Reset Master Passcode


#1

With all the recent data breaches, is it possible to reset my master passcode?


#2

Hi @sitano

Thanks for using Codebook and posting here.

You can change your Codebook master password (when logged in) through “Change Password” within Settings. Here’s how to access it on each platform:

iOS: More → Settings → Change Password
Android: Settings → Change Password
macOS: Codebook Menu → Change Password
Windows: File → Change Password

If you’re using Codebook on multiple devices, you’ll want to change the master password on each device so that they match exactly.

If you’re syncing via Google Drive or Dropbox, you’ll need to perform an “Overwrite” operation the first sync after changing your master password – this will replace your encrypted remote replica in Google Drive or Dropbox (keyed with your previous master password) with the one keyed with your new master password.

Please let me know if this allows you to change your master password and if you have any questions along the way.

Thanks!

Cheers,
Micah


#3

Thanks Micah, so when I input my passcode, it is only through the device? Does it ever get transmitted?

Also is there an auto re-generate existing passwords every 3 months type of function?

Sorry for all the questions, but the whole security deal has been blown😳


#4

@sitano

so when I input my passcode, it is only through the device? Does it ever get transmitted?

Your passcode is only ever used to decrypt your Codebook database on your device(s) locally. When syncing with Google Drive or Dropbox, the only data that’s transmitted is your fully encrypted Codebook database (never your master password).

Also is there an auto re-generate existing passwords every 3 months type of function?

There isn’t. Although there has been a lot of conversation by security experts recently on the subject to suggest that frequent password rotation actually doesn’t increase security:

The most recent National Institute of Standards and Technology publications on digital identity (Section 5.1.1.2 Memorized Secret Verifiers) recommends not enforcing any password expiration without reason (i.e. if the password has been phished, or if you think that the password database has been stolen).

Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

This especially holds true for Codebook as we don’t have any “password database” we’re checking against since your master password is only used locally on your device to decrypt your Codebook database.

Overall, my recommendation is to create a strong master password that is memorable, but hard to guess (Diceware passwords are really good for this – you can use Codebook’s password generator to make one)

Please let me know if this addresses your concerns and if you have any further questions.

Cheers,
Micah


#5

That pretty much covers it.

thanx
micah

Steve Itano


#6

Thank you for this information. I successfully updated my passwords on my I-phone, I-pad and Windows 10 laptop using your suggestions. I then synced my I-pad using the “overwrite Dropbox” function, then my phone, and both syncs were successful. However when I tried the same operation on my laptop I received a ‘sync error message’ which read "Received response[0]: Expected to as [OK, PartialContent]. The HTTP response was []. So Codebook on my laptop won’t sync. Should I try ‘Restore from Dropbox’ operation?

Thank you

Bev


#7

@BevJ

It seems like there was no response from Dropbox when attempting to sync from your Laptop. Could you attempt a regular sync operation again and see if it works the second time around?

If it doesn’t, let’s try un-linking and re-linking your Dropbox account on Codebook for Windows:

  1. Go to File → Preferences and click the “Unlink” button.
  2. Go to the Sync Menu → Sync With Dropbox and it should bring you out to the web browser where you’ll want to enter your Dropbox credentials and “Allow” Codebook – at which point the sync operation should start.

Edit: Could you also let me know what version of Codebook for Windows you’re currently running? This can be found under Help → About.

Could you try these two suggestions out and let me know if it allows you to sync alright? Thanks!

Cheers,
Micah


#8

Micha,

The third time was the charm! I did a regular sync for the third time and it synced. The version of Codebook for Windows is 3.0.14.0.

Thanks very much.


#9

@Bev

The third time was the charm! I did a regular sync for the third time and it synced.

Excellent. Glad to hear you were able to sync successfully.

The version of Codebook for Windows is 3.0.14.0.

The current version of Codebook for Windows is 3.0.21.0 – Release notes are here

I’d recommend updating to this version when you have a chance as we’ve updated the Dropbox API which should help your Dropbox syncs go more smoothly.

Codebook for Windows should automatically prompt you to download the latest update when it’s available as long as you have “Automatically check for updates” selected in File → Preferences.

The certificate we use to sign the Codebook for Windows installer expired a few months ago and we had to generate a new one, so you will most likely actually need to manually download/install Codebook using the most recent installer. This is the update that required manual installation. I’ve sent you a PM with instructions on how to download the latest installer.

If anyone else is also experiencing issues with updating to the latest version, please feel free to write us at support@zetetic.net or PM me.

Cheers,
Micah