Free Online Notepad with Password Protection

This is a free online notepad with password protection that actually means something. We don't fake it with a UI gate — each locked note is encrypted on your device with AES-256-GCM using a key derived from your password. The password itself is never stored. The encrypted blob in your browser's local storage can't be read without it. If you forget the password, the note is unrecoverable. That's the point.

How password protection works (in plain English)

1. You write a note. So far it's just text in your browser.
2. You click File → Lock with password (or press Ctrl+Shift+P).
3. You enter a password, twice. The dialog warns you: forgotten passwords mean lost notes.
4. Your browser uses PBKDF2 (250,000 iterations of SHA-256) to derive an encryption key from the password.
5. That key encrypts your note with AES-256-GCM (a modern authenticated cipher).
6. The encrypted bytes — along with a salt and an IV — are saved to local storage. The plaintext is wiped from memory and from storage.
7. The password is discarded. It's never written anywhere.

What happens when you come back

Reload the page or come back tomorrow. The locked tab shows 🔒 in the title and a password prompt instead of the editor. You enter the password; your browser re-derives the key (PBKDF2 takes a fraction of a second on purpose — slow enough to make brute force impractical), decrypts the note, and shows it to you. Now you can edit. Each keystroke re-encrypts the ciphertext on the fly, so what's stored is always the current locked version of the note.

Close the tab again? The decrypted text is gone. The encrypted blob remains. Next time you come back, you'll need the password again.

Why this is different from "password-protected" notepads that aren't really encrypted

Many tools advertise "password protection" but only show a password prompt in the UI — your note is still stored in plaintext somewhere. If anyone gets the storage (your browser's data, the site's database, a backup), they can read the note without the password.

Real encryption means even with full access to the storage, the note is unreadable without the password. That's what this is. Open your browser's DevTools → Application → Local Storage and look at a locked note. You'll see cipher, salt, and iv fields — base64-encoded binary. No plaintext.

Trade-offs you should know about

• If you forget the password, the note is gone forever. We have no backdoor. We can't reset it. We don't even know your password existed. Pick a password you'll remember, or save it in a password manager.
• The password should be reasonably strong. We don't enforce complexity rules (we don't want to be opinionated), but a 4-letter password is faster to brute force than a 20-character passphrase. Match the strength to the sensitivity of the note.
• Someone at your computer can still see the note when it's unlocked. Encryption protects against access to the storage, not against shoulder-surfing. Lock the note (or close the tab) when you walk away.
• The encryption is per-note. You can have some notes locked and others not, with different passwords. They're independent.

How to lock and unlock a note

To lock a note

1. Open the tab with the note you want to protect.
2. Click File → Lock with password, or press Ctrl+Shift+P, or click the Lock button in the toolbar.
3. Enter your password twice. Click Lock note.
4. The tab now shows 🔒 in the title. The note is encrypted.

To remove the password

1. Open the locked tab and enter the password to unlock it.
2. Click File → Remove password. Confirm.
3. The note goes back to plain text.

Frequently asked questions

Is this really encryption or just a password gate?

Real encryption. AES-256-GCM, the same algorithm used by HTTPS, Signal, and 1Password. Verify it yourself: lock a note, then look at localStorage in DevTools. There's no plaintext anywhere.

Where is the password stored?

Nowhere. Not on your device, not on our servers (we don't have user data servers at all), not in any backup. Only the derived key lives briefly in your browser's memory while a note is unlocked, and even that disappears when you close the tab.

Can the website operator (you) see my locked notes?

No. The encryption happens entirely in your browser, before anything is saved. We have no key, no password, no way in. The only way to read a locked note is the password.

What if I want password protection on all my notes at once?

Lock them individually with the same password. We don't offer a single "app-wide password" because it would be weaker — one password to crack would unlock everything.