The security and privacy of your data are our top priority at Evernote. Today, we’re happy to announce the availability of three new security features:
- Two-Step Verification
- Access History
- Authorized Applications
Two-step verification, also known as two-factor authentication, is designed to keep your account secure even if someone learns your password. It does this by requiring a verification code whenever you’re asked to provide your username and password. This will usually only happen when you log into Evernote Web or install it on a new device. This combination of something you know (your password) and something you have (your phone) makes two-step verification a significant security improvement over passwords alone.
How It Works
What makes two-step verification powerful is the six-digit verification code. This code is delivered to your mobile phone via text message or, if you prefer, generated by an app that runs on your smart phone, such as Google Authenticator. We’ll also give you a set of one-time backup codes for when you’re traveling.
Two-step verification is entirely optional. Before setting it up, please be aware that if you lose access to your secondary access method, you run the risk of permanently locking yourself out of your account. Make sure to closely follow the setup procedure to ensure that this doesn’t happen.
Two-step verification is initially available to Evernote Premium and Evernote Business users only. Once we’ve optimized our processes and feel comfortable with our ability to support a wide audience, we will make it available to all users.
Before starting the setup process, be sure that all versions of Evernote that you use are updated. This includes Skitch, Penultimate, Evernote Food, and Evernote Hello. Next, go to the security section of your Evernote Web Account Settings. Once you’ve set up two-step verification, you may be asked to sign into the apps that you use.
You may find that once you set up two-step verification, some partner apps and integrations, as well as Evernote Touch for Windows 8, will stop working. To fix this, you’ll need to create a special Application Password for each app. You can do this from the security section, as well.
Authorized Applications (Available to All Users)
We want you to open an Evernote app and then quickly accomplish your task. To make that possible, we rarely ask you to sign in. That helps you get your work done, but can be a problem if you lose your phone or computer. Now, you can revoke any version of Evernote from your Evernote Web Account Settings. Once revoked, an app will request a password the next time its launched.
Access History (Available to All Users)
Access History shows you a running list of every time your account was accessed over the past thirty days. This list includes all the versions of Evernote that you’ve used along with locations and IP addresses. If you ever suspect that your account was accessed without your knowledge, you can check the history.