Home / GitHub Page

Is it possible to password lock the application upon opening


#1

Notes can be a really private place. Would it be possible to password lock the opening of Joplin like in many note apps like Evernote?


#2

No, it’s been asked a few times and there’s an entry in the FAQ that addresses this - joplin.cozic.net/faq/

Evernote doesn’t lock or encrypt the data, it’s only asking for your password to access their service. But locally, it’s exactly like Joplin.


#3

Thanks for replying back. I’ve read the FAQ about this and I feel disappointed at the rationale gone into not providing a way to password lock one’s notes.

In the FAQ, the reasoning given is the following:

If someone that you don’t trust has access to the computer, they can put a keylogger anyway so any local encryption or PIN access would not be useful.

I think there’s a perfectly good use case for password-locking one’s notes that doesn’t involve hackers. Quite simply, it’s for privacy from other users of your computer. For example, I want a quick and easy way to access my notes on my computer but I have a partner who lives with me who I don’t want to share my notes with. Sure, I can have her sign onto a new account whenever she wants to use the computer but that won’t be done in practice.

Please reconsider this since I think anyone who uses Joplin to write sensitive notes or diary entries in (which I’d imagine to be quite a few people), a way to lock the notes away from prying eyes is important.

Thanks


#4

There is some validity to what @mo1ddfsa says. Even without any additional encryption, it might be useful for the app to pop up a password prompt and simply exit if you don’t enter it correctly. It would cover plenty of cases, I think - like at work or at home, when someone might be nosy while you’re not paying attention, but won’t have the time, will or knowledge to do anything more difficult.

That being said, I don’t see it as critically necessary - at work I’d solved this by running Joplin Portable off of an encrypted thumb drive.

Maybe you could try something like that as well, @mo1ddfsa? Create a local encrypted container with Joplin Portable inside, unlock it with a password and run Joplin.


#5

I can understand there would be a use for this, but as there are other ways to do it it’s relatively low priority in my list. I wouldn’t be opposed to a pull request for it though.

Yes if you want more security, the best way is indeed to use something like Truecrypt (that’s what I use for my notes or emails for instance). It would also prevent access to your data if your laptop is stolen for example.

If what you’re interested in is simply to hide the application from other users of your computer, and you’re not worry they’ll dig in the folders to find your data, there are various tricks you can use - https://www.online-tech-tips.com/computer-tips/hide-windows-desktop-screen/


#6

Are there any such tips for hiding the application an ipad?

I would like a better option for making my notes less convenient to read. Currently uninstalling Joplin when I loan my device to others and re-installing Joplin and re-entering all the server specifics afterwards is the workaround - this is not pleasant.

An Application key would be a way to make this kind of shared use pleasant, until IOS (or whichever poorly designed operating system you happen to be running on) offers proper support for a multi-user situation.

The protection is against casual Joplin browsing by a potentially curious, but otherwise trusted associate, not high-security protection against a malicious actor that has full access to the device (not expecting keyloggers and the like here, as you mention in the FAQ).

Furthermore, you may be interested to know that the Nextcloud app does offer an application pin that can be activated. perhaps there is a discussion about their motivation for that feature somewhere that would be worth reviewing.


#7

I don’t know about ipads, but some Androids (and Windows Phones, way back when) have a “second space” feature - you could basically set up a second profile and specify which apps it can access. (Then you could activate it and hand it to your trusted associate.)

Alternatively, Android also has an “App lock” - you can specify that certain apps that will require a password to run (different from the one that unlocks the device), very useful.

Maybe iOS has something similar?


#8

Lineage OS (Android) handles a guest user nicely, I believe IOS does not provide this functionality


#9

Sadly iOS doesn’t provide a mechanism for you to choose what apps are locked. The app developer has to do it.

Personally I’d love to have the option to have Joplin locked on my iPad / iPhone. While I’m happy to let my kids / others use my iPad sometimes there are things I don’t want them to read. A passcode lock would prevent that.

I’d be happy to add it myself to the iOS app ~but I don’t see the source on Github, just the main Joplin software — I found the code in the ReactNativeClient.


#10

Initially I thought Joplin ticked all the boxes, but not having a passcode to open the app is a serious deficiency. The assumption that access to the device with the app is secure at all times is questionable. All of us have given a phone to someone to make call, play a game, look something up online, send some text messages etc. and have not intended for confidential information to be viewable by simply opening an app.

I’ve used TiddlyFolio (http://tiddlyfolio.tiddlyspot.com/) for a number of years but never had a version on my phone (the wiki file was synced with – backed up to – WebDAV storage and readable online via the web, given a password and access to the storage). It’s based on what is now an old version of TiddlyWiki, so I thought I’d look for alternatives. TiddlyFolio optionally encrypts individual notes with a global password requested when the app is opened. If the wiki file is copied the encrypted note contents are unreadable.

I’d like to endorse the request to add an optional passcode to open the app.


#11

I would like to have this feature too. I used a app on my android phone for locking joplin. But this was really worse. To much spam in the system.


#12

As a workaround, there are a number of applock apps on the play store. This might not be exactly what you need but it might be useful until such a time they this feature is implemented in Joplin.


#13

It turns out that TiddlyWiki now includes an encryption module as part of the core functionality. This means that an entire wiki full of notes can be encrypted and decrypted with a single password. The current version is v5.1.7, dating from May 2018. The next release, v5.1.8, due quite soon, will include the ability to use https, which means that a password can be used securely to open and save a file remotely.

I set up Joplin for my wife but abandoned it after a couple of days in favour of TiddlyWiki v5 because of the better security. I’ll futz with Joplin a bit longer as it seems quite good apart from this weakness, which I hope will be temporary.


#14

Glad you found a solution that suits you needs. Stick around with Joplin though, I see great things happening