Use DTP as a Password database?

Whoa, can this be explained in detail? I am entrusting loads of sensitive data to DT desktop and mobile, synced via Dropbox, having understood that the remote data is encrypted. I also have a username/password on these sensitive databases and don’t allow Spotlight indexing. Does this mean my data is NOT encrypted?

Also, I just created a test, encrypted DB on DT desktop, synced it via Dropbox to mobile, and I can see the test text on mobile.

@BLUEFROG Could you kindly explain further and clarify?

Thanks

having understood that the remote data is encrypted.

If you are using an optional encryption key when using our sync with Dropbox, yes the sync data is encrypted in your Dropbox account.

In DEVONthink, adding a username and password in File > Database Properties does NOT encrypt anything, and never has. When that database is synced to DEVONthink To Go, the credentials are required to import the database, but it also does not encrypt the database.

Encryption of the databases in DTTG is handled under Apple’s mechanism, where locking the device encrypts the data and unlocking the device decrypts it for use. We added Settings > Security to allow for a passcode or TouchID / FaceID to be used to unlock the app.

Great, thanks @BLUEFROG that’s reassuring and is consistent with what I understood from before. Phew.

No problem :slight_smile:

I got the same exact setup with DT syncing over WebDAV on my Synology NAS, except for encrypting the Shared Folder that hosts the DT Sync Location, as I think if that folder is not mounted, you don’t get DT to sync with DTTG, and I use the app all the time.

But it’s good to read other people are using DT as a Password Database, as I do it as well.

Obviously, the weaker barrier is the sync in DTTG, as the files can only be protected by a Passcode (or Face ID) to access the app. But that’s already something.

WebDAV has nothing to do with mounting. It’s based on HTTP/S which is a stateless protocol – not a network file system.

I still don’t here the advantages of DT in that regard over a dedicated password manager. (Not why that five year old thread merits being revived).

1 Like

I wasn’t mixing WebDAV secure protocol (HTTPS) with Shared Folder Encryption, at all. I think @rfog was saying he had an Encrypted Folder in his setup on the NAS.

To my understanding, the thing is that all the layers of security (WebDAV on your own server/NAS, Encrypted Database in DT) are reduced to just one, once the passwords are synced in DTTG, which is the app Passcode or Face ID.

I tried to say two things:

  • The Synlogy Drive specific folder for the sync database is encrypted with Synology encryption system, and must be manually mount after a NAS restart.
  • My configuration in DT for the sync database is encrypted with password as well.

This makes two layers of security. If someone steals my Synology, they first have to mount the encrypted folder, and then they must pass over the DT encryption itself. It is too much paranoid, but I set it as a test, and worked so well, that I didn’t changed since then.

1 Like

I see. I didn’t encrypt the “Shared Folder” that hosts the sync location, in your case, on Synology Drive, in mine, in Devonthink/DTSyncStore.dtCloud. But it’s a good idea to do it and keep it open, and in case the NAS is restarted/stolen, then everything is safe as it will be unmounted and encrypted. The only caveat would probably be performance since it’s an encrypted Shared Folder, but maybe nothing noticeable.

Otherwise, I also have the DT configuration for syncing, which is encrypted with a password.

Still, on devices with DTTG, the only layer of security, is Passcode/Face ID. So all of your passwords (since this is a post about passwords) have only that layer of security when in DTTG.

So I wonder about the security level while you have the app open (with the passwords), and are on a network. With that said, I use a VPN when I connect to other networks.