Using Joplin as a password manager?

Wondering if anyone is using Joplin as a password manager. If I'm not in a real high security environment, will that be a problem? I was basically doing the same with text files before.
I've thought about creating templates for this, but often I just keep a few files with the passwords.

The simple answer is DON'T. There are technical reasons why not, including the way Joplin is built, what it does and what it doesn't, libraries used, and more important - the little security review which Joplin has seen so far. Read up on your subject on Bruce Schneier's site, than choose an appropriate solution (search for "snakeoil", yes, I am serious !)
All is relative of course. The most important step before any decision : "develop a sense of risk management to your privacy" - here is a good guide !

4 Likes

Right. For clarification, I feel like I am at the lowest level of risk. I'm otherwise very loose with privacy.

Thanks for your post!

I use Bitwarden. Also open source and has everything you need.

2 Likes

Nope, I use Joplin for basic notes. Anything I really need to keep private I use a password program for.

I also keep it on an encrypted drive with a long complex password and the manager itself has a long complex password.

It's best to use a specialised password managers are they are designed for this and will have features that other apps don't, such as locking the password database, ensuring no data is left in memory, or in page files, clearing the clipboard after a set time, etc. I use Keepass, which works well and is cross-platform.

That's irrelevant though. It's been audited several times but as a note taking application, not as a password manager, and the requirements are obviously different. Even if we hire a specialised firm to do the audit it would still not be suitable as a password manager.

2 Likes

Always amazes me how two people with an apparently joint interest can take each other remarks and styles so badly and get off with each other on the wrong foot.

I've read my message again and not seeing anything that could be understood as a personal attack or something. I'm just pointing out that the security model for a note taking app is not the same as for a password manager. Security is important too in that context, but just not the same.

6 Likes

Yeah, it happens on every forum I've ever been on. Just ignore them.

As I stated and a few others did to, Joplin is not really a good password manager. I use KeePass.

1 Like

Or, in other words, you don't use a drill to hammer a nail in the wall. It might work, but you're using the wrong tool for the job and risk injuring yourself to boot.

2 Likes

It would be useable as a password, serial number, etc. 'manager' only if one could encrypt pieces of text inline. Kind-a-like Evernote can. Better to use 1Password or similar.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.