jvv1001001

Is Evernote a safe place to store my passwords?

33 posts in this topic

I'm a relative novice to Evernote and have just gone premium on it. The applicability is staggering. But so far, I have not used it as a means of storing login and password data for other apps and other things I use. Is the encryption robust enough for me to store a list of my logins and passwords for, say Google, Active.com, etc.? Does anyone else use Evernote to store this stuff?

1 person likes this

Share this post


Link to post
Per Dave, CTO of Evernote. I prefer to use a true password manager. I would also suggest you search the board on the word security & familiarize yourself with the topic as it relates to Evernote.

Share this post


Link to post

Me too, I'm an OS X user and 1Password is probably safer and certainly more useful as I can populate user name and password fields with a key combo. I'm sure there is something similar for Windows - lastpass maybe???

Share this post


Link to post

During one of the Evernote podcasts, the Marketing Director of Evernote said he stores his Federal Tax returns in Evernote. He did not mention encryption.

Heather from Evernote said: "she stores "my "sensitive" information (Passport scans, titles, tax info) in Evernote unencrypted as well. It's a matter of personal preference/comfort level."

Personally, I use LastPass for my passwords. They are all very long (more than 12 characters) and use upper case, lower case, digits, & symbols.

Why? Take a look at this page to analyze your password.

https://www.grc.com/haystack.htm

Share this post


Link to post

I'm a new user and like KeePass for passwords on Windows. I'd like to store some passwords in Evernote but since you can't password protect (encrypt) a notebook - it isn't safe (imo). I would like to put past taxes and other sensitive info (copies of birth certificates, passports, etc) but am concerned since I can't protect a notebook. From the evernote website:

"It's also worth mentioning that Evernote doesn't support the encryption of any of the following:

* Images/PDFs

* File Attachments (like Office documents)

* Audio Clips

* Whole Notes/Notebooks"

Please Evernote, add the ability to password protect a whole notebook or at least individual PDFs.

Thanks.

Share this post


Link to post
Please Evernote, add the ability to password protect a whole notebook or at least individual PDFs.

PDFs are already able to be password protected (and more importantly, encrypted) using a PDF viewer such as Paperport or PDF Xchange (free).

1 person likes this

Share this post


Link to post

For stuff like birth certificates, Social Security cards, etc, which are sensitive, but not needed on an instant basis, I put them into my local non-synchronized notebook. They are only available to my local client. They never reach the cloud or Evernote's servers.

Share this post


Link to post

I would recommend storing your passwords and credit card details in something secure like KeePass, rather than Evernote. It's free and runs on everything including Android/iPhone. You could then keep your KeePass database in Evernote.

1 person likes this

Share this post


Link to post
You could then keep your KeePass database in Evernote.
wouldn;t that negate the security? If in a synced notebook.

Share this post


Link to post
wouldn;t that negate the security? If in a synced notebook.

Password managers store the data encrypted.

Share this post


Link to post
Password managers store the data encrypted.

Thanks. I've been using lastpass and a while ago decided to copy - selct all , copy, paste - the file - into EN, then I select all, and encrypted in EN.

Should I be concerned? Originally, I had it in an offline NB, but now it's synced.

Share this post


Link to post

Thanks. I've been using lastpass and a while ago decided to copy - selct all , copy, paste - the file - into EN, then I select all, and encrypted in EN.

Should I be concerned? Originally, I had it in an offline NB, but now it's synced.

If you're copying & pasting all the records, no, it's not encrypted. Qot said he/she was dropping the password manager database into Evernote. I'm not familiar with Keepass, but based upon my experience with other password managers, the only reason it would make sense to do that is to have a backup of your password database in the cloud (in the event of a total loss of your computer & hard drives) b/c you wouldn't be actually using the database that's stored in Evernote.

Share this post


Link to post
If you're copying & pasting all the records, no, it's not encrypted.

Thanks for ur response, as I said I'm encrypting the note in Evernote. Do you not think that doing it in EN encryption is enough?

Share this post


Link to post

Thanks for ur response, as I said I'm encrypting the note in Evernote. Do you not think that doing it in EN encryption is enough?

If you're encrypting the EN note, then that should be good, unless you want to get technical about how strong the EN encryption is. (I don't know/remember b/c I never use the EN encryption anyway.) As Dave said in the link I posted above, he doesn't store really important passwords in Evernote. Again, a matter of your personal comfort level.

Share this post


Link to post
You could then keep your KeePass database in Evernote.
wouldn;t that negate the security? If in a synced notebook.

You store the KeePass database in Evernote so you can access it wherever you are, even from your smartphone. It's brilliant! And no, it will still be secure as it has its own internal encryption. KeePass is essentially unbreakable, it's very very good.

Share this post


Link to post
the only reason it would make sense to do that is to have a backup of your password database in the cloud (in the event of a total loss of your computer & hard drives) b/c you wouldn't be actually using the database that's stored in Evernote.

Not so, I actually keep my KeePass database in an Evernote note and open it from there. That way wherever I am I always have it with me. :D

Share this post


Link to post

I love keepass and the idea of keeping the kdb file in evernote so it is always current on my laptop and desktop.

1. Is there anything to worry about or know about in making this work? Or is it as simple as stopping keepass from loading on windows start and opening it from within evernote?

2. Will the kdb file sync correctly if it is open on two computers at the same time? ie. do I have to save and/or close the database for it to be synched?

3. Are you using keepass 1.x or 2.x version?

4. Also, can you run keepass from within evernote on an iPhone?

Thanks for any tips on this.

Share this post


Link to post
I love keepass and the idea of keeping the kdb file in evernote so it is always current on my laptop and desktop.

1. Is there anything to worry about or know about in making this work? Or is it as simple as stopping keepass from loading on windows start and opening it from within evernote?

2. Will the kdb file sync correctly if it is open on two computers at the same time? ie. do I have to save and/or close the database for it to be synched?

3. Are you using keepass 1.x or 2.x version?

4. Also, can you run keepass from within evernote on an iPhone?

Thanks for any tips on this.

You don't run Keepass on Windows start anyway so that's ok. The database won't sync correctly if you open it on two computers at the same time but that's exactly what you'd expect.

I'm using Keepass 1.x so I can run it on my Android phone.

Not sure how it would load on your iPhone, it does load fine from within Evernote on Android. Only one way to find out right!

Share this post


Link to post

Hi,

I'd like to make a "Feature request" about Evernote having a sucure version of KeepPass or some similar sort of developed add-on.

In which to store more sensitive login information etc. Is this the right Fourm/place to make feature requests like this?

Thanks,

Jim.

1 person likes this

Share this post


Link to post
Hi,

I'd like to make a "Feature request" about Evernote having a sucure version of KeepPass or some similar sort of developed add-on.

In which to store more sensitive login information etc. Is this the right Fourm/place to make feature requests like this?

Thanks,

Jim.

Yes, the forum is a place to make feature requests. However, I doubt EN will devote resources to developing a password manager, since that is not their focus and many good ones already exist.

Share this post


Link to post
You could then keep your KeePass database in Evernote.

Wouldn't it better to keep KeePass in Dropbox instead? The difference being Dropbox data are encrypted, one more layer of protection.

Also, if you have a free Evernote account, you need be online to ensure availability. With Dropbox you can keep both Evernote and Dropbox subscriptions free.

CP

Share this post


Link to post

I'd like to see an Evernote "app" dedicated to password management, in much the same way the Food app uses the same Evernote account for it's own very specific purpose.  Obviously for that to be a viable option Evernote account security needs to be more robust. i.e. 2FA. I don't mind paying more for premium if it means I get the option to encrypt EVERYTHING including all attachments.

1 person likes this

Share this post


Link to post

I can speak to this.

 

I have been using Evernote as a password manager, with the encryption feature.  It worked well for me - a computer lacky.  Except in a smartphone app. 

 

Encrypting made the feature more cumbersome to use in PC and my iPhone 4S, especially switching back/forth between the encrypted file (to remind me of a credential) to the website I am trying to log in.  But I accepted it.  That's what it is supposed to do.

 

The problem is that you cannot "unencrypt" to edit in on smart phone platform - only the PC.  It just wouldn't let me.  It tried, but never worked.

 

I would open the app on my smartphone, navigate to the password file, long-press the 4 dot encryption symbol to start the prompt and . . . nothing. 

 

So I stupidly hit "return" thinking since it is highlighted, it will start the prompt - and I deleted the file.  Just as though this were a word processing app.  The entire file - gone. 

 

And with Evernote - there is not an undo.  Its gone.    BTW developers - can we fix this?

 

 

I then slowly rebuilt my password file - taking months of asking for password help at the websites I frequent.

 

And then I did it again - the exact same way.  I was thinking I just wasn't pressing the right sequence to get the prompt started.  My dumb ass!

 

Now I need to find a better password manager.  I'm getting old and can't remember all this stuff.

 

Josephus

Share this post


Link to post

Can't speak highly enough about 1password for Mac, windows, iOS, and android. A life saver.

LastPass is a popular free option.

I'd never keep my passwords in EN not the least because of your experience. Also, unlike 1password, Evernote doesn't offer zero knowledge encryption.... Nor does it integrate into a browser, allow password generation, auto log-in, or auto update my credentials when I change passwords.

Evernote does a lot of things for me, but manage my passwords, it most definitely does not!

2 people like this

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now