Search the Community

Showing results for tags 'security'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Calendars

  • Community Event Calendar
  • Evernote Events

Forums

  • General Discussions
    • Evernote General Discussions
    • Third Party Application Discussions
    • Using Evernote
    • Billing and Payments
  • Evernote Products
    • Evernote
    • Evernote Business
    • Evernote Web Clipper
    • Scannable
    • Skitch
    • Penultimate
  • International Forums
    • Japanese Discussions
    • Brazilian Portuguese Discussions
    • Discussions in Spanish
    • Korean Discussions
    • Traditional Chinese Discussions

Found 166 results

  1. Hello, Anybody knowing why Evernote does not pass the brute force test in the DashLane test? https://blog.dashlane.com/dashlane-password-power-rankings-2017/ They say: "Does the website allow 10 incorrect login attempts without providing additional security (CAPTCHA, account lockout, 2-Factor, etc.)?" @Evernote: Is there a special reason or are there any plans for implementing this?
  2. Is there some way to put a password on individual notes (as opposed to encrypting selections of text)? I've searched high and low ... but cant figure out if this is possible. Thanks
  3. When I start Evernote via a shortcut on my Mac I firstly want to key in my password before the opening page with my notes become visible. I've this functionality on my i phone (Touch ID or 4-digit pin code). Momentarily the application opens directly and fully when I double click on the short cut logo of Evernote.
  4. I noticed that it doesn't seem possible to remove the primary phone number while two-step verification is enabled. Unfortunately, that weakens the security of two-step verification, even when using an authenticator app. This Wired article provides a great overview of the weakness of SMS-based two-step verification and its vulnerability to "sim swap" type attacks: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/ I'd love to see the ability to remove phone numbers as an override for authenticator-based two-step verification. I'd also love to see Evernote adopt the U2F protocol for improved two-factor security: https://www.yubico.com/solutions/fido-u2f/
  5. I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes. Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one. I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email. In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content. Any insight is greatly appreciated. Thanks.
  6. I am constantly getting emails asking me to verify my email address using a link. I NEVER click on links in emails. I tried logging on to my Evernote account and verifying the email there and I just got sent another email with a link. This makes me think that the email is valid but I'm still not going to risk it. Is there any way to stop this?
  7. Has anyone found a way around the fact that you can't edit text inside an encryption? I have encrypted account information in a note that I'd like to space out and bold the titles to and it's super frustrating that all I can add are spaces because it's super wonky when on a phone.
  8. On request Evernote has issued a possibility to set a password protection lock on starting the iOS app (while being already logged in). That's nice. However, it is not secure and proves to have some flaws. When starting the Evernote app, first the last showed screen is visible shortly, but you can see (privacy-sensitive) information, if you want. After that, the passwordscreen appears. A flaw is that, when your last evernote-screen was a search-screen, the keyboard is still popped-up and covers the passwordscreen partly. I count this as a severe security issue and would like this to be solved with high priority. So not dependent of the number of 'popular votes'.
  9. Hello, Evernote community, We are a small team of developers and we are passionate about our new product which is Saferoom. We have been working hard to provide users with zero-knowledge encryption functionality without destroying user's productivity. We wanted to build an encryption app that will be easy to use and allow anybody protect their personal data. Saferoom is now a set of mobile and desktop that together add full encryption capabilities on-top of Evernote. It means that you work with Evernote normally, and when you need to create or view an encrypted note you use Saferoom. All the time your encrypted items are part of Evernote notes, but you can see them (e.g. decrypt) only inside Saferoom app. And Evernote is just a beginning - we want Saferoom to be like "Passbook" for your encrypted data. Saferoom encrypts whole note including all the resources - independently of the resource type and your password is stored on the device only. It also means that password cannot be restored - that is a price for true zero-knowledge encryption. Our app is available in iTunes Store: https://itunes.apple.com/app/saferoom-one-app-to-encrypt/id964858486 And in Google Play Store: https://play.google.com/store/apps/details?id=com.secomsoft.Saferoom Saferoom Desktop for MacOS and Windows are free: https://itunes.apple.com/app/saferoom-zero-knowledge-encryption/id981600236 Windows: http://en.softonic.com/s/saferoom:windows-mac-iphone-android-windows-phone-7-web-apps/windows https://www.microsoft.com/en-us/store/p/saferoom-for-windows-81/9nblggh40cdw# And also you can use Saferoom Chrome extension: https://chrome.google.com/webstore/detail/saferoom/nnphkaehepldgkjgnlnmfmpcjkklibfj?hl=en-US Here is a video demos of Saferoom capabilities: https://www.youtube.com/channel/UCzyNcs_NN5H_JVxZCeR1bFg/videos?spfreload=10 Any feedback is always welcomed.
  10. Please refer to this article. In one line, it says "if your service uses 2-factor auth based on SMS (which Evernote does), you are vulnerable to have your phone number transferred and your 2-factor bypassed" https://www.forbes.com/sites/laurashin/2016/12/21/hackers-are-hijacking-phone-numbers-and-breaking-into-email-and-bank-accounts-how-to-protect-yourself/#4a2abe6f360f Suggested quick fix: Let users modify their phone number to 000-000-0000 if they are concerned.
  11. I am an Evernote Plus member and have been since college. Recently downloaded the Evernote Desktop app for Mac on a work machine and was aghast to find it downloading all of my personal notebooks, and notebooks from previous jobs, upon first sign-in. This is really a deal-breaker for me since I do not wish to store all of my personal notes on my work computer. I think the following solutions would work: Encrypt certain notebooks with separate passwords. Ability to select certain notebooks for local syncing. Keep the others on Evernote's servers. Separate "profiles" or "accounts" all linked to my original Evernote account, with different notebooks. I could just sign in with my work email address, for example. Thanks!
  12. I would love to use Evernote at work, but uploading meeting minutes and other confidential data to the cloud is not an option. Therefore, we would like to host our own Evernote server on our premises. We're a fast growing company with 1k+ employees.
  13. Hi, Apple Notes has already done this and it's elegant. We need the same thing for Evernote. Thanks,
  14. IE Security - Work Computer

    My wife works and uses an office computer that we don't own. Is it possible to install the clipper on that machine and link it to her personal Evernote account and keep it secure? At work she does much of the same things we do in ministry. As she's looking things up at work, the clipper would be wonderful new reference source. Just want to make sure that no one at work would be able to get into here Evernote account or see what she's saved. Unfortunately, the company she's working for seems less than trustworthy in recent years. Even when she changes companies, security is still prudent. Thanks
  15. I got the same issue as Deworn but his post is from 2014. I have the version 6.5.4.4720 (304720) Public. I don't feel secure. How "encrypted" is my stuff?
  16. Pretty much self-explanatory. Text can be encrypted on a desktop and viewed on mobile but not encrypted on mobile. I know this has been posted many times before but it does not seem to be an "idea" so i thought to make it one.
  17. I like the text encryption feature in Evernote but that is insufficient for a Cloud based service, used across multiple platforms, used by a great many people, especially in these times. I believe that Evernote should provide users with the ability to encrypt entire notes, including images and attachments. Please seriously consider implementing this functionality as soon as possible. To not do so, presents loyal users with a significant risk to information confidentiality and integrity, with potentially serious impact should any such risk actualize. I believe that the lack of this functionality also highlights Evernote and its community as potential soft targets. That said, the alternative for Evernote users, at this time is to simply avoid the use of Evernote for documenting, sharing, managing or other handling of potentially sensitive or critical information (including personal notes, ideas, intellectual property and any personally identifying information - as a start) if that information is in any form other than text. Over time, this gap in Evernote security may erode the need for the service (given alternatives with better security). If EN planning/dev. staff want to discuss this further, please contact me or reply to this comment. Thanks in advance. B.
  18. Hi all, We are getting increasing feedback from Safari Web Clipper users of problems clipping certain sites. One reason in these cases can be caused by how Safari have chosen to enforce Content Security Policy (CSP) headers. Summary of CSP: - It's a 'setting' of sorts, that site publishers can set that limits what bookmarklets and extensions can do on their site. - In Safari this may cause the Web Clipper to not being able to execute any code and thus not being able to start. - More info about CSP is available here: http://www.w3.org/TR/CSP/ Typical signs of a CSP issue: - When clicking the Web Clipper toolbar button absolutely nothing happens. (i.e no Web Clipper UI will load) How to determine if the site is having restrictive CSP settings: - See this Skitched tutorial for a guide. https://www.evernote.com/l/AAwMRDf060tB94tLsqW1TK2dNxvFGBuroh4 What can be done about it? - At this point there is nothing that we can 'fix' in the Web Clipper. We are blocked by Safari from running any code. - At the moment Chrome and other browser haven't implemented CSP the same way so clipping in those browser should work fine if the root cause is CSP.
  19. I have been an EN user since Beta, and became a Premium user as soon as it was offered. I do not understand why EN is lagging with simple security options, such as easy encryption of notes and notebooks. This really should be as easy as a Right-Click or selection in properties for a Note or Notebook. The existing method of selecting text in a note and then using a Right-Click option to encrypt it is cumbersome at best. Yes, it is a nice feature if one wants to encrypt only a portion of a note. That's fine. But there should be an easy way to (1) encrypt an entire note without selecting text and (2) encrypt an entire notebook. I would be willing to pay a few bucks extra a year for this additional encryption ability. Seems this should be a no-brainier for EN, both as a tech matter and as a business/profit matter.
  20. Hi - I just got an email saying, " You recently attempted to send an email message from your Evernote account. Unfortunately, we are unable to deliver the email to your intended recipient(s). " However, I didn't try to send any such email (there were 2 of them, both with the subject, "Hey" Does this suggest that my account has been hacked? I also got a password reset notification from Soundcloud yesterday, saying they are resetting my password due to suspicious activity. Can someone please help me understand what's going on?
  21. First time I tried to set up two-factor authentication, on the final step the screen displayed like this - the overlay window was super tiny. I couldn't click or see anything. Reloaded the page to fix, but then the whole process was cancelled and I had to re-enable two-factor authentication. Second time it displayed ok. Screenshot attached. Note sure if this would be browser related or evernote problem. Firefox 51.0.1. Just sharing in case anyone runs into a similar issue.
  22. 2 Step, Access History, and Authorized Applications went out with last night's service update, works on all the clients, and is available to Premium and Business users (with eventual Free user rollout). You've been able to see access history for a while, and is available to all users. The official post is here: http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/
  23. Great that Evernote supports 2-factor authentication via Google authenticator. What about support for the Fido U2F keys, such as from Yubico? Far more convenient way to get 2-factor authentication!
  24. Evernote urgently needs a way to clear recent search history. I see that people have been asking for this for years, and yet it's still not an option. Where is it even stored? I can't find it in any file, or in the registry. I tried uninstalling Evernote to clear it, and my recent searches came right back after I reinstalled. While trying to find out if this is currently possible, I came across one person who accidentally entered a password in his search history, and another who entered her SSN in the search box to find a PDF, where it is now stuck for anyone to find. Evernote has a serious security problem if its users can't control their own sensitive data.
  25. I have a personal Evernote account that I use for both business and personal information. I have access to it on my work computer, with Windows 7, since I need notes from both areas. I use the desktop app and sign out of Evernote when I leave. However, I worry about the confidentiality of my notes on the local drive and the company's ability to readily access them. Are they encrypted in any way? Can they be? Does the web app keep an image on the local drive? The more I read this post, the more I realize that the computer is theirs and they could do whatever they want. Is getting rid of the desktop app and using the web a solution? Thanks for the help.