pwSafe Cloud is a couple of optional internet services which improve pwSafe.

Cloud Memory

Cloud Backups

We designed pwSafe Cloud to make pwSafe more convenient and more secure.

Cloud Memory

The Problem

Even if you select a long time to keep your safe open, pwSafe isn't able to respect it. By design, we choose security over usability, and force your to re-enter your password when re-launching the app.

The reason behind this is that, when iOS needs more memory for a foreground app, it removes backgrounded apps from memory. When this happens to pwSafe, your safe's password is also removed from memory. To be able to recover it upon re-launching, pwSafe would need to save it on the device's permanent storage. Of course we could encrypt your password, but pwSafe would then need to have access to the encryption key when restarting. We could also save the encryption key and encrypted password on the device's KeyChain, but that would only make it harder, not impossible, for someone which got hold of your device to be able to crack your safe open even after the time you've chosen has elapsed. 

If we could set an expiration date on a KeyChain password, which we currently can't, setting a very long time (in the order of days instead of minutes) on your safe would still be very insecure, because, during that period, any attacker would easily get hold of your safe's content.

The solution

Cloud Memory is a cloud service which fixes both issues. Here's how it works:

First, when pwSafe is closed with an open safe, it will encrypt the safe password with a freshly generated random key, and store the encrypted password on the device's Keychain. That random key is then sent to our servers, along with its expiration date. When pwSafe is re-launched, it asks the server for the keys it has saved, and the server only includes non-expired keys back in its reply. With those keys, pwSafe then unlocks your previously unlocked safes, in a seamless experience.

This means we don't have access to your safe's password at any time. Even if we were served a court-order asking for your safe password, we wouldn't be able to comply. This also means the period of time you set is respected, because it's enforced by our always-on servers. We even remove expired keys from our database periodically. 

Finally, when you register your device with pwSafe Cloud, you'll also get a link which, when clicked, immediately clears all keys for that device from our database. If your device is ever lost or stolen, you can open the confirmation email and click this from any computer and be assured that your passwords are secure.

If you have any doubts, please contact us and we'll be glad to clarify any doubts you might have on Cloud Memory.

Cloud Backups

The Problem

You can't lose your passwords, even if you make a mistake.

iCloud is great for syncing, but if you accidentally change your safe in an undesirable manner, there's no coming back, it only saves the two most recent versions of your safe. Dropbox may help with that by means of their File Versions feature, but unless you buy their Extended Version History optional add-on, there are no guarantees after 30 days.

It could also be that you prefer to stay away from Apple and Dropbox because of privacy concerns, and use Local safes instead. Then, the only backup lies on your device, or on your computer if you use iTunes for syncing.

The solution

Cloud Backups is a cloud service which stores unlimited backups of your safes on our servers. 

We store your safes' copies exactly the way they are stored on your device: fully encrypted by your passphrase. This means even if a hacker successfully attacked us and got hold of your data, there's nothing they could do except try to brute-force your password, i.e., try all possible passwords until they find the right one. 

Here's some extra information on the way we store and protect your data:

  • Safes are stored on Microsoft Azure Storage.

  • We use an Azure fully private container. When uploading a safe, pwSafe gets a token which is good for 59 minutes. When downloading (restoring), the token expires in 30 minutes.

  • Safes are stored on two geographically distinct sites, so as to protect your data against a disaster-like scenario.

  • You can delete all versions or any single version of a safe any time you want. When you do that, we don't just mark it as deleted, we effectively remove it from storage. At this point, it is subject to Microsoft's Azure policies on deleted data and backups.

  • We never delete your safes, there are no limits on safe size or number of versions.

 

If you have any doubts, please contact us and we'll be glad to clarify any doubts you might have on Cloud Backups.

pwSafe Cloud FAQ

I already renewed, but keep receiving notification emails.

Either you are receiving notifications for a different email address or the purchase hasn't been correctly processed by our servers yet.

Please compare the destination email address to the one on pwSafe Cloud screen. If they don't match, use the link provided on the received email message to disable the notifications.

I already renewed or activated my device, but pwSafe on iOS fails to acknowledge it.

Please perform a pull-to-refresh gesture on the pwSafe Cloud screen, so that it can update itself.

How do I remove old devices from my pwSafe Cloud account?

On the Mac, open pwSafe Cloud’s window (CMD + option + C) and control-click the device you wish to remove.

On iOS, open pwSafe Cloud’s screen, find you device, and swipe it to the left, revealing a red “Remove” button.

 

Header image by Seiichiro Hazama