Introducing Wi-Fi Sync

We’ve been working hard over the last few months, toiling in the lab, to bring you our latest and maybe our greatest feature yet. Wi-Fi Sync. This has been one of our most requested features from power users and 1Password escapees. Today, we’re happy to announce that Wi-Fi Sync is now available in Strongbox, and we’re very excited to hear what you think.

Note: Wi-Fi Sync is a Pro feature. Also note that Wi-Fi Sync is not available with Strongbox Zero because it is a networking feature.

What is Wi-Fi Sync?

Wi-Fi Sync is a new way to keep your password databases in sync across devices and only on those devices. It doesn’t require a server, cloud drive or any cumbersome one time copies, transfers or merges.

Wi-Fi Sync keeps databases in sync over a local network. Yes, although we call it Wi-Fi Sync, it also works over a plain old ethernet cable. We just thought Wi-Fi Sync sounded better!

Read on for a little more detail behind our latest feature, or jump straight in with our How To section below.

What Problem Does This Solve?

One pain point with using an Offline First password manager like Strongbox is managing to keep your database(s) in sync across all of your devices. Many people use a third party cloud drive like OneDrive or Dropbox, and Strongbox does provide good support for this, but people are becoming more wary of storing their data on someone else’s server. Quite a few people are trying to “de-Googlify” their lives.

Some of the big corporate password managers solve this by using their own centralised cloud servers, and protocols, which act as the single point of truth (or failure!). For a lot of people this is an acceptable compromise, but for many of our users this is a step too far along the security-convenience tradeoff spectrum.

Some of our users truly want to own their secrets. They don’t want them stored on some server run by a VC or private equity backed, growth at all costs, faceless, greedy corporate behemoth. The many recent security breaches speak for themselves.

Old Solution 1: Running Your Own Server

Another way to keep your devices in sync without relying on a third party cloud is to run your own server. Many of our users do this either by running an SSH/SFTP server on their Linux box, or by using WebDAV to access their NAS machines. We’re lucky to be blessed with such technically advanced users but this level of sophistication isn’t for everyone. That’s before we get into keeping these machines up to date, redundancy/backup planning, 24/7 uptime, availability over the Internet, or if not, handling the offline scenario when away from home. Also, punching holes in firewalls and port forwarding can be risky.

Some people love the challenge inherent in this, but one must admit it’s not everyone’s cup of tea. How’s your knowledge of the latest public key cryptography? Can you recall the command line switches for ssh-keygen? Many mere mortals cannot.

Old Solution 2: Ad Hoc Transfers

Yet another way to keep your important secrets in sync involves ad hoc one time copies, transfers and merges. This requires some discipline but it can work. Strongbox provides quite a few methods to help with this, and also merge support which becomes essential. Let’s run through just a few of them…

You can Airdrop your database to Strongbox (though iOS17 made things more cumbersome here). You can mail the database to yourself and pick it up on your device(s). You can use our previous “Transfer over Local Network” function, which runs a little web server on your iOS device allowing you to copy databases over from your desktop browser. You can even use good olde fashioned iTunes or Finder File Sharing over a USB cable.

New Solution: Wi-Fi Sync to the Rescue

So, what if you don’t want to use a third party cloud drive? What if you don’t want to manage and run a server? What if you don’t want to jump through all these ad hoc transfer hoops? Wouldn’t that be wonderful? Enter Strongbox Wi-Fi Sync…

Strongbox Wi-Fi Sync solves these problems by running it’s own sync mechanism on your Wi-Fi network accessible only on the same Wi-Fi network. It is not accessible over the wider Internet. We use Zero Configuration Networking, often referred to as Bonjour Networking on Apple platforms. This is the same technology that powers AirDrop and AirPrint, just dedicated to syncing Strongbox databases across your devices securely and seamlessly.

How to setup Wi-Fi Sync

We’ve put together a comprehensive guide to setting up Wi-Fi Sync over on our help site here:

https://strongbox.reamaze.com/articles/what-is-wi-fi-sync-and-how-do-i-use-it

Technical Details or “Into the Weeds”

We’ll run through Wi-Fi Sync in more detail below. We’re sure you’ve got lots of questions.

Offline Handling (AKA Leaving the House)

So, what happens when you’re out and about? Most of us don’t spend all day connected to the same Wi-Fi network at home or wherever it might be. Good news, Strongbox is able to detect when your source device is available. You can see this yourself on the home screen of Strongbox. There’ll be a little green Wi-Fi icon on your database indicating that the source device is available. If this icon is grey then Strongbox hasn’t detected the source device. Not to worry, you can still unlock your database and make edits. Strongbox will save these and the next time you’re back on the Wi-Fi network, Strongbox will merge these changes with any that might have been made on the source device since you last synced with it. These could be changes made on the source device itself, or changes made on other devices.

Relayed Sync: Wi-Fi Sync -> MacBook -> Your Server

One advanced feature that some users may find very useful is the idea of a relayed sync. You can use Wi-Fi sync on many of your client devices to access and update your database(s). On top of this you can also have the database on the source device (usually your MacBook) be stored at another storage location. For example, you can have your source device with a database stored on an SFTP server, or NAS server. Now anytime a client Wi-Fi sync device pushes updates to the source device, those updates will in turn be “relayed” onward and synced to the SFTP or NAS server, or wherever it may be stored. This allows you to have an extra layer of redundancy and backup should you ever have issues with your source device, or you’re just worried about having enough backups of your database(s).

Security Details

We use Zero Configuration Networking for device discovery. For networking we use Transport Layer Security (TLS) with a Pre Shared Key (PSK). In addition, databases are always transferred in their encrypted file format (e.g. KeePass KDBX or Password Safe PSAFE3). Master passwords or other credentials are never transferred over the network. Database metadata like the nickname, size and modified date of your databases are sent in encrypted JSON format protected by TLS-PSK.

Conclusion

It’s early days for our newest feature and we expect to make some improvements and changes over the coming months, but we’re super excited and we hope that this makes things easier for users, and that this in turn, makes our users more secure.

Any thoughts, feedback, questions or suggestions are very welcome.

Recommended Posts