A balance between security and convenience, PassXYZ and PassXYZ Cloud

Posted on 2018-08-08 Edited on 2024-03-06 In Help

OneDrive File

Password management software is actually needed by everyone nowadays, but not all of the people know how to use it. We can find lots of password management software on various App Stores. According to the storage of password data, they can be divided into two categories, namely, local storage and cloud storage. The advantage of local storage is that it is the safest way to store data since the users have absolute control over the data files. The issue of local storage is that the users have to manage all data files by themselves, thus, they have to spend time to backup data and synchronize data among their devices. To get rid of this burden, many users may choose apps with cloud storage support. Comparing to local storage, the users of cloud storage do not have to take care of the backup and synchronization by themselves since the apps will perform the same through cloud. However, in term of security, the cloud storage may incur data leak. The users should therefore use a more complicated master password to protect their data.

Currently, the popular password management software, including 1Password, LastPass and KeePass etc., can be found and downloaded from either the App Stores or their respective websites. Out of these popular password management apps, KeePass is the most famous open source solution available on the market. However, KeePass supports only Windows platform. PassXYZ and PassXYZ Cloud are KeePass compatible software supporting Android, iOS and Windows 10.

PassXYZ and PassXYZ Cloud

The reason why two versions of PassXYZ were developed is because there are different users who concern differently about security and convenience. Some users prefer to use offline app to store their data, and some would like to use cloud storage for the convenience.

PassXYZ is the version for the use of local storage only. There is no built-in networking functionality, the users therefore have to backup and synchronize data on their own. As long as the users store their data safely, there should not have the risk of data leak. Also, there are many ways for the backup and synchronization across devices, such as Bluetooth, sharing local storage etc.

PassXYZ Cloud is the version with integrated cloud storage. In term of cloud storage, there are many ways to use it. The simplest way of using cloud storage is to use the functionalities provided by the operating system. If the data are stored in the cloud storage area providing by the operating system, you can use the cloud storage automatically. This is the case for OneDrive on Windows 10. It also applies to Google Drive on Android and iCloud on Apple devices. For PassXYZ, as we want to bring seamless user experiences on using cloud storage in different platforms (Android, iOS and Windows 10), the additional work has to be done to support the same. By supporting cloud storage regardless of platforms, it will help the users in many cases on top of backup and synchronization. For an example, when you change your Android phone to a new Apple phone, you do not have to worry about the change from Android system to iOS system. All your previous data can be synchronized to your new Apple device in the same way as your Android phone.

File or Folder synchronization status

No matter how you use cloud storage, you may have noticed the differences between cloud storage and local storage in your system. Let’s recapture the differences using OneDrive as an example.

OneDrive File

Even though the user interface of cloud storage is very similar to that of the local storage, as we can see from the above figure, there is an extra column in the File Explorer to show the current status of cloud data. There are different icons to show the status of files or folders. Below is a table to explain the meaning of various icons.

OneDrive File

The above table is a summary based on OneDrive. You can find similar icons on either Google Drive or iCloud. Once you get familiar with one of the systems, you will not have problems to use any of them.

How to use PassXYZ Cloud

PassXYZ Cloud uses OneDrive as cloud storage for all platforms. The reason why to choose OneDrive is because OneDrive provides the best support on various platforms including Android and iOS. Microsoft Graph API includes rich programming interfaces for their cloud services. Microsoft also provides a client library to use Microsoft Graph API for Xamarin apps. Since PassXYZ is developed using Xamarin, the development cycle can be reduced significantly using Microsoft Graph API client library.

Now we use Android user interface as an example to explain how to use PassXYZ Cloud. Windows 10 and iOS have a very similar user interface. To enable cloud storage, the users can select OneDrive from the menu as shown in below figure.

PageMaster

Once you select OneDrive from the menu, you can see the OneDrive setup page as shown below. At the top of this page, there is an option to login to OneDrive and another option to turn on/off synchronization notification. After you login to OneDrive, a list of files will be displayed. You can enable or disable cloud storage on individual file using Context Action for that item. If you do not know what the Context Action is, you may refer to this article called Comparison of Context Action Menu of PassXYZ on Different Systems.

Enable_Sync

You can also enable cloud synchronization for both local files and cloud files. Once you turn on the cloud synchronization, the status will be changed to the one as shown in the below figure. When the synchronization is completed, a green tick will be shown as the status.

Syncing

As long as the cloud synchronization is enabled, PassXYZ Cloud will synchronize with cloud automatically whenever there is a change to the data file. You can monitor the synchronization events through the notification setting. If you turn on the synchronization notification, you will get a message in the system notification tray whenever the synchronization is started or stopped. On the contrary, for a synchronized file, you can make it local only by disabling the synchronization.

Merge method

For the cloud support, there are actually two kinds of architecture. The first architecture is that you can put everything in cloud and all changes are made in cloud only. This kind of architecture usually uses in financial transaction system, but some password management software also use this kind of architecture. The advantage of this architecture is that all the changes are made in cloud, thus, there is no need to maintain a local copy. No merge is needed. The problem of this kind of app is that it relies on network and network bandwidth. It cannot work offline. Any data leak or damage in the cloud will be a disaster.

The second architecture is the one that we used in PassXYZ Cloud which is the same as OneDrive, Google Drive and iCloud. A local copy is always maintained to shadow the one in the cloud. The changes are always made in the local copies, and then synchronized with the cloud. The problem of this kind of architecture is that there may be conflicts when merging the local copy with the cloud. If the same record is changed on different devices at the same time, there will be a conflict. We need to decide which version should be kept in this case. To resolve this issue, we need to set the merge method in the setting to tell PassXYZ how to handle the conflict.

MergeMethods

The above figure lists all the merge methods supported by KeePass library. To be simple, we discuss two of them here to help you plan your own strategy on conflict handling. For the simple usage, we can use two merge methods KeepExisting and Synchronize. KeepExisting means local copy has higher priority over cloud copy. When there is a conflict, the local version will overwrite the cloud version. In contrast, Synchronize means cloud copy has higher priority over local copy. When there is a conflict, the cloud version will overwrite the local version. Based on this definition, you can keep one device as the main one to make all the changes. The merge method on this main device can be set as KeepExisting while the rest of the devices should be set as Synchronize. As KeePass merge is record based, you can add a new record on any devices without any problems. However, when you change an existing record, you are recommended to do it in the main device. You may wish to try and test other merge methods by yourself and find the best way that can work for you.

Having read this article, you may have a better understanding on the differences between local storage and cloud storage for the password database management. From now on, you may be in a better position to choose a version which is suitable for you.

If you are interested in the personal information management, please add PassXYZ Wechat public account by searching the keyword PassXYZ or link it using Wechat name passxyz_kpclib. You can also find more information about PassXYZ on its website and install it from Google Play, Apple Store and Microsoft Store.