Strongbox Newsletter #2

Note: This is issue 2 of our newsletter (April 26th 2021) sent out to our subscribers by mail every now and then. Interested to hear news and updates about Strongbox, KeePass, Password Management and the wider InfoSec world.

Hello there, we’re back with some updates from the world of open-source password management…
There’s been a flurry of updates to Strongbox itself on both iOS and MacOS and we’ll discuss some of those below. There are some up and coming minor changes to the KeePass format which add a couple of nice to have features. One of the bigger stories more recently is that LastPass decided to change its pricing model. This happened in March and caused an online furore, so, if we have some new subscribers coming over from the proprietary world, welcome!

Upcoming Changes to the KeePass format

Dominik Reichl, the original author of the Windows KeePass program is continuously improving and refining things for his users. As the originator of the internal KeePass XML format, he sets the standard for others to follow. Strongbox of course is a KeePass client (amongst other supported formats), this means Strongbox tries to stay in-line and up to date with the latest KeePass spec. KDBX 4.1 adds some new features to the KeePass standard which Strongbox will work to integrate with. In the next major release of KeePass on windows we are expecting things like:
• Group Tags
• Optional Password Strength Evaluation
• Previous Parent Groups
• Custom Icon naming and modification and deletion dates
• Custom data with modification dates

The addition of Group Tags will allow Strongbox to fully integrate it’s “Pinned Items” feature into the database file itself, rather than storing this data in separate metadata which can get lost across uninstall/reinstall cycles or device changes.

The password strength attribute will allow users to disable “Auditing” or “Strength” checks on specific entries and as above this will be stored within the database itself.

Previous parent groups will allow proper restoration from the Recycle Bin.

The last two feature should improve “Sync/Merge” algorithms to keep the database up to date and coherent across versions. Strongbox will be integrating these new properties over the coming month or so, though it may take a while for clients to fully support the new format. Unfortunately, some people are still running KeePass 3.1 or even the older KeePass 1.0 KDB format.

New iOS Feature: Offline Editing

Since the last update, one of the major new features added to Strongbox is Offline Editing. This allows you to open your database offline (you can choose to do this even if connected) and perform edits. These edits are saved safely on your device until you re-connect/open the database online. This could be very useful for a boring flight, or just an awkward connectivity situation. This feature depended on the Advanced Sync feature we released over Christmas so that we could safely perform updates even when the underlying database had been altered by another device or user.
https://strongboxsafe.com/updates/offline-editing/

New Feature: Password Strength

This was a long time coming as some more immediately pressing technical and convenience features took precedence, but we finally managed to get password strength meters into many different and appropriate screens. This is configurable, and you can choose between simple entropy measures and a smarter algorithm known as zxcvbn which was developed at Dropbox. Strongbox also includes a new Audit measure, checking to see if your passwords are “weak” as measured by these algorithms. This should hopefully improve your security in places. We also indicate a (very) rough estimate of cracking time for each password. We’ll have a blog post up on that in the coming weeks too.

Interview with Security Detectives

I had a short interview with Aviva Zachs over at Security Detectives. She’s been interviewing many people from the info sec world. We spoke a little about the background to Strongbox, how it has grown and the current security threat landscape.
https://www.safetydetectives.com/blog/interview-mark-mcguill-strongbox/

Mac M1 News

We often get requests about native builds of Strongbox for the Mac M1. We are looking into the feasibility of this and while it isn’t an issue in terms of Strongbox code, we are currently blocked by the Yubico libraries that we use to provide YubiKey support to our users.
In the meantime, Strongbox works flawlessly via Rosetta on the M1, so this is something of a lower priority issue as we wait for Yubico to provide more modern libraries that run on the M1. We’ll monitor the situation and get a native M1 build out when we can.

May Day Weekend Sale – 20% Off

Coming up this May Day weekend (April 30th-May 2nd) there will be a 20% off sale on all Strongbox licenses. This includes iOS and Mac, lifetime and subscriptions (though reduced subscriptions are only for new subscribers and only for the first year).
If you know someone who likes Strongbox and is considering a purchase, then perhaps you can do them a favour! If you’re on the fence yourself, then maybe this will help. As a small indie start-up we appreciate your support!

Conclusion

Thanks for reading! Please let us know what you think about these new features or any other feedback you might have.
Best wishes,
-Mark (Strongbox Founder)

Recommended Posts