Password can be read in plain text

thx, nice!

did You tried gnome-keyring? maybe this can be helpfull: https://github.com/dpoetzsch/keyman

The app now stores the password in the keychain on macOS and Windows.

There is a Windows keychain? I just installed version 1.2.6 and the password is still in plain text in the database.sqlite file.... along with all my data.

Couldn't the database.sqlite simply be wrapped in password protected zip using a standard library and prompt the user for it when the app is opened?

I also don't understand why not make a password at startup?
I was just glad that there is a client with synchronization for Linux, Windows, Android, iOS
But storing data on a device in an open form pushes you away from use.

Because:
A) that would be reinventing the wheel.
B) Would cause surprising data loss if the password is lost
C) Would require the user to remember yet another password and enter it at app startup
D) There are better ways to do this:

  1. Use the OS to encrypt the entire Joplin DB with your login password. For an example of how to do this on Windows or MacOS, see:
    https://support.microsoft.com/en-us/windows/how-to-encrypt-a-file-1131805c-47b8-2e3e-a705-807e13c10da7
  1. Use whole disk encryption like VeraCrypt, FileVault 2, or the Android or iOS encryption. If you are worried about people stealing data off of your device, THIS is THE solution.

  2. Encrypt the data, and store the encryption key in the keychain. (And only ask for it when using a portable app, not to be confused with a mobile app)

The problem is that general home users expect that if they lose their password, there’s a method to recover the data. As soon as you start encrypting data, you lose that. Think of Joplin like Microsoft Word. The data isn’t stored encrypted on your computer. It’s only encrypted when on someone else’s computer.

If you want data on your local device to be secure, you should lock down the device, not require every program to implement its own security for local storage of data.

The exception to this is storing network passwords, because the user won’t experience data loss if those are lost. Those should be stored in the OS password store. But, each needs to be implemented individually. It sounds, from the above discussion, that it is implemented on Windows and MacOS, but not other platforms yet. If you have a friend who’s a software dev, maybe you can offer them a case of beer to submit a pull request implementing this for the platform of your choice. (By preference make sure they wait to drink the beer until after they write the PR)

Having app passwords just creates the same problem that we now have with website password proliferation. Let’s imagine apps took your suggestion. You’d need a password for:
A) Your web browser
B) Your note app (Joplin)
C) Microsoft word
D) Your finance app
E) Your photo app

Each of these passwords needs to be strong enough that they can resist local break-ins, it should be unique, and they should be unique per computer.

If you use the same password for every app: you have just reinvented the login password but less useful. It’s less useful, because for any of these attacks, the attacker can just install a keylogger which is far more useful.

If you are worried about forgetting to lock your computer, set it to lock with 5 minutes of inactivity. If you’re worried someone is waiting to pounce on your devise within those 5 minutes, you should look on the Internet because there are key fobs and phone apps that will automatically lock your computer when you walk away from it.

If you are looking for more information on this attack and ideas of how to counter it, the attack is called:

TLDR: Apps reimplementing login passwords or disk encryption is a waste of dev time, and gives the user a false sense of security when they should be doing it the right way.

Absolute nonsense, there are programs for storing passwords, for example bitwarden, pass.
It turns out that in our century, with 150 different devices, remembering another password is difficult for joplin, but is there no way to configure encryption on each device?

I can't tell which passwords you mean, so I'll address each:
I think you're saying that Joplin should store network credentials (passwords, E2E keys, and web tokens) in the OS password store, I agree. This is done on some OSes and not others. I think I remember reading that it's done on Windows and MacOS, but not Linux. Don't quote me on this though.

If you're saying Joplin should be password-protected and store data locally and unencrypted this gives almost no security, since an attacker already can just read the files on most OSes.

If you're saying Joplin should encrypt local data I disagree. This is already solved and simple. Just ask your OS to encrypt your entire profile instead of trying to do this on a per-app basis.
Ways to keep your data protected by OS:
Windows: Encrypted Folder
MacOS: FileVault
iOS: Encryption and strong password
Android: Whole device encryption
Linux: Encrypted profile or whole drive encryption with screen lock

Password managers, programs for encrypting your data on your machine, and web browsers all exist but Joplin isn't trying to be those. It's trying to be a note sync software. And it doesn't need to be those, because stuff already exists to do those jobs. Not every app needs to do everything.

Def bad practice because it will be avail in plain text in backups. Should be fixed.

Because you don't encrypt your backups? Def bad practice.

Dude, you can argue this all you want, but there is not a single person working in infosec that thinks storing credentials in plain text is OK.

You kow all those data breaches you hear about every day? That is from credentials stored in plain text.

I know you have a lot riding on this and I understand why you've chosen to die on this hill, but you're just flat out wrong in this case.

Not a single person working in infosec thinks that not encrypting laptops, and not encrypting backups is OK. There was two security audits on the code, who brought many security improvements. Of the two, only one mentioned the plain text passwords in the database, which he didn't see as a critical issue (because people encrypt their drives or at least they should) but recommended anyway to store them in the keychain.

That's what was done. Passwords are in the keychain on Windows and macOS (although there was a bug which is now fixed). They are secured in a folder accessible only by the app on iOS and Android. On Linux due to the lack of standard on that platform it's not working but pull requests are welcome.

So in fact, I'm not sure what this thread is about anymore. I'm considering locking it so that if there is any issue left it can be discussed in a new thread.

I agree, you should close this thread. It doesn't look good.

Closing topic as it is no longer relevant. If someone notices any issue related to the way passwords are saved, please open a new topic.