areese801 6 Posted January 11, 2016 Share Posted January 11, 2016 I have tons of passwords. I like the idea of using Evernote as a sort of password manager: Create a note for each username / password, and other applicable details that you have. Tag it up and leave nice comments to leverage search Highlight > "Encrypt Selected Text" on the portion of the note that contains any sensitive details as plain text. I understand that Evernote content is heavily encrypted so I feel like this is a reasonable approach to password management. However there seems to be (at least what I would consider) a security flaw with the "Note History" feature available on Premium accounts in that any information that was stored as plain-text before having been encrypted is easily viewed in a previous version of the note. Doesn't really protect against shoulder surfing / staying logged in to evernote with an unlocked workstation. After all: Everything is stored as plain-text before it has a chance to be encrypted. So my enhancement requests would be these: Add an option to disable revision history on a per-note and global basis Add an option to delete revision history on a per-note basis Add an option to retain X days of revisions history or Y number of revisions on a per-note and global basis Add an option to re-prompt for password before viewing revision history Add logic that says 'if the text is encrypted on the current version of the note, also encrypt / obfuscate in the history view. I understand this may be tricky from a 'detect what's encrypted now but wasn't before' point of view. An alternative would be to implement "if the current version has ANY encryption, then encrypt the entire previous version with the same hash". This could lead to 'nested' encryptions, but I don't see that as an issue. Add an option to provide a 'global' encryption passphrase (which may or may not be different than the password used to login). Only the hash of that string gets stored (obviously) When a user chooses to "Encrypt Selected Text", they have the option to apply this passphrase rather than typing it in (possibly incorrectly) Similarly, add an option to prompt that the passphrase be entered a second time to verify. This would reduce the risk of a user entering a passphrase incorrectly, then not being able to decrypt their text to enter it correctly. Also: I'd like to understand how encrypted text is handled if/when a premium user goes back to being a basic user. I'm an evernote Premium user. I use it on multiple platforms: OSX App, Ipad, Iphone, Linux (Web) Link to comment
This topic is now archived and is closed to further replies.