[Feature request] Password or pin protection #289
Comments
|
I'm afraid that would be out of scope. Securing apps and device data is something for the operating system to handle. You can also get extra security using an encrypted hard drive, but doing this at the app level I think would not make sense. |
|
i did not think about securing data at os level. imo this is handled really well with the e2e encryption feature. all i thought about is some sort of protection against curious roommates etc. a simple password input would do the trick. |
|
To provide more details, the end to end encryption that Joplin implements is to protect the data during transmission and on the cloud service so that only you can access it. On the local device it is assumed that the data is safe due to the OS built-in security features. If additional security is needed it's always possible to put the notes on an encrypted Truecrypt drive for instance. If someone that you don't trust has access to the computer, they can put a keylogger anyway so any local encryption would not be useful. |
|
I felt the need for this on my job pc. It is password protected but my boss have access to it. I understand your point on the security aspect of Joplin is out of scope. It doesn't seem priority but tell me if I'm wrong, it seems rather easy to check if encryption is set on an instance on startup and prompt for the master password to continue (unlock) instead of loading it from sqlite db. |
|
yes @mikeziri thats exactly my opinion. it should not be very complicated to get passwords from an input field and it would add exactly this level of 'security' i am talking about. often a password prompt is all it needs to stop people from looking through your private data you do not want them to see. |
|
The SQLite database is not encrypted, even when E2EE is enabled. It might contain encrypted items it got via synchronisation but those will eventually be decrypted too. Asking for a password wouldn't be useful if the data behind is not encrypted - anyone can easily open the SQLite file and view all the content without launching the app. Other than a built-in solution, you could probably do this using a small script. You could for instance put the profile directory in a password-protected ZIP file. Then with a bash or batch script, you would unzip the file (at which point you will be asked a password) and then run the app. When the app close, you'll re-encrypt the file again from the same script. Otherwise putting the profile on a USB key that you can take with you could be a solution too. I think some USB keys have built-in encryption. |
|
Just to understand better: just to see how I approach a solution for my situation. ty |
|
the method with the zip script could work, yes, even if it's a bit of a workaround. |
|
@mikeziri, yes, the note directory on the cloud service (eg. OneDrive, Nextcloud, etc.) has encrypted data. The local, SQLite data is not encrypted. |
|
could not agree more. there should be a password to open the app |
|
while I'm at it, it would be great if images could be copied to a note. that and the password get done, I'm contributing and sticking with Joplin. Thank you for considering my requests |
|
This should really be reopened, because of the lack of a pin/password, basically a boss key, Joplin is unusable safely in a work/public setting on a desktop computer. Yes, on your own Android device you can get a third-party app to lock it, but on a work/public computer most people don't have privileges to install such apps and anybody that sits down (or remote desktops) in front of such a computer can immediately go through their notes. A simple pin would alleviate 99% of this problem leaving your notes readable only to a determined IT guy - and that certainly wouldn't be the scope of this request. |
|
I'm reopening the issue in case someone would like to propose a pull request. |
|
I'm not a programmer but I would like to add two other points:
|
|
Waiting for this feature |
|
I'll have to be honest that a password to open the app without encrypting the database itself seems more like a quick hack than a security precaution. It could do the job for some use-cases, but Joplin becomes useless for any sensitive information (I already have KeePassXC for passwords, but it is not practical at all for writing and syncing notes). |
|
Yes, well, that might be a part of the reason why Laurent is hesitant to just hack something together. Right now I don't have enough time to look for links, but multiple people (including me :D ) have asked about this before, both here and on the forum. Maybe take a look if you're interested. Though I do disagree with the sentiment that Joplin "becomes useless". There is working E2E encryption, and if you're afraid of your device falling into the wrong hands, you can encrypt the entire device. (Whether it's a phone or a pc.) Or you can just keep Joplin data in an encrypted partition. |
|
Not totally useless for sure, but I meant useless for anything sensitive. I don't care so much in my Linux laptop, which I have already setup very securely, but having unencrypted notes in an Android phone feels like sharing all my notes with the world! I'm not complaining, though, but this is something that would be very valuable. |
|
And your android isn't encrypted?
…________________________________
From: teresaejunior <notifications@github.com>
Sent: Thursday, June 7, 2018 6:01:42 PM
To: laurent22/joplin
Cc: Ladislav Benc; Comment
Subject: Re: [laurent22/joplin] [Feature request] Password or pin protection (#289)
Not totally useless for sure, but I meant useless for anything sensitive. I don't care so much in my Linux laptop, which I have already setup very securely, but having unencrypted notes in an Android phone feels like sharing all my notes with the world!
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#289 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AEDG65KEcjpfT1_HMINZt5VcP6-9yFF7ks5t6U5mgaJpZM4Sm6gT>.
|
|
Applications in Android are sandboxed, but it is not that difficult to find applications that manage to break the sandbox, or even root the phone. I take all precautions I can, of course, but security is never too much. |
|
I agree that anything less than an encrypted mysql db is less than ideal, but a pin/boss key is not a hack, it is just a small step towards better security on public computers. Having said that, the end goal should still be database encryption. |
|
Hi All, |
|
I think having the notebooks themselves password protected would be the best (perhaps optionally down to the note level, but that's more granularity than I need, personally). I have a hard time convincing people that my notebook called "not pr0n" doesn't have pr0n in it when all it takes is a click of a mouse. |
|
J/k btw, but I do have some sensitive information in my notes which will prevent me from switchign to Joplin until that feature arrives. I really dig this tool, though - would love to see that feature and make the switch. |
|
I'm also waiting for some similar capabilities. As a manager now, I share 90% of my notes with my staff - but I don't really have a private area to put down notes that may be sensitive in nature. I attempted to run Joplin in multiple sessions and that worked one-quarter of the time, with synchronization kind of hap-hazardly working. |
|
I agree with the above comments. There needs to be a way to keep data encrypted and locked on the devices themselves so that other users or applications cannot access the contents. A good example is the Signal app which encrypts both the transmissions and the client side data (if chosen). |
|
@laurent22 , could you use SQLCipher (transparent encryption for SQLite) for Node? Ex: https://coolaj86.com/articles/building-sqlcipher-for-node-js-on-raspberry-pi-2/ |
|
I've been looking for the best 1-to-1 Evernote replacement for some months now and was excited to find Joplin. I was really surprised that it stores its password in local plain text and, especially, lacks the ability to query for a PIN or PW upon startup. Last week I was violently mugged and the attackers took my phone, which I had foolishly (imo) only secured with a swipe-lock (could potentially be figured out by looking at the fingerprint streaks). I had Evernote on there, complete with 1,000 notes, and had been unaware of its PIN feature. So if they got into the OS they could likely get into my Evernote, full of sensitive information. Not good. I think I ended up OK, but that experience really got my looking at how to better secure my software, especially on Android phones. If Joplin mobile really doesn't have even rudimentary PIN security that is a huge drawback / risk in my opinion. Makes me very hesitant to fully adopt Joplin. Btw, Android has an ecosystem of third-party "app locker" apps that claim to secure other apps, but all the ones I tried seemed easily circumvented, such as by uninstalling them. |
|
In Android, Joplin's data is in a folder that's inaccessible without root, so if the attacker doesn't know your phone password (if they can't unlock it) they can't access any of that data. |
|
I agree with the sentiment of optionally requiring the user enter a password or pin when the app starts, and preferably using that to access locally encrypted data. As others have said, sometimes I'll allow others to use my PC (to look up something on the web) or smartphone (to make a quick call). I wouldn't want them to be able to see all my account numbers and passwords simply by pressing on an icon. I haven't used it, but I see SQLite has an encryption extension: |
|
Adding on to this, maybe it would be good to be able to set a seperate pin for a certain note, for extra special security. |
|
I'm also waiting for this ability and need this as a simple protection against roommates. |
|
I'm not a code magician like @laurent22 is and don't mind as I'm linking a commercial application here and totally understand how tough it's to maintain this one. Standard Notes went through the same request two years ago and I guess they're currently encrypting the data at rest too. The linked issue provides a great insight which will be a great step for Joplin to look into. Use case is Granny or some random noob's malicious desktop which has a malware application actively scanning the app data on desktops where encryption at rest could slightly help along with the pin protection like many members request here to get rid of nosy roommates. |
|
I would love to see the database encrypted as well. I don't want my employer to be able to find all my notes just because they are not staying encrypted in my work laptop. This sounds like a critical privacy feature to me. |
As a reminder, it's easy to setup an encrypted container with VeraCrypt and put on it everything you don't want your employer to have access to. The simplest way is to use Joplin portable application (on Windows), and put it on the encrypted container - both the app and the profile will then be encrypted. |
|
Not supporting encryption is the main reason that prevents me from using Joplin. Adding passwords to a few specific notes is a common requirement. For example, as a operations personnel, will use Joplin to record some of the work content, which can be unencrypted, but will also record the server, middleware user name password, which requires the use of password access.
|
Again, I'm really curious, why not use VeraCrypt to encrypt Joplin and its profile directory? That way you don't need to worry about encrypting some notes and not other, you'll have the whole thing encrypted. Or am I missing something? |
My hard drive uses BitLocker encryption to achieve what you say is similar to the VeraCrypt feature, but the scenario I'm talking about is:
This is why OneNote and Evernote support encryption for specific notes. |
There are not so uncommon scenarios of multiple people using the same computer - certain work situations and families to name just two. To use the system you are proposing one would need to dismount the veracrypt volume and close joplin every single time they leave the computer. It would be preferable to have the option of Joplin encrypting the entire database and decrypting it on the fly/user request, or keeping certain notes encrypted and manually decrypted on request with special password(s) as @gudaoxuri suggests, or have such notes (or the entire database) lock themselves automatically on a timer and then require a password. |
|
A Veracrypt container is also a bit of a mess to sync with a cloud service. |
|
True, that's why I'd recommend Cryptomator https://cryptomator.org/ for that. The thing is excellent.
|
Laurent, I'd like to use Joplin on my desktop (Windows and Linux) and on my mobile phone (Android). Veracrypt would help out on the desktop, but what about mobile? Thanks. |
|
I found joplin today and tested (Desktop Windows) the reason why I can't continue using it is because there no Password lock when open the app. This 2 options should be available:
I'm looking for a secure note application with end-to-end encryption, without this 2 missing features is the application only 50% safe. |
|
@laurent22, You keep asking people why they will not use VeraCrypt and the answer is simple. People don't want to have to be forced to install and use separate external software to achieve a feature that other Note Apps like Standard Notes already have built-in. Users generally like Bundled Features. |
|
Exactly that. Personally it's my #1 reason for not (yet?) switching. Any external solution hack/bandaid will be more bothersome, less robust, less versatile, and ultimately less secure than a properly done native implementation of those features. Features, in this case, that are starting to be seen as standard and desirable for apps in this category. |
|
Locking for now since nothing new is being added. |
and others
I think it would be nice to have a password or pin protection for notebooks. This would add some privacy for the notes and todos if the content of the notebooks would only be visible when the user enters a password. The notebook should be 'locked' again when an other notebook gets opened or the app is closed.
The text was updated successfully, but these errors were encountered: