Many people find it convenient to store passwords in note-taking apps, like Evernote or Apple’s Notes, but this practice can compromise your security. Let’s dig in to why notes apps are a risky vault for sensitive data – and the best way to store your passwords.
Why Storing Passwords in Notes Apps Is a Bad Idea
Many people are guilty of jotting down passwords in plain text – whether on a sticky note or in a smartphone app – for convenience. In fact, about a quarter of us store passwords in a digital note or document, according to data from Pew Research Center.​
Unfortunately, that convenience comes with serious security risks, as the main purpose of note-taking apps isn’t to protect sensitive information, which results in many cybersecurity gaps. The biggest of these is the fact that most regular notes apps are not automatically encrypted.
The lack of encryption makes you dependent on the security of your device. If your phone or laptop is lost or stolen (or simply unlocked in the wrong hands), all your passwords are immediately exposed.
While you may lock your entire phone with a passcode or biometric lock, if the notes are synchronized to the cloud, and someone gains access to your cloud account by breaching security or the provider’s defenses, they can bypass your device’s security entirely. If that sounds unlikely, consider that Evernote, for example, once had to reset 50 million user passwords after a database breach​.
Even “Encrypted” Notes Aren’t Safe Enough
While some notes apps offer encryption, it’s often not as robust as it is in password managers. For example, Apple’s Notes app allows locking notes with a passphrase, using end-to-end encryption with AES-GCM.
However, not all notes apps match this level of security. For instance, Evernote’s encryption is more limited: it allows you to encrypt text within notes using AES-128, but this requires manual action for each piece of sensitive text. More importantly, Evernote’s standard storage isn’t end-to-end encrypted by default, so the company theoretically has access to your data on its servers. Surely, this isn’t the best way to store passwords.
Beyond encryption weaknesses, notes apps are missing essential password management features. For example, they lack secure password-sharing functionality; automatic password generation capabilities to create strong, unique passwords tailored to specific website requirements; and they provide no breach monitoring alerts to notify users when their stored credentials appear in known data breaches.
Last but not least, they can’t automatically fill in login forms on websites, so you’re required to manually copy your passwords to the clipboard, and there are quite a few strains of malware designed to monitor and steal clipboard content.
The Secure Alternative: Password Managers
By this point, you may be thinking, “Alright, if I shouldn’t use my notes app, what is the best way to store passwords?” The answer is to switch to a password manager. Password managers are apps specifically designed to store your passwords (and other private info) securely. They encrypt everything with one master password (or passphrase) that only you know, and have convenient features, like autofill, strong password generators, and cross-device sync.
Below are a few of the top password managers I recommend, based on different needs and my personal experience using them.
Best Overall: Bitwarden
Bitwarden is my top pick for most users. It’s free for basic use, open source (meaning its code is public and vetted by the community), and available on every platform: Web, PC, Mac, Linux, iOS, Android, browser extensions – you name it.
I started using Bitwarden a few years ago after trying other services, and it struck the perfect balance between security and usability. Bitwarden has a nifty feature called Bitwarden Send, which lets you send encrypted text or files to someone else. I’ve used this to share Wi-Fi passwords and other private info with friends securely.
Best Local: KeePassXC
Maybe you’re someone who doesn’t trust cloud services when it comes to passwords. Perhaps you’re a Linux user or just very privacy-conscious. In that case, KeePassXC could be the ideal choice.
KeePassXC is the community-driven successor to the classic KeePass, which has been a respected name in password management for ages. Unlike Bitwarden, KeePassXC stores everything locally. Your passwords live in an encrypted database file on your own device. (You can still sync that file via Dropbox or similar if you want, but you’re in control.)
Best User Experience: 1Password
1Password is a paid product (no meaningful free tier, unfortunately), but in return, you get a highly polished app that many consider the gold standard for user experience. I’ve introduced 1Password to family members who aren’t tech-savvy, and it was the only manager they actually stuck with and use daily.
The app makes everything easy. The design is clean and friendly, with clear prompts and instructions when you’re setting it up. It’s also very integrated. For example, on iPhone and Mac, 1Password feels like a native part of the system (it even works with Apple Watch to unlock), and on Windows or Android, it’s similarly well-behaved.
Once you’ve made the switch to a password manager and discovered the best way to store your passwords, you can breathe easier knowing that a random notes app sync or device theft won’t expose your entire online identity. For more options, explore our list of the best password managers for every platform.
Image credit: Canva. All screenshots by David Morelo.
