Strongbox first impressions

Thanks to Samuel John and Phrank I am re-evaluating Keepass with Strongbox, and boy am I intrigued.

Overall, I would like to move from my long time companion 1Password, as I simply cannot use my subscription to its full potential (only 2 of 5 family seats are used), and I'm paying annually for them. With Strongbox I aim at a one-time-purchase, which then could be used by 6 (Apple) family members on any of their devices.

My Strongbox highlights so far are a ) a well thought out and organized vault (as I am starting from scratch), and b ) the terrific integration of SSH-key storage and SSH-Agent provision. Both are — to be fair — also possible with 1Password (see also 1Password as SSH Agent). Any SSH connection, may it be from iTerm or Sourcetree App or other Apps, triggers the unlocking of the vault. Unlocking can comfortably be done with Touch ID.

Observations

1) With Strongbox you can set up your Audit settings per database (Database settings -> Audit), and I have no clue why Check If Two Factor Authentication is Available comes unchecked by default. But your really want to activate this and act based on the information. While at the audit dialog, you might also want to activate the Have I Been Pwned check.

At the point of writing Strongbox comes with Passkey support, but the Audit does not highlight logins that would support them. A feature Strongbox is aware of, due to a chat with the excellent support.

2) If you are using a lot of Apple devices, the current best way to achieve a multi device sync, is to store the keepass file in iCloud — this works even with Windows, as the iCloud client is available in the Windows store. Strongbox supports a lot of other cloud platforms natively. In comparison to that, a quick test with Synology Drive (with is only available as files integration), lead to an chaotic status, where the mobile devices and desktop diverged unpleasantly.

This lead to a scenario, when accessing the vault from unmanaged devices — e.g. in case of loss or theft — is a concern, you might want to store a snapshot of the vault or a minimized version at a access protected location (e.g. on your personal web server). Using iCloud web login without a second device for 2FA seems to be quite unpracticable.

Round-up

So... as a first impression, for me, all the needed features are present and the user experience is not too shabby. In my opinion the UI could use a brush up, but to be honest the aforementioned 1Password got cluttered over the last years and I did not really enjoy the UI any more. This leaves me a little bit thankful for this fresh approach.