What's New

What's new

Product updates and notable improvements in each release of RookPass.
Current production release: Version 3.6
Version 3.6 smarter review timing & continued polish
Trust & Retention
  • More thoughtful review timing — review prompts now wait for meaningful progress, so feedback asks are tied to genuine wins instead of random moments.
Polish
  • Continued setup, Home, and AutoFill polish — additional small fixes and refinement across the core first-run and daily-use flows.
Version 3.4 Previous release Bulk actions, 2FA widget & onboarding improvements
Vault (Pro)
  • Bulk actions — tap Select Entries… from the vault toolbar to enter multi-select mode. Select individual rows or use Select All, then delete or move a whole batch to any folder in one tap. Available to RookPass Pro subscribers.
Widgets
  • 2FA Codes medium widget — a new medium-size Home Screen widget shows live TOTP codes for your top two pinned entries side by side, with a color-coded countdown bar so you always know how long each code has left.
Onboarding
  • Save from Safari walkthrough — the setup guide now includes a fourth step explaining how Safari automatically offers to save new logins directly into RookPass once AutoFill is enabled — no copy-paste, no leaving the browser.
Rook Send
  • Rook Send polish — Sent Links feels more refined, with clearer revoke, view-count, and view-state messaging throughout the flow. Labels are now fully localized instead of falling back to raw system text.
Reliability
  • Faster Face ID / Touch ID retry — after a failed biometric attempt, retry is available sooner so unlock feels less sticky.
  • Friendlier recovery paths — vault setup, biometric enrollment, recovery codes, iCloud conflict restore, trash restore, and vault-management actions now fail with clearer user-facing guidance instead of leaking raw system errors.
Localization
  • Runtime localization hardening — more dynamic labels, counters, and fallback messages now route through the string catalog across every supported locale.
Version 3.3 Rook Send: burn after reading, view counter & share page polish
Rook Send (Pro)
  • Burn after reading — toggle the flame option when creating a link and the relay permanently deletes the encrypted payload the moment the first person opens it. Combine it with a time limit — whichever expires first wins.
  • View counter — Sent Links now shows how many times each link has been viewed. Links with a burn-after-reading flag are automatically removed from your list once the relay confirms they’ve been opened.
  • Active link badge — the Sent Links row in Settings displays a live count of your unexpired shares so you always know what’s still out there.
  • Per-category icons on the share page — the recipient’s browser now shows the correct icon for each entry type (login, secure note, banking, SSH key, and more) instead of a generic key.
  • Compact field selector — choosing which fields to share now uses a tight two-column chip grid instead of full-height toggles, so the Create Secure Link button is always visible without scrolling.
  • Result screen polish — the entry title, heading, and description are now arranged in a clearer hierarchy on the link-created screen.
Version 2.8 AutoFill reliability, passkey polish & Italian / Japanese / Portuguese
Bug fixes
  • AutoFill “incorrect password” after reinstall fixed — a stale biometric key left in the keychain by a previous install could pass Face ID but fail to decrypt the new vault. RookPass now clears the old key at vault creation so fresh installs always start clean.
  • AutoFill vault decode fixed — the AutoFill extension was trying to decode the vault as a bare JSON array, but the main app stores it as a keyed envelope. All unlock methods (master password, PIN, Face ID) now work correctly in AutoFill.
  • Face ID prompt timing fixed — enabling Face ID during setup now immediately triggers the OS “Allow Face ID?” permission dialog rather than deferring it to the next app launch.
  • AutoFill Face ID auto-trigger fixed — Face ID no longer fires and immediately fails when the AutoFill sheet opens. A short pause ensures the extension is fully presented before the biometric prompt appears, and system-cancel errors are now handled silently.
  • Passkey registration requires authentication — creating a passkey via AutoFill now requires vault unlock first. This eliminates a blank-screen flash users saw before, and closes a security gap where passkeys could previously be registered without proving vault ownership.
  • PIN step transition fixed — the slide animation between setup steps no longer jumps or bleeds outside the view container.
Localization
  • Italian, Japanese & Brazilian Portuguese — RookPass is now translated into Italian (it), Japanese (ja), and Brazilian Portuguese (pt‑BR). All six non-English locales now have complete coverage across every screen.
Polish
  • Home import button — “Import from another app” on the Home screen now uses the same accent-color style as the Vault screen, making it visually actionable rather than appearing dimmed.
  • Onboarding copy updated — step 3 in the setup roadmap now accurately describes the AutoFill one-tap flow.
Version 2.7 French, German & Spanish language support
Localization
  • French, German & Spanish — RookPass is now fully translated into French (fr), German (de), and Spanish (es). Every screen, every field label, every status message, and every import guide now appears in your device language automatically.
  • Complete coverage — every screen in the app — including vault entry field labels, password health descriptions, onboarding, the import wizard, secure-share flow, and Pro features — is fully translated in all three languages.
  • Template field labels — structured item types (Credit Card, Identity, Passport, Driver’s License, Bank Account, API Credential, Software License) now display field names like “Cardholder Name”, “Date of Birth”, and “Routing Number” in your selected language.
  • Health dashboard — score labels, descriptions, category names, and estimated fix times now respect the device language.
  • Starter checklist — setup progress titles on the Home screen are now localized.
Version 2.6 Onboarding, recovery, settings & theme polish
First Run
  • Security-first onboarding — the first-launch flow now opens with a tighter two-screen introduction that explains RookPass's local-first model and gets you into setup faster.
  • Cleaner setup handoff — creating your vault, choosing quick unlock, and landing in Home now feel more direct and less like a walkthrough you have to clear.
Recovery & Lock Screen
  • Forgot master password path — the lock screen now gives you a real way forward. Retry biometrics, use a saved recovery code, or erase the vault and start over.
  • Recovery codes are optional backup — they are still available from Settings → Security, but they are no longer forced during first-run setup.
Themes & Settings
  • Stronger theme model — RookPass now leans on a smaller set of complete themes instead of mixing themes with separate accent choices.
  • Fern is back — the green theme returns under its original name.
  • Simpler Theme picker — choosing a theme in Settings is back to a straightforward list.
  • Vault tab theme fixes — the Vault list, chips, rows, and supporting surfaces now follow your selected theme correctly.
  • Settings cleanup — stale onboarding replay is gone, destructive sheets now use the real RookPass theme tokens, and the page better matches the rest of the app.
Version 2.5 Security hardening, import & polish
Security
  • Change PIN or passphrase — update your quick-unlock PIN or passphrase at any time from Settings → Security without needing to wipe and re-enroll.
  • Passphrase unlock — use an alphanumeric passphrase instead of a 6-digit PIN for quick unlock. Any length, letters and symbols allowed.
  • Master password lockout — after 10 failed attempts RookPass locks for 15 minutes. Resets automatically on any successful unlock.
  • Recovery codes use secure clipboard — copied codes auto-clear after 60 seconds and are wiped when the app backgrounds, matching password copy behavior.
  • Fixed iOS Save Password prompt — the system “Save Password” prompt no longer appears when entering your master password on the lock screen, in Settings, or during setup.
Import
  • Import from KeePass, 1Password, Proton Pass, and Google Authenticator — drop in an XML or JSON export and RookPass auto-detects the format. Existing Apple Passwords CSV and .rook imports still work as before.
Password Health
  • Fix All bulk action — tap “Fix All” at the top of any expanded category to step through every issue in one guided session.
  • Category context — each health category now shows a brief explanation of why it matters.
Theme & Visual Polish
  • Fixed custom themes on the lock screen — Midnight, Abyss, Fern, and Parchment now display correctly on unlock and setup screens.
  • Fixed theme consistency — AutoFill setup guide, Paywall, Pro Expired, Guided Fix, and Recovery Codes screens now render with the correct theme styling.
  • Fixed vault list fade artifact — resolved a visual issue that could appear as a bright stripe on dark themes.
  • Fixed card and row backgrounds — Activity Log and Password Detail now use the correct surface colors.
Haptics
  • Haptic feedback fully respects your setting — interactions now honor the haptics toggle consistently, including cases that could previously fire when haptics were disabled.
Also in this update
  • iCloud sync reliability — each vault now syncs to its own independent CloudKit record.
  • Add a PIN from Settings — users who skipped PIN setup during onboarding can now enroll a PIN or passphrase at any time from Settings → Security.
  • PIN confirm screen layout — the keypad no longer shifts size when advancing from “Create your PIN” to “Confirm your PIN”.
  • Password strength on master password change — a live strength indicator now appears while typing a new master password in Settings.
  • Passphrase strength + reveal — when changing or setting up a passphrase unlock in Settings, a live strength bar and a show/hide toggle now appear on the passphrase field.
  • PIN vs. passphrase confirmation — the success alert after changing your quick-unlock credential now says “PIN Updated” or “Passphrase Updated” instead of the generic “Updated”.
  • “Stay Unlocked After Relaunch” — the Relaunch Grace setting is now labelled more clearly in Settings → Security.
  • Corrected Settings → App Guide link — the onboarding walkthrough now correctly points to Settings → App Guide (not Settings → About).
  • No more spurious paste dialog — the app no longer triggers the iOS paste-permission alert on launch or when the screen turns off, by avoiding unnecessary pasteboard reads.
  • Default Password App save sheet — when RookPass is set as the Default Password App, a save confirmation sheet now appears when a login form is submitted. The credential is held securely until the vault is next unlocked.
  • Swipe actions renamed — “Copy PW” is now “Copy Password” and “Unfave” is now “Unfavorite” in the password list swipe actions.
  • Accessibility — the security score ring and AutoFill banner now announce their content to VoiceOver clearly.
Version 2.4 Password Health overhaul
Password Health — Major Improvements
  • Smarter badge — the Health tab badge now excludes issues you’ve already ignored, so the number always reflects what still needs attention.
  • Quick Password Change — fixing a weak, reused, old, or breached password opens a focused sheet with your current password (masked, with reveal and copy), a live strength bar, and one-tap strong-password generation.
  • Side-by-side duplicate review — both entries are shown together so you can compare them before deciding which to keep.
  • Fix all at once — tap “Fix all N” at the top of any expanded category to step through every issue in one guided session.
  • Ignore all at once — long-press any category header to dismiss every issue in that section.
  • Reused password context — each reused entry shows how many other accounts share that password, so you can prioritise the most exposed ones first.
  • Less 2FA noise — “2FA Not Configured” warnings are no longer shown for accounts with no website or known TOTP support.
  • Accurate age warnings — guided-fix descriptions for old passwords reference your actual configured age threshold, not a hardcoded value.
  • Cleaner tab bar — the security badge now only appears on the Health tab, not the Home tab.
Vault List
  • Icon legend — tap ··· then “What do the icons mean?” to learn what the star, 2FA, passkey, and strength dot icons mean at a glance.
Version 2.2 One-tap import & vault protection
New
  • Import from Apple Passwords in one tap — export your passwords from Apple Passwords (or any app that can share a CSV, JSON, or .rook file) and tap “Share → RookPass”. RookPass opens straight to the import preview — no file-picker needed. If your vault is locked when the file arrives, RookPass queues it and shows the preview the moment you unlock.
Security
  • Master password required to wipe — the “Reset App & Delete All Data” action now requires you to verify your master password before the “type DELETE” confirmation is shown. This prevents an accidental (or malicious) tap from destroying your vault.
  • “Wipe & Start Over” removed from lock screen — the prominent one-tap wipe button has been removed from the lock screen. An emergency path (“Can’t access your vault?”) remains for users who are truly locked out, but it now requires typing “DELETE” in full before the action proceeds.
Version 2.1 AutoFill save & polish
New
  • Save from AutoFill — when you log in to a site that isn’t in your vault, a “New Login for [domain]” row appears at the bottom of the AutoFill credential list. Tap it and RookPass opens directly to a pre-filled Add Entry form so you can save the credential in seconds.
  • Save on form submit (iOS 26.2+) — when RookPass is set as your Default Password App and you submit a login form in Safari, iOS asks RookPass to save the credential on the spot. RookPass shows a “Save to RookPass?” sheet with the site, username, and masked password. Existing entries are updated; new credentials are added to your vault automatically.
Improved
  • Biometric-first unlock — the lock screen now leads with Face ID or Touch ID rather than the master password field. Biometrics are attempted immediately on open; the master password fallback is still one tap away.
  • Home tab recents — recent entries are now displayed as full-width stacked cards instead of a horizontal scroll. The “Add Item” tile on Home opens the type-picker sheet directly.
  • Passkey registration — passkeys registered through the AutoFill extension are now correctly saved to your vault on the next app unlock. Previously, passkey registrations were acknowledged to the website but silently lost from the vault.
  • Password expiry discovery — the “Set expiry date” option in Add / Edit entry is now visible to all users, showing a Pro badge for free accounts. Previously the section was hidden entirely, making the feature impossible to discover before upgrading.
Version 2.0 Rook Send
New
  • Rook Send (Pro) — share any vault entry as a secure, expiring link. The recipient opens a link in any browser — no app required. Encryption happens entirely on your device; our relay stores only ciphertext and never sees your key.
  • Zero-knowledge encryption — each share uses AES-256-GCM with a random 32-byte key. The key lives only in the URL fragment, which is never sent to any server by HTTP spec. Without the full URL, even RookPass's relay cannot read your data.
  • Access code protection — optionally set a password on a share. The key is then derived via PBKDF2-SHA256 (600k iterations) from your access code and a URL-embedded salt. The recipient must enter the code to decrypt; 5 wrong attempts locks the page.
  • Expiry control — shares expire automatically after 1 hour, 24 hours, or 7 days. The relay deletes the ciphertext when the TTL passes.
  • Sent list — see all your active shares in Settings → Sent Links. Revoke any link instantly with one tap; the relay deletes the payload immediately.
  • Swipe to share — swipe left on any vault entry and tap the share icon to open the Send sheet.
Version 1.8 RookPass Home
New
  • Home tab — a new first tab gives you your security score, live TOTP codes, and your most-used entries at a glance. The health score ring is always visible so your posture is ambient, not buried.
  • Live TOTP strip — pin up to 5 entries from the 2FA tab. Their ticking countdown codes appear on Home; tap to copy instantly without switching tabs.
  • Smart Recents — your four most-used entries surface as large tap targets on Home. Free tier uses pure recency; Pro tier blends recency with open-frequency weighting for smarter ranking.
  • Tab restructure — tabs are now Home / Vault / 2FA / Health / Settings. The Home badge mirrors the Health badge so issues are always visible.
Improved
  • Pin up to 5 TOTP entries (previously limited to 1). All pinned entries appear on the Home TOTP strip; the first pinned entry continues to drive the home screen widget.
  • Entry open counts are now tracked persistently across launches and used for Pro-tier frequency-weighted recents ranking.
Version 1.7 Structured item types
New
  • New Credit Card — store cardholder name, card number, brand, expiry, CVV, and billing ZIP with a dedicated card form.
  • New Identity — save personal details including name, date of birth, contact info, address, and masked SSN.
  • New Bank Account — store routing number, account number, IBAN, and SWIFT/BIC securely.
  • New Passport — keep passport number, country, nationality, and expiry all in one place.
  • New Driver’s License — store your license number, state/region, and validity dates.
  • New API Credential — dedicated form for API keys, endpoints, and organisation details.
  • New Software License — track license keys, registered emails, order numbers, and publisher info.
  • New Item type picker — tapping + now opens a categorised grid so you can choose exactly what to add: login, secure note, or any structured type.
Improved
  • Improved Password Health — structured items that don’t use passwords (cards, identity, passports, etc.) are now automatically excluded from weak, reused, old, and duplicate password checks.
  • Improved Vault list — each item type shows its own icon and accent colour for at-a-glance identification.
Version 1.6 Generator & autofill upgrades
New
  • Username generator — generate random usernames alongside passwords in the Add / Edit form. Choose from adjective-noun combos, email aliases, or random strings.
  • Minimum-character guarantees — set per-type floors (digits, symbols, uppercase) in the password generator so generated passwords always meet a site's specific requirements.
  • TOTP autofill — RookPass now surfaces TOTP codes directly in the AutoFill suggestion bar in Safari and in-app keyboards, so you can tap to fill your 2FA code without switching apps.
  • URI matching — AutoFill now uses full URL-path matching (not just domain) to surface the most specific credential for a given login page.
  • Health “Ignore” — mark any entry as ignored in Password Health. Ignored entries are skipped in weak, reused, old, and duplicate checks, and are hidden from the Guided Fix workflow.
  • Breach badge — entries that have been confirmed breached show an inline badge in the vault list so you can spot them at a glance without opening the entry.
Version 1.5 Pro lifecycle & polish
New
  • New 7-day free trial — new subscribers can try RookPass Pro free for 7 days before the annual subscription begins. No charge until the trial ends.
  • New Graceful Pro expiry — if a Pro subscription lapses, a clear sheet explains which features are paused and offers a one-tap renewal. Your vault and all its data remain completely intact.
  • New Renewal reminder — the Pro row in Settings shows “Renews in N days” in amber when renewal is within 7 days, so you’re never surprised.
Fixed
  • Fix Password list rows, 2FA rows, and detail screens now correctly adopt all four app themes (Default, Indigo, Fern, Abyss) — no more black rows on dark themes.
  • Fix Health tab redesigned as a single grouped card. New users see an onboarding screen with a feature overview instead of an empty broken list.
  • Fix Vault filter empty state is now context-aware — filtering by “Social” shows “No Social entries” rather than the generic “Your vault is empty” message.
  • Fix AutoFill setup screen simplified to two clear status checks with a single action button — easier to diagnose and fix in one tap.
Version 1.4 Power & polish
New
  • New 2FA long-press menu — long-press any code row to copy the code, copy the password, open the entry, or pin it to the widget.
  • New Password strength indicator — each vault row now shows a small coloured dot reflecting the password's entropy (weak → red, fair → orange, strong → green, very strong → teal).
  • New 2FA home screen widget — pin any TOTP entry from the 2FA tab and get a live countdown code directly on your home screen. Vault is locked between sessions; widget shows a locked state until you open the app.
  • New Bulk actions (Pro) — enter multi-select mode from the vault toolbar to move, tag, or delete many entries at once.
  • New Expanded import — RookPass now imports LastPass CSV exports and Apple Passwords CSV exports (iOS 18 / macOS Sequoia), including OTPAuth 2FA codes.
Fixed
  • Fix Copying a 2FA code now shows a small inline checkmark rather than replacing the code text with “Copied!” — the code stays readable the whole time.
  • Fix 2FA tab empty state now clearly explains that entries appear automatically when an entry has a TOTP secret — and provides a quick guide for adding one to an existing entry.
  • Fix Upgrade screen now shows a confirmation state (“You’re on Pro”) if opened while already subscribed, instead of the purchase button.
Version 1.3 Organize & extend
New
  • New Custom categories — Pro users can label entries with any category name beyond the 8 built-in types. Custom categories appear as filter chips in the vault list.
  • New Folders — organise entries into folders for quick filtering. Folders are a free feature; assign them in the Add / Edit entry form.
  • New Dedicated 2FA view — a standalone tab lists every TOTP entry with live countdown rings so RookPass acts as a full authenticator replacement. Tap any row to copy the code.
  • New Password expiry reminders — set an optional expiry date on any entry. Expiring entries surface in a new “Expiring Soon” health category and trigger a local notification (Pro).
  • New Persistent audit log — security events (unlocks, edits, exports) are encrypted and stored across app launches for Pro users. Free tier keeps an in-session log only.
  • New Unlimited password history — Pro vaults retain every historical password. Free tier keeps the last 3 per entry.
  • New iCloud conflict resolution — when “Restore from iCloud” detects a diverged vault, a sheet lets you choose to merge, use the cloud copy, or keep your local data.
Fixed
  • Fix Alternate app icon picker now correctly switches icons. Previously the picker silently failed because the CFBundleAlternateIcons entries were missing from Info.plist.
  • Fix Icon set trimmed to Navy, Sage, and Mono — three alternate options with clear visual distinction.
Version 1.2 Pro features
New
  • New RookPass Pro — optional annual subscription unlocking advanced power-user features.
  • New SSH key storage — generate and store Ed25519 / RSA SSH keys directly in your vault (Pro).
  • New Per-entry biometric lock — require Face ID or Touch ID before revealing the password for a specific entry (Pro).
  • New Vault-wide breach scan — scan every password against the Have I Been Pwned database in a single tap (Pro).
  • New Multiple vaults — create and switch between separate encrypted vaults (Pro).
  • New Alternate app icons — choose from Navy, Sage, and Mono icon styles in Settings.
Version 1.1 Security & resilience
New
  • New Recovery codes — generate a batch of single-use offline backup codes to regain vault access if biometrics and PIN are unavailable.
  • New Relaunch grace — optional setting that lets you re-enter the app within 5 minutes of backgrounding using biometrics only, skipping the master password.
  • New Security audit log — in-app history of unlock attempts, credential changes, and security events, accessible from Settings.
  • New Trash with configurable retention — deleted entries are soft-deleted and auto-purged after a configurable number of days (default 30).
Fixed
  • Fix Biometric unlock (Face ID / Touch ID) no longer silently disables itself after an app restart — keychain access group and migration handling hardened.
  • Fix PIN attempt counter is now stored securely in the Keychain, hardening the brute-force lockout against tampering.
  • Fix Settings no longer triggers a spurious Face ID prompt on open.
  • Fix Auto-lock timeout now correctly applies across process restarts, not only within the same session.
Version 1.0 Initial release
New
  • New AES-256-GCM encrypted vault — all data on-device, zero-knowledge architecture.
  • New Face ID, Touch ID, and master-password unlock flows.
  • New 4 or 6-digit PIN as a quick-unlock option with rate-limited attempts.
  • New Passkey support — register and sign WebAuthn assertions from the RookPass AutoFill extension.
  • New TOTP / 2FA code generation with live countdown ring, QR scanner, and full otpauth:// parameter support (SHA-1 / SHA-256 / SHA-512, custom digits and period).
  • New Password Health Score — detects weak, reused, and unchanged passwords with a Guided Fix workflow.
  • New AutoFill extension — passwords and passkeys appear in Safari and in-app login prompts.
  • New Tags & chip filter — search and organise across your own taxonomy, not just the built-in categories.
  • New App Intents — generate a password, look up an entry, or lock the vault from Shortcuts and the Action Button.
  • New Light / Dark / System theme setting.
  • New Import CSV from Chrome, Safari, 1Password, Bitwarden — plus encrypted .rook re-import.
  • New Export vault to CSV or encrypted .rook archive.
  • New Optional iCloud sync — only encrypted ciphertext is ever uploaded.
  • New Spotlight search integration.
  • New Password generator with length, complexity, and passphrase options.
  • New Configurable auto-lock timeout and unchanged-password age threshold.
  • New Favourites, categories, sort, and notes / custom fields per entry.
  • New Themed home-screen widget.
  • New Optional Face ID / Touch ID step-up before revealing or copying any password.
  • New Passwords copied to the clipboard are automatically cleared after 60 seconds.
  • New No third-party SDKs, analytics, or tracking — your data never leaves your device.
  • New Breach check — check any password against the Have I Been Pwned database using the k-Anonymity model (only first 5 chars of the SHA-1 hash are sent).