Most lost user passwords and category passwords can be reset.
You will be sent a password reset code and instructions for how to use it.
NOTE: Users who have activated Extended Security cannot have their passwords reset. That’s one of the features of Extended Security.
Click on the User menu and select “Change User Password…”
You will need to enter your current password (unless you have a blank password) to create a new password, and then confirm your new password.
If you do not want The Journal to prompt you for your password:
1. Click on the User menu and choose “Auto-Login”.
2. Enter your password at the prompt to confirm auto-login.
You can turn off automatic login by clicking on the User menu and choose “Auto-Login” again.
Extended Security enhances The Journal’s normal security by adding an additional layer of protection, and a couple of security-related options.
The Journal’s “basic” security is quite good, more than most people will ever need. Extended Security builds on that to make The Journal as secure as possible.
Passwords in The Journal are never stored in the database without being “hashed”.
Passwords are salted and hashed with the SHA256 algorithm. This is a one-way hashing algorithm, making it nearly impossible to guess the password from the hashed value.
By default, entries stored in The Journal are compressed before they are encrypted. The compression removes redundant information from the entry, making the encryption somewhat more secure.
Compression of entries uses the LZH5 compression algorithm (a Lempel-Ziv-Huffman algorithm) programmed by South Pacific Information Services Ltd. This is very similar to the compression used by the LHarc utility.
Encryption of entries uses the Twofish block cipher designed by Bruce Schneier.
Encryption keys and password salts are created using the Microsoft Windows CryptGenRandom function.