SamuraiSafe
SamuraiSafe is a password manager for iOS and macOS. It has a simple, clean interface, is highly secure, and is free. Your data is only stored where you allow it. You can generate and audit passwords, sync to multiple devices, and create password groups. Any textual information may be stored. Each password entry may contain an arbitrary length secure note.
See more detail on SamuraiSafe features, and also some comments on design philosophy.
You can read about why SamuraiSafe was created and who developed it.
Downloads
Password Security News
If Hackers Crack a Six-Digit iPhone Passcode, They Can Get All Your Passwords
This article points out that if your iOS passcode is discovered, your passwords stored in the iOS KeyChain will be exposed. This is correct. The solution is to store your passwords somewhere else. Like SamuraiSafe.
Dangers of auto-fill in web browsers
SamuraiSafe resisted adopting password autofill of web pages within the web browser, as the implementations were often vulnerable to compromise. SamuraiSafe now adopts Apple’s AutoFill Credential Provider Extension interface which is built into iOS/iPadOS. It aims to avoid such vulnerabilities.
Revisiting Security Vulnerabilities in Commercial Password Managers
An analysis of five popular commercial password managers discussing previously disclosed vulnerabilities and exploits for newly discovered vulnerabilities. Many of the previously reported vulnerabilities have been found to persist.
Should you be concerned about a password manager that uploads passwords to its server?
An attack on server API used by a popular password manager. The exploit tricks the password manager server to disclose your encryption key. It arises from an interaction between a trusted extension user interface with web applications.
Recovering the Master Password from a Locked Password Manager
By analysing password managers in running states on Windows 10, ISE found a fatal flaw in an otherwise good password manager. This type of exploit requires malicous access to the OS, so potentially applies to macOS (or a jailbreaked/compromised iOS).
Diceware passwords now need six random words to thwart hackers
Diceware is an effective way of generating strong passwords by rolling dice. Ars notes the creator now recommends using six words where five were previously recommended. The SamuraiSafe passphrase feature is modelled on Diceware but uses a larger word list (~21,000 vs 7,776 for Diceware).
Why you still can’t trust password strength meters
Naked Security explains why you can’t trust (most) password strength meters. SamuraiSafe uses the password strength meter that was the best performing: ZXCVBN from DropBox.
Why should I use a password manager?
Should You Use a Password Manager? discusses the pros and cons of using a password manager. Am I An Idiot for Still Using a Password Manager? questions the risks of managers that store your data server side.