Most lost user passwords and category passwords can be reset.
You will be sent a password reset code and instructions for how to use it.
NOTE: Users who have activated Extended Security cannot have their passwords reset. That’s one of the features of Extended Security.
Click on the User menu and select “Change User Password…”
You will need to enter your current password (unless you have a blank password) to create a new password, and then confirm your new password.
If you do not want The Journal to prompt you for your password:
1. Click on the User menu and choose “Auto-Login”.
2. Enter your password at the prompt to confirm auto-login.
You can turn off automatic login by clicking on the User menu and choose “Auto-Login” again.
Extended Security enhances The Journal’s normal security by adding an additional layer of protection, and a couple of security-related options.
The Journal’s “basic” security is quite good, more than most people will ever need. Extended Security builds on that to make The Journal as secure as possible.
Passwords in The Journal are never stored in the database without being “hashed”.
Passwords are salted and hashed a random, large number of iterations using the SHA256 algorithm. This is a one-way hashing algorithm, making it nearly impossible to guess the password from the hashed value and computationally expensive to attempt.
Entries stored in The Journal are compressed before they are encrypted. The compression removes redundant information from the entry, making the encryption somewhat more secure.
Compression of entries uses the ZLib general compression library.
Encryption of entries uses 128-bit AES (American Encryption Standard).
Encryption keys, password salts, and cipher initialization vectors are created using the Microsoft Windows CryptGenRandom function.