You probably do it. Most people do. You get a new Wi-Fi password, an API key from work, a recovery code from your bank. You open your notes app and type it in. Maybe you even have a note called "passwords" with dozens of entries.
This is one of the most common security mistakes people make with their phones.
Apple Notes, Google Keep, Samsung Notes were designed for grocery lists. Not for the keys to your digital life.
Most notes store text in plain format. Anyone with access to your phone can read everything.
Your "passwords" note sits in iCloud or Google Drive. One compromised account exposes it all.
Switch apps and come back. The note is still open. Hand your phone to someone. One swipe.
Copy a password from a note. It sits in your clipboard forever. Any app can read it.
Better than nothing. But you cannot lock notes with attachments, PDFs, or tags. You cannot lock notes synced via third-party accounts. And locked notes are tied to your device passcode, not a separate strong password.
It is not just passwords. Look familiar?
All sitting in a plain text note, synced to the cloud, one compromised account away from exposure.
People screenshot their Wi-Fi settings, 2FA recovery codes, API keys. These screenshots sit in the Photos app, sync to iCloud or Google Photos, appear in shared albums, and show up in search results.
A screenshot of a password is a password stored as an image: completely unencrypted, completely unsearchable, and completely exposed.
Plain text. No encryption. Cloud synced. Always open. Clipboard exposed.
AES-256 encrypted. Zero-knowledge. Auto-lock. Clipboard clears in 10s.
Every password, note, file, and screenshot is encrypted with AES-256 before it touches disk.
You remember one strong password. Everything else is locked behind it.
Switch apps and the vault locks. Nobody can see your data without your master password or biometric.
Copy a password and it disappears from the clipboard after 10 seconds.
Even the app developer cannot see your data. The encryption happens entirely on your device.
That used to be true. Traditional password managers like 1Password and Bitwarden are powerful but overwhelming. Browser extensions, team features, emergency access, travel mode, dozens of settings.
If all you want is a safe place to keep your passwords, API keys, and private photos, you do not need all that. You need a locked box. Open it with your fingerprint, see your stuff, close it.
Passwords, 2FA codes, secrets, notes, files, and screenshots. No subscription.
Get Lockbox