I've been quite happy with Notes from Apple. If you're a Windows user, supposedly OneNote is a good alternative, too.
This is dead on.
E.g., even if I don't use my Twitter account for a couple of months, I've got to login through an email verification. This is an attempted login from the same IP address and device, mind you.
So @PinkElephant, with all due respect, I think you're completely missing the point here. YES, people should use 2FA and unique & secure passwords. In fact, I had beefed up pretty much all of my accounts' security. But due to a blind spot, I missed out on Evernote (ironically my most important account). Stupid? Sure. But if companies have simple tools at their disposal to protect users against their own negligence, then shouldn't you think they oughta apply those? Evernote did notice someone made a suspicious log in attempt and made me aware of that. They could've easily taken it up a notch by sending an email verification. Like any reputable tech company does.