Syncing issues?

Please see our Syncing FAQ.

pwSafe Cloud issues?

Please see the pwSafe Cloud FAQ.

Why is pwSafe 2 a paid upgrade?

pwSafe has been on the App Store since June 2011 and has received more than 30 free upgrades since, including iPad support, two major visual redesigns and timely support for all iOS releases since iOS 4. 

iOS 8 introduced two new technologies which required major work on our side: extensions and adaptive layouts. To be able to fund those great new features and others like TouchID and full dynamic text support, we had to charge for this upgrade.

We will keep on providing free upgrades after this one as much as possible.

If I upgrade to pwSafe 2, will I have to buy Dropbox Sync again?

No. As soon as you launch pwSafe 2 for the first time, it will ask your permission to bring over settings and safes from pwSafe 1. When it does that, it will recognize your previous Dropbox purchase and enable this feature on pwSafe 2 without requiring any further payment. You'll only need to re-link to your Dropbox account and your Dropbox safes will re-appear automatically.

Do I need to subscribe to sync or otherwise use pwSafe?

No, the subscription is just for pwSafe Cloud. Although we think pwSafe Cloud adds great value to pwSafe, you don't need to subscribe to it to have a fully-functional password manager, including access to Apple's iCloud Drive for syncing. You'll be missing only Cloud Memory and Cloud Backups.

How do I use Safari integration on iOS?

Before using it, you need to enable pwSafe's action extension. To do that, tap the share icon and then select the rightmost ellipsis icon on the black and white icon row. Enable pwSafe in the list which will pop up.

Then, whenever you need to autofill a form, create a new password or change an existing one, tap the share icon and then the black and white pwSafe icon. You may move that icon to the left by tapping, holding and then dragging it with your finger.

How do I use TouchID to unlock my safes?

First, unlock your safe as usual, using your password. Them, tap the settings button to the bottom of the screen, which is the safe settings button. Finally, tap "Enable TouchID".

Next time you need to unlock your safe, you'll be able to do so using your fingerprint.

I lost my password, how do I recover my data?

You don't, that's impossible. The password is used as a cryptographic key to encrypt your data. That means that we couldn't recover your password or data even if we wanted or were coerced to do it.

The only way to recover you password is to try every possible combination of numbers, letters and symbols (brute-force).

Which encryption algorithms does pwSafe use? How secure is it?

pwSafe uses Twofish for encryption. Twofish is a 256-bit algorithm which was one of the five finalists of the AES competition (won by Rijndael algorithm). If you wish more details, that's the technical description of pwSafe's file format.

Since only using strong algorithms is not enough, pwSafe borrows its security code from the Password Safeopen-source project, which is around 10 years old and has been originally designed by the security guru Bruce Schneier. By doing that, it ensures a very low probability of having security related bugs which would allow an attacker to go around the cryptography. It also brings another advantage: it is compatible with many apps for many different platforms.

When transfering your safes to and from Dropbox it uses SSL, which encrypts all data and also authenticates the Dropbox server. The same goes for Cloud Backups.

If a master password is configured, when pwSafe is moved to the background, it encrypts the passwords you used to open the safes which are not closed (the ones with a red padlock). This encryption is performed using AES-128 in CBC mode and an encryption key derived from your master password by hashing it and a random salt with SHA-256 128 times.

Why don't pwSafe use a 512-bit (or longer) encryption algorithm?

The short answer to this question is: because it wouldn't make pwSafe safer.

That's actually an interesting question, because it contains a common misconception caused by misunderstanding of cryptography fundamentals by marketing-driven security products manufacturers. Let me explain:

  1. Provided you use a sufficient large key (128 bits is large enough) you can't break an encryption algorithm by brute-forcing it. Unless quantum computers become practical, there's not enough energy in the entire solar system to try all combinations.
  2. There is no such thing as 512-bit AES, which is advertised by some. AES comes in 3 flavors, 128, 192 and 256 bits. As strange as it may look, 128-bit AES is actually considered the safer choice, due to advances that have been found by scientists trying to break the other variations.
  3. After about the 128-bits threshold, adding bits to a cryptography algorithm doesn't necessarily make it safer. Take the AES example above: Bruce Schneier, a famous cryptography scientist, recently wrote: "And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the foreseeable future."

pwSafe uses Twofish encryption algorithm (256 bits key). Although AES-128 would be a better choice security-wise (it's a more thoroughly analyzed algorithm than Twofish), changing algorithms would break compatibility with Password Safe apps for the Mac, PC and Linux, which is a big advantage.

How to assign an entry to a group?

On the Mac, drag and drop the entry on the left list.

On iOS, tap edit, then tap the "Group" section just below the email field (it only appears when editing).

How do I use facial recognition?

First of all, you'll need to install the facial recognition app by BIOMIDS. Then, link pwSafe to it:

  1. Go back to pwSafe.
  2. Open your safe.
  3. Tap the gear-like button to the bottom (and left, if on an iPad). If you can't see a gear-like button, then tap "Groups" on the top left to go back to the groups screen (iPhone).
  4. Tap "Register with Mobius".
  5. The facial recognition app will open. Follow its on-screen instructions to learn your face and register a fallback password.
  6. Done, it will switch back to pwSafe.

To test it, tap the padlock button to the bottom left to close your safe. Then, tap on it and, instead of inputing your password, tap "Unlock with Mobius" and look at the camera. You might need to blink or smile for Mobius to detect the image as a live face (in opposition to a photo).

Still have questions?

Contact us!