If you use the database encryption feature, all the database files are encrypted with 256 bit AES encryption in CBC mode.
The encryption key is derived from your password/passphrase using PBKDF2. For more details, refer to SQLCipher Design.
By encrypting your database files, your accounts are protected in case malware exfiltrates them our of your computer.
This feature is only offered on the desktop versions because mobile devices have file system encryption and application isolation. Their security model is stronger than desktop OS. The later typically only provides permissions at the user level. On mobile devices, the “Protect Open” feature provides the same functionality.
Choose the “Advanced/Encrypt Database” menu item.
If your database is encrypted, you will need to provide the current database password.
Input the new password and repeat it for confirmation.
To remove database encryption, leave the new password empty.
At startup, you will be required to enter the database password if you have set one.
If you forget your database password, you will have to recover your accounts from seed or from batch backup!
Backing up an encrypted database is not supported. Remove the encryption before making a batch backup. After restoring a batch backup, the database is unencrypted.
If you need to reset the state of the application because you forgot the database password, you have to reset the app.
Resetting the database DELETES every account.