OmniFocus 2.6 for Mac and OmniFocus 2.15 for iOS introduced a new sync format, which offers stronger security and faster sync, and paves the way for future features. Your data is now encrypted as it leaves your device so that it’s encrypted on the server itself. All encryption and decryption happens locally, so your data is always encrypted end-to-end and the server you sync with never has access to your encryption passphrase.
How do I start using the new database format?
Learn more here: Migrating to the New OmniFocus Database Format
What is my encryption passphrase?
By default, we use your existing sync password as your encryption passphrase. If you’re syncing with our Omni Sync Server, this would be the password you specified when creating the account, or the password used when you migrated to the new encrypted database format.
If you’d prefer to use a unique passphrase, you can also create a separate encryption passphrase not linked to your sync password. There’s more information about this in the sections below.
Why would I want a separate encryption passphrase?
A separate encryption passphrase provides an extra level of security. If someone gains access to your sync password, they wouldn’t be able to read your OmniFocus data by logging into the server hosting your database.
The tradeoff to this is you’ll now have two passwords you need to make sure you remember. With this method, we’d recommend using a dedicated password management system to keep track of both the password and passphrase. If you reset your password, the separate encryption passphrase will remain as-is. Also, be aware that if you lose every single device OmniFocus is installed on and you forget your encryption passphrase, your OmniFocus database will be lost and unrecoverable.
How can I tell if my database is encrypted?
In OmniFocus for Mac, go to OmniFocus ▸ Preferences and click the Synchronization tab. Then, click Show Sync Details… and choose the Encryption tab.
In OmniFocus for iOS, swipe down on the home screen to access the OmniFocus Settings, then tap Encryption in the Sync section.
How do I change my encryption passphrase?
In OmniFocus ▸ Settings ▸ Encryption, click or tap Change Encryption Passphrase. Confirm your current passphrase, then enter the new passphrase twice.
What should I do if I don’t know my encryption passphrase?
Read this support article about how to get syncing again when you don’t know the passphrase!
What does “Passwords are linked” mean in the Encryption settings?
This is the default encryption setting, which means that the encryption passphrase was set using your sync password. If you decide to change the sync password down the road, the encryption passphrase will also be updated after you sync once from any existing synced device.
I sync with the Omni Sync Server. Will updating my password change the encryption passphrase?
Changing the sync password from the Omni Sync Server website will not immediately change the current OmniFocus encryption password. You must still enter the original encryption passphrase at least once from any actively syncing device to decrypt the server database and re-encrypt it with the new password.
Why does the “linked” status not match between devices?
If you are using a custom WebDAV setup with unique requirements (for example, device-specific passwords), the device that prompted the migration to the new format uses its password for encryption. If you have a situation like this, setting a unique encryption passphrase will ensure each device shows the same status.
Why do I keep getting prompted for the encryption passphrase?
As of OmniFocus 2.7 for Mac and OmniFocus 2.16 for iOS, you should only be prompted once for your encryption passphrase if it does not match the sync password. Please check for updates to make sure the latest versions are installed, so that you’re taking advantage of these encryption improvements.
If you have other questions, please don’t hesitate to contact us.