New feature request: Password protect files

I would like to password protect my scrivener files, as I store them in Dropbox for auto backup. As the files will be sitting out there on a server somewhere, I would like to know they are protected by a password. Is this a feature that can be added to the next version please?

An alternative until this is added (or if it isn’t) is to use TrueCrypt to encrypt the files. It’s what I do with private data.

As has been noted, the current focus is on obtaining feature parity between ScrivWin 1.0 and ScrivMac 1.0, and then the focus will be obtaining parity with ScrivMac 2.0. After that point is when the developer is going to focus much more on additional features.

As a sidenote, though, Scrivener stores projects as a collection of files in a directory hierarchy; most of those files are .rtf, which does not have a standard way of applying password protection. So even if the project itself had a password through Scrivener, there’s nothing that is preventing someone from just opening up the project folder and pulling everything anyway.

I am curious enough to ask, though: why does storing your files in Dropbox necessitate password-protecting them? There is no logical connection between the two that I can think of.

Dropbox is already quite secure on both ends of the equation. Your files are not stored as readable on their servers, they are encrypted using AES-256, and all transmission between you and Dropbox are encrypted using SSL as well. Thus, communicating with and storing data on their servers is, in many cases, even more secure that accessing your bank account online, exponentially so. The only time your files appear as ordinary files are when a fully qualified computer or device is hooked up to them (including portions you have made available to other users via sharing).

The only conceivable reason to further encrypt the encrypted data is to keep your Scrivener projects protected from prying eyes that have access to your machines. If you are working in a secure or confidential environment, this is definitely something you’ll want to look in to. On the Mac, I recommend people use encrypted disk images, which are a bit like creating an encrypted flash drive that requires a passphrase to open. There must surely be some analogue to this on Windows.

But on that note, if you are actually dealing in top secret material, you probably shouldn’t be using Dropbox at all anyway, and should be behind a heavy-duty firewall when accessing the Internet. If you aren’t—then there is probably no cause for concern, as the stuff employed here for security is above and beyond what the average person would need.

What kdbertel says is right though, just slapping a password on the project file in Scrivener would actually be a disservice to most people, as it would do nothing to protect your data since you can just go into the project folder and open the RTF files in WordPad to break it. Each file would have to be encrypted, reducing the recovery aspects of the format, and as said, if you use Dropbox they already are encrypted—it’s just not very obvious that they are because DB is so friendly about it.

Thanks for the info. I usually password protect any docs I store in my Dropbox folder, which I class as ‘sensitive’ due them being stored in an offsite location - more for peace of mind than anything else. Having looked into the structure of the Scrivener files more closely, I can see how password protecting the project file is pointless. Thanks for the information :smiley:

I’d like to see this feature too… for people using a shared computer, having a password protecting your writing (journals, poetry, etc), can be a real comfort. As someone who had a family member (who should have known better) tamper with her writing in order to make fun of her when she was a teenager, I reflexively protect my writing just to feel that I can write what I like, even though I’m well out of the environment that required it.

I am very eager to start using Scrivener but I admit my first order of business was to look for the “password protect” feature and was disappointed that it wasn’t there.

Please read the thread above. You will see that adding a password would do absolutely nothing at all except make you “feel safe”. It would be disingenuous at best, and a critical security hazard at worst. It would be the airport security of passwords.

I realize that, I had read the thread and I understand that the rtf files currently used cannot be password protected.

I understand that adding the feature would necessitate a pretty substantial overhaul of how Scrivener works.

The purpose of my post was a) to add my voice to the people who would like it as a feature (even if it can’t be done at the moment, I would think you’d still like to know), and b) to explain why someone might want password-protected files even if they aren’t working on top-secret information.

What you want could more easily (and more securely) be addressed by something like PGP, not by a feature in Scrivener.

Well the main thing holding it back, besides a complete rewrite of an architecture that works really well for what it needs to do, is that this is already something you can fairly easily accomplish for anything at all, not just on a per-program thing where everyone has to re-invent the security wheel. Using something that can create encrypted vaults on your drive is a good way to work, or at the very least, use Window’s built-in system for file and folder level encryption. Without your authenticated login, that stuff is pure scrambled eggs. I’m not a Windows expert, maybe there are flaws with that (though are they flaws at the “prying family member” level of security, rather than national security?), if anyone knows better let me know as I don’t want to be giving out bad advice.

The easiest solution for those who really insist they need to password secure their files is to use something like TrueCrypt.

Create a partition and mount it. Store your projects in there. You could make it small enough to store on Dropbox. Then its about as secure as you could possibly get.

Another alternative, since you’re talking about the backup that you save to your Dropbox, is to password protect the zip file. I don’t know that zip file encryption is all that great, but it’s the one place in this architecture where you can have a level of file security centered around one file.

Just a thought. Coupled with the dollar in my pocket it should get you a cheap cup of coffee.