Jump to content

Is Evernote a safe place to store my passwords?


Recommended Posts

Posted

I'm a relative novice to Evernote and have just gone premium on it. The applicability is staggering. But so far, I have not used it as a means of storing login and password data for other apps and other things I use. Is the encryption robust enough for me to store a list of my logins and passwords for, say Google, Active.com, etc.? Does anyone else use Evernote to store this stuff?

  • Level 5*
Posted

Me too, I'm an OS X user and 1Password is probably safer and certainly more useful as I can populate user name and password fields with a key combo. I'm sure there is something similar for Windows - lastpass maybe???

  • Level 5
Posted

During one of the Evernote podcasts, the Marketing Director of Evernote said he stores his Federal Tax returns in Evernote. He did not mention encryption.

Heather from Evernote said: "she stores "my "sensitive" information (Passport scans, titles, tax info) in Evernote unencrypted as well. It's a matter of personal preference/comfort level."

Personally, I use LastPass for my passwords. They are all very long (more than 12 characters) and use upper case, lower case, digits, & symbols.

Why? Take a look at this page to analyze your password.

https://www.grc.com/haystack.htm

Posted

I'm a new user and like KeePass for passwords on Windows. I'd like to store some passwords in Evernote but since you can't password protect (encrypt) a notebook - it isn't safe (imo). I would like to put past taxes and other sensitive info (copies of birth certificates, passports, etc) but am concerned since I can't protect a notebook. From the evernote website:

"It's also worth mentioning that Evernote doesn't support the encryption of any of the following:

* Images/PDFs

* File Attachments (like Office documents)

* Audio Clips

* Whole Notes/Notebooks"

Please Evernote, add the ability to password protect a whole notebook or at least individual PDFs.

Thanks.

Posted
Please Evernote, add the ability to password protect a whole notebook or at least individual PDFs.

PDFs are already able to be password protected (and more importantly, encrypted) using a PDF viewer such as Paperport or PDF Xchange (free).

  • Level 5
Posted

For stuff like birth certificates, Social Security cards, etc, which are sensitive, but not needed on an instant basis, I put them into my local non-synchronized notebook. They are only available to my local client. They never reach the cloud or Evernote's servers.

Posted

I would recommend storing your passwords and credit card details in something secure like KeePass, rather than Evernote. It's free and runs on everything including Android/iPhone. You could then keep your KeePass database in Evernote.

Posted
You could then keep your KeePass database in Evernote.
wouldn;t that negate the security? If in a synced notebook.
Posted
Password managers store the data encrypted.

Thanks. I've been using lastpass and a while ago decided to copy - selct all , copy, paste - the file - into EN, then I select all, and encrypted in EN.

Should I be concerned? Originally, I had it in an offline NB, but now it's synced.

Posted

Thanks. I've been using lastpass and a while ago decided to copy - selct all , copy, paste - the file - into EN, then I select all, and encrypted in EN.

Should I be concerned? Originally, I had it in an offline NB, but now it's synced.

If you're copying & pasting all the records, no, it's not encrypted. Qot said he/she was dropping the password manager database into Evernote. I'm not familiar with Keepass, but based upon my experience with other password managers, the only reason it would make sense to do that is to have a backup of your password database in the cloud (in the event of a total loss of your computer & hard drives) b/c you wouldn't be actually using the database that's stored in Evernote.

Posted
If you're copying & pasting all the records, no, it's not encrypted.

Thanks for ur response, as I said I'm encrypting the note in Evernote. Do you not think that doing it in EN encryption is enough?

Posted

Thanks for ur response, as I said I'm encrypting the note in Evernote. Do you not think that doing it in EN encryption is enough?

If you're encrypting the EN note, then that should be good, unless you want to get technical about how strong the EN encryption is. (I don't know/remember b/c I never use the EN encryption anyway.) As Dave said in the link I posted above, he doesn't store really important passwords in Evernote. Again, a matter of your personal comfort level.

Posted
You could then keep your KeePass database in Evernote.
wouldn;t that negate the security? If in a synced notebook.

You store the KeePass database in Evernote so you can access it wherever you are, even from your smartphone. It's brilliant! And no, it will still be secure as it has its own internal encryption. KeePass is essentially unbreakable, it's very very good.

Posted
the only reason it would make sense to do that is to have a backup of your password database in the cloud (in the event of a total loss of your computer & hard drives) b/c you wouldn't be actually using the database that's stored in Evernote.

Not so, I actually keep my KeePass database in an Evernote note and open it from there. That way wherever I am I always have it with me. :D

Posted

I love keepass and the idea of keeping the kdb file in evernote so it is always current on my laptop and desktop.

1. Is there anything to worry about or know about in making this work? Or is it as simple as stopping keepass from loading on windows start and opening it from within evernote?

2. Will the kdb file sync correctly if it is open on two computers at the same time? ie. do I have to save and/or close the database for it to be synched?

3. Are you using keepass 1.x or 2.x version?

4. Also, can you run keepass from within evernote on an iPhone?

Thanks for any tips on this.

Posted
I love keepass and the idea of keeping the kdb file in evernote so it is always current on my laptop and desktop.

1. Is there anything to worry about or know about in making this work? Or is it as simple as stopping keepass from loading on windows start and opening it from within evernote?

2. Will the kdb file sync correctly if it is open on two computers at the same time? ie. do I have to save and/or close the database for it to be synched?

3. Are you using keepass 1.x or 2.x version?

4. Also, can you run keepass from within evernote on an iPhone?

Thanks for any tips on this.

You don't run Keepass on Windows start anyway so that's ok. The database won't sync correctly if you open it on two computers at the same time but that's exactly what you'd expect.

I'm using Keepass 1.x so I can run it on my Android phone.

Not sure how it would load on your iPhone, it does load fine from within Evernote on Android. Only one way to find out right!

  • 1 month later...
Posted

Hi,

I'd like to make a "Feature request" about Evernote having a sucure version of KeepPass or some similar sort of developed add-on.

In which to store more sensitive login information etc. Is this the right Fourm/place to make feature requests like this?

Thanks,

Jim.

Posted
Hi,

I'd like to make a "Feature request" about Evernote having a sucure version of KeepPass or some similar sort of developed add-on.

In which to store more sensitive login information etc. Is this the right Fourm/place to make feature requests like this?

Thanks,

Jim.

Yes, the forum is a place to make feature requests. However, I doubt EN will devote resources to developing a password manager, since that is not their focus and many good ones already exist.

Posted
You could then keep your KeePass database in Evernote.

Wouldn't it better to keep KeePass in Dropbox instead? The difference being Dropbox data are encrypted, one more layer of protection.

Also, if you have a free Evernote account, you need be online to ensure availability. With Dropbox you can keep both Evernote and Dropbox subscriptions free.

CP

  • 1 year later...
Posted

I'd like to see an Evernote "app" dedicated to password management, in much the same way the Food app uses the same Evernote account for it's own very specific purpose.  Obviously for that to be a viable option Evernote account security needs to be more robust. i.e. 2FA. I don't mind paying more for premium if it means I get the option to encrypt EVERYTHING including all attachments.

  • 1 year later...
Posted

I can speak to this.

 

I have been using Evernote as a password manager, with the encryption feature.  It worked well for me - a computer lacky.  Except in a smartphone app. 

 

Encrypting made the feature more cumbersome to use in PC and my iPhone 4S, especially switching back/forth between the encrypted file (to remind me of a credential) to the website I am trying to log in.  But I accepted it.  That's what it is supposed to do.

 

The problem is that you cannot "unencrypt" to edit in on smart phone platform - only the PC.  It just wouldn't let me.  It tried, but never worked.

 

I would open the app on my smartphone, navigate to the password file, long-press the 4 dot encryption symbol to start the prompt and . . . nothing. 

 

So I stupidly hit "return" thinking since it is highlighted, it will start the prompt - and I deleted the file.  Just as though this were a word processing app.  The entire file - gone. 

 

And with Evernote - there is not an undo.  Its gone.    BTW developers - can we fix this?

 

 

I then slowly rebuilt my password file - taking months of asking for password help at the websites I frequent.

 

And then I did it again - the exact same way.  I was thinking I just wasn't pressing the right sequence to get the prompt started.  My dumb ass!

 

Now I need to find a better password manager.  I'm getting old and can't remember all this stuff.

 

Josephus

Posted

Can't speak highly enough about 1password for Mac, windows, iOS, and android. A life saver.

LastPass is a popular free option.

I'd never keep my passwords in EN not the least because of your experience. Also, unlike 1password, Evernote doesn't offer zero knowledge encryption.... Nor does it integrate into a browser, allow password generation, auto log-in, or auto update my credentials when I change passwords.

Evernote does a lot of things for me, but manage my passwords, it most definitely does not!

Posted

I use password storage in a slightly different way.

 

Because I have a number of very large passwords I can keep them in Evernote by writing only the first digit then the total amount of digits in the password. This simple prompt means I never forget and don't need to trust any other software to create my passwords.

 

Regards

 

 

Chris

  • Level 5*
Posted

Josephus,

 

For Premium users, there is a Note History capability that lets you retrieve past versions of a note. Are you a Premium user?  If so, the older note versions in Note History should have your password file in them.

  • 6 months later...
Posted

I've been using en as my password repository for several months, using text encryption for security. That works fine on my laptop and on my android smart phone, but I can't get my kindle fire to prompt for the encryption passphrase. I've tried long pressing and double tapping, but it won't work. Is there some other technique I can try? Thanks.

  • Level 5*
Posted

I couldn't agree more with Scott.

 

Consider using a dedicated password app like 1Password or LastPass.

 

These are much more secure than Evernote, and much easier to use.

I have been using 1Password on my Mac and iOS devices for several years now, and it works great.

Whenever I need to login to a web site, a simple hot key autofills the UserName and Password from 1Password.

It is also very convenient to keep credit/debit card info for easy autofill on most web site.

Finally, you can also keep all of your software keys/serial#/registration codes in 1Password.

 

And 1Password will sync across all your devices via Dropbox.

 

Can't speak highly enough about 1password for Mac, windows, iOS, and android. A life saver.

LastPass is a popular free option.

I'd never keep my passwords in EN not the least because of your experience. Also, unlike 1password, Evernote doesn't offer zero knowledge encryption.... Nor does it integrate into a browser, allow password generation, auto log-in, or auto update my credentials when I change passwords.

Evernote does a lot of things for me, but manage my passwords, it most definitely does not!

 

Posted

As mentioned a few times earlier in this thread, Lastpass is a popular option with a free and Premium plans. The Premium version is $12.00USD per year. Here's a link:

https://lastpass.com

I've never used any of these apps. Could you please recommend one?

  • Level 5*
Posted

I've never used any of these apps. Could you please recommend one?

 

I recommend 1Password and have used it for years on all my Macs, iPhones, iPads.

If you read the above posts, it looks like a lot of other users recommend it as well.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...