In the past I have recommended Codebook Secure Notebook as an alternative to iOS’s native notes application. I even went so far as to recommend NOT using the native Notes app. However, I have recently completely reversed my position on this. A third-party app is no longer needed to secure your notes. Beginning in iOS 9.3.2, notes in the native Notes application can be secured with a password. When password protected, notes are encrypted with AES-128. This eliminates the need for a third-party application, which reduces overall attack surface. Taking advantage of iOS encrypted notes is extremely easy and intuitive.
Using Native iOS Encrypted Notes
To use the new iOS encrypted Notes feature you must first choose a password. Navigate to Settings//Notes//Password. Choose a good, strong password. If you use Touch ID you may also enable it here, allowing you to unlock individual notes with a fingerprint. When you create a note, you must choose to encrypt it, as they are not secured by default. To encrypt a note press the “share” button (the box with an arrow pointing upward). In the menu that pops up, choose “Lock Note”.
When you wish to view or modify the note, select it from the list view as you normally would. Instead of opening, the scree will display, “This note is locked. View Note”. Tap the lock icon and enter your password. The note will open normally. To re-lock the note on closing, tap the padlock icon at the top of the screen to toggle it to locked.
This is an important feature, but it should be used correctly. Even when you secure a note, the first line of it will still be visible. If you are storing sensitive content, you should create an innocuous first line that does not reveal the contents or sensitivity of the rest of the note. Also, don’t forget your password. If you forget your Notes password you can create a new one. This will allow you to generate new notes, but will not allow you to access old ones.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.