Codebook: Why You Should Backup Your Sync Key

2020-09-15 04:00:00 -0400

Since the introduction of the Sync Key to Codebook in version 4, we have heard from customers who are concerned about backing up the Sync Key and potentially having to manage a Sync Key separate from their Master Password, lest they lose access to all the critical passwords and other information they have stored in Codebook.

We can say with confidence that is definitely not the case, and we’d like to clarify how the Sync Key fits into Codebook, and when and why to keep a backup of it outside of Codebook. In addition, if you lose your Sync Key Backup, it won’t make your data inaccessible, because each copy of Codebook you sync with has a copy of the Sync Key.

First, it’s important to note that we haven’t replaced your Master Password with the Sync Key. Your Codebook data is still stored in a single file, encrypted with your Master Password. You can even take a backup of the single database file, and then restore it to a new computer, without any need for the Sync Key.

So where does the Sync Key come into play? It’s used to encrypt all your Sync data, the changes that are passed back and forth. Whether you are syncing with WiFi, a local folder, or a cloud service (i.e. Dropbox or Google Drive), that data is encrypted with your Sync Key instead of the Master Password.

The Sync Key is stored by Codebook in your encrypted database on your device. And because it’s required to add the Sync Key to every new device you setup (so that all your devices can encrypt and decrypt the sync changes), there’s a copy of the Sync Key in the encrypted Codebook database on every device you sync with.

If you were to delete Codebook from one of these devices, or you lost and replaced one of these devices you sync with, all you need to set up the new device is to set the master password, add the Sync Key from one of your other devices, and perform a Restore.

So why do we ask you to Backup the Sync Key?

Say you use Codebook on an Android phone and a Windows laptop, and you’ve got a Google Drive account that you sync with. Or, maybe you use Codebook exclusively on an iPhone and an iPad, or maybe just one iPhone and sync with Google Drive. This means there is a copy of your encrypted sync data up in Google Drive that you could restore from if you were to lose access to one of your devices. Now let’s say you lose access to all your devices at the same time, perhaps in a house fire or burglary. So, you buy a new device, download Codebook, and you want to restore your passwords and other data. The data is still available in Google Drive, but it’s encrypted with your Sync Key, which you no longer have access to.

That’s where the Sync Key Backup comes in: the catastrophic scenario where you lose every copy of Codebook, and thus every copy of your Sync Key, and the only copy of your data is encrypted in your cloud service, for instance, encrypted with your Sync Key. The Sync Key Backup allows you to restore your data from an encrypted remote to a new device after access to all your other devices have been lost.

If the prompts in Codebook to Backup Your Sync Key come on a little strong, that’s a result of our trying to do some due diligence to help ensure this unlikely and catastrophic scenario is not possible. We tried to make the Sync Key Backup feature flexible by offering more than one option for creating a hard copy backup (printing an encrypted QR Code, or writing down a Word List), and to allow those who would prefer not to maintain a physical backup to ignore the feature and go about their business.

Where should you store the Sync Key Backup?

If you do choose to backup the Sync Key, you’ll want to store it in a secure place, as a determined attacker could use it to decrypt any sync data you might have on a remote service, since that data is encrypted with the Sync Key. Where to store the Sync Key Backup is a personal decision that will have a different answer for everybody depending on their needs and circumstances, but it may help to know that you should only need the Sync Key Backup in rare and catastrophic circumstances. Without endorsing any option in particular, here are some ideas:

  • A secure hiding place
  • A fire-proof safe
  • A bank deposit box
  • With a trusted family friend
  • A personal attorney

As always, if you have any questions about the Sync Key or any other feedback on Codebook, please get in touch.