Evernote Adds Two-Step Verification for Greater Security
CREDIT: Evernote Corporation
Following in the footsteps of services like Twitter and WordPress, note-taking service Evernote will now offer two-step verification in addition to two other small security features.
Evernote users weren’t too pleased when the program fell victim to a major data theft two months ago, which compromised many users' email addresses and passwords. Two-step verification will not protect the Evernote servers from another such attack, but it will make it almost impossible for hackers to use stolen information against users.
For those not familiar with the process, a two-step verification system adds an extra layer of security beyond a simple password. Instead of just entering a username and password to log in to a service, users link their accounts with a favorite mobile device. Each time a user wants to log in to Evernote, he or she must also enter a unique verification code, which is sent to his or her gadget of choice.
It's not all good news, though: Because the process is optional, many users will likely never activate it, leaving them no less vulnerable than before. Furthermore, the service is only available to Evernote Premium and Evernote Business Users, putting the majority of Evernotonians at a considerable security risk.
The company has promised to eventually roll out two-step authentication to all users, but it first wants to "optimize" the process with a smaller user base. Two-step verification is not a panacea for security ills; in fact, it can create very serious problems for users who don't adopt it.
If a hacker gets a hold of user information and activates two-step verification, it effectively locks the user out of his or her own account. Restoring a two-step-verified account to its rightful owner is much more difficult than restoring a plain-vanilla one.
The other two new security features will be available to all users right away. Evernote supports third-party add-ons, but these programs can work against a user if his or her account is compromised, as they generally store passwords. Users can now revoke permission for these add-ons, which will require users to re-enter their password the next time they launch Evernote. [See also: 7 Security Spring Cleaning Tips]
Access history, also available to all users, will also prove useful for victims of data breaches. This feature keeps track of a user's IP address and location each time he or she logs in to Evernote. If a hacker takes control of an account, the access-history feature will make finding the malefactor much easier.
Between stolen passwords and the VERNOT.A malware, which stole user information while drafting computers into a botnet, Evernote has not had a sterling security record lately. These three security additions will help, but until two-step verification hits the general user pool, Evernote users — and their information — continue to be at risk.