Codebook's Security Features

Codebook uses strong, state-of-the-art encryption to protect your passwords, other sensitive credentials and data. To accomplish this, all data saved in Codebook is encrypted using SQLCipher, our peer-reviewed and open-source encrypted database engine. SQLCipher is an industry leader in database encryption and is widely used by some of the world's premier organizations, protecting data for thousands of apps on hundreds of millions of devices.

SQLCipher is extremely versatile and efficient, allowing Codebook to only decrypt records on an as-needed basis, with great performance. It's also highly portable, enabling us to offer you the same high level of security on iOS, Android, macOS, and Windows.

On Your Device

All Codebook Data stored on your device is encrypted
Master Password that you create is not stored in Codebook
Your encryption key is not stored on your device. It is derived from your Master Password.
Random Password Generation
Password Review for password strength
Passwords can be checked against HaveIBeenPwned.com's API
Automatic Screen locking at an interval you choose
Codebook locks when the screen saver is activated
A sync key is generated that uses your Master Password to create an encrypted QR code that can be used to access your data that is stored remotely
If available, Codebook can use Biometrics (Touch Id/Facial Recognition) for login
Clipboard data is deleted after 2 minutes

In Transit

Your data is always encrypted
Data is stored in your cloud account and secured by your cloud password
Zetetic cannot access or read your data

Encryption

SQLCipher uses a 256-bit AES encryption algorithm in CBC mode, a widely adopted algorithm standardized by NIST and the US government.
Codebook uses 256,000 rounds of PBKDF2-HMAC-SHA512 as the KDF algorithm.
Provides advanced protection against brute force and side channel attacks.
Your encryption key is not stored on your device. It is derived from your Master Password

Click for detailed design information on SQLCipher