What is Wi-Fi Sync?

Wi-Fi Sync is a way to keep your password databases in sync across devices and only on those devices. It doesn’t require a server, cloud drive or any cumbersome one time copies, transfers or merges. Wi-Fi Sync keeps databases in sync over a local network. Yes, although we call it Wi-Fi Sync, it also works over a plain old ethernet cable just as well as a Wi-Fi network.

Note: Wi-Fi Sync is a Pro feature and is not available in Strongbox Zero.

How to setup Wi-Fi Sync

Let’s get straight into it. We’ll walk you through setting up Wi-Fi sync on your devices. As you’ll see there’s not a whole lot to it, we’ve tried to eliminate as much complexity as possible.

Source Device

To use Wi-Fi Sync you will need to choose one device to act as your Source Device. This can be an iOS or a macOS device, but we recommend using a Mac as it is less mobile and has less limitations on running as a service. Once you’ve chosen your source device, you can have many Client Devices which can access and edit the database(s) provided by the source device.

Note: You can use an iOS device as a source device but it is only possible to sync when Strongbox is actively running in the foreground on the iOS device. This is due to iOS technical limitations. We recommend using a Mac device instead as your source device.

Setting up your Source Device – Step by Step (macOS)

1. Go to Settings by clicking on the Strongbox > Settings… menu item (or ⌘+,)
2. Click on the Wi-Fi Sync tab (see Screenshot below)
3. Ensure Wi-Fi Sync is switched ON

Optional

1. Choose a memorable passcode or use the existing auto generated one (Client devices will need this to connect)
2. Change the Service Name if it’s not to your liking. The default is your Mac’s name.

Setting up your Source Device – Step by Step (iOS)

1. Go to Settings by tapping the Gear icon in the top right corner on the Strongbox home screen
2. Scroll down and tap Advanced Settings
3. Scroll to the Wi-Fi Sync Source section (see Screenshot below)
4. Ensure Wi-Fi Sync is switched ON

Optional

1. Choose a memorable passcode or use the existing auto generated one (Client devices will need this to connect)
2. Change the Service Name if it’s not to your liking. The default is your iOS device name.

Client Device(s)

Setting up your Client Device(s) – Step by Step (macOS)

1. Open the Databases Manager window by choosing View**>**Databases Manager (or ⌘D) from the menu at the top of your screen.
2. Click the Add Database button in the bottom right corner.
3. On the menu that appears you will notice a Wi-Fi Sync section. Click on your chosen source device.
4. You’ll now need to enter the passcode for your source device. As mentioned above this is available under the Wi-Fi Sync settings of your source device.
5. You will now be presented with a list of available databases for Wi-Fi Sync. Choose your preferred database.

Now you’re all set. You'll be presented with the standard lock screen and walked through the usual onboarding process when you unlock. Feel free to edit as you please, changes will be pushed back to your source device. Repeat as desired for your other databases and devices.

Setting up your Client Device(s) – Step by Step (iOS)

1. Tap the + button in the top right corner and choose Add Existing.
2. Next, on this Select Storage screen under the Wi-Fi Sync section, you should see your Source Device service name.
   • Permissions Note: you will need to allow Strongbox access to your Local Network. You’ll see a button indicating this if it doesn’t already have permissions. Tap there and allow Strongbox access.
3. Tap on the source device service name.
4. You’ll now need to enter the passcode for your source device. As mentioned above this is available under the Wi-Fi Sync settings of your source device.
5. You will now be presented with a list of available databases for Wi-Fi Sync. Choose one.
6. You can give your Wi-Fi Sync database a nickname or just accept the suggested one

Now you’re all set. Tapping on your newly added Wi-Fi Sync database will initiate the standard unlock and onboarding procedures. Feel free to edit as you please, changes will be pushed back to your source device. Repeat as desired for your other databases and devices.

Advanced / Technical Details

We’ll run through Wi-Fi Sync in more detail below. We’re sure you’ve got lots of questions.

Offline Handling

So, what happens when you’re out and about? Most of us don’t spend all day connected to the same Wi-Fi network at home or wherever it might be. Good news, Strongbox is able to detect when your source device is available. You can see this yourself on the home screen of Strongbox. There’ll be a little green Wi-Fi icon on your database indicating that the source device is available. If this icon is grey then Strongbox hasn’t detected the source device. Not to worry, you can still unlock your database and make edits. Strongbox will save these and the next time you’re back on the Wi-Fi network, Strongbox will merge these changes with any that might have been made on the source device since you last synced with it. These could be changes made on the source device itself, or changes made on other devices.

Relayed Sync: Wi-Fi Sync -> MacBook -> Your Server

One advanced feature that some users may find very useful is the idea of a relayed sync. You can use Wi-Fi sync on many of your client devices to access and update your database(s). On top of this you can also have the database on the source device (usually your MacBook) be stored at another storage location. For example, you can have your source device with a database stored on an SFTP server, or NAS server. Now anytime a client Wi-Fi sync device pushes updates to the source device, those updates will in turn be “relayed” onward and synced to the SFTP or NAS server, or wherever it may be stored. This allows you to have an extra layer of redundancy and backup should you ever have issues with your source device, or you’re just worried about having enough backups of your database(s).

Caveat
A word of caution is required here. Using relayed sync means that your Wi-Fi sync may be slower. The slowest link in the chain (usually your SFTP server or remote server) will determine the overall speed, so we recommend instead using a different mechanism if all you want to do is have a backup somewhere off site. Relayed sync involves a full end to end sync process which is computationally and bandwidth intensive.

Security Details

We use Zero Configuration Networking for device discovery. For networking we use Transport Layer Security (TLS) with a Pre Shared Key (PSK). In addition, databases are always transferred in their encrypted file format (e.g. KeePass KDBX or Password Safe PSAFE3). Master passwords or other credentials are never transferred over the network. Database metadata like the nickname, size and modified date of your databases are sent in encrypted JSON format protected by TLS-PSK.

Motivation behind Wi-Fi Sync - What Problem Does This Solve?

One pain point with using an Offline First password manager like Strongbox is managing to keep your database(s) in sync across all of your devices. Many people use a third party cloud drive like OneDrive or Dropbox, and Strongbox does provide good support for this, but people are becoming more wary of storing their data on someone else’s server. Quite a few people are trying to “de-Googlify” their lives.

Some of the big corporate password managers solve this by using their own centralised cloud servers, and protocols, which act as the single point of truth (or failure!). For a lot of people this is an acceptable compromise, but for many of our users this is a step too far along the security-convenience tradeoff spectrum.

Some of our users truly want to own their secrets. They don’t want them stored on some server run by a VC or private equity backed, growth at all costs, faceless, greedy corporate behemoth. The many recent security breaches speak for themselves.

Old Solution 1: Running Your Own Server

Another way to keep your devices in sync without relying on a third party cloud is to run your own server. Many of our users do this either by running an SSH/SFTP server on their Linux box, or by using WebDAV to access their NAS machines. We’re lucky to be blessed with such technically advanced users but this level of sophistication isn’t for everyone. That’s before we get into keeping these machines up to date, redundancy/backup planning, 24/7 uptime, availability over the Internet, or if not, handling the offline scenario when away from home. Also, punching holes in firewalls and port forwarding can be risky.

Some people love the challenge inherent in this, but one must admit it’s not everyone’s cup of tea. How’s your knowledge of the latest public key cryptography? Can you recall the command line switches for ssh-keygen? Many mere mortals cannot.

Old Solution 2: Ad Hoc Transfers

Yet another way to keep your important secrets in sync involves ad hoc one time copies, transfers and merges. This requires some discipline but it can work. Strongbox provides quite a few methods to help with this, and also merge support which becomes essential. Let’s run through just a few of them…

You can Airdrop your database to Strongbox (though iOS17 made things more cumbersome here). You can mail the database to yourself and pick it up on your device(s). You can use our previous “Transfer over Local Network” function, which runs a little web server on your iOS device allowing you to copy databases over from your desktop browser. You can even use good olde fashioned iTunes or Finder File Sharing over a USB cable.

New Solution: Wi-Fi Sync

So, what if you don’t want to use a third party cloud drive? What if you don’t want to manage and run a server? What if you don’t want to jump through all these ad hoc transfer hoops? Wouldn’t that be wonderful? Enter Strongbox Wi-Fi Sync…

Strongbox Wi-Fi Sync solves these problems by running it’s own sync mechanism on your Wi-Fi network accessible only on the same Wi-Fi network. It is not accessible over the wider Internet. We use Zero Configuration Networking, often referred to as Bonjour Networking on Apple platforms. This is the same technology that powers AirDrop and AirPrint, just dedicated to syncing Strongbox databases across your devices securely and seamlessly.

Troubleshooting

Connection issues are usually caused by Firewalls or VPNs, or APs running in Isolation Mode.

Firewalls

You must allow Strongbox to accept incoming connections if it is acting as a Source device.

VPNs

If you are running a VPN this can interfere, but there is usually a setting to allow local network traffic while preserving your privacy.

AP in Isolation Mode (Hotel/Cafe/Public Wi-Fi or Eduroam)

If you are on a network where the administrators have decided to run in Isolation Mode this will likely cause issues. Isolation Mode basically means that your device cannot "see" or communicate with other devices on the same network. This can be the case on large corporate networks. It can also be the case in hotels, cafe's, restaurants and other public networks. We have also come across an instance of this on the Eduroam academic network, though it's not clear if that is system wide or just within a particular institution. Feedback welcome.