We’ve been working hard over the last few months, toiling in the lab, to bring you our latest and maybe our greatest feature yet. Wi-Fi Sync. This has been one of our most requested features from power users and 1Password escapees. Today, we’re happy to announce that Wi-Fi Sync is now available in Strongbox, and we’re very excited to hear what you think.
Note: Wi-Fi Sync is a Pro feature and development has only been possible with the support of our Pro users (thank you!).
What is Wi-Fi Sync?
Wi-Fi Sync is a new way to keep your password databases in sync across devices and only on those devices. It doesn’t require a server, cloud drive or any cumbersome one time copies, transfers or merges.
Wi-Fi Sync keeps databases in sync over a local network. Yes, although we call it Wi-Fi Sync, it also works over a plain old ethernet cable. We just thought Wi-Fi Sync sounded better!
Read on for a little more detail behind our latest feature, or jump straight in with our How To section below.
What Problem Does This Solve?
One pain point with using an Offline First password manager like Strongbox is managing to keep your database(s) in sync across all of your devices. Many people use a third party cloud drive like OneDrive or Dropbox, and Strongbox does provide good support for this, but people are becoming more wary of storing their data on someone else’s server. Quite a few people are trying to “de-Googlify” their lives.
Some of the big corporate password managers solve this by using their own centralised cloud servers, and protocols, which act as the single point of truth (or failure!). For a lot of people this is an acceptable compromise, but for many of our users this is a step too far along the security-convenience tradeoff spectrum.
Some of our users truly want to own their secrets. They don’t want them stored on some server run by a VC or private equity backed, growth at all costs, faceless, greedy corporate behemoth. The many recent security breaches speak for themselves.
Old Solution 1: Running Your Own Server
Another way to keep your devices in sync without relying on a third party cloud is to run your own server. Many of our users do this either by running an SSH/SFTP server on their Linux box, or by using WebDAV to access their NAS machines. We’re lucky to be blessed with such technically advanced users but this level of sophistication isn’t for everyone. That’s before we get into keeping these machines up to date, redundancy/backup planning, 24/7 uptime, availability over the Internet, or if not, handling the offline scenario when away from home. Also, punching holes in firewalls and port forwarding can be risky.
Some people love the challenge inherent in this, but one must admit it’s not everyone’s cup of tea. How’s your knowledge of the latest public key cryptography? Can you recall the command line switches for
ssh-keygen? Many mere mortals cannot.
Old Solution 2: Ad Hoc Transfers
Yet another way to keep your important secrets in sync involves ad hoc one time copies, transfers and merges. This requires some discipline but it can work. Strongbox provides quite a few methods to help with this, and also merge support which becomes essential. Let’s run through just a few of them…
You can Airdrop your database to Strongbox (though iOS17 made things more cumbersome here). You can mail the database to yourself and pick it up on your device(s). You can use our previous “Transfer over Local Network” function, which runs a little web server on your iOS device allowing you to copy databases over from your desktop browser. You can even use good olde fashioned iTunes or Finder File Sharing over a USB cable.
New Solution: Wi-Fi Sync to the Rescue
So, what if you don’t want to use a third party cloud drive? What if you don’t want to manage and run a server? What if you don’t want to jump through all these ad hoc transfer hoops? Wouldn’t that be wonderful? Enter Strongbox Wi-Fi Sync…
Strongbox Wi-Fi Sync solves these problems by running it’s own sync mechanism on your Wi-Fi network accessible only on the same Wi-Fi network. It is not accessible over the wider Internet. We use Zero Configuration Networking, often referred to as Bonjour Networking on Apple platforms. This is the same technology that powers AirDrop and AirPrint, just dedicated to syncing Strongbox databases across your devices securely and seamlessly.
How to setup Wi-Fi Sync
Let’s get straight into it. We’ll walk you through setting up Wi-Fi sync on your devices. As you’ll see there’s not a whole lot to it, we’ve tried to eliminate as much complexity as possible.
Choosing your Source Device
To use Wi-Fi Sync you will need to choose one device to act as your Source Device. At the moment, this must be a Mac running Strongbox Pro. Once you’ve chosen your source device, you can have many Client Devices which can access and edit the database(s) provided by the source device.
Source Device – Step by Step (macOS)
- Go to Settings by clicking on the Strongbox > Settings… menu item (or ⌘+,)
- Click on the Wi-Fi Sync tab (see Screenshot below)
- Ensure Wi-Fi Sync is switched ON
- Choose a memorable passcode or use the existing auto generated one (Client devices will need this to connect)
- Change the Service Name if it’s not to your liking. The default is your Mac’s name.
Client Device(s) – Step by Step (iOS)
- Tap the + button in the top right corner and choose Add Existing.
- Next, on this Select Storage screen under the Wi-Fi Sync section, you should see your Source Device service name.
- Permissions Note: you will need to allow Strongbox access to your Local Network. You’ll see a button indicating this if it doesn’t already have permissions. Tap there and allow Strongbox access.
- Tap on the source device service name.
- You’ll now need to enter the passcode for your source device. As mentioned above this is available under the Wi-Fi Sync settings of your source device.
- You will now be presented with a list of available databases for Wi-Fi Sync. Choose one.
- You can give your Wi-Fi Sync database a nickname or just accept the suggested one
Now you’re all set. Tapping on your newly added Wi-Fi Sync database will initiate the standard unlock and onboarding procedures. Feel free to edit as you please, changes will be pushed back to your source device. Repeat as desired for your other databases and devices.
Into the Weeds
We’ll run through Wi-Fi Sync in more detail below. We’re sure you’ve got lots of questions.
Offline Handling (AKA Leaving the House)
So, what happens when you’re out and about? Most of us don’t spend all day connected to the same Wi-Fi network at home or wherever it might be. Good news, Strongbox is able to detect when your source device is available. You can see this yourself on the home screen of Strongbox. There’ll be a little green Wi-Fi icon on your database indicating that the source device is available. If this icon is grey then Strongbox hasn’t detected the source device. Not to worry, you can still unlock your database and make edits. Strongbox will save these and the next time you’re back on the Wi-Fi network, Strongbox will merge these changes with any that might have been made on the source device since you last synced with it. These could be changes made on the source device itself, or changes made on other devices.
Relayed Sync: Wi-Fi Sync -> MacBook -> Your Server
One advanced feature that some users may find very useful is the idea of a relayed sync. You can use Wi-Fi sync on many of your client devices to access and update your database(s). On top of this you can also have the database on the source device (usually your MacBook) be stored at another storage location. For example, you can have your source device with a database stored on an SFTP server, or NAS server. Now anytime a client Wi-Fi sync device pushes updates to the source device, those updates will in turn be “relayed” onward and synced to the SFTP or NAS server, or wherever it may be stored. This allows you to have an extra layer of redundancy and backup should you ever have issues with your source device, or you’re just worried about having enough backups of your database(s).
We use Zero Configuration Networking for device discovery. For networking we use Transport Layer Security (TLS) with a Pre Shared Key (PSK). In addition, databases are always transferred in their encrypted file format (e.g. KeePass KDBX or Password Safe PSAFE3). Master passwords or other credentials are never transferred over the network. Database metadata like the nickname, size and modified date of your databases are sent in encrypted JSON format protected by TLS-PSK.
It’s early days for our newest feature and we expect to make some improvements and changes over the coming months, but we’re super excited and we hope that this makes things easier for users, and that this in turn, makes our users more secure.
Any thoughts, feedback, questions or suggestions are very welcome.