Notes In Confidence HelpHow to use the app
Open the app →
← All help articles

Changing your vault password

This article is about deliberately changing your vault password. If you have forgotten it, I forgot my password is the article you want; if a different device has changed it and you are seeing the cross-device prompt, When your password is changed on another device is the one. This one covers a planned rotation: you remember the current password, you choose a new one, and you click the button.

The password rule. Your password is the encryption key. We do not have it, Google does not have it, no one but you does. There is no reset link, no security question, no support process that recovers it. After this rotation, every backup you took before today still needs the old password; any backup taken from today onward needs the new one. Save the new password to a manager and write it on paper before you click Change password.

When you should rotate

Three sensible reasons.

Suspicion of compromise. A laptop got stolen. Someone watched you type. A browser extension you trusted turned out not to be trustworthy. Rotate first; investigate later.

A stronger passphrase. You set a 12-character minimum password during setup and have since decided to upgrade to a four-word passphrase. Rotation is the right tool. The article How Notes In Confidence keeps your notes private explains why length is what matters most.

Aligning with the rest of your life. You rotate other passwords every six months and want this one to follow the same rhythm. Fine, but plan to take a fresh Local Backup right after each rotation.

Where the button is

Open Advanced > Security. The Change password card is the only thing on that tab. The form takes three fields: your current password, the new password, and the new password again to confirm.

The same warning that this article carries appears at the top of the form: existing backup files will still work, each one only with the password that was active when it was downloaded.

What the app does for you before any write happens

The very first thing the rotation does, before any record is touched, is take a Local Backup automatically. The file is dropped into your Downloads folder with a name like:

tn-backup-pre-password-change-2026-05-04T13-22-09-000Z.html

The timestamp encodes the moment the rotation started. This file is locked with the old password — the one you are about to retire. It is your seatbelt. If anything goes wrong during the rotation, this backup file restores the vault to a clean pre-rotation state.

If for any reason the pre-rotation backup cannot be saved (your browser refuses the download, your disk is full, a download permission was revoked), the rotation aborts before any change. The error message says so, and your vault is unchanged.

What rotation actually does, step by step

Once the pre-rotation backup is on disk, the app:

1. Verifies your current password. The form rejects you if the Current password field does not match. There is no rate limit on this verification because every wrong attempt is local.

2. Disables the idle auto-lock. A long rotation must not race a 15-minute force-lock. The idle watcher restarts when the rotation finishes.

3. Sets a beforeunload guard. If you try to close the tab during rotation, the browser shows Password change in progress. Closing now may corrupt your vault. Honour it. Closing mid-rotation leaves the vault split between two keys.

4. Derives the new key from the new password with a fresh random salt and the current default iteration count. If the iteration count has been increased since your vault was created, your vault gets the upgrade automatically.

5. Re-encrypts every record under the new key. The progress bar shows roughly where it is. The order is deterministic: every store, every row, in turn. On a vault with hundreds of notes this typically takes a few seconds.

6. Pushes the re-encrypted snapshot to your hidden Drive folder. The Drive vault file's key generation number ticks up. That is the signal your other devices read on next unlock. If the push fails (network blip, expired auth), the rotation is complete locally but the vault drops to read-only until you reconnect Drive — the error message tells you so.

7. Shows the success message and stays unlocked. You remain on the Settings > Security page, still unlocked under the new key. The form clears, the browser is prompted to save the new password, and the success message tells you to download a fresh backup now so your latest notes are recoverable with the password you will actually remember. The vault is not force-locked: there is no redirect to the unlock screen.

What changes for your existing backups

Backups are locked with whichever password was active when they were taken. A backup made yesterday still opens with yesterday's password. The rotation does not, and cannot, retroactively re-key files that already exist on your disk or in your visible Drive folder.

Practical consequence: if you have a stack of old backup files, label them. A short text file in the same folder noting "backups before 4 May 2026: password A; backups after: password B" pays off the day you actually need to use one.

The article Backing up, restoring, and opening a backup file covers the matching-password rule in more depth, including what happens if you try to open a backup with the wrong password (you get a clean wrong password message rather than partial garbage).

What changes for your other devices

The next time you unlock the vault on any other device, the Password changed on another device dialog appears. Type the new password and that device adopts the new key for every local row. The article When your password is changed on another device walks through the dialog and the Skip for now fallback. There is nothing to push or upload from the device where you just rotated; the new state syncs through the hidden Drive folder.

If a sibling device is offline at the moment you rotate, that is fine. It will see the rotation prompt the next time it comes online and unlocks.

Take a fresh Local Backup the same day

The pre-rotation backup is locked with the old password. So is every previous Local Backup you have on file. To make sure your most recent state of the vault is recoverable with the password you will actually remember, take a fresh Local Backup right after rotation. Advanced > Backup > Download backup now. That single click is the difference between "my last backup is recoverable" and "my last backup is recoverable, with a password I no longer use".

If the rotation is interrupted

If your browser crashes, your laptop runs out of battery, or you hit Refresh during rotation, the vault on this device may be left split: some rows under the old key, some under the new. The unlock screen will show a banner the next time you visit:

Warning: your last password change was interrupted. Some items may fail to decrypt regardless of which password you use.

The recovery path is the pre-rotation backup. The unlock screen will show a warning with a restore from the pre-rotation backup link in it; click that link to reach the Restore page directly. On the Restore page, click Browse and pick the tn-backup-pre-password-change-…html file from your Downloads folder, type the old password, and click Restore vault. The vault returns to its pre-rotation state under the old key. From there you can attempt the rotation again, ideally on a stable network and with a charger plugged in.

If you cannot find the pre-rotation backup, fall back to your most recent regular Local Backup taken before the rotation attempt. Same restore path.

Things this article does not cover

If you have forgotten the current password and are reading this looking for a way to change it without typing the old one, that is not a feature; the article I forgot my password covers what is and is not recoverable. If you are seeing the cross-device rotation dialog and want to know what to type, When your password is changed on another device is the right read.