No Sign-Up Required! ← Help

Security

Why do I have to enter my encryption password each time? (Pro)

If you’re locking your journal or entry with the Encryption Lock, you will have noticed that you have to enter your password and hint each time. We know, this isn’t ideal, but we do it because it is the most secure option. If we saved your password on file, that’s another potential risk of unwanted users reading your entries. In this case, we’d also have access to your entries—even though our privacy policy doesn’t let us view your entries without consent.

We may implement some solutions down the road, but for now this is the safest way of locking your entries.

I can’t access Penzu on my Mac if Parental Controls is on.

The reason this is happening is because we use SSL to secure our website. Doing his hides the content from anyone else, including Apple who can’t determine whether the page is safe, so it becomes blocked.
The workaround for this is to manually add https://penzu.com to the allowed list of sites from the Parental Control settings:

In certain situations, the automatic Internet content filter may mistakenly block a safe website or allow an adult-oriented website. For example, if the website uses an uncommon language or if there is very little text on the page. These websites can be identified in the Log tab of the Parental Controls preference pane and added to the “Always Allow” or the “Never Allow” lists. These lists can also be accessed by clicking the Customize… button in the Content tab of Parental Controls preferences. Websites that are mistakenly blocked can also be allowed by clicking the “Allow…” button on the blocked web page and authenticating as an administrator user.

https note: For websites that use SSL encryption (the URL will usually begin with https), the Internet content filter is unable to examine the encrypted content of the page. For this reason, encrypted websites must be explicitly allowed using the Always Allow list. Encrypted websites that are not on the Always Allow list will be blocked by the automatic Internet content filter.

“Allow access to only these websites” (whitelist)

If “Allow access to only these websites” is selected in Parental Controls, the Internet content filter blocks any website which is not on the list. When the blocking web page is presented, a list of allowed websites is also shown. If using Safari, allowed websites are displayed as bookmarks in the bookmarks bar.

You can read more about this here: http://support.apple.com/kb/ht2900

If you’re using Snow Leopard, you will have the option to add the site to your list when you visit it as long as you have the administrator’s password. If you don’t see that option, make sure to delete your cookies and reload http://penzu.com not https://penzu.com.

If you are still having trouble, you can also try adding http://75.101.142.90 to your list of allowed sites.

Can my entries be read by others?

No! Unless you specifically share your entry, it is completely private and accessible only by you. As long as you keep your password safe, your entries will never be read by anyone else. You can even lock your entries with a second password for increased security!

What does Remember Password do when locking a journal or entry?

If you check the “Remember Password” box in the locking popup, upon re-locking you’ll never have to enter the password again. Just a single click and your entry will be locked!

Here is the new journal locking flow with Remember Password enabled:

1. Click the lock button next to the journal you want to protect:

lock1

2. Enter a password, hint, check “Remember Password” and then “Lock”:

Picture 8

3. Unlock the journal to gain access:

Picture 9

4. Upon re-locking, you’ll see a window like this and all you have to do is click “Lock”:

Picture 10

And that’s it! If you’d like to change the saved password, you can simply click “Enter a New Password” and start the process again. This works the same for entry locking as it does for journal locking (shown above).

I’ve locked my journal but forget the password!

If you’ve locked your journal and don’t remember what the password is (even though the hint should have helped you!) we can unlock it for you. But first make sure that you are using a supported browser (Chrome or Firefox) or if you’re stuck with Internet Explorer (IE) that your security settings aren’t set to high. Read more on how to change that here.

If you are using a supported browser and have forgotten your password, just email us at support(at)penzu(dot)com from the email address associated with your Penzu account and tell us which journal you would like unlocked.

If, however, you locked your journal with the encryption lock (Pro only), we cannot unlock it for you. If you still can’t remember that password, the only thing we can do is delete it. You can email us with a request to delete your journal and we can do that for you.

What’s the difference between locking a journal and locking an entry?

Locking entries and locking journals are two separate things. If you lock an entry, you can also lock the journal that the entry is in. By locking that journal, you aren’t double locking the entry again. It’s just another level of security to keep your entries safe and secure.

Encryption locking works the same way, except the contents of your entry or journal become locked with military-grade AES encryption on our servers. If you forget the password to a journal, that entire journal will be irretrievable. Same goes with an entry that was locked with encryption.

Is submitting entries via email with Penzu Post secure?

Writing entries via email with Penzu Post is as secure as email gets—which isn’t exactly much. Email has to pass through many different servers and relays before it gets to its intended destination leaving it vulnerable and potentially not secure. We don’t recommend sending anything that you want to keep private via email, although many of us do anyway with Gmail or Yahoo Mail on a daily basis.

If you want to maintain ultimate privacy and security, we suggest writing in our web or mobile app instead. Penzu Post is meant as a convenience feature not as a replacement.

Are Entries secure?

Your Penzu account is password protected and safe from prying eyes.  Penzu Pro users are able to use military-grade security to encrypt their entries. Encrypted and non-encrypted entries are also backed up on a separate server for extra security.

How do I block users from sharing entries with me?

When you receive a shared entry via email, in the email there is a link to block the sender from sending you future entries. On your Settings page you will see a list of blocked users which you can edit.

You can also set general settings and block all entries shared with you, all anonymous entries shared with you, or all entries shared from unregistered users. Just select your desired setting from the Sharing drop-down and click “Change”.

What if your server that contains the user and random passwords fails? Do you have backups?

We back up our database regularly.  The database backups are also encrypted, and stored in a separate secure location.  Should the primary server fail, we do have backups that we can restore from.

If I unlock my entry and relock it with the same password, will you generate a new key each time?

Yes, each time you lock an entry we generate a new random password that will be combined with your password to create the key that locks your entry.

What is one-way encryption?

One way encryption is a mathematical function that takes a variable-length input string and converts it into a fixed-length binary sequence. Furthermore, one-way encryption, or a one-way hash function, is designed in such a way that it is hard to reverse the process, that is, to find a string that hashes to a given value (hence the name one-way.) A good hash function also makes it hard to find two strings that would produce the same hash value.

Since it is computationally infeasible to produce a document that would hash to a given value or find two documents that hash to the same value, a document’s hash can serve as a cryptographic equivalent of the document.

Can attackers gain access to the key used to encrypt the random password?

The key used to encrypt the random password is stored securely on Penzu’s servers.  These servers have very limited access, and extra credentials are required to access the file storing the key.  The key is also stored on a separate server from our database where the random password is stored.  This database server is also secure and requires additional credentials to both gain access to and then to access the actual database.

Do you have access to the user password? It is stored on your server after all, so why can’t you read it?

When an entry is encrypted, Penzu stores the password using a one way encryption function, meaning that once it is encrypted there is no way to reverse the process and retrieve the original text.

If you have access to the random password, can you unlock my entry?

No, not without your password.  The random password and your password are combined to create a key to unlock the entry.

How secure is the random password Penzu generates?

The random password is generated using OpenSSL.  OpenSSL is an open source implementation of the SSL and TLS protocols. The core OpenSSL library implements basic cryptographic functions and provides various utility functions.  OpenSSL is one of the few open source programs to be validated under the FIPS 140-2 computer security standard by the National Institute of Standards and Technology’s Cryptographic Module Validation Program.  Government agencies use FIPS 140-2 cryptographic products to secure networks carrying unclassified sensitive data.

The random password is a a string of random bytes, created by a cryptographically secure pseudo-random number generator.

What are the components of the key used to lock my entry with Encryption Lock?

The encryption key used to lock you entry is made up of your entry password and a random password that we generate for added security. The random password makes your entry twice as hard to access since an attacker would require both passwords to unlock your entry instead of just one.

You can read more here.

What is SSL or HTTPS?

HTTPS stands for HyperText Transfer Protocol over SSL (Secure Socket Layer). It is a TCP/IP protocol used by Web servers to transfer and display Web content securely. The data transferred is encrypted so that it cannot be read by anyone except the recipient.

HTTPS is used by any Web site that is collecting sensitive customer data such as banking information or purchasing information. If you are making a transaction online, you should make sure that it is done over HTTPS so that the data remains secure.

What is a key?

A key is a piece of data that is needed to encrypt and decrypt information.  Much like a physical key is used to lock and unlock things (your house door, a locker, your car), it is used to lock and unlock information.

What is the process of encryption? (Pro)

When you lock an entry in your Penzu Pro account using encryption, we go to extra lengths to protect and store your password and encryption key. Each time you lock an entry, we combine your password with a random password to create a unique “key”. This key is what is required to encrypt and decrypt your entry.

You can read more about Encryption Locking here.

What does 256-bit AES mean?

In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael.

What if I lose my password?

If you lose your password for an entry that is locked using the Basic Lock, you can contact us via email at support[at]penzu.com and we can retrieve it for you.

If, however, the entry was locked using the Encryption Lock, your password cannot be retrieved. If you have forgotten it entirely, we cannot help you and the entry will remain locked indefinitely.

Do I have to lock each entry?

The reasoning around locking is for extra security. Penzu is already secure enough that you don’t have to lock each entry. To give you an example, using Penzu is like using a paper-bound diary with a lock on it—a really strong lock, not like one of those flimsy locks that comes with a Hello Kitty diary. The key to that lock is your login password. If you want to ensure that someone doesn’t get into your account, make sure your password is impossible to guess and contains letters and numbers.

Continuing with our metaphor, entry locking is like writing certain entries in your own made-up language. So even if someone does break the lock on your diary, certain entries they will not be able to read.

Penzu Pro, then, is like writing certain entries in a made-up language that was created by the CIA—not even the smartest people in the world would be able to decode your entry and the only person that could ever read it is you. It is so secure that if you lose the password to a locked entry, that entry becomes irretrievable.

So, to sum up, no, there isn’t a way around locking each entry. But, you shouldn’t have to lock each one as your account is already extremely safe and secure.

Home Products Why Journal Buzz About Us Blog Help

Terms of Use | Privacy Policy | Contact Us
© 2011 Penzu Inc.