-import-bitwarden
2b) On your iPhone or iPad (iOS)
  1. Move the Bitwarden JSON file that you exported in Part 1 above into a location that can be accessed by your iPhone/iPad.
  2. Open Strongbox and tap the Plus Symbol (+) in the top right of the screen.
  3. Tap More > Bitwarden (JSON)… and follow the on screen instructions
  4. Check your entries in Strongbox to make sure all of your data has been imported successfully.
import-ios-bitwarden

Step 3: Cleanup

  1. Delete the JSON file that you exported from Bitwarden.

Next Steps

If you want to get familiar with Strongbox, check out our Getting Started guide. We also have extensive help articles available.

And if you have any feedback or issues, don’t hesitate to contact our support team: support@strongboxsafe.com

Move Your Passwords from Enpass to KeePass on Mac or iPhone

KeePass offers a number of advantages over Enpass. In this post, we’re going to explain why you might want to switch to KeePass and how to do it quickly and easily.

If you’re only interested in the how-to, you can skip straight to the step-by-step guide.

Why

Portability

KeePass is an open standard file format for storing password databases. Databases are stored as KDBX files. These files can be opened and edited by any KeePass compatible app or client.

This has various advantages. For one thing, you won’t have to go through a laborious import/export process the next time you want to use a different password management app! Once you have your KDBX database file, you can instantly and seamlessly open and edit it in various other apps. This allows you to experiment and find the best app for your needs.

You can use different password management apps on your phone and your computer with the same database file. You could do the same thing with different apps for Mac, Linux and Windows computers.

Transparency

Enpass is closed source. This means that the source code is not available for inspection on open source websites like Github. This does not in and of itself mean that Enpass is doing something suspicious. It’s just not confidence inspiring, and with a tool for managing your most important secrets, we think that’s just not good enough. We always recommend going with Open Source solutions like Strongbox.

How to Switch to KeePass

In order to follow the steps below, you’ll need to download the Strongbox app on your iPhone iPad or Mac.

Strongbox is a free and open source password manager that uses the KeePass file format. It’s available on iPhone, iPad and Mac.

There’s a Pro version of the app available but the free version has everything you need to import, view and edit your passwords. And if you later decide you don’t want to use Strongbox, it’s easy to use your new KeePass database with another compatible app; there’s no lock-in.

Step 1: Exporting from Enpass

  1. Open Enpass on your Mac and unlock your vault.
  2. Go to the menu bar at the top of your screen and click File > Export.
  3. You will be presented with a sidebar (see screenshot below)
  4. Ensure that the format is .json.
  5. Click on the small Folder icon under Choose Location and select a filename and location to export to.
  6. Click Export.
Enpass Export Side Bar

Step 2: Import Enpass JSON using Strongbox

Choose from the instructions below depending on whether you’re importing using your Mac or iPhone/iPad…

2a) On your Mac (macOS)
  1. Open Strongbox, and click File > Import > Enpass (JSON) menu item – see screenshot below.
  2. Locate and select the Enpass JSON file that you exported in Part 1 above. Strongbox will confirm the import was successful.
  3. You now need to set a master password for your new Strongbox database. This can be the same as your old Enpass master password if you like.
  4. Lastly, save your new Strongbox database either locally or on your favourite cloud drive.
  5. Check your entries in Strongbox to make sure all of your data has been imported successfully.
strongbox-mac-import-enpass
2b) On your iPhone or iPad (iOS)
  1. Move the Enpass JSON file that you exported in Part 1 above into a location that can be accessed by your iPhone/iPad.
  2. Open Strongbox and tap the plus symbol (+) in the top right of the screen.
  3. Tap More > Enpass (JSON)… and follow the on screen instructions
  4. Check your entries in Strongbox to make sure all of your data has been imported successfully.
import-enpass-ios

Step 3: Cleanup

  1. Delete the JSON file that you exported from Enpass.

Next Steps

If you want to get familiar with Strongbox, check out our Getting Started guide. We also have extensive help articles available.

And if you have any feedback or issues, don’t hesitate to contact our support team: support@strongboxsafe.com

Sync Passkeys With Strongbox & KeePass

Use Strongbox to save passkeys in your KeePass database and sync them across your devices.

Contents

What Are Passkeys?

Passkeys are a password replacement that allows you to log in to websites and apps by simply unlocking your device, typically with Face ID, Touch ID or a PIN code.

Passkeys don’t need to be remembered, you rely on Strongbox to remember and protect them on your behalf. They’re resistant to hacks and phishing. They are both highly convenient and highly secure.

It’s still early days for passkeys but they are becoming more widely used every day. Apple, Google, Microsoft, and others have already begun supporting passkeys.

Passkeys replace passwords with cryptographic key pairs. The public key is stored by the service that you’re requesting access to, and the private key is stored on your device (or in your Strongbox database). It’s not possible to reverse engineer the private key from the public key.

If you decided to log into your Google account using a passkey:

  1. Google would first request that you provide proof or a “signature” indicating that you know the private key that corresponds to the public key you used when you registered with Google.
  2. Strongbox checks to see if it possesses a matching private key for the requested public key.
  3. If a matching key is found, a mathematical proof or “signature” is sent to Google. This proof assures Google that you possess the matching private key and then access is granted.

This process is much more secure than simply providing a password, whilst at the same time being faster and easier to use.

Why Use Passkeys?

Passwords Can Be Weak

Weak passwords can be easily hacked or guessed. And if a password is reused across multiple services, one hacked account can lead all of the others to be compromised as well.

Strongbox (and password managers in general) already address these issues by encouraging the creation of strong and unique passwords. That said, many people continue to create weak passwords and reuse them across different websites and apps.

In contrast, passkeys are always strong, they’re never short or simple in the way that a password can be. They’re also unique to a single service. No two passkeys are the same.

Passwords Can Be Stolen

If the server for a website or app you use is hacked and your account password is stolen, attackers can have access to your account immediately.

If, on the other hand, attackers gain access to your passkey’s public key, they are not able to access your account without the corresponding private key which is only stored by Strongbox. The private key is never stored on the servers of the websites and apps you use and it cannot be guessed by obtaining the public key.

Passwords Require Extra Measures To Be Secure

Because of all of the aforementioned issues with passwords, an additional layer of security is often added in the form of multi-factor authentication. A second factor is required in addition to the password, either a time-based one time password (TOTP) code or an in-app approval. This way, even if your password is compromised, a hacker still needs this extra factor to gain access to your account.

This extra protection comes at the cost of convenience. Because of this it’s often not enabled by default and most users do not choose to enable it.

Unlike passwords, passkeys are multifactorial by design:

Passkeys are kept on a user’s devices (something the user “has”) and — if the Relying Party requests User Verification — can only be exercised by the user with a biometric or PIN (something the user “is” or ”knows”). Thus, authentication with passkeys embodies the core principle of multi-factor security.

FIDO Alliance

This means all passkeys automatically benefit from increased security without any extra set up or extra steps when signing in.

Passwords Can Be Phished

Phishing is typically achieved by an attacker creating a fake version of a website that looks very similar to the original. The target of the hack is convinced to enter their password into this fake version of the site, usually after being sent a convincing looking email with a link.

TOTP codes can also be phished in this way. The only difference is that the attacker has to log into the real site simultaneously as their target is being phished. When a TOTP code is requested by the real site, the attacker captures the TOTP code entered by the target on their fake site. This process can be automated and deployed at scale.

SIM swap attacks also allow attackers to obtain SMS codes with relative ease.

Using passkeys makes it much harder for an attacker to impersonate a website because the URL of the site you’re logging into is checked before the private key is used to authenticate. Even if the fake site is visually identically to the original, your browser and device will automatically determine that the URL doesn’t match.

Why Manage Your Passkeys With Strongbox

Data Ownership

Managing your passkeys in Strongbox gives you more control.

When you add a passkey to KeePass database in Strongbox, you can control where that passkey is stored and how it is synced between devices.

Strongbox databases can also be configured to sync using a cloud drive, WebDAV or SFTP, transferred over WiFi, USB, or AirDrop, or be local-only. When you manage your passwords and passkeys with Strongbox, you can decide how you store and back them up, and whether you copy them onto multiple devices and how that transfer is done.

Security

Protect your passkeys with state-of-the-art cryptography, brute force resistant KDFs, YubiKey support, and much more.

And everything can be configured to your exact requirements.

Portability

With Strongbox, you can be confident that you will be able to export your passkeys to a different app in the future if needed. There’s zero lock-in.

And because the default Strongbox databases format is based on the open source KeePass file format, you can access your passkeys in any KeePass compatible app on any platform, including Android, Windows and Linux.

Unfortunately we cannot offer support for passkeys on other database formats, e.g. Password Safe or older KeePass 1 (KDB) based databases, because they don’t offer the flexibility of storing new custom data items. It is relatively straightforward to convert older databases and Password Safe databases to the more flexible and modern KeePass 2 format. We have some guides on our support site for that.

Support for passkeys is coming soon to some major KeePass clients like KeePassXC, with whom we’ve worked to ensure compatibility. We’re hoping other KeePass clients can take advantage of our trail breaking here.

Step-by-Step Instructions

We’ve written a step-by-step guide on how to set up your iPhone, iPad and Mac to create and sign in with passkeys with Strongbox: Use Passkeys With Strongbox

Move Your Passwords from LastPass to KeePass on Mac

KeePass offers a number of advantages over LastPass. In this post, we’re going to explain why you might want to switch to KeePass and how to do it quickly and easily.

If you’re only interested in the how-to, you can skip straight to the step-by-step guide.

Why

Security

LastPass has a long history of security incidents and data breaches. Most famously, in August 2022, hackers gained access to LastPass user accounts and stole customer’s password vaults, names, IP addresses, phone numbers and billing addresses.

There have been several other attacks dating all the way back to 2011. For instance, in 2021, many LastPass users received emails informing them that their master passwords had been compromised. And in 2015, LastPass’ servers were compromised and attackers were able to access hashed master passwords, cryptographic salts and customer email addresses.

KeePass databases, by comparison, are not stored in a centralised location that’s vulnerable to attack. It gives you control of your data and you decide where it is stored. That could be in a cloud storage provider of your choice, on your own server, or local-only, for the ultimate security. You also have access to more advanced security settings, such as which encryption algorithm to use and whether to use a two-factor authentication method, like a YubiKey and/or a key file.

(The downside of all this control is that there’s no safety net. If you forget your master password, it cannot be recovered!)

Privacy

It was discovered in 2021 that the LastPass Android app includes several third-party trackers embedded in its code. Whilst this is not necessarily an issue, privacy conscious users have good reason to be concerned:

The amount of data does seem to be extensive, revealing information about the device in use, the cell phone carrier, the type of LastPass account, and the user’s Google Advertising ID (used to connect data about the user across apps). It’s enough data to build an extensive profile around the most private information you store.

Josh Hendrickson, Review Geek

Many KeePass apps are open source (such as Strongbox) and their code can be inspected to ensure there are no trackers present.

Portability

KeePass is an open standard file format for storing password databases. Databases are stored as KDBX files. These files can be opened and edited by any KeePass compatible app or client.

This has various advantages. For one thing, you won’t have to go through a laborious import/export process the next time you want to use a different password management app! Once you have your KDBX database file, you can instantly and seamlessly open and edit it in various other apps. This allows you to experiment and find the best app for your needs.

You could use different password management apps on your phone and your computer with the same database file. You could do the same thing with different apps for Mac and Windows computers. Cloud storage drives offer an easy way to sync the changes between different devices, but it’s also possible to use your own server, Wi-Fi transfer or a simple USB cable.

Cost

LastPass offers free and paid tiers. However, some of the more basic features are locked behind a paywall, including being able to sync your password database across multiple devices. There is also no “Lifetime” purchase option available, which means that you are stuck paying for a monthly or yearly subscription for as long as you use their service.

Because KeePass is compatible with many different apps, there are various different prices and payment options available.

There are many KeePass clients that offer basic functionality at no cost. The official KeePass app is one example. You can even extend its feature set via a library of free plug ins.

And, if you’re willing to pay, there are also great KeePass app options with better user interfaces and more advanced features. Features such as Face ID unlocking, browser AutoFill, YubiKey support, automatic backups, WebDAV and SFTP support, and much more.

Whilst LastPass (and other similar services) lock you into their payment model, once you’ve created your KeePass database, you can easily and instantly try different KeePass apps and find which one is right for you.

How to Switch to KeePass

In order to follow the steps below, you’ll need to download the Strongbox app.

Strongbox is a free and open source password manager that uses the KeePass file format. It’s available on iPhone, iPad and Mac.

There’s a Pro version of the app available but the free version has everything you need to import, view and edit your passwords. And if you later decide you don’t want to use Strongbox, it’s easy to use your new KeePass database with another compatible app; there’s no lock-in.

Pre-Switch Considerations

LastPass vaults can only be exported as CSV files. This means that usernames, emails and passwords are exported, but many other types of data are not.

For instance, it’s not possible to export file attachments from your LastPass vault. That means that you need to manually download these attachments from LastPass and then add them to your KeePass database.

Unfortunately, the same goes for notes, custom fields, addresses and TOTP codes in LastPass. After you’ve imported your LastPass logins to a new KeePass database, you’ll need to go through and manually add these back in.

Step 1 – Export a CSV from LastPass.com

  1. Go to lastpass.com
  2. Log into your account
  3. At the bottom of the left-hand column, click Advanced Options
  4. Under the Manage Your Vault heading, click Export
  5. Open the email from LastPass with the subject ‘LastPass Security Notification: Verify export’
  6. Click the Continue export link in the email to go to another webpage
  7. Go back to your vault on lastpass.com and, once again, click Advanced Options > Export
  8. Enter your LastPass master password
  9. Locate the CSV file that is downloaded to your device (called ‘download.csv)

For more detailed instructions see the guide on LastPass’ website.

Step 2a – Import Using Strongbox on Mac

  1. Open Strongbox on your Mac
  2. Click File (in the menu bar) > Import > LastPass (CSV)…
  3. Locate and select the CSV file that you exported in Part 1 above. Strongbox will confirm the import was successful
  4. You now need to set a master password for your Strongbox database. This can be the same as your old LastPass master password if you like.
  5. Lastly, save your new Strongbox database either locally or on your favourite cloud drive
  6. Check your entries in Strongbox to make sure all of your data has been imported successfully
  7. Delete the CSV file that you had exported from LastPass

Step 2b – Import Using Strongbox on iPhone/iPad

  1. Move your CSV file into a location that can be accessed by your iPhone/iPad
  2. Open Strongbox on your iPhone or iPad
  3. Tap the plus symbol (+) in the top right of the screen
  4. Tap More
  5. Tap LastPass (CSV)…
  6. Follow the instructions to create the new database
  7. Check your entries in Strongbox to make sure all of your data has been imported successfully
  8. Delete the CSV file that you had exported from LastPass

Step 3 – Add Missing Data

You should now have a KeePass database file that contains all of your logins from your old LastPass vault. The entries in your database will include usernames, emails and passwords, but not file attachments, notes, custom fields, addresses and TOTP codes. Unfortunately LastPass does not allow this extra data to be easily exported/imported.

You will need to go through your LastPass vault, manually download attachments and add them to entries in your KeePass database. And you can copy and paste any other information–such as notes and custom fields–that you would like to move across.

Next Steps

If you want to get familiar with Strongbox, check out our Getting Started guide. We also have extensive help articles available.

And if you have any feedback or issues, don’t hesitate to contact our support team: support@strongboxsafe.com

AutoFill KeePass Passwords on Mac (Chrome, Firefox, Safari)

Introduction

AutoFill saves you time by automatically filling in username and password fields when you log into a website.

Logging into Strava website using autofill browser extension

Opting for the open source KeePass format, over proprietary solutions like 1Password and LastPass, can sometimes feel like a trade-off between data ownership and convenience. 1Password, LastPass, etc have easy-to-use browser extensions, whilst with KeePass there are various options available of differing quality.

Unfortunately, despite an increasing number of KeePass-compatible iOS apps, there aren’t many good KeePass apps on macOS. This means that autofilling your KeePass passwords can be cumbersome on the Mac.

How To Set Up AutoFill for KeePass on Mac

Most KeePass apps will have some kind of AutoFill solution and this is an important factor to consider when deciding which one to use.

Strongbox is a free and open source KeePass-compatible password manager that provides a great user experience across Mac, iPhone and iPad. We’re biased, but, we believe that Strongbox offers the simplest and most secure way to AutoFill your KeePass passwords on your Mac, whether you’re using Chrome, Firefox, Safari or another compatible browser.

For those who don’t want to use Strongbox we also recommend KeePassXC.

We’ve outlined everything below:

NB: AutoFill support for Strongbox on Mac is only available with Strongbox Pro. You can try out Strongbox Pro for free for 3 months with no obligation to buy. We hope you’ll love it.

Strongbox has official browser extensions for both Chrome and Firefox:

Many other Chromium and Firefox-based browsers also work with the above extensions, including Brave and Microsoft Edge.

For a general overview of how Strongbox works and how to get it set up, check out our Getting Started guide.

AutoFill is enabled on a per-database basis. So, before you can go ahead and make use of the browser extension, you’ll need to enable AutoFill in your database settings. To do this:

  1. Unlock your database
  2. Open the Database Settings (Database > Database Settings menu item)
  3. Navigate to the AutoFill tab
  4. Make sure the ‘Enable AutoFill for this Database’ box is checked

When you go to log into a website, you will then see a list of all entries in your database that match that URL.

There are also certain settings available within the AutoFill extension in the browser. You can automatically fill the fields as soon as the webpage loads, either with the closest match or only if there’s a single match for that domain, or you can turn this off and manually select an entry from the dropdown that appears when you click into a username or password field.

Strongbox AutoFill for Safari

Strongbox integrates with Apple’s native Password AutoFill on Mac (and iPhone and iPad). This is what enables Strongbox to AutoFill your credentials in Safari.

To enable AutoFill in Safari/macOS, go to System Preferences > Extensions > Password AutoFill and check the box for the Strongbox app.

Wormhole Fill Explained

In the AutoFill settings for your database, there’s an option to enable “Wormhole” fill:

If you enable it, the system level AutoFill can communicate directly with the Strongbox app. This way, AutoFill can determine if your database is already unlocked and save you from having to authenticate twice. If you disable this, you will have to authenticate each time you use AutoFill, even if your database is currently unlocked in the Strongbox app.

The “Wormhole” itself is a dedicated IPC channel that utilises the Secure Enclave on your Mac to keep your credentials secure.

A Quick Note on Security

As well as convenience, security is a concern whenever you decide to share sensitive data from your KeePass database with another app or service, such as your browser.

If you use a well-architected browser extension/AutoFill integration (such as with Strongbox) it is generally more secure to use AutoFill than it would be to copy and paste your passwords manually via your device’s clipboard. This is also true of Strongbox’s integration with the system-level AutoFill on macOS.

In creating the Strongbox browser extension, we have gone above and beyond to make it very difficult for an attacker to intercept your secrets. All traffic is encrypted end-to-end using asymmetric encryption, it uses local, on-device-only IPC (inter-process communication) with no open ports, and the code is open source so you can inspect it yourself on GitHub. You can read more about how the browser extension works here.

Whichever AutoFill solution you choose, make sure that you trust the developer and that your secrets are safe in transit.

What About TOTP codes?

Time-Based One-Time Passwords (TOTPs or OTPs) are codes that are constantly changing at regular time intervals. They usually take the form of a 6-digit number and are a very common method to enable 2FA.

If you have added a TOTP code to an entry in Strongbox, it’s super easy to then AutoFill that code in your browser. Once the username and password have been filled, Strongbox will automatically copy the TOTP to your device’s clipboard. So you can just paste and go.

The step-by-step instructions are:

  1. Navigate to the website’s login page in your browser
  2. Select the entry you want to use from the drop down menu
  3. Click to log in
  4. When the website prompts you for a TOTP code, simply press paste (CMD + V) and the TOTP code will be filled immediately

AutoFill with KeePassXC as an Alternative to Strongbox

KeePassXC is a free and open source app available on all major platforms, including macOS, Windows and Linux.

In order to use AutoFill with KeePassXC, you need to download their browser extension. At the time of writing, KeePassXC supports Firefox & Chromium based browsers.

Once the extension is installed, open KeePassXC and go to Tools > Settings > Browser Integration. Check the box to Enable Browser integration and then check the browsers that you want to use. After you’ve done this, you’ll need to restart your browser.

Unfortunately, Safari isn’t currently supported. To use KeePassXC with Safari, you’ll need to enable the global Auto-Type feature.

Auto-Type fills the username and password for you by simulating key presses. It’s less convenient than a browser based AutoFill because it requires you to search for the correct entry manually. The advantage however is that it can be used anywhere, including inside of other Mac apps.

To set up Auto-Type, check out this guide.

Conclusion

You don’t need to sacrifice the convenience of AutoFill when you use KeePass on your Mac. If you choose the right KeePass client, you’ll get the benefits of owning your own data and save time by taking advantage of AutoFill. That’s one more reason not to use proprietary password management apps like 1Password.

Strongbox offers a comprehensive AutoFill solution that works across all major browsers on Mac (as well as on iPhone and iPad). KeePassXC is a free option that works across all major browsers except for Safari, with Auto-Type making it possible to still AutoFill in Safari with a few extra steps.

For more information, check our comprehensive guides on AutoFill, as well as how to AutoFill on your iPhone and iPad.

How To Clean Up and Reduce the Size of Your KeePass Database

Introduction

The file size of a KeePass database is an often overlooked aspect impacting the way that you manage your passwords. A smaller database file translates to faster syncing and improved overall performance, saving you time and ensuring a seamless user experience. We’ve found that databases that are smaller than 4 MB perform the best.

Below are some tips for how to reduce the size of your KeePass database as much as possible, including:

Going From 20 MB to 68 KB

Recently I was experiencing some issues syncing my KeePass database between my Mac and iPhone. After saving a change on my Mac, sometimes that change would not be there when I unlocked the same database on my iPhone.

Data loss is extremely worrying, particularly when it concerns something as important as passwords and personal information.

Like many people, I was syncing my database between devices using a cloud storage provider. I noticed that the sync itself was taking a long time because my KeePass database file size had ballooned to over 20 MB. Every time I changed my database, the entire 20 MB file was uploaded to the cloud. This could sometimes take a minute or more when I was in an area with a poor internet connection.

So, in fact, no data was being lost (and I was confident that I could use Strongbox’s advanced Compare and Merge function to easily address any sync conflicts). But it was inconvenient.

This lead me to experiment with ways to reduce the size of my database. Now my database, containing over 600 entries, is only 68 KB. Syncing is lightning-fast and my experience of using KeePass is vastly improved.

You can do the same to your database by following the steps below.

Why Size Matters

If you’re interested in understanding why reducing the file size of your database can have such a big impact, read on. Or, you can skip straight to the step-by-step instructions below.

A KeePass database is a “flat” file. Every time that you make a change on one device, the entire database file needs to be transferred to your other devices. This is called a “cumulative update”.

Many other online services work differently, allowing individual changes to be pushed and pulled between different databases. So if you make a change on one device, only that specific change needs to be transferred to your other devices. This is known as a “delta update”.

Imagine a large document with many pages. Each page represents an entry in your database. When you change a page in the document, the whole document has to be recreated. If you want to share this updated version of the document with your friend, you have to give them a whole new copy of the document that contains all of the pages, both new and old. This is a cumulative update.

If you instead take a copy of the single page that you changed, give that to your friend and they replace only that one page in their copy of the document, this is the equivalent of a delta update.

Since KeePass is based on a cumulative update model, the overall size of the database file is relevant to its performance and portability.

Smaller Means Faster

Every time that you update your database, the entire file has to be uploaded to the cloud and then downloaded on your other devices. The smaller your database file, the faster this will happen.

And the faster this happens, the less likely you are to inadvertently make a change to an older version of the database on another device and thereby create a sync conflict.

In addition, every time you unlock your database, the entire volume must be decrypted. The smaller your database file, the faster this will also happen.

On many modern devices, the difference in unlock time is relatively marginal, but for older devices, a smaller database can result in meaningful speed improvements. This is particularly true when you consider that you might be unlocking your database multiple times a day over the course of years of usage. Those small time savings can add up.

More interestingly perhaps, reducing the file size could also create more headroom that you could take advantage of to increase the amount of encryption used to protect your database.

With a smaller file to decrypt, it will be possible to increase the number of iterations without creating an inconvenient time delay.

How To Reduce the Size of Your KeePass Database

PSA: Remember to always create a backup of your KeePass database before making any changes, and ensure you have a secure and reliable backup strategy in place!

Remove Attachments (20 MB down to 7.5 MB)

The first step is somewhat obvious but still worth mentioning. File attachments, even small ones, are many times larger than any text-only entry you have in your database.

Some of these you can probably delete. (Remember that any attachments that you delete will go to the Recycle Bin and that, until you empty the Recycle Bin, the size of your database file won’t actually decrease.)

Some of these you could archive in another storage location, such as a separate KeePass database or an encrypted disk image (using a tool such as VeraCrypt).

Strongbox has a dedicated Attachments view which you can select from the left-hand sidebar.

For instance, I was storing some ID documents in Strongbox, like a JPG of my driver’s license, that I didn’t need to have there. What I did instead was to use an app called TextSniper to copy and paste the important data from the JPG into custom fields within a Strongbox entry. I then exported the file to an iCloud Drive folder and deleted it from Strongbox.

In my case, I was able to remove around 14 MB of attachments. Most of these were PDFs and JPGs that didn’t need to be encrypted in my KeePass database. I moved them into folders in iCloud Drive and deleted them from Strongbox.

Remove Custom Icons and Favicons (6 MB down to 1.5 MB)

All of the icons and favicons that you’re using are stored within your database file itself. This means they are encrypted and decrypted regularly and they have to be synced every time you make a change to your database.

I had over 600 entries in my database and most of which had favicons attached, which I had downloaded using Strongbox’s Favicon Downloader.

Personally, I decided that the advantages of a smaller database outweighed the advantages of having attractive, easy-to-recognise icons. By setting all entries to use a single icon, I was able to reduce my database size by a further 4.5 MB.

Setting all entries to use the same icon is less colourful, but more efficient.

To strip out all of the icons from your database, follow these steps:

  1. Open the Strongbox app preferences
  2. Go to the Advanced tab
  3. Make sure that ‘Strip Unused Icons on Save is enabled
  4. Unlock your database
  5. Select All Entries in the left sidebar
  6. Select all the entries in the list (CMD + A)
  7. Right-click them and choose Set Icon
  8. Choose one of the icons from the options provided
  9. Save your database (CMD + S)

Of course, you don’t have to strip the icons from every entry. You could instead choose to only do this for a selection of the entries in your database.

(N.B. you may find that your database doesn’t actually reduce in size until you do the step below. This is because the old icons could still be stored as part of your password history.)

And if you later decide to add favicons back, you can select the entries, right click and choose Find Favicon(s).

If you decide to start using favicons again, it’s easy to add them back using Strongbox’s Favicon Downloader.

Remove Password History and Unnecessary Metadata (1.5 MB down to 68 KB)

Strongbox (and other KeePass apps) will store password history and other metadata in your database file. You can remove all of this by creating a new database file and then copying all of your entries across. This is a “fresh start” for your database.

(This metadata is used to do things like manage sync conflicts and database merges, but it’s not necessary to keep it forever.)

To do this we recommend using Strongbox on your Mac. The steps are:

  1. Create a new database
  2. Unlock your current database in another window or tab
  3. Copy and paste or drag and drop all of your entries from the current database to the new database
  4. Use the new database as your current database, and delete (or backup) the old one

It’s also possible to do this on iOS. The steps are:

  1. Create a new database
  2. Go back to the list of databases and unlock your current database
  3. Select the entries to move (tap the three-dot menu in the top right of the screen and then tap Select)
  4. Select the entries to move (note that it’s easier to move large numbers of entries if they’re inside a group)
  5. Tap Export Item(s)
  6. Choose your new database
  7. Unlock the new database and confirm

This should reduce the size of your database significantly. In my case, I was able to clear out a further 1.5 MB.

Taking It Further

At this point, we’re at the point of diminishing returns. The steps below are mostly focused on removing unnecessary entries from your database, but the entries themselves are tiny in comparison to the attachments and icons that are mentioned above. That said, here are some extra steps that you can take to optimise your database to be as small as possible.

Empty the Recycle Bin

Attachments and entries that you delete go to the Recycle Bin. Until you empty the Recycle Bin, they won’t actually contribute to reducing the size of your database.

You can empty it by right clicking it on Mac or long pressing it on iOS and selecting Empty Recycle Bin.

Delete Duplicate Entries

You can view all duplicated entries in Strongbox on Mac by selecting Duplicated under the Audit Issues heading in the left sidebar. On iOS, tap the search bar and then Audit Issues.

As well as saving a bit of space, deleting duplicates is going to make AutoFill suggestions easier for you to parse.

Spread Entries Across Different Database Files

If you’re currently storing all of your entries in a single database, you might want to consider splitting them across multiple databases instead.

For instance, if you have a group of entries that you rarely use, you could “archive” these by moving them to a different database. This means that your primary database is going to unlock and sync faster because it’s not weighed down by entries that are rarely needed.

This would be particularly effective if you have a lot of attachments. In this case, you could even create a separate database just to store your attachments.

This is less convenient of course, potentially requiring multiple database unlocks to access data when before only one would have been necessary. It can also make configuring AutoFill more complicated.

Make Sure That Compression Is Enabled

Strongbox uses gzip compression by default. It’s worth checking that this is enabled in the Encryption Settings for your database, particularly if you have a lot of attachments.

Gzip is enabled by default when you create a new database in Strongbox, but it might be turned off if you’ve imported your database from another KeePass app.

Conclusion

Hopefully, you can apply some or all of the steps above to reduce the size of your database, making your experience of using Strongbox even faster.

If you have any other tips or tricks to reduce database size, let us know in our subreddit or on Twitter.

Move From 1Password to KeePass: Import File Attachments, Custom Fields and More

Strongbox is now more reliable than ever when importing 1Password databases, with improved handling of file attachments, custom fields, tags, and folder structures.

Introduction

When you migrate from 1Password to another password manager, like Strongbox, you want to be confident that all of your data has come across without anything being lost.

Most password managers will only import your usernames and passwords from 1Password, ignoring or mishandling file attachments, custom fields, tags and folder structures. This means that you will need to check what data is missing and move it across manually. This is time consuming and error prone. With Strongbox you can import your entire 1Password vault in one go.

And we’ve recently improved Strongbox’s import functionality for 1Password, LastPass and Apple/iCloud Keychain. Read on to find out how we’ve made our 1Password import more reliable.

1PUX Support

With the update to 1Password 8, it’s now possible to export your 1Password data to a new file format called 1Password Unencrypted Export (1PUX). 1PUX includes a new data structure. It’s more logically structured than the previous 1PIF format and preserves far, far more data than CSV.

In order to parse 1PUX files, we built a dedicated new importer which preserves as much metadata as possible, copying attachments across and trying to maintain field ordering and Archived items.

1PIF Improvements

We’ve also revamped the way that we import 1PIF files. 1PIF was the file format previously used when exporting databases in older versions of 1Password.

These improvements mean that the entries in the Archive and Trash folders in your 1PIF file will now be imported into Strongbox. We’ve also improved the general reliability of 1PIF imports.

Custom Sections in 1Password

In 1Password, custom fields can be grouped into sections and those custom sections can be named.

This is one aspect of your 1Password database that Strongbox is not able to interpret and import. All custom fields will be imported but they will not be grouped into sections (as they appear when viewed in the 1Password app).

If you have entries that contain a lot of different sections and custom fields, we recommend checking that the custom fields within an entry don’t have duplicate names. And, if that is the case, consider prefixing the custom field name with its section name in the 1Password app before you export your database to a 1PUX file. If you don’t, the custom fields could be difficult to identify once they’ve been imported into Strongbox.

Conclusion

For step by step instructions on how to move your data from 1Password to Strongbox, check out our guide here.

If you have any feedback or issues, don’t hesitate to contact our support team: support@strongboxsafe.com

How To Use KeePass on Your iPhone, iPad & Mac

What is KeePass?

KeePass is a password manager that can securely store passwords, login credentials and other personal information that you need to remember. It’s also an open source file format that many other password manager apps support.

Why Use KeePass?

Unlike with many other password managers, storing your information in a KeePass database means that you have full control of your data and you’re not locked in to one specific app or company. 

In today’s world, it’s not uncommon for apps and services to go out of business, increase their prices, change their privacy policies, or stop developing new features. Using a KeePass database means that you have a high degree of freedom to choose where your data is stored and which apps you use to access it.

This means that you can:

  • Switch to a different password manager at any time, without having to go through a complicated export/import process
  • Store your database anywhere you like, either in the cloud or locally on your device
  • Easily backup your database

And, because there are a variety of different KeePass compatible password manager apps out there, you’re not locked into paying an annual or monthly subscription fee if you don’t want to. If you’re unhappy with the app you’re currently using, it’s easy to try out a different password manager app. It’s even possible to simultaneously use different apps to access the same database on different devices.

How To Setup KeePass on Your iPhone, iPad & Mac

Step 1: Choose an App

The first step is to choose which KeePass compatible app you’re going to use on your Apple device. There are various options available with different benefits and drawbacks.

We’re biassed and think that Strongbox is the best KeePass app out there 😉 And you can get started for free.

If you want to consider all of the available options, there are some key factors that you might want to look out for:

Easy To Use, Modern Design

You don’t have to sacrifice good design and convenience for security and functionality. Choose an app that looks like it was designed in 2023 and not 2003.

Well designed KeePass apps will be intuitive to use and will save you time and hassle by offering convenience features like Face ID unlock and password AutoFill when you’re browsing the web.

Cloud Sync Support

If you want to use your password database across multiple devices, e.g. on your iPhone and your Mac, then you might want to sync it with a cloud storage provider. If so, you’ll want to choose an app that is compatible with the cloud storage service or services that use.

Open Source Codebase From a Trusted Developer

It’s crucial that you trust the app that you’re using to manage your passwords and other personal information. 

The KeePass format itself is open source, which means that it is open to being inspected for vulnerabilities by anyone and everyone.

You should expect the same from your password manager. Check to see if the source code is open source and available to review online–like Strongbox’s.

Helpful and Responsive Customer Support

KeePass allows for a lot more customisation compared to mainstream password managers. More power can mean more to learn and master. Consequently it can be helpful to use an app that offers great customer support, so you can easily contact the developer if you have any questions or issues. 

Step 2: Create Your KeePass Database

Now you’ve chosen the app you’re going to use, it’s time to create your password database.

If you’re starting from scratch then you can simply create a new database and start adding entries.

It’s likely however that you have login credentials already stored somewhere else, like in your browser or another password manager. If that’s the case then you can import them into your new KeePass database.

Export Your Passwords From Your Existing Password Manager App

Begin by exporting your existing passwords from your current password manager. Here are some guides for commonly used password managers:

Most password managers will allow data to be exported in CSV format. Be careful where you store this file as it is unencrypted, which means there is no protection should someone else get access to it.

Import Your Passwords to Your New Database

The import process will differ based on the app you’re using. For instance, here’s our guide for importing a CSV file into Strongbox. If you’re using a different KeePass app, check their support articles for guidance.

Once you’ve imported your data, it’s worth doing a manual check to make sure that everything has been transferred across successfully. And, once you’re satisfied, delete the file that you imported.

Sync Your Database Across Your Devices

If you’re using multiple devices, such as your iPhone and your Mac, you’re probably going to want to keep your passwords and other personal information up to date across them all.

Mainstream password managers, like 1Password or LastPass, sync your databases on their own servers. The advantage of this is that there’s no set up required. The disadvantage however is that you do not have control of your data and it’s vulnerable to attack if the password manager in question suffers a data breach.

KeePass databases are single encrypted files that you can store wherever you like. Most KeePass users choose to move their database file to a cloud storage service such as OneDrive or Dropbox. This allows them to easily sync their passwords between devices.

If you move your database to a cloud storage service, you’ll need to give your password manager app access to this service so it can read your database and make changes.

Next Steps

Remember: now that your information is stored in an open source file format, you can try different KeePass compatible apps without having to constantly export and import your data. Try a few out and see which one is best for your needs.

You can also find out more about KeePass through the KeePass subreddit.

About Strongbox

Strongbox is a premium KeePass based password manager for iPhone, iPad and Mac. It’s easy to use and includes powerful features like Face & Touch ID unlock, browser AutoFill, automatic auditing, and much more.

You can use Strongbox for free. And we have a handy Getting Started guide. Check us out on the App Store!

Duress PIN – What Is It and Why Would I Need It?

So what is this Duress PIN thing and how does it work? The name gives it away, let’s look at a dictionary definition of duress:

Note: The Duress PIN Feature is part of the iOS Pro feature set

The idea of a Duress PIN is simply that, if for whatever reason, you are in a bad situation where someone is forcing you to unlock your database, you can enter a different PIN than the correct one, and Strongbox will perform some kind of plausible action but not reveal your passwords/secrets.

You could be a human rights worker entering an authoritarian country with a no real commitment to personal freedoms or perhaps you’re simply someone who likes their privacy and wants to keep their secrets private. Sounds like a simple wish, but once you arrive at the customs port of your destination country, all bets may be off, the enforcers will want what they want or you’re not getting in. Maybe you work in a dangerous part of the world, and you fear some criminal elements may force you to reveal your banking details or similar. Whatever it might be, anyone could find themselves under duress.

So how do I setup my Duress PIN? The first thing you need to do is setup a regular non-duress PIN, what we call a convenience PIN. This allows you to open your Password Database with a short set of digits (like your ATM PIN). To do this, simply:

  1. Unlock your database
  2. Tap the “More” or “Ellipsis” (…) button in the top right corner
  3. Tap Database Settings
  4. Tap Configure PIN Codes
  5. Tap ‘Turn Convenience PIN On
  6. Now enter a PIN Code, you’ll now be able to Unlock your database with this PIN Code.

Next we will want to setup a separate PIN, our Duress PIN. To do so, let’s go back to that PIN Configuration screen:

  1. Down in the Duress PIN section, tap ‘Turn Duress PIN On
  2. Enter a PIN, different this time than your regular convenience PIN.

Once done, you’ll notice that the ‘When Duress PIN Entered‘ section is now enabled and you can choose from the three available options. Let’s have a look at these options in turn and see what they do:

  1. Open a Dummy Database
    • This might be the most ‘stealthy’ option of all. Strongbox will open a database so it looks just like your Duress PIN worked. You can actually edit this database to make it look as realistic as possible. Think of it perhaps like a decoy wallet. You want something that looks plausible (e.g. old expired credit cards, maybe even a few dollars!). So you probably want to spend some time setting this up, just don’t enter your real secrets/passwords.
  2. Present a Technical Error
    • A fairly straightforward response, a reasonable looking error message will popup. Simple yet effective.
  3. Remove Database from Strongbox
    • This is sort of the nuclear option. The database will be removed from Strongbox completely. If your database is stored on a remote provider somewhere it won’t be touched, so don’t worry. It will just not be visible or accessible from Strongbox without re-adding it. However if someone is watching you while you do this it might be obvious you’ve done something to thwart them.

Those are your options, and you’ll need to choose which one suits your particular scenario best. We can’t offer advice on this, only you can decide. Indeed, you will need to decide if you want to use this feature at all. Take a look at our short note of caution below before deciding if using a Duress PIN is something you really want to do. Another option you may consider is to simply remove the database from Strongbox completely during transit in and out of problematic territory. You can re-add your database once you’re safely through that tough jurisdiction, or sticky situation.

A Final Note of Caution

It may actually be illegal or counter productive to enter a duress PIN in some situations, because if you get caught somehow doing this, the relevant forces/legal authorities may consider this as a deceptive act and may take punitive measures against you. This is something you’ll need to consider as part of your particular situation and threat model. It is worth examining how your target jurisdiction will react if you somehow were discovered to be using a Duress PIN in a situation like this. Strongbox only provides this powerful option, the choice then, is entirely yours.

Syncing With a Synology NAS

It seems that Synology released an update (version 5.15.0 on April 13th 2021) to their DS File App which appears to be problematic for users who use the “Files” method to sync their databases with Strongbox. Unfortunately we don’t know exactly what Synology have done here, and there’s little we can do to fix things. So we would like to make sure everyone is aware of the best way to perform sync with a Synology device.

Update 13-Sept-2021: We are receiving reports that Synology have now fixed their App. We continue to recommend the methods below.

Recommended Methods

We always recommend users use either WebDAV or SFTP to sync their databases with their Synology NAS devices as it appears to be a much more reliable method and isn’t prone to getting things out of sync or randomly failing. You can also access your NAS via SFTP/WebDAV using the MacOS version of Strongbox.

A Note on using SMB

Unfortunately there are reports that SMB isn’t very reliable via iOS Files and also suffers from security issues, so using it over the public Internet isn’t recommended.

WebDAV & SFTP – Recommended

So we’ll stick with WebDAV & SFTP. This is all the more pressing now with the release of the broken DS File update. In this article we’ll cover getting WebDAV or SFTP up and running and connecting via Strongbox’s built in WebDAV support.

WebDAV

The authoritative Synology instructions can be found here. In a very short summary you need to:

  1. Log in to the Disk Station Manager or DSM with an account belonging to the administrators group.
  2. Go to Package Center to install WebDAV Server.
  3. Launch WebDAV Server and check Enable HTTPS checkbox. You can customise the port number if you like.
  4. Save the settings.
  5. To access from Strongbox, choose Add Existing Database
  6. Choose WebDAV
  7. Enter the IP address or the hostname of your Synology NAS followed by a colon followed by the port number (usually 5006 but may be different depending on how you have configured it). For example: https://my.host.com:5006
  8. Enter your username/password.
  9. You may not have configured a fully functional certificate (we would recommend that you do, you could use Lets Encrypt for example), if your certificate isn’t valid, then tick the ‘Allow Untrusted Certificate’ checkbox in Strongbox.
  10. All going well you should now be able to browse your file system for your password database.
  11. Finally add that database and you’re all set!

Some tips/tricks from other users who managed to get WebDAV working on their setups. These may or may not apply to you and haven’t been verified:

  • Ensure that the correct WebDAV port number is used in the URL/Address you enter
  • Make sure the WebDAV port is enabled in the Synology’s firewall
  • Make sure the WebDAV port is forwarded on the router if accessing remotely
  • Ensure Synology user account has WebDAV permissions
  • If using your own (untrusted) SSL certificate, ensure “Allow Untrusted Certificate” is enabled
  • In some cases you may need to append /home to your WebDAV URL. See here for more details.
  • Ensure the user password does not have any special characters if you are getting authentication errors
  • TLS/ SSL Profile Levels at “Modern compatibility” seem to work but you may want to change this if you have trouble.

SFTP

The authoritative Synology instructions can be found here. In a very short set of instructions:

  1. Log in to the Disk Station Manager or DSM with an account belonging to the administrators group.
  2. Click on Control Panel
  3. Click on File Services
  4. Click on the FTP tab
  5. Scroll down to the SFTP Section and enable
  6. Now, SFTP is live. We just need to make sure that a user is able to access the SFTP service. You can do this under Control Panel also. Select the Users component and create or ensure your user has SFTP access.
  7. To access from Strongbox, choose Add Existing Database
  8. Choose SFTP
  9. Enter the IP address or the hostname of your Synology NAS.
  10. Enter your username/password.
  11. All going well you should now be able to browse your file system for your password database.
  12. Finally add that database and you’re all set!

There is a good YouTube video which explains the steps to configure your Synology as an SFTP server.

Other Helpful Hints, Tips and Tricks

There is a plethora of information in the below video for how to configure your NAS for external connectivity which you may find helpful. It is presented in a friendly and funny way. Worth a look.

Please let us know if we should any other details, or how your experience was with these instructions, so that we can update this article for others.

Offline Editing

Strongbox on iOS now supports Offline Editing. Previously it was only possible to view your database while offline but now it’s possible to add, remove, edit and reorganise your database while out on that remote hike, on a flight or even just on the Tube.

Offline Editing depends upon our recently released feature Compare & Merge and the ability to maintain an independent local copy of your KeePass (or Password Safe) database with changes, and synchronise with a remote version of your database.

NB: Offline Editing is a Pro only feature (though you can always view a read only copy of your database in the free version).

Strongbox tries to detect when you are offline and immediately offer this option to you, but sometimes you will just want to manually initiate this offline editing process yourself for whatever reason. That’s super easy now. Just long tap on your database and select Open Offline.

You can always edit offline by selecting Open Offline from the context menu
The orange icon indicates that there are pending changes to be sync’d to your remote storage location.

This will open Strongbox in Offline mode. This means you can still make all the changes you normally would, or just search for an entry. However, any changes are stored only locally, ready for sync’ing back to your remote storage location whenever you next come online, or perform a sync. If you do have local changes that need to be sync’d you will see an orange icon next to your database on the main Databases List (“Home”) screen. You can always initiate a sync by pulling down on the Databases List or just tapping to unlock the database in question. Strongbox will manage any synchronisation conflicts and present options to merge if required.

This was one of our most requested features so we’re really happy to have been able to get this one out the door. It took a lot of work and relies on some other features that we’re really proud of. We hope you’ll like it, find it useful and that it makes your life a little bit easier.

Compare & Merge (iOS)

A key component required for developing the Advanced Sync feature (coming soon) is the ability to compare databases and then to merge them. It’s quite a big feature and the development work is quite large. Since Advanced Sync is our number one development priority we’ve been deep in the code caves working on it for quite a while. Apologies if it looks like we’ve been slacking off!

With the release of version 1.50.13 on iOS we decided to not only add this functionality but also to make it available in a friendly UI. So no more flying blind when you’ve got 2 slightly out of sync copies of your databases. Just fire up Strongbox, select Compare & Merge from the context menu and let it do the hard work of comparing all entries. Optionally then you can choose to merge the databases so that you have the latest entries, edits and moves from both.

NB: The Compare feature is a Pro feature only. Advanced Sync (see below) will be available for free as we believe it’s just bad news for everyone in the password management world if we have out of sync databases promulgating.

Scenario – Mary & Joe and their shared database

Let’s take a look at this new feature briefly. One of the most common ways you can get out of sync versions is when you have multiple “editors”. Perhaps you are sharing your database with your partner Mary. Let’s say Mary goes off on a nice hike and (for some reason) decides to cleanup or re-organise your shared database. Meanwhile around the same time, you are at home and you just found a cool new bookshop which you signed up to immediately. Of course you diligently entered your login details into your Strongbox database. Well now we have arrived at that dreaded out of sync situation… What do these two databases look like? Let’s see an illustrative example.

Joe found a new bookshop…
Mary’s been busy organising!

Ruh roh… This is less than ideal. Joe has added his new favourite bookshop, Waterstones, to the database. Meanwhile Mary has been tidying up the database, moving entries around and creating a nice group structure. Ideally we really don’t want to lose any of these changes!

Well that’s where the new Compare & Merge feature comes in super handy! Let’s say Mary gets back and now you both realise your databases are out of sync. No problem! Let’s get Mary’s copy on to our devices and get the process started.

We tap and hold our database and select ‘Compare & Merge’ then follow the instructions on screen.

Get started by tapping Compare & Merge
Comparison

Finally we get to the comparison screen. As you can see Strongbox has figured out what changes were made by Mary and the changes necessary to bring your database up to speed with all of her changes. You can see she has moved a number of items around (you can even drill down and find out to where) and created a number of groups.

If you’re happy with all these changes you can go ahead and tap Merge to have Strongbox perform these moves, additions and edits. So that’s it! Here’s what that looks like after the Merge.

After Merge

That’s all there is to it really. There is a ton of complexity hidden behind this pretty UI but we hope that’s what you’ve come to expect of Strongbox. Now a short word on our next major feature, Advanced Sync, which automates this process, and which we promise is coming really soon!

Advanced Sync – Coming Soon

As you have probably guessed the same algorithm that is used for comparing and merging your databases intelligently can be used and automated when Strongbox detects your local and remote databases have gotten out of sync. Advanced Sync depends on this smart/intelligent algorithm and so that’s why this latest feature ‘Compare & Merge’ has come first. It’s a little more awkward to setup a merge because you need to add the other version of the database. We feel it was worth making this it’s own feature though. You never know when you’ll need to compare databases! Advanced Sync will seamlessly integrate this feature into the already extensive Sync architecture of Strongbox. Fingers crossed you’ll never see another out of date version of your database again.

Conclusion

Compare & Merge is a super handy tool for your databases. It should give you the confidence you need to perform merges and perhaps even figure out how you ended up in the non synchronised state in the first place. The process will be more automated as part of your regular Strongbox sync in the coming weeks so you might come across this and appreciate it completely serendipitously… We hope you’ll like it! 🙂

Lastly if you liked this article or you think this is a cool feature, please feel free to share it on social media or with your friends and family.

AutoFill on macOS

With the release of macOS Big Sur Apple now provides a fully integrated way to fill in your passwords on different sites and App, all inside that App or site. There’s no need to switch to your Password Manager and Copy/Paste. Strongbox (as of 1.14.0) now integrates with Apple’s Password AutoFill subsystem to offer suggestions and fill in passwords. This follows on from the iOS integration which has been available for a few years now and has proven very convenient. Finally it has come to Mac.

NB: Mac AutoFill support is only available with Strongbox Pro. You can try this out for free for 90 days with no obligation to buy. We hope you’ll love it.

Note that this AutoFill system on works on Apple’s latest OS (macOS Big Sur) and only with Apps and Browsers that have upgraded to support the Password AutoFill system. So far, as of post time, the only major browser that supports AutoFill is Safari. We believe this will change over the coming months and we should see ubiquitous Password AutoFill support in most browsers and Apps in short order.

Setup

Setup should be straightforward. In Strongbox there is an Onboarding Wizard that should help guide you through initial configuration. But you can always checkout your Strongbox AutoFill settings by unlocking your database and clicking on the menu item:

Database ‣ AutoFill Settings

You will then be presented with the following screen:

As you can see the first checkbox will hint that you should enable the Strongbox AutoFill component in the System Extensions preference pane. It can be found on your Mac here:

System Preferences ‣ Extensions ‣ Password AutoFill ‣ Strongbox

Once the Strongbox AutoFill extension is enabled on your system the other options will become available in Strongbox’s AutoFill Settings screen. You can enable or disable Strongbox AutoFill individually for each of your databases.

Safari Settings

With Safari being the primary browser for a lot of Mac users, you will also need to make sure Safari is AutoFill enabled. You can find this setting under

Safari Preferences ‣ AutoFill ‣ Usernames and Passwords

Make sure this is enabled. You can read a little more about those settings here.

QuickType AutoFill

One of the most convenient aspects of AutoFill is QuickType. This is where suggestions for credentials are presented to you inline in your browser or App and you can immediately select the appropriate one.

QuickType in Action

You can opt-in or out of this behaviour by checking the ‘Enable QuickType AutoFill’ checkbox on the AutoFill Settings screen.

One More Thing – The Wormhole

Unlocking your database can be a cumbersome process, Strongbox is designed for protection against brute force attacks and therefore requires some heavy processing before it can open your database. Further if you’re not using Touch ID or Apple Watch Unlock entering your master password takes time and is error prone. Strongbox AutoFill has the capability of unlocking your database independently but if it detects that you already have your database unlocked in the background it can establish a secure tunnel or “Wormhole” to request your credentials without requiring authentication or going through the whole unlock and decrypt process.

NB: that you must tap on a QuickType suggested credential for this to work. It doesn’t work if you just select ‘Strongbox’ from the little key dropdown. This is because the AutoFill component can only request a specific credential from a specific database via the wormhole.

This is an optional performance enhancement feature, and again you can opt in to it by checking ‘Use Wormhole Fill if Unlocked’ option on the AutoFill Settings screen.

We really hope you’ll find this new feature super convenient and as other third parties start supporting Password AutoFill we should see some really great results and a smooth painless password filling process for Mac at last!

Update 27 December 2020: It looks like Firefox are aware of this issue but could perhaps use some encouragement in integrating into their browser! See here:

https://bugzilla.mozilla.org/show_bug.cgi?id=1650212

Update 08 February 2021: It looks like Chrome are now aware of this issue but could perhaps use some encouragement in integrating into their browser! Please show your enthusiasm. 🙂

https://bugs.chromium.org/p/chromium/issues/detail?id=1170065#c14