Happy iOS 12 release day! 🎉 This new iOS release comes with some exciting new features and Secrets 2.8 — also available today — is there to make the best of them.
Whereas previously restricted to credentials stored in the Keychain, new in iOS 12 is the ability to fill logins in apps and Safari with credentials stored in 3rd party password managers such as Secrets.
No longer is it necessary for app developers to explicit add support for 3rd party password managers, nor for users to use the share button to open an extension and fetch login details. After enabling Secrets as your Password Manager in iOS’s Settings, the system will automatically surface Logins store in Secrets when you need them. Simply tap, authenticate and voilá!
Using Logins stored in Secrets has never been this easy!
Another big feature on iOS 12 is Siri Shortcuts. While Siri integration has been available to a few classes of apps, this new features allows any app to provide shortcuts to often used actions or items, and make those available from Siri.
These new shortcuts can be triggered explicitly, via a previously setup voice command, or they can be proactively suggested by iOS.
If you have an item you open regularly, because you either need to view some characters of the password, or view the associated One-Time Password, you can now create a voice shortcut to just tell Siri to open that item or even to copy it’s password. Simply, open that item tap on “Add to Siri” and record your shortcut.
And if you have Device Authentication turned on, copying a password or a credit card number can even run within the Siri interface!
To enable shortcut predictions, Secrets must inform the system of the actions you take inside the app. For example, when you open an item or copy a password.
With this information, iOS can then suggest shortcuts to you automatically. For example, imagine you open your employer’s Login item every morning when you get to work. iOS can suggest a shortcut to open that item right when you’re arriving at work.
Because this feature implies sharing your item names with iOS, and possibly having them appear on your lock screen, you have to explicitley enable it inside Secrets’ settings.
But wait… there’s more!
Also included in this release is:
support for using Markdown in notes;
support for Handoff;
and many other bug fixes.
As usual let us know your comments/feedback on Twitter or via e-mail. And if you enjoy using any of these features don’t forget to leave a review on the App Store!
Secrets 2.6, for both macOS and iOS, is now available. This release delivers on some of the most commonly requested features.
When you open Secrets you’ll find a new built-in filter called Favorites. Simply tap the ★ button on the item detail to add it to your favorites. Tap again to remove it.
You can mark any item as a favorite, be it a Login, Credit Card, Note, etc. Quickly access them by selecting the Favorites filter.
One interesting thing to note is that this feature is actually built upon the tagging feature we introduced in version 2.4, and it serves as an example of what you can do with Custom Filters.
Previously, Secrets added the ability to tag your items. By tagging your items Secrets could surface more relevant results when searching.
With this update, you don’t even need to search. If you have a group of related items you access frequently, you can create custom filter and have those items at a click distance.
You can use much more than tags to create your custom filters. Want to see all Logins you’ve created using a specific e-mail as username? Sure. Want to see which Logins have a One-Time Password set? You can do that too!
Some of our users have asked for folders. This is our answer to that. Custom filters are much more flexible than folders and can easily achieve the same effect. Simply tag your items with what the folder name would be and create a filter based on that. With the advantage that the same item can belong to more than one “folder”.
Last but not least, you can check your Logins against the popular Have I Been Pwned service.
This service collects data, such as usernames and passwords, exposed on the internet from various service breaches. It then makes this data publicly available and easily queryable.
Secrets will check both if your username is contained in any of the breaches collected, and if your password was leaked. Worth noting, is that your password is never sent to the service, only the first 5 characters of the SHA1 hash of your password is sent. If you want to know more about how this works, the author Troy Hunt, does a great job explaining it in this blog post.
One final remark, is that Secrets will never consult this service without you explicitly telling it to do so. We don’t want Secrets to do anything behind your back, even if it could potentially find vulnerable logins for you.
Setapp is an innovative service providing access to a curated list of first-class Mac apps. It’s a subscription service with a simple an enticing value proposition: $9.99/month to access the entire collection of hand-picked apps. And now, Secrets is part of that collection.
Secrets for Mac is still and will continue to be available on the Mac App Store with a one-time In-App Purchase. But starting today, it’s also available on Setapp.
As users, we’re highly reluctant to paying a subscription for an app… but with Setapp you’re not paying for one app, but an ever-growing list of already over 100 apps. If you’re only interested in Secrets that one-time In-App Purchase is still there for you 😉. If you find you can put some of the apps on that list to good use, perhaps you should consider signing up!
We believe Setapp to be another great distribution channel, and we’re very excited to have Secrets in the hands of even more users.
Once you commit to it, using a password manager is liberating. Having unique and strong passwords for all your logins creates warm fuzzy feeling inside. You feel like you are in control of your digital life.
This is only possible because there’s a trust relationship between you and your password manager. And your passphrase is the link in between.
Any serious password manager will derive encryption keys from your master passphrase. This means that your passphrase is the only way to access your data. If your password manager can recover your data without your passphrase or some secret only you know, then they can access your data without your consent.
But this presents a challenge to that warm fuzzy feeling. Forgetting your passphrase means loosing access to your data. The passphrase is both the basis for trusting the security of your data and also something you must remember… and remembering a long passphrase can be hard. So hard that most of us avoid changing it.
That’s why with Secrets 2.4 for Mac you can create a Recovery Key.1 A Recovery Key is a 128 bit random value that can also be used to unlock your secrets. You can use this key if you ever forget your master passphrase. And because it’s not tied to your passphrase, you can change it reassured by the fact you can recover your data in case you forget it.
To create a Recovery Key, simply go to File -> Recovery Key -> Create… and follow the steps2. You will be asked to print your key. It will look something like this:
The included QR Code allows you to use your Mac’s camera to scan the key instead of typing all those characters.
You should print the recovery key and test it by selecting File -> Recovery Key -> Test… Finally, store it some place safe.
You can also entrust a copy of your Recovery Key to someone you trust in the event something happens to you. This isn’t something most of us ever think about. But our digital selves grow bigger everyday. And in the event that, for some drastic reason, you are unable to access your passwords… your next of kin will be able to with as little friction as possible.
This feature will eventually make its way to Secrets for iOS. ↩
Recovery keys are per device and are not synced via iCloud. You can only use a recovery key on the device that created it. ↩
The great team at Panic just launched Transmit 5, a great update to an already awesome file transfer app for Mac. The news prompted this post about a little-known feature built into Secrets for Mac.
Since the first version of Secrets if you hover over a service associated with a Login you can quickly connect to that service by clicking the button. For example, if you have https://www.icloud.com associated with your Apple ID Login clicking that button will open that page on Safari.
This feature works out of the box for http and https services using Safari or Chrome, and ssh, sftp, ftp, telnet using Terminal. But if you have Transmit installed on your Mac, Secrets will prefer to use it for all service types it supports, includings services such as Amazon S3 and WebDav!
This site, for instance, is hosted on Amazon s3. I have a Login item in Secrets with the credentials for accessing the S3 bucket and an associated service with the URL s3://s3.amazonaws.com/outercorner.com. Everytime I need to update the site, I can just click the button and it will open a Transmit window already connected to the bucket.
Go ahead, give it a try. This integration works with both Transmit 5 and Transmit 4.