How do I get started with pwSafe?

First of all, you have to create a safe. A safe is where your passwords and login information are stored in encrypted form. You can do that by tapping the + button, choosing "Create safe in iCloud" and filling out the safe name and password (twice). After you created your safe, tap on its name to edit its contents or add entries. Since you just created the safe, you won't be prompted for your password at this time (the padlock is red and open). If you do leave the app for some time, it will prompt you the password to give you access to your data (green and closed padlock).

Once inside your safe, you'll find yourself on the "Groups" screen (to the left if using an iPad). Instead of creating groups, for now, tap "All Items" and then tap + (the one on the right side this time, also if on an iPad) to create your first entry. That's almost all there is to it, pwSafe is meant to be minimalistic in its mission of storing passwords.

After you have created a few entries, if you wish, you can organize them into groups. On the screen were you tapped "All Items", tap the + button to create groups. After that, go to "All Items" again, edit your entries and assign them to groups. This is an optional step, you can also use a flat list of passwords and use the search function.

When coming back to see your stored information, just tap on any entry to copy its password to the clipboard. If you tap the blue arrow, you'll see the entry's details. Tap any field to copy it to the clipboard. Finally, if you tap the sunglasses icon the password and notes field will be revealed.

Entries screen

On any other app, after you've copied the information you want to the clipboard, tap the field in which you would like to paste it, wait for a while and then press "Paste" on the menu above it which shall appear.

What's the difference between Dropbox and iCloud sync?

In short, iCloud is easier to use but does not allow for syncing with apps other than pwSafe for iOS and Mac.
Dropbox, on the other hand, is a little bit trickier, but supports syncing with other apps on all kinds of computers.

Dropbox is more complicated because we don't sync the whole Dropbox folder (or any subfolder thereof). Because of that, you get the flexibility of syncing with individual safes stored anywhere inside your Dropbox folder. On the other hand, you have to manually specify each one of these safes.

Since all of Dropbox content is replicated to a folder inside each one of your computers, you can access your safes with apps not made by us, such as these.

iCloud uses a different model: each app sees a completely isolated storage folder. This means you don't have to select which safes to sync, all iCloud safes are replicated to your devices.

Since it is implemented outside pwSafe, iCloud continues to sync even when pwSafe is not running. Because of that, syncing is seamless: it happens automatically before you even open pwSafe.

Unlike Dropbox, iCloud does not support a generic folder replication scheme on Macs or PCs. That means pwSafe's iCloud sync is limited to Macs and iOS devices (iPhone, iPad and iPod Touch).

Why doesn't my iCloud safe's password work?

When pwSafe doesn't accept your password for an iCloud safe and either keeps spinning the activity wheel or says something like "Operation couldn't be completed", this means the iCloud Documents & Data subsystem on your iOS device is misbehaving.

The problem you are facing is that iCloud is not letting go of your safe in order for pwSafe to be allowed to read it. This problem usually goes away by itself after a while or a reboot. If it does not, please perform this procedure:

  1. Go to the Settings app and turn off "Documents & Data" on iCloud settings.
  2. Reboot the device.
  3. Re-enable "Documents & Data" and
  4. enable syncing over cellular data or connect to wi-fi.

If it doesn't work at first, repeat those steps making sure your device is connected to a internet-connected wi-fi network. You may have to do it a few times until iCloud picks up on syncing.

How to enable iCloud Documents & Data

How do I transfer a safe from my computer to pwSafe using iTunes?

  1. Connect your iPhone or iPad to your computer.
  2. Launch iTunes.
  3. On the left pane, click on your device.

At this point, you'll see a screen similar to the one below.

iTunes screenshot
  1. On the center panes, click on "Apps".
  2. Scroll down to reveal the "File Sharing" section and click on pwSafe.
  3. Now, click on Add and choose the safe file you want to transfer to pwSafe.

How do I transfer a safe from my computer to pwSafe using e-mail?

  1. Be sure to use a safe file with the .psafe3 file extension. If it is .dat, please upgrade it using the latest version of Password Safe.
  2. Send yourself an e-mail containing the attached safe.
  3. On you iPhone or iPad, open that e-mail.
  4. Tap on the attachment.
  5. Choose "Open in pwSafe".
E-mail screenshot

What app do I use in my computer to open the safes?

On a MAC: pwSafe for Mac

On a PC: Password Safe

How to sync between my computer and my device?

If your computer is a Mac, you can use iCloud and pwSafe for Mac, it's fully automatic.

If you have another kind of computer (a PC, for example), the Dropbox service is needed. Dropbox is a web service for syncing files across devices. On your computer, it will create a special folder whose files will all be sent to Dropbox's servers on the internet for backup and synchronization purposes. On your iPad or iPhone, pwSafe app will connect to their servers and download or upload your safe so that it is always synchronized with the one on your computer. By using Dropbox, you won't have to do any manual work to have your safe synchronized across your devices and your computers: once everything is setup, every single change will go to Dropbox's servers and then back to your other devices or computers.

First of all, enable Dropbox Sync option:

  1. On your device, tap the top-left Settings icon and buy the Dropbox sync option. If you have more than one device, you'll just need to pay once. After buying Dropbox Sync on the first device, tap "Restore purchase" on the others and use the same Apple-ID as before.
  2. After buying or restoring Dropbox Sync, enter your Dropbox credentials. If you don't have one, get yourself a free Dropbox Account.

Now, if you haven't already, please install the Dropbox software on you computer and follow one of the instructions below:

  • If you already have a safe on your device:
    1. tap "Edit" on the home screen,
    2. drag your safe to the "Dropbox safes" section.
    3. You'll be prompted to choose a folder inside your Dropbox. Browse for it or, if unsure, just tap "Select folder" to use the root Dropbox folder itself.
    4. On your PC, install Password Safe. If it's a Mac, install pwSafe for Mac
    5. Open Password Safe (PC) or pwSafe (Mac) and open your safe which will already be waiting for you inside your Dropbox Folder.
  • If you already have a safe on your Mac or PC:
    1. Make sure it is stored inside your Dropbox folder. You can locate where your safe file is stored by clicking the ellipsis button on the password prompt screen of Password Safe.
    2. On the pwSafe app, tap the "+" button on the home screen
    3. Tap "Link to Safe in Dropbox"
    4. Browse for your safe inside your Dropbox folder and tap "Done"
    5. Your safe will be loaded to the "Dropbox safes" section. Just tap on it and enter your password to access your secret information.
  • If don't have a safe yet:
    1. Tap the "+" button.
    2. Choose "Create Safe in Dropbox".
    3. Browse for a folder to store your safe inside Dropbox. If unsure, just tap "Select folder" to use Dropbox's root folder.
    4. Enter a name and a strong password for your new safe.
    5. On your PC, install Password Safe. If it's a Mac, install pwSafe for Mac
    6. Open pwSafe (Password Safe on a PC) and open your safe which will already be waiting for you inside your Dropbox Folder.

Finally, to make sure sync works in test scenarios, when you move rapidly from your iPhone or iPad to your PC and back, just do this:

  • If you change the safe on your iPhone or iPad, make sure you "lock" it in the system tray beforehand. This will usually happen automatically after 5 minutes or so.
  • If you change the safe on your computer, make sure you "lock" it in the system tray after modifying it, so that it's saved and synchronized to Dropbox. pwSafe will update itself shortly thereafter.

Again, in normal usage, you don't have to do any of this, the timeouts will take care of all that.

How do I move a safe?

To move a safe, tap the "Edit" button, and drag the safe to the new section using the drag handle on the right. You need to tap and hold the drag handle with your finger for a while before being able to move the safe. The drag handle is the area where those three horizontal dashes are.

Drag handle

Which encryption algorithms does pwSafe use? How secure is it?

pwSafe uses Twofish for encryption. Twofish is a 256-bit algorithm which was one of the five finalists of the AES competition (won by Rijndael algorithm). If you wish more details, that's the technical description of pwSafe's file format.

Since only using strong algorithms is not enough, pwSafe borrows its security code from the Password Safe open-source project, which is around 10 years old and has been originally designed by the security guru Bruce Schneier. By doing that, it ensures a very low probability of having security related bugs which would allow an attacker to go around the cryptography. It also brings another advantage: it is compatible with many apps for many different platforms.

When transfering your safes to and from Dropbox it uses SSL, which encrypts all data and also authenticates the Dropbox server.

If a master password is configured, when pwSafe is moved to the background, it encrypts the passwords you used to open the safes which are not closed (the ones with a red padlock). This encryption is performed using AES-128 in CBC mode and an encryption key derived from your master password by hashing it and a random salt with SHA-256 128 times.

Why don't pwSafe use a 512-bit (or longer) encryption algorithm?

The short answer to this question is: because it wouldn't make pwSafe safer.

That's actually an interesting question, because it contains a common misconception caused by misunderstanding of cryptography fundamentals by marketing-driven security products manufacturers. Let me explain:

  1. Provided you use a sufficient large key (128 bits is large enough) you can't break an encryption algorithm by brute-forcing it. Unless quantum computers become practical, there's not enough energy in the entire solar system to try all combinations.
  2. There is no such thing as 512-bit AES, which is advertised by some. AES comes in 3 flavors, 128, 192 and 256 bits. As strange as it may look, 128-bit AES is actually considered the safer choice, due to advances that have been found by scientists trying to break the other variations.
  3. After about the 128-bits threshold, adding bits to a cryptography algorithm doesn't necessarily make it safer. Take the AES example above: Bruce Schneier, a famous cryptography scientist, recently wrote: "And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the foreseeable future."

pwSafe uses Twofish encryption algorithm (256 bits key). More info about it in another FAQ question. Although AES-128 would be a better choice security-wise (it's a more thoroughly analyzed algorithm than Twofish), changing algorithms would break compatibility with Password Safe apps for the Mac, PC and Linux, which is a big advantage.

Why there's another safe with a "-1" suffix besides my safe?

This happens when there is a conflict during Dropbox Sync.

Imagine the scenario in which the following steps are performed one after the other rapidly:

  1. In your iPhone or iPad: open safe named SAFE.
  2. In your PC: open SAFE, add a new entry.
  3. In your iPhone or iPad: add another entry to the already opened safe.

    At this point, your device will try to save it's safe, which doesn't contain the entry created on your PC, to Dropbox. During the process, pwSafe will realize that the safe SAFE in Dropbox has been modified after pwSafe last saw it. Because of that, pwSafe will refuse to overwrite the safe in Dropbox in order not to lose the entry created in your PC.

  4. You tap sync now on pwSafe's home screen or wait 30 minutes and relaunch pwSafe.

    At this point, it will rename your safe to SAFE-1 and update the SAFE safe with the changes from your PC.

    SAFE-1 will contain the entry created on your device and SAFE the one created on your PC.

To fix this situation and merge the two safes back, you can use the "merge" or "sync" functions of PC Password Safe.

In order for this not to happen in the first place, either:

  1. Wait at least 30 minutes (configurable in the Settings app) before changing the safe in pwSafe after changing it in your PC.
  2. Add a 2.5 step to the sequence above, in which you would go back to pwSafe main screen, tap the Dropbox icon and the "Sync now" before updating your safe.

Finally, this can also happen if your device was offline when you changed your safe, for the same reason: a merge conflict during sync.

Why there's another safe with a "- MyName's iPhone" suffix besides my safe?

This second safe is the product of a merge conflit in iCloud sync.

In iCloud sync, merge conflicts can happen in two scenarios:

  1. The same safe is changed in two different devices when at least one then is off-line.
  2. The same safe is changed in two different devices during a very short time span.

In both cases, when the conflict is detected, you get two safes and the older one is renamed.

Why can't I view my .psafe3 files inside the Dropbox app?

Dropbox app is only able to view common files, such as word documents or pictures. Its purpose is to browse your Dropbox folder and view these common files. For less common files such as pwSafe files, you'll always need another app.

That's the reason why pwSafe connects directly to the Dropbox servers for syncing. Actually, you don't even need to have the Dropbox app installed in your iPhone or iPad if you would like to have pwSafe sync your safes with your Dropbox folder.

Finally, just like you can open a safe attached to an e-mail, you can open a safe in pwSafe from inside the Dropbox app. Please remember this safe won't be synced, it's a one time file transfer from your Dropbox to pwSafe's internal storage:

  1. Find your safe inside the Dropbox app and tap on it.
  2. Tap the button with the arrow comming out of the box.
  3. Choose pwSafe app.
  4. In pwSafe, enter your safe password.
How to open psafe 3 file from Dropbox app

I lost my password, how do I recover my data?

You don't, that's impossible.

The password is used as a cryptographic key to encrypt your data. That means that we couldn't recover your password or data even if we wanted or were coerced to do it.

The only way to recover you password is to try every possible combination of numbers, letters and symbols (brute-force).

How do I assign an entry to a group?

First of all, if you don't have one already, you'll need to create a group. To do that, go to the groups screen and that the + button:

Groups screen

Fill in the group name and, optionally, choose a parent group for your new group.

Once you have the group you wish to put your entry into, edit your entry, tap "Groups" and tap on the group name. Save your entry and you are set.

How to change a group

How do I change my safe password?

  1. Tap on your safe name.
  2. Enter you current password to open it.
  3. Tap the gear button on the bottom center.
  4. Tap "Safe Password".
  5. Enter your new password twice and tap "Done".
Change Safe Password

How do I use facial recognition?

First of all, you'll need to install the facial recognition apps by BIOMIDS:

  1. Open pwSafe settings by tapping the gear icon to the top left.
  2. Choose "Facial recognition".
  3. Tap "Get it now" and install the facial recognition app from the app store.

Then, link pwSafe to it:

  1. Go back to pwSafe.
  2. Open your safe.
  3. Tap the gear-like button to the bottom (and left, if on an iPad). If you can't see a gear-like button, then tap "Groups" on the top left to go back to the groups screen (iPhone).
  4. Tap "Register with Mobius".
  5. The facial recognition app will open. Follow its on-screen instructions to learn your face and register a fallback password.
  6. Done, it will switch back to pwSafe.
  7. To test it, tap the padlock button to the bottom left to close your safe. Then, tap on it and, instead of inputing your password, tap "Unlock with Mobius" and look at the camera. You might need to blink or smile for Mobius to detect the image as a live face (in opposition to a photo).