We’ve had an excellent and productive year working on Codebook in 2018. As we charge hard into 2019 working on our next major version update, Codebook 4, we’d like to take a look back at some of the improvements we’ve made to our favorite password manager over the last year.
Before we do, though, it should be noted: Codebook has been in the iTunes App Store for over 10 years, since 2008! Originally a reboot of the venerable Palm password manager that had some pull among an earlier generation of sysadmins, it eventually spread from iOS to Android, macOS, and Windows. A lot’s happened since then! I won’t get into it all, but if you’ve been with us all this time, a big hearty cheers from all of us at Zetetic! 🍻 Here’s what we’ve gotten up to in Codebook’s tenth year.
We released an absolute ton of regular updates over the last year for maintenance, operating system and device upgrades, and bug fixes across all platforms, too many to mention here. However, each version of the app now contains a Release Notes feature, providing up to date information about what’s new.
Codebook for iOS has supported Touch ID authentication for some time now (allowing you to login with your fingerprint instead of your master password), but this year we added support for Face ID authentication on new iPhones and Touch ID authentication on newer MacBook Pro laptops. Also, by popular demand, we’ve added support for Fingerprint authentication on Android.
There is, however, one drawback to this convenience. A new user has only ever entered their master password twice (to set and then confirm it) before they are prompted to enable Touch ID or Face ID login during application setup. They are never required to enter it again until an unforeseen event causes it to be required (for instance, Touch ID can become unavailable for security reasons, like a new finger being added, or when restoring from an iCloud backup on a new device). By that time they may have forgotten it!
We’ve begun taking some steps to help mitigate this problem on iOS, including some more helpful warnings about it on setup, and a reminder that encourages the user to look up the master password and be sure they remember it or have it backed up somewhere safe. We’ve got more planned to help with recovery coming in Codebook 4.
This is a really big deal. Previously we charged up-front to download Codebook for iOS, meaning you couldn’t try it before you bought it. Well, you could, via the Lite version, but this was less than ideal in that it meant we had to necessarily limit some core features.
With the new ability to offer free trials and a pro upgrade in the App Store via In-App Purchases, and the ability to grandfather in customers who paid up front to download Codebook, we are able to offer a much better experience to anybody who just wants to download the iOS app and try it out before they invest. AND, we were able to offer a smooth upgrade process without confusing or alarming our existing customers about the change in licensing. We appreciate all the help our beta testers gave us with this, and the patience our customers showed when there were hiccups.
This also let us retire the Lite version in the App Store, along with the iPad-only version that had been discontinued. Having just one app in the App Store for all iOS users is less confusing, and less work for us.
Codebook for macOS got a solid update to trial behavior as well, in the direct version (the Mac App Store version has no trial mode). We distribute the direct download version as a 14-day free trial, like we do on Windows, but we made some really nice changes:
These are only some of the changes we’ve been making in order to improve the initial user experience with Codebook. This work benefits our existing customers, too (for instance, you can restore your data onto a new device during setup!)
People have reported frustration hunting around the website and discussion forum looking for direct download links to the macOS and Windows installers. It’s well-placed criticism, we didn’t want to make such links very public, lest someone download the apps without agreeing to our export compliance requirements! Some folks were signing up in the free trial forms to get access to the link and receiving follow-up emails about a trial they didn’t need. We’ve recently updated the macOS and Windows download pages to make it easier to download the app directly without having to sign up for a trial.
This is actually two interesting feature milestones! First we created an application extension called Find in Codebook that allows you to fill in passwords in Safari from the Share Sheet using the passwords you have stored in Codebook (with proper authentication, of course). This works well, including support for filling in TOTP fields, but would have benefited from better system-level integration with iOS.
And then iOS 12 introduced an API for password managers like Codebook to AutoFill Passwords, identifying login forms on websites and third-party apps. So, we did that, too! We were easily able to adapt and improve the UI of Find in Codebook to support AutoFill Passwords. This means that our iOS users can opt to fill in their passwords from Codebook right from login forms on web pages and third party apps. Fantastic!
One of the most interesting projects in password research and security is Troy Hunt’s HaveIBeenPwned.com service, and it really is that, a public service. It lets users check their accounts for inclusion in password and account breaches, and at this time contains the details of nearly 7 billion accounts (as I understand it, another large data breach is being added as I edit this!)
The website also offers an API that allows apps and other websites and online services several tools for looking up information about breaches and whether a particular password is included in a breach. In Codebook for iOS and macOS we added a feature called Password Review that uses the HaveIBeenPwned.com API to check if one of your passwords stored in Codebook has been seen in any breaches, and how many. If you have a password you think is super strong, and unique, you might still want to check anyway! Codebook does this without ever sending your actual password to the service due to a rather clever security model used by the API, but the feature is disabled by default and has to be enabled by the user.
When you start typing in the Search field at the top right hand side of Codebook’s main window, the Entries view in the middle of the window is automatically populated with matching entries. Normally, the scope of this search is any entries that have a name matching the search term, and any entries that have a field that matches the search term.
There were circumstances were some customers wanted to be able to change that, and others who would have found it useful for entries that match a particular label name. And so, we implemented search scopes! It’s pretty handy when you want to customize your labels but are unsure exactly what entries are using what labels.
Codebook for iOS got a big improvement in terms of accessibility when we adopted Dynamic Text and Large Type, adapting the UI to the user’s custom Accessibility settings in iOS.
Sometimes we have data stored in Codebook like a phone number or a PIN that we want to display very large and prominently across the screen of the device, perhaps in order to enter it on another device or to view it across a short distance. The Magnify feature does just that, displaying the selected field in a modal, heads-up display, with a large, mono-spaced font. This feature is available in all four apps.
That’s the major hits, but as noted before, each app has its own Release Notes feature containing many more updates, adjustments, and improvements that may interest you. In addition, we also post to the discussion forum detailing updates to the individual apps as they are released.
It’s been a busy time, but there’s lots more in the works for Codebook 4, including the new sync system we have been working on and are near completing. We’re looking for new beta testers that would be willing to help review and test Codebook 4 and the new replication system, as well some other excellent new features like the recovery/rescue feature we’re working on. If that sounds like you, please sign up here! We have some serious alpha, dog-fooding testing to do first, but we’re hoping to start beta testing by May, and possibly as early as April.