2014-06-12 11:16:23 -0400
Today we're releasing an update to STRIP for OS X that fixes several bugs that could cause data to be lost if not explicitly saved and a crash where a field had been left in an editing state when the application locks due to inactivity. We've done a lot of testing of this update and with the help of a number of customers who wrote us about the problem and helped us test it's ready to rock.
Download STRIP for OS X 2.3.2
If you bought STRIP from the Mac App Store, click the badge below, and the "View in Mac App Store" button if not prompted by your browser, an update should be available in the App Store app:
If you bought STRIP from Zetetic, click here to download STRIP for OS X:
Download STRIP for OS X
2014-05-27 13:00:00 -0400
If you haven't been able to install the latest versions of STRIP for OS X because you cannot upgrade a Mac running 10.6 Snow Leopard or 10.7 Lion (there are still some 32-bit Macs alive and kicking out there!) but you want to be able to sync with the latest version of STRIP (2.3) on other devices, we've got a new build of the 2.1 series available. STRIP for OS X 2.1.1 is sync compatible with STRIP 2.3 on iOS and Android as well as 2.3 databases on Dropbox and Google Drive:
Download STRIP for OS X 2.1.1
If you are using OS X 10.8 Mountain Lion or later, ignore this update.
We won't be able to guarantee on-going support for the 2.1 series but we're going to keep it sync-compatible while we can. No changes in the database schema are currently planned for 2.4 so that should be sync-compatible with 2.1 as well.
We've updated the auto-update configuration in 2.1.1 to look out for future updates to the 2.1 series. If we need to do another patch in the future, STRIP's autoupdate/check-for-updates feature will catch it.
2014-05-22 14:55:56 -0400
It seems that in announcing STRIP's new support for generating time-based one-time passwords (also known as TOTP passwords or TOTP access codes) for use with two-step verification in popular web services like Dropbox and Google accounts we may have confused some of our customers on its utility and use. Two-step verification (also called two-factor authentication and multi-factor authentication) is an additional check performed when you log in to a web service to protect your account should someone else obtain your password. When two-step verification is in use the web service prompts you for an access code to verify that the person using your password is really you. Google has a good explanation of what it is and how it works over here.
There are two main ways that you obtain the six-digit access code to prove your identity to the service:
- The service sends you a six-digit access code (the TOTP password) via SMS
- You generate the six-digit access code using a key supplied by the service
How does STRIP fit in?
When enabling two-step verification (for example with Dropbox or Google) you are typically prompted to choose either receiving the codes via SMS or generating them yourself. If you choose the latter, you can simply paste the key supplied by the service into STRIP and it will begin generating six-digit access codes you can use to verify your identity. We've got a short screencast that takes you through the process of enabling two-step verification in Dropbox and configuring STRIP to provide the correct access codes:
Enabling Dropbox 2-Factor Authentication with STRIP for OS X from Zetetic on Vimeo.
Once you've saved the key to a TOTP field in STRIP the current access code will always be displayed on the record. The next time you need to supply the code on login to the service, just pop over to STRIP and copy the current code, no need to do anything else with they key.
Two-step verification is not used for logging into STRIP, we didn't mean to suggest that it was. To log into STRIP you only need to provide your master password as before.
If you are having trouble using the feature or any questions at all, please get in touch at support@zetetic.net.
2014-05-20 12:00:00 -0400
This morning we're excited to introduce the next revision to STRIP with a great new feature: Time-Based One Time Password (OATH TOTP) fields that generate one-time access codes for Google, Dropbox, AWS, Microsoft and other services that use compatible 2-step authentication. Available now for Android, iOS, OS X and Windows, just save a TOTP key from your service provider in a TOTP field after you update STRIP and you'll begin seeing access codes and a count-down timer.
Download
Instructions for upgrading STRIP on all platforms are available here. If you're new to STRIP and you'd like to pick up a copy, head on over to getstrip.com.
Clipboard Timer for Android and iOS
Hot on the heels of our introduction of a preference to erase values copied to the clipboard after two minutes in STRIP 2.2 for OS X and Windows is a clipboard timer for Android and iOS, along with a matching preference to enable and disable the feature. Once you've exited STRIP the timer fires, clearing any data saved to the clipboard after two minutes.
Changes
STRIP for Android:
- Adds TOTP support
- Adds timer for clearing clipboard after two minutes
- Fixes entry editor scrolling on KitKat
STRIP for iOS:
- Adds TOTP support
- Adds timer for clearing clipboard after two minutes
STRIP for OS X:
- Adds TOTP support
- Restores support for OS X Mountain Lion (by popular demand!)
STRIP for Windows:
- Adds TOTP support
- Disable sync menu when in edit mode
- Add 4 and 8 hour autolock timeout periods within preferences
- New toolbar/menu icons
2014-05-19 13:45:34 -0400
Last year we learned about Per Thorsheim and Jeremi Gosney's Passwords conference, an annual and free conference on all things related to passwords, so I headed out to Las Vegas at the beginning of August to attend. It was such a fantastic, fun and deeply informative experience that this year we're heading back with our engineering team and are proud to announce our sponsorship of Passwords 14!
If you deal with passwords, password and security policies, hashing them, cracking them, protecting them with key-derivation, or you just want to know what makes a good password these days, this is the conference for you. Last year's single-track format never had a dull moment, with both high-level conceptual talks and in-depth demonstrations of newly-developed password hashing attacks—really some mind-blowing stuff even if you follow the topic regularly. Rare was the talk that did not involve oclHashcat at some point, and the Q&A sessions at the end of each talk were engrossing engagements. This year they'll be featuring two tracks of presentations, offensive and defensive, and I hear there's going to be a pool party! I'll let the guys give you the main pitch:
Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them. While large mainstream conferences tend to focus on current hot topics in the information security industry, Passwords events explore fringe conversations on everything from analysis and education to creating, securing, cracking, and exploiting authentication solutions. And unlike other events where the speaker is rushed in and out, Passwords provides an intimate environment for participants to directly engage speakers before, during, and after their presentations.
No need to register, Passwords 14 is being held at Tuscany Suites & Casino August 5-6th, so just book yourself a flight and a room.
Hope to see you there! Look for the guys wearing Zetetic shirts and say hello. Here's one of the talk from last year: