Today we’re excited to announce the release of Codebook 4, the next major version update of our password manager, featuring significant enhancements in security and the Sync feature. It’s a free upgrade, and the product of nearly a year’s worth of work that lays the groundwork for many more improvements to come.
Here’s a quick listing of what’s changed in Codebook 4 on all four platforms:
Note: Codebook 4 cannot sync with Codebook 3, so you’ll want to update Codebook on all your devices as soon as possible. Codebook 4 supports all the same minimum operating system versions as Codebook 3.
Codebook 4 is now available via all auto-update channels. Follow the links below on your device to install directly.
| Platform | Download Link |
|---|---|
| Android | Google Play store |
| iOS | iOS App Store |
| macOS | Download from Zetetic* |
| Windows | Download from Zetetic |
*If you purchased Codebook for macOS from the Mac App Store, use this link to view the update on your Mac.
Codebook 4 updates the Sync feature used to replicate your data. The highest impact change it introduces (in addition to being much faster and more secure) is the Sync Key. In Codebook 4, all sync data is encrypted with your Sync Key, a unique random key that is separate from your Master Password.
Every user that upgrades to Codebook 4 will be prompted to either 1) generate a new Sync Key, or 2) scan the Sync Key they’ve already created on another device (via QR code). To be clear, you should only generate the Sync Key once. When setting up Codebook 4 for the first time on any other device, you’ll scan that Sync Key using your device’s camera.
Here is a demonstration video we’ve prepared that will walk you through creating your Sync Key and adding it to your other devices:
Once you start using the new Sync system you should notice right away that it’s much faster than it had been in the past (after the initial syncing of data). Previously, Codebook needed to download a full copy of the remote database to perform replication and then upload it again on every sync. In Codebook 4 changes are instead replicated in much smaller encrypted updates. Each of these files is an encrypted SQLCipher 4 database using the latest security settings.
Because the Sync Key is required to encrypt and decrypt all sync data, losing access to it would leave the user unable to decrypt any backed-up sync data. To help prevent this from ever happening we’re encouraging each user to save a physical (like in the real world) backup copy of their Sync Key in a safe place. There are two options for doing this: printing an encrypted QR code, and writing down a Word List.
The option to print is most convenient, but may not be ideal if you don’t have a secure or direct connection to the printer in question. The Word List serves as an alternative to printing. Because the word list is an unencrypted representation of your Sync Key you should not photograph or screenshot it, it really is meant to be written down!
Having a physical backup of your Sync Key can come in handy if you ever have a need to recover from data loss at some point in the future.
After you setup your Sync Key in Codebook 4, Codebook will offer to update any cloud services you sync with (i.e. Google Drive and Dropbox). When it does this it upgrades the data stored on the service to the encryption and format used by the new Sync system. It also deletes the strip.db file previously stored on the service by Codebook 3. You may wish to copy this file or rename it to serve as a backup of your Codebook 3 data before syncing Codebook 4 with the cloud service. The first time you sync Codebook 4 with a Dropbox or Google Drive account it will check for a Codebook 3 database and attempt to upgrade it.
Codebook 4 encrypts your passwords and other data with the latest version of SQLCipher 4. This means we’re using much stronger security settings, taking better advantage of the computing power available on modern mobile and desktop devices. Among these:
Codebook’s encryption is stronger and faster than ever.
There is no longer a Backups feature and view in Codebook for macOS and Windows. We recommend that any users relying on this feature look to other common commercial and open-source techniques for regularly making a backup copy of the local database file, strip.db.
Because the Backups feature has been removed, it would be prudent to delete any of the old backup files stored locally on the desktop, which use an older version of the encryption used in Codebook 4. Thus, Codebook 4 for macOS and Windows will prompt you to inquire if it can delete these files.
The Sync menus in Codebook 4 no longer provide an Operation setting that allows the user to change the “direction” of a sync to be an Overwrite or a Restore. This feature has been obsoleted by the new Sync system and is removed. If you think you do need this anyway, please get in touch, we should be able to help.
We’ve put a lot of work into the new documentation for Codebook 4 and updating our existing documentation. The documentation index got a big overhaul, as did the style we use on all the Help pages. We’ve included a platform selector on pages with multiple sets of steps for each platform, and included lots of new short demonstration videos. Accordingly, many of the new interfaces and prompts in Codebook 4 feature a Help button that will launch a URL to documentation on our website.
The Password Review feature in Codebook for macOS has been updated to work on-demand, in addition to while you edit a password. Right-click or control-click on a password field and select the option “Review Password”. Any Weakness Warnings will be displayed as well.
The default toolbar button set has been given a rearrangment in Codebook for macOS. We think this is a nice improvement over the previous layout. However, you can set it back to the way it was before, or to another configuration! Right-click (or control-click) on the Toolbar and select Customize Toolbar to change the buttons displayed.
There is an improved interface for first-time setup in Codebook for iOS, which is used frequently by existing users setting up a new device, as well as new users of the app. This should make it a lot easier to get started quickly, and it’s an approach we’re adopting across all four apps.