Jump to content

Easier Encryption + Better Security


jasondunn

Recommended Posts

Posted

I'm a huge, raving fan of Evernote - I rely on it to a huge degree - and I'm hoping that the Evernote team is working on some improvements along these lines:

 

1) The method of encryption is clunky. It's so bad that I've taken to putting all of my data into one card and encrypting the whole thing. When is notebook-level encryption coming?

2) The Windows application needs to have the same security as the mobile apps; an additional layer (PIN code, etc.)

3) After being abandoned by SafeWallet, I'm eager for a digital wallet solution that will be around for the long haul. Evernote could add simple templates, and the above-mentioned notebook-level encryption, and add a whole new level of functionality to their service (without being a distraction from their core mission)

 

Anyone else been asking for the same things?

  • Level 5*
Posted

I'm a huge, raving fan of Evernote - I rely on it to a huge degree - and I'm hoping that the Evernote team is working on some improvements along these lines:

 

1) The method of encryption is clunky. It's so bad that I've taken to putting all of my data into one card and encrypting the whole thing. When is notebook-level encryption coming?

2) The Windows application needs to have the same security as the mobile apps; an additional layer (PIN code, etc.)

3) After being abandoned by SafeWallet, I'm eager for a digital wallet solution that will be around for the long haul. Evernote could add simple templates, and the above-mentioned notebook-level encryption, and add a whole new level of functionality to their service (without being a distraction from their core mission)

 

Anyone else been asking for the same things?

I don't think these feature requests are limited to Windows only, but would be of interest to Mac users as well.

Encrypted notebooks? Yes.

Safe Wallet? No, thank you. LastPass and others do just fine, are inexpensive, and have a lot of functions Evernote couldn't or shouldn't try to replicate. If all you need is an encrypted list of passwords then the encrypted notebooks would have you covered. I'd recommend looking into some of the existing password managers, though, because they are pretty handy.

Posted

I don't think these feature requests are limited to Windows only, but would be of interest to Mac users as well. Encrypted notebooks? Yes.

Safe Wallet? No, thank you. LastPass and others do just fine, are inexpensive, and have a lot of functions Evernote couldn't or shouldn't try to replicate. If all you need is an encrypted list of passwords then the encrypted notebooks would have you covered. I'd recommend looking into some of the existing password managers, though, because they are pretty handy.

 

 

Apologies, I meant "desktop" client vs. the mobile client when I said "Windows". I'm sure all desktop/laptop owners would appreciate more security. :-)

 

As for SafeWallet, let me explain further: it's not a LastPass competitor, it's a program that you plug your account information into, phone numbers, notes, some support scans of physical cards, etc. LastPass is a great username/password tool for a browser, but it's incredibly clunky if you try to store other types of text in it (and there's support for images, documents, etc.).

 

Ultimately with an encrypted notebook, I'd get 90% of what I want, but having support for basic forms/templates (for, say, plugging in credit card info) would take it the last 10% of the way.

  • Level 5*
Posted

A PIN on the Windows client won't be any good until they encrypt the EXB database file. It is pretty much clear text in there. But i agree 100%, PC users need this database to be more secure. The one killer option for this was TrueCrypt, but that product was killed off last week, so it is no longer an option.

 

And notebook encryption I don't think is too likely. The reason is most indexing is done at the server level - especially for attachments like PDF files and images, so the notes need to be sync'd to the server unencrypted for search to work, even on the client.

 

I agree with GM - Lastpass is the way to go for secure data. It scans for duplicate passwords, tells you what sites in your database were hit by Heartbleed, tests password security, sync's across many devices (for $12/hyr) , etc.

 

If you want to safely put files in EN and not worry about them, you can encrypt them first with AxCrypt. I do that with tax returns and such.

Posted

Disagree respectfully... There may be a lot of other sensitive documents on a PC, cookies, browser passwords, whatever.

To keep all this safe, just use the whole-system encryption (Bitlocker or 3rd party).

New Windows machines and tablets have boot passwords or fingerprint protection.

Evernote cannot possibly do much better than that.

 

dd.

  • Level 5*
Posted

Disagree respectfully... There may be a lot of other sensitive documents on a PC, cookies, browser passwords, whatever.

To keep all this safe, just use the whole-system encryption (Bitlocker or 3rd party).

New Windows machines and tablets have boot passwords or fingerprint protection.

Evernote cannot possibly do much better than that.

 

dd.

 

Not every platform has bitlocker (only Windows 7 Enterprise/Ultimate, and most (all?) of WIndows 8 (spit). And maybe vista Ultimate. Cannot recall if that had it. XP doesn't at all, and third party tools are difficult to use. I've used TrueCrypt and it is not for the novice. It is also dead.

 

To say just because you can encrypt a drive means there is no need to ever encrypt/password protect another file (Excel, Quicken, an electronic wallet) doesn't make sense. There are other scenarios where someone can get your .exb file off of your machine while it is logged in, and thus effectively decrypted. If iOS can support a PIN lock, there isn't much reason EN cannot support a password and some level of security in the file, regardless of the underlying file system security.

Posted

A PIN on the Windows client won't be any good until they encrypt the EXB database file. It is pretty much clear text in there. But i agree 100%, PC users need this database to be more secure. The one killer option for this was TrueCrypt, but that product was killed off last week, so it is no longer an option.

 

And notebook encryption I don't think is too likely. The reason is most indexing is done at the server level - especially for attachments like PDF files and images, so the notes need to be sync'd to the server unencrypted for search to work, even on the client.

 

I agree with GM - Lastpass is the way to go for secure data. It scans for duplicate passwords, tells you what sites in your database were hit by Heartbleed, tests password security, sync's across many devices (for $12/hyr) , etc.

 

If you want to safely put files in EN and not worry about them, you can encrypt them first with AxCrypt. I do that with tax returns and such.

 

Good point about encrypting the database - that's certainly a core issue that needs to be addressed - I was just thinking that having the frontline PIN input like the mobile apps would be a good standard practice to discourage casual snooping (on a shared computer for instance, or for those who leave their computer unlocked at work).

 

I for one would be happy to give up server-side indexing inside a secure folder if that was a requirement for making it happen. A local, simple real-time text filtering would be sufficient for my needs. Evernote's indexing and OCR is powerful, but in a secure folder, it seems like a positive thing to say "We won't index your private content". I'll check out AxCrypt, but anything that's not automatic and easy probably won't get used as often as it should by me (human nature being what it is).

 

I'm a paying customer for LastPass Premium, and it's great at what it does, but once you get beyond username + passwords storage, it falls flat. Very clunky to use it for other things such as bank account information, credit card storage, etc. Evernote has the all the pieces - solid sync, image + document embedding support - so that's what I was thinking. After having been abandoned by two digital wallets (FlexWallet, then SafeWallet) I'd love to plug my data into a service/platform that I can trust.

 

Sidebar: are you the EdH from Pocket PC Thoughts fame?

  • Level 5*
Posted

 

A PIN on the Windows client won't be any good until they encrypt the EXB database file. It is pretty much clear text in there. But i agree 100%, PC users need this database to be more secure. The one killer option for this was TrueCrypt, but that product was killed off last week, so it is no longer an option.

 

And notebook encryption I don't think is too likely. The reason is most indexing is done at the server level - especially for attachments like PDF files and images, so the notes need to be sync'd to the server unencrypted for search to work, even on the client.

 

I agree with GM - Lastpass is the way to go for secure data. It scans for duplicate passwords, tells you what sites in your database were hit by Heartbleed, tests password security, sync's across many devices (for $12/hyr) , etc.

 

If you want to safely put files in EN and not worry about them, you can encrypt them first with AxCrypt. I do that with tax returns and such.

 

Good point about encrypting the database - that's certainly a core issue that needs to be addressed - I was just thinking that having the frontline PIN input like the mobile apps would be a good standard practice to discourage casual snooping (on a shared computer for instance, or for those who leave their computer unlocked at work).

 

I for one would be happy to give up server-side indexing inside a secure folder if that was a requirement for making it happen. A local, simple real-time text filtering would be sufficient for my needs. Evernote's indexing and OCR is powerful, but in a secure folder, it seems like a positive thing to say "We won't index your private content". I'll check out AxCrypt, but anything that's not automatic and easy probably won't get used as often as it should by me (human nature being what it is).

 

I'm a paying customer for LastPass Premium, and it's great at what it does, but once you get beyond username + passwords storage, it falls flat. Very clunky to use it for other things such as bank account information, credit card storage, etc. Evernote has the all the pieces - solid sync, image + document embedding support - so that's what I was thinking. After having been abandoned by two digital wallets (FlexWallet, then SafeWallet) I'd love to plug my data into a service/platform that I can trust.

 

Sidebar: are you the EdH from Pocket PC Thoughts fame?

 

 

I could agree on giving up the server-side indexing, but I don't think EN is interested in that. A couple of years ago someone asked on their podcast for some enhanced features for unsyncronized notebooks, a rarely used feature in the product. The response was they would probably keep an unsync'd notebook as an option (meaning, it NEVER goes to the cloud) but they had no interest in furthering the development in that area because they are all about the online cloud stuff and further enhancing as much as possible on the server side to provide a consistent experience across multiple platforms. It is somethign you could ask in one of the beta threads, but I am not sure they would be terribly responsive to it.
 
Axcrypt is like WinZip, but a bit easier to use and you can encrypt multiple files simultaneously and individually, not wrapping them up in one big zip file. I use it for all of my PDF bank statements and tax returns, but not much else. You can automate with command line stuff, but, uhm... bleh.
 
I agree also on comments on Lastpass. It is phenominal for websites. I do have my credit card info and other bits I formerly had in eWallet in there (eWallet is around, but it seems development stopped cold), but that isn't its strong suit, but when you read about the lengths LP goes to on security, even if EN had some of those features, I'd still stick with LP. LastPass is not only on the cutting edge of encryption and security for cloud data, they seem to be pushing some of the standards. For example, they weren't vulnerable to HeartBleed a month or so ago because they had already implemented some features that made the HeartBleed bug irrelevant long before HeartBleed was discovered.
 
And yes, same EdH. :-)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...