SamuraiSafe

SamuraiSafe is a password manager for iOS and macOS. Supports Touch/Face ID and Password Autofill.

  SamuraiSafe (iOS and macOS)

 

 Samurai Search

Samurai Search searches source code, plain text and PDF files on your iOS device or in iCloud. You may then preview matched files, or open in your favourite editing/viewing app.

  Samurai Search (iOS)

 

Password Security News

NOTE: Click the title below to see the complete item.

• Oct 2024

  Security Checkup for SamuraiSafe

  SamuraiSafe now includes a security checkup function. Select Security Checkup from an open safe from the Tools menu (macOS) or the Tools icon (iOS).

• Oct 2024

  Apple Passwords App on macOS and iOS

  Apple have released a new Passwords App on iOS 18 and macOS 15. Storing credentials in the iCloud Keychain, it is nicely designed and integrated with Safari. One issue that has been raised is that it can be unlocked with the device passcode or the account password – there is no separate master key.

• Oct 2024

  NIST Password Standards Update

  NIST has released the second update of a draft standard that includes rules for password acceptance and recommends against some common (and annoying) practices such as forcing regular password updates. It also has recommendations on lengths of passwords and allowable character sets.

• Mar 2024

  Local Autofill Safes (iOS and macOS)

  Until recently, the password Autofill feature has been restricted to iCloud safes, due to the need for both the SamuraiSafe app and the SamuraiSafe app extension to be able to read the selected password safe.

• Feb 2024

  Custom Fields for SamuraiSafe

  SamuraiSafe now supports custom fields that may be attached to a password entry.
  • The field label and value may be set to an arbitrary string value.
  • Custom fields are sorted by field label below the notes field.
  • The custom field label and value are searched when queried from the search field.
  • Limited to 20 custom fields per password entry.

• Apr 2023

  Enhanced Encryption for SamuraiSafe

  As hardware has become faster, the cost of a brute-force attack on an encrypted safe has fallen. To counter this risk, SamuraiSafe:

  • Ensures your safe password is strong (by setting a minimum standard for safe passwords),
  • will use a stronger algorithm to generate the encryption key:
    • PBKDF2 runs 50 times more iterations¹,
    • a safe specific salt is added (further complicating decryption).

  Minimum password strength is an option in SamuraiSafe settings.

  1. iPhone 6s: ~224ms, iPhone 14: ~58ms. ↩

• Dec 2022

  LastPass Breach Compromised Large Amounts of Sensitive Customer Data

  LastPass notified customers on their blog of a Security Incident. The initial incident was in August 2022, with LastPass expressing confidence that only a development environment had been accessed. An update in September 2022 reiterated that position.

• Jul 2021

  Kaspersky Password Manager: All your passwords are belong to us

  The pseudo random number generator (PRNG) used to generate passwords for the Kaspersky Password Manager was very weak, and wasn’t not suitable for cryptographic use. It was being seeded by the current time (in seconds), which meant that every instance of the Kaspersky Password Manager in the world would generate the exact same password at a given second. it was therefore very easy to bruteforce. It has subsequently been updated.

• Sep 2020

  If Hackers Crack a Six-Digit iPhone Passcode, They Can Get All Your Passwords

  This article points out that if your iOS passcode is discovered, your passwords stored in the iOS KeyChain will be exposed. The solution is to store your passwords somewhere else. Like SamuraiSafe.

• May 2020

  Dangers of auto-fill in web browsers

  SamuraiSafe resisted adopting password autofill of web pages within the web browser, as the implementations were often vulnerable to compromise. SamuraiSafe now adopts Apple’s AutoFill Credential Provider Extension interface which is built into iOS/iPadOS/macOS. It aims to avoid such vulnerabilities.

• Feb 2020

  Revisiting Security Vulnerabilities in Commercial Password Managers

  An analysis of five popular commercial password managers discussing previously disclosed vulnerabilities and exploits for newly discovered vulnerabilities. Many of the previously reported vulnerabilities have been found to persist.

• Mar 2019

  Should you be concerned about a password manager that uploads passwords to its server?

  An attack on server API used by a popular password manager. The exploit tricks the password manager server to disclose your encryption key. It arises from an interaction between a trusted extension user interface with web applications.

• Feb 2019

  Recovering the Master Password from a Locked Password Manager

  By analysing password managers in running states on Windows 10, ISE found a fatal flaw in an otherwise good password manager. This type of exploit requires malicous access to the OS, so potentially applies to macOS (or a jailbreaked/compromised iOS).

• Feb 2017

  Diceware passwords now need six random words to thwart hackers

  Diceware is an effective way of generating strong passwords by rolling dice. Ars notes the creator now recommends using six words where five were previously recommended. The SamuraiSafe passphrase feature is modelled on Diceware but uses a larger word list (~21,000 vs 7,776 for Diceware).

• Aug 2016

  Why you still can’t trust password strength meters

  Naked Security explains why you can’t trust (most) password strength meters. SamuraiSafe uses the password strength meter that was the best performing: ZXCVBN from DropBox.

• Jun 2015

  Why should I use a password manager?

  Should You Use a Password Manager? discusses the pros and cons of using a password manager. Am I An Idiot for Still Using a Password Manager? questions the risks of managers that store your data server side.