Sign in Subscribe
Development

Introducing: PrivPass Password Manager 🔑

Tophhie Cloud is proud to present our latest app: PrivPass Password Manager!

Chris Greenacre

Chris Greenacre

3 min read
Introducing: PrivPass Password Manager 🔑
Photo by Yura Fresh / Unsplash

Download the app now! (Available on iOS, macOS, visionOS and iPadOS).

I've been working on a new app recently. The concept for this app: security without compromising on privacy.

Most password managers nowadays require you to register for an account, provide them with all your personal information like, your full name, your email address, a contact number. Then, depending on whether you've signed up to a subscription or not, you agree to a privacy policy that doesn't really cater to your privacy, and requires you to sign away your data to other third parties for targeting advertising or promotions.

I sat here, browsing for a decent password manager for myself, and wondered: why do we settle for this?

So, why not design a product that requires:

  • No subscriptions.
  • No sign-ups or needless accounts.
  • No giving away your personal information.
  • But still provided a high level of security.

And that's exactly what I set out to do.

And with that... I'd like to introduce PrivPass Password Manager.

Upon downloading the app, you'll notice you're not prompted to provide any information. You're asked to provide a master password**, and that's it. Once provided you're all set up and ready to go.

** The master password is your key to your entire PrivPass Password Store.

Security

Let's dive into the security of the app a little bit.

Firstly, all data is stored within your iCloud account. Nothing ever leaves your little bubble. You don't communicate with any Tophhie Cloud servers or services; it's just you and your iCloud.

Secondly, you might be thinking, "well, if it's in my iCloud, then Apple has this data". Well, yes... and no. PrivPass encrypts all your data. Data is encrypted on device, before being stored in iCloud, and when you retrieve that data from iCloud, it's received in its encrypted format and decrypted on device. So yes, whilst the data is physically stored within your iCloud account, it's stored in such a way that it's unreadable to anyone but you.

There are no instances in which your passwords, or one-time codes are ever transmitted to iCloud in a way that could be deciphered and visibly seen by anyone.

Every secure item you add to your PrivPass password store is encrypted using AES-GCM, a highly secure encryption method trusted worldwide. To enhance this security, PrivPass uses a unique, randomly generated salt each time encryption occurs. Ensuring that even passwords with identical values, are encrypted differently.

And, when you need to view your passwords, your master password generates a secure key to decrypt them. The decryption process uses a nonce (random number) and an authentication tag, verifying that your data remains safe and untampered.

Again, all performed on device. None of this is ever performed on a server, meaning your decrypted passwords are only ever visible on your devices.

What can we see?

Absolutely nothing.

Genuinely, I mean that. The app provides no tracking, no analytics, no monitoring, nothing. Aside from the basics that Apple provides as part of the operating system (and providing you've opted into it in Settings), we can see how many times the app has crashed, and some iCloud analytics like a very rough estimate on the number of users, and potential iCloud sync errors, and well, that's about it.

None of it is identifiable. It's all anonymised. No analytics can be pinned down to a single person.

It does make debugging potential app issues a little more difficult, and it's impossible to determine which features in the app are getting the most use, which are popular, and which aren't, but you're entitled to your privacy. So, we rely purely on feedback.

If you want to let us know about something you like, something you dislike, or something that's not working, you can reach out! Or don't, that's completely up to you.

Functionality

PrivPass comes with all the functionality you'd come to expect of a password manager.

  • Somewhere to store your passwords (obviously).
  • Two-factor authentication codes storage.
  • AutoFill.
  • Password generation.

PrivPass is integrated with the Apple operating systems, meaning, you can scan a QR code to register a one-time code in PrivPass from the Camera app. You can enable AutoFill in the Settings app so that your PrivPass passwords are available to you when you go to websites, or log into other apps. Your passwords are a tap away, you just need to turn it on.

I'm excited to continue building on PrivPass, ensuring it's an app you can trust, and rely on. Any changes to the app will be published in detail both here, and in the App Store updates notes.

You're trusting PrivPass with your passwords, so you can expect full transparency.

So, with that, why not give the app a try! Let me know what you think.

Download the app now!

Until next time 👋🏻

Read more