Does face id/touch ID along with passcode encrypt the notes in evernote?

[Mareskuro 0]

Hi,

I'm thinking to move from onenote to evernote, but first I would like to be sure if my notes are going to be safe and protected. Unlike onenote, there's no way to encrypt notes or sections.

So, my questions are:

Does the passcode protect the notes, maybe encrypting them, or it is just a normal password?

If my phone get stolen, could someone extract the notes from the phone bypassing the passcode/touch id?

Are the notes encrypted in Evernote servers?

Thanks for your attention

 

[CalS 5,284]

4 hours ago, Mareskuro said:

Hi,

I'm thinking to move from onenote to evernote, but first I would like to be sure if my notes are going to be safe and protected. Unlike onenote, there's no way to encrypt notes or sections.

So, my questions are:

Does the passcode protect the notes, maybe encrypting them, or it is just a normal password?

If my phone get stolen, could someone extract the notes from the phone bypassing the passcode/touch id?

Are the notes encrypted in Evernote servers?

Thanks for your attention.

Your user name and password are your protection with Evernote, normal stuff.  2FA can provide some additional protection.  Encryption only exists for text within a note.  Typically only the header not the contents of notes are stored on the phone, though you can store note contents if you want.  Notes are encrypted on the EN servers.

[PinkElephant 8,197]

On every iOS device the stored data is encrypted, scrambled and not readable. Law enforcement agencies may be able to crack it, but not a normal thief. Enable „Where is my iPhone“ to be able to brick it by remote access if stolen., in the iCloud settings.

You can enable in the EN app itself an additional Passcode for further hardening. This means even when the iPhone is unlocked, one needs an additional Passcode to open the app. Alternatively you can set it to Face/TouchID to open the app. This works like an encryption, because the data is anyhow encrypted, and opening the app is the only way to read it.

On the EN server, the data is split into fragments and encrypted as well. The servers are very secure, placed in Google data centers (but not under Google admin). EN is able to access the data, because many server based processes depend on reading out the information (like OCR and search indexing). EN claims that these are bots, and no human inside of EN can get access. As always, it is a question of trust. I would assume that as in any American company (including Microsoft and OneNote) there is a backdoor, if somebody comes along with a search warrant. On transfer the data is encrypted by TLS/SSL, the Internet encryption standard.

[Trudy 0]

I have Evernote on my Apple devices so I take it that means my notes are being backed up securely on iCloud and Google Cloud.

 Password ID is only 4 digits so I think Face ID would be more secure.

I am working towards going paperless as much as possible. I use the app to store credit card statements, household receipts, recipes etc.

I am not sure if it is secure enough for income tax information, Will information etc. so have not added. 

I have also read that the data should be backed up to a removable hard drive etc. but as far as I know my iPhone and IPAD don’t have that capability.

Sorry if this is in the wrong discussion area. New to this forum.

 

[PinkElephant 8,197]

Hmmm - where to start  ?

iOS devices have a scrambled memory - it is only readable when the device is unlocked. You should use a Passcode at least 6 digits long. You can change this from 4 digits in the iOS settings, FaceID & Code.

if you enabled it, your I-device will automatically backup into iCloud. To make sure this is secure, enable 2-factor-authentication (2FA) for your iCloud account. Because you have only 5GB of free iCloud space, you need to buy more storage from Apple. Maybe you can do with 50GB, more likely it will be the 200GB plan. If you save a Mac as well, maybe you need the largest plan, 2TB. It can be shared between family members.

To make the app even safer, you can use a passcode for the app in addition. You should choose one different to the passcode to unlock the i-device, because if it would be the same, there is no security gain. You can set FaceID as well. IMHO it makes little sense to secure the app in addition to run a safe I-device. It is safe by itself, if the device is safe.

The data on the EN server is encrypted, and saved in several copies in data centers around the globe. One can discuss whether you really need another backup. Some do, I don’t think it is necessary. What is more important is to use a unique (not reused) and strong password for your EN account. In addition you should set up 2FA as well. EN holds a key to the server data, because many services only work when there is automatic access to the data. It is not EN employees sifting though your data, there are algorithms that perform OCR or keep the search index up to date.

Personally I think the data is safe enough for all sort of documents. What I would not store is login data - for this use a dedicated password manager.

For a backup on an external drive, you can install one of the desktop clients of EN (Mac or Windows), and export your backup from there. Unless you know scripting, this is not a simple process. I save the clients data base with system tools (TimeMachine on my Mac). This is not a specific backup of the EN data, but the EN data is saved together with all others when TM is running. It would be more tricky to do a restore of this data, but it is possible. Anyhow I don’t think I will ever need it - the server data is safe enough.