News

Evernote’s Three New Security Features

Evernote's Three New Security Features

Posted by Seth Hitchings on 30 May 2013

Posted by Seth Hitchings on 30 May 2013

Comment

The security and privacy of your data are our top priority at Evernote. Today, we’re happy to announce the availability of three new security features:

  • Two-Step Verification
  • Access History
  • Authorized Applications

 

Two-Step Verification

Two-step verification, also known as two-factor authentication, is designed to keep your account secure even if someone learns your password. It does this by requiring a verification code whenever you’re asked to provide your username and password. This will usually only happen when you log into Evernote Web or install it on a new device. This combination of something you know (your password) and something you have (your phone) makes two-step verification a significant security improvement over passwords alone.

How It Works
What makes two-step verification powerful is the six-digit verification code. This code is delivered to your mobile phone via text message or, if you prefer, generated by an app that runs on your smart phone, such as Google Authenticator. We’ll also give you a set of one-time backup codes for when you’re traveling.

2sv-code

It’s Optional
Two-step verification is entirely optional. Before setting it up, please be aware that if you lose access to your secondary access method, you run the risk of permanently locking yourself out of your account. Make sure to closely follow the setup procedure to ensure that this doesn’t happen.

Availability
Two-step verification is initially available to Evernote Premium and Evernote Business users only. Once we’ve optimized our processes and feel comfortable with our ability to support a wide audience, we will make it available to all users.

Getting Started
Before starting the setup process, be sure that all versions of Evernote that you use are updated. This includes Skitch, Penultimate, Evernote Food, and Evernote Hello. Next, go to the security section of your Evernote Web Account Settings. Once you’ve set up two-step verification, you may be asked to sign into the apps that you use.

2sv-settings

Application Passwords
You may find that once you set up two-step verification, some partner apps and integrations, as well as Evernote Touch for Windows 8, will stop working. To fix this, you’ll need to create a special Application Password for each app. You can do this from the security section, as well.

Set up two-step verification »

Authorized Applications (Available to All Users)

We want you to open an Evernote app and then quickly accomplish your task. To make that possible, we rarely ask you to sign in. That helps you get your work done, but can be a problem if you lose your phone or computer. Now, you can revoke any version of Evernote from your Evernote Web Account Settings. Once revoked, an app will request a password the next time its launched.

applications3

Check your Applications »

Access History (Available to All Users)

Access History shows you a running list of every time your account was accessed over the past thirty days. This list includes all the versions of Evernote that you’ve used along with locations and IP addresses. If you ever suspect that your account was accessed without your knowledge, you can check the history.

accesshistory3

View Access History »

Premium

Evernote Premium

Upgrade for features to help you live and work smarter.

 Go Premium
View more stories in 'News'

12 Comments RSS

  • Seth Hitchings

    It’s critical that you have a way to obtain verification codes if you ever lose your Google Authenticator app. If you hadn’t set up a phone number and you lost your phone or mistakenly deleted the app, you’d be permanently locked out of your Evernote account.

    Reply
  • Seth Hitchings

    Rachel, you can use the Google Authenticator app on your smartphone instead of SMS.

    Reply
  • AndrewSinkov

    It’s based on the actual name of the device as displayed in your device/computer settings.

    Reply
  • AndrewSinkov

    It’s based on the actual name of the device as displayed in your device/computer settings.

    Reply
  • AndrewSinkov

    Click on Security in Evernote Web Settings. They click on Manage Settings in the Two-Step Verification area.

    Reply
  • Non-techie Talk

    Given the majority of your users are likely fee accounts, it makes sense to expand availability of this function to free accounts asap. I have already activated 2-step verification on services with free and tiered cost accounts that I use (Google, Dropbox, LinkedIn) so it’s outstanding – and not in a good way – that Evernote has not yet managed to get it done across the board yet.

    Reply
  • Non-techie Talk

    Given the majority of your users are likely fee accounts, it makes sense to expand availability of this function to free accounts asap. I have already activated 2-step verification on services with free and tiered cost accounts that I use (Google, Dropbox, LinkedIn) so it’s outstanding – and not in a good way – that Evernote has not yet managed to get it done across the board yet.

    Reply
    • AndrewSinkov

      We’re expanding to all users soon.

      Reply
    • AndrewSinkov

      We’re expanding to all users soon.

      Reply
  • Amigo Carter

    This is fantastic and super simple. Thanks so much for letting us know. Quite frankly I use Evernote for Everything so this is a great help.

    Reply
  • LO

    Great to see Evernote moving in the right direction. I’d love to see Evernote offer next-gen authentication options such as password-free strong authentication with Clef (http://getclef.com) or location-aware, hands-free two-factor authentication with Toopher (https://www.toopher.com).

    Reply
  • Ron

    It is amazing that you don’t offer TWO-STEP verification to ALL users given the goal of your business is to store private data.

    Reply