Version 3.0, a major update to Secrets, is now available and packs many new features!
This is certainly one of our top requested features. You can finally attach files to any item in Secrets!
A commonly mentioned use case is attaching a photo of your bank’s second factor matrix card so that you can login without taking out your wallet. Of course, you can also use it to store pictures of your driver’s license, national id card, receipts or any other confidential document.
All files are encrypted and synced alongside your items, and can be added and retrieved using either Secrets for Mac or iOS.
Secrets already had support for a predefined list of popular services such as Facebook, Twitter, etc… but now you can set custom icons on any item!
Since the very first version that we’ve repeatedly heard you asking for this. And we could’ve implemented this sooner… but we wanted to do it right. And doing it right meant we needed to have proper support for file attachments. With that in place we’re thrilled to finally add this feature.
Custom icons are transparently stored as an attachment to that item.
Spelling out secrets
An innovative and quite useful feature. Now you make Secrets spell out information like passwords and credit card numbers. Useful for example when you need to share you WiFi password with a guest or transmit your credit card number on a purchase over the phone.
But we believe you’ll find it most useful when you need to input a password on a device where you don’t have a copy of Secrets running. For example on a Windows or Linux machine, or someone else’s device. Instead of having to look back & forth between your iPhone and the device’s screen you can just let Secrets spell the characters out loud while you type them ;)
Secrets can spell in any of the 11 languages it already supports! Here’s a quick look at spelling in action:
iPad keyboard shortcuts
Secrets for Mac always had support for keyboard shortcuts and now your iPad gets to have them too!
If you use your iPad with an external keyboard these shortcuts will really improve your workflow. You can navigate with the arrow keys, quickly copy passwords, usernames, card numbers and security codes, switch filters, create new items, etc.
Secrets has always used OpenPGP for its storage format (with AES-128) and it has served it well. But from now on Secrets will rely on the popular Sodium library that employs modern cryptographic algorithms such as XChaCha20 and Poly1305 in a simple and easy to use API.
We still have many features in the pipeline that will make use of OpenPGP, but ultimately, Sodium was a better fit for storing your secrets. You can check the new security page for more details on how Secrets uses this library to protect your data.
Secrets 3.0 is a free update to all existing users. We love developing Secrets and we sincerely hope you enjoy it… so go update now and let us now what you think!
Secrets 2.8.5 has been released and alongside various bug fixes and minor improvements the Mac version also includes a completely rewritten Safari extension.
The new extension works exactly the same way and continues to serve as a facilitator for Secrets itself. That is, it simply informs Secrets about pages with fillable forms which are only filled at Secrets’s request. Like we’ve mentioned before, only Secrets deals with your passphrase and data. The extension only ever has access to your data – the Login you chose to fill – after you’ve explicitly authorised it in Secrets by clicking the “Fill” button.
So why the rewrite you may ask? Well, this rewrite brought a more reliable filling system but more importantly, it laid out the groundwork to accomodate extensions on other browsers besides Safari. This surely was one of the top three requests we’ve been getting ever since launching Secrets.
At last we’re making available a beta version of both the Firefox and Chrome extensions today. If you want to try them out just make sure you have Secrets for Mac 2.8.5 or above. As always, we love to hear from you, so if you have any feedback on these extensions you can reach us via e-mail or on Twitter.
Happy iOS 12 release day! 🎉 This new iOS release comes with some exciting new features and Secrets 2.8 — also available today — is there to make the best of them.
Whereas previously restricted to credentials stored in the Keychain, new in iOS 12 is the ability to fill logins in apps and Safari with credentials stored in 3rd party password managers such as Secrets.
No longer is it necessary for app developers to explicit add support for 3rd party password managers, nor for users to use the share button to open an extension and fetch login details. After enabling Secrets as your Password Manager in iOS’s Settings, the system will automatically surface Logins store in Secrets when you need them. Simply tap, authenticate and voilá!
Using Logins stored in Secrets has never been this easy!
Another big feature on iOS 12 is Siri Shortcuts. While Siri integration has been available to a few classes of apps, this new features allows any app to provide shortcuts to often used actions or items, and make those available from Siri.
These new shortcuts can be triggered explicitly, via a previously setup voice command, or they can be proactively suggested by iOS.
If you have an item you open regularly, because you either need to view some characters of the password, or view the associated One-Time Password, you can now create a voice shortcut to just tell Siri to open that item or even to copy it’s password. Simply, open that item tap on “Add to Siri” and record your shortcut.
And if you have Device Authentication turned on, copying a password or a credit card number can even run within the Siri interface!
To enable shortcut predictions, Secrets must inform the system of the actions you take inside the app. For example, when you open an item or copy a password.
With this information, iOS can then suggest shortcuts to you automatically. For example, imagine you open your employer’s Login item every morning when you get to work. iOS can suggest a shortcut to open that item right when you’re arriving at work.
Because this feature implies sharing your item names with iOS, and possibly having them appear on your lock screen, you have to explicitley enable it inside Secrets’ settings.
But wait… there’s more!
Also included in this release is:
support for using Markdown in notes;
support for Handoff;
and many other bug fixes.
As usual let us know your comments/feedback on Twitter or via e-mail. And if you enjoy using any of these features don’t forget to leave a review on the App Store!
Secrets 2.6, for both macOS and iOS, is now available. This release delivers on some of the most commonly requested features.
When you open Secrets you’ll find a new built-in filter called Favorites. Simply tap the ★ button on the item detail to add it to your favorites. Tap again to remove it.
You can mark any item as a favorite, be it a Login, Credit Card, Note, etc. Quickly access them by selecting the Favorites filter.
One interesting thing to note is that this feature is actually built upon the tagging feature we introduced in version 2.4, and it serves as an example of what you can do with Custom Filters.
Previously, Secrets added the ability to tag your items. By tagging your items Secrets could surface more relevant results when searching.
With this update, you don’t even need to search. If you have a group of related items you access frequently, you can create custom filter and have those items at a click distance.
You can use much more than tags to create your custom filters. Want to see all Logins you’ve created using a specific e-mail as username? Sure. Want to see which Logins have a One-Time Password set? You can do that too!
Some of our users have asked for folders. This is our answer to that. Custom filters are much more flexible than folders and can easily achieve the same effect. Simply tag your items with what the folder name would be and create a filter based on that. With the advantage that the same item can belong to more than one “folder”.
Last but not least, you can check your Logins against the popular Have I Been Pwned service.
This service collects data, such as usernames and passwords, exposed on the internet from various service breaches. It then makes this data publicly available and easily queryable.
Secrets will check both if your username is contained in any of the breaches collected, and if your password was leaked. Worth noting, is that your password is never sent to the service, only the first 5 characters of the SHA1 hash of your password is sent. If you want to know more about how this works, the author Troy Hunt, does a great job explaining it in this blog post.
One final remark, is that Secrets will never consult this service without you explicitly telling it to do so. We don’t want Secrets to do anything behind your back, even if it could potentially find vulnerable logins for you.