Jump to content

Search the Community

Showing results for tags 'security'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General Discussion
    • Community Announcements
    • Spaces for Evernote Business
    • Evernote General Discussions
    • Using Evernote
    • Evernote API Discussion
    • Evernote Integrations
    • Evernote Research Discussion
  • Possible Bugs/Technical Issues
    • Evernote Business
    • Evernote for Android
    • Evernote for iOS
    • Evernote for Mac
    • Evernote for Windows
    • Web Client
    • Evernote Product Suite
    • General Technical Issues
  • Product Feedback/Feature Requests
    • Evernote Business
    • Evernote for Android
    • Evernote for iOS
    • Evernote for Mac
    • Evernote for Windows
    • Evernote Web Client
    • Evernote Product Suite
    • General Feature Requests
  • International Forums
    • Japanese Discussions
    • Brazilian Portuguese Discussions
    • Discussions in Spanish
    • Korean Discussions
    • Traditional Chinese Discussions
  • Evernote Forum Archives
    • General Discussion Archive
    • Product Archives


There are no results to display.

There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start




Found 175 results

  1. I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes. Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one. I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email. In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content. Any insight is greatly appreciated. Thanks.
  2. Hi everyone, I lead Evernote's security team. We recently received reports from a small number of users that they had discovered unauthorized access on their account from a third-party app called "Geeknote". We believe that someone has learned these users’ passwords from a website or service not associated with Evernote. Our security team investigated these reports and found that Geeknote was being used by malicious actors to automate access to our service. We care about the security of Evernote customers, so we’ve revoked the app from our service to disrupt the abuse and protect customers. If you were previously a Geeknote user, we've emailed you directly to explain this change. If we detected unauthorized access on your account, we've also emailed you and reset your password. If you have not received either email notification from us, then you are likely not impacted. We recommend that you always use a unique password on your Evernote account and setup two-factor authentication to better protect it. See https://evernote.com/security/tips for more tips on how to secure your account. To understand more about Evernote and third-party applications visit: https://evernote.com/privacy/third-party-apps
  3. As an Evernote user who does sometimes store sensitive information in Evernote (by encrypting specific text), I would like a response from Evernote regarding this. A high profile investor in the cryptocurrency space was recently hacked ($2M USD worth). He mentioned that he did store his private keys in Evernote - but - that this information was encrypted. Based on his story, he claims that somehow someone with access to his email account was somehow able to reset his Evernote password (based on my understanding) and somehow gain access to his encrypted notes too: " I thought I was safe storing my private keys on Evernote because I encrypted them but clearly that didn’t help. I did have 2FA on my Gmail with the authenticator app but that didn’t help because my recovery email address was my college email and there is no 2FA on that. Once the hackers had access to my Gmail, they basically had access to everything" http://ianbalina.com/ian-balina-hacked-2-million-ama-live-stream-w-notes-april-24th-2018/ What I'm not clear on - is even if someone resets your Evernote password and accesses your notes, this shouldn't give them access to any encrypted information, because that is encrypted separately and as far as I know, even Evernote should not have the ability to even know your encryption password. Am I correct, or does Evernote's systems store your encrypted password somehow? I think this is important for everyone to know. If the above person's story is inaccurate then it would be good for Evernote to confirm this, as otherwise, Evernote security looks quite bad here if something like this could really happen.
  4. Hello, Evernote community, We are a small team of developers and we are passionate about our new product which is Saferoom. We have been working hard to provide users with zero-knowledge encryption functionality without destroying user's productivity. We wanted to build an encryption app that will be easy to use and allow anybody protect their personal data. Saferoom is now a set of mobile and desktop that together add full encryption capabilities on-top of Evernote. It means that you work with Evernote normally, and when you need to create or view an encrypted note you use Saferoom. All the time your encrypted items are part of Evernote notes, but you can see them (e.g. decrypt) only inside Saferoom app. And Evernote is just a beginning - we want Saferoom to be like "Passbook" for your encrypted data. Saferoom encrypts whole note including all the resources - independently of the resource type and your password is stored on the device only. It also means that password cannot be restored - that is a price for true zero-knowledge encryption. Our app is available in iTunes Store: https://itunes.apple.com/app/saferoom-one-app-to-encrypt/id964858486 And in Google Play Store: https://play.google.com/store/apps/details?id=com.secomsoft.Saferoom Saferoom Desktop for MacOS and Windows are free: https://itunes.apple.com/app/saferoom-zero-knowledge-encryption/id981600236 Windows: http://en.softonic.com/s/saferoom:windows-mac-iphone-android-windows-phone-7-web-apps/windows https://www.microsoft.com/en-us/store/p/saferoom-for-windows-81/9nblggh40cdw# And also you can use Saferoom Chrome extension: https://chrome.google.com/webstore/detail/saferoom/nnphkaehepldgkjgnlnmfmpcjkklibfj?hl=en-US Here is a video demos of Saferoom capabilities: https://www.youtube.com/channel/UCzyNcs_NN5H_JVxZCeR1bFg/videos?spfreload=10 Any feedback is always welcomed.
  5. I use Little Snitch and was using a VPN service when I opened Evernote--Little Snitch signaled that Evernote was requesting connection to the Chinese Evernote server, yinxiang.com. When I declined the connection, Evernote wouldn't connect. When I disconnected from the VPN, I got no connection request to yinxian.com. I'm in the US and am uncomfortable with data being on the Chinese server. Why? Is this a problem on the VPN side or Evernote's?
  6. TomasSweden


    I am a "premium" user, which means I pay to use Evernote. I suddenly realized Evernote is running analytics on its pages, which makes me wonder how much of my behavior on the site is recorded and fed into the Algorithm. I realize Google and others made the internet "free" (as in "free to rock the chain") by taking personal information, instead of money, in return for their products. I am not sure I feel OK both paying in money AND information, though. Can one opt out of the analytics? Cheers, Tomas from Sweden
  7. I understand that not all users will find this important, but I do. If Evernote for Windows is installed for "all users", the current loged in user for a Windows desktop is presistent even after Evernote is uninstalled. Even if I try, I can not find this to be a secure way to handle log-ins. In my opinion, a user should be loged out of Evernote if the software is uninstalled. Does anyone agree?
  8. Evernote stores a lot of my life. With a high frequency of data hacks, password theft and other online security issues I have a note solution: i would like the ability to store more. To add notes which require pin access each time they are to be viewed. To store for example a back up of all wallet cards incase of loss, back up of passport, passwords and other secure items. I think many users will value this function.
  9. I would love to use Evernote at work, but uploading meeting minutes and other confidential data to the cloud is not an option. Therefore, we would like to host our own Evernote server on our premises. We're a fast growing company with 1k+ employees.
  10. I just got an email 1 hour ago (so 7:50am Pacific, Feb 26), alerting me that someone logged in to my account on Feb 22 at 21:35UTC. That is four days ago! Most services I use that give me email alerts asking if it was me come within minutes, often seconds. This needs to be fixed, or gotten rid of. I don't recall what I was doing Thursday and whether or not I used a different PC to log into Evernote. I use a number of PCs at work, so it is entirely possible.
  11. Have the ability to lock individual notes, e.g., a password-protected note. It's available in OneNote
  12. I installed the latest update ( Version 6.13 –455673 Direct) for MacOS and noticed Evernote attempts to connect to tealiumiq upon startup. I know that tealiumiq is used for "tag management" and advertising. Can you please answer: Why exactly does Evernote want to attempt to tealiumiq's servers, is this connection necessary for the application and service to function properly, what data is sent to tealiumiq, how long is this information stored at tealiumiq, is it shared with any other organization, and is it used to advertise or market to users in any way? Thank you.
  13. I can't image this has not been requested in the past, but I want to request encryption support for the Evernote client database (.exb). Currently the synced content is readily available in the clear and an account password is not needed to access it. All it takes is for someone to set up a temp Evernote account, then rename the target .exb database filename to match the name of the temp account and bam... they have the data. No password required. Massive concern in today's world.
  14. Hi, I am about to use Evernote for my personal and work. And I have some queries: 1) How secure and private are my confidential notes in Evernote? 2) Can any Evernote employee access and see my confidential notes? I know people can see my notes and things only if I give access to them but here I am talking about Evernote employees. 3) Is there any way to prevent Evernote from auto-saving into the cloud and make Evernote to save the notes on my PC? Thanks in advance. Guddu
  15. I have been an EN user since Beta, and became a Premium user as soon as it was offered. I do not understand why EN is lagging with simple security options, such as easy encryption of notes and notebooks. This really should be as easy as a Right-Click or selection in properties for a Note or Notebook. The existing method of selecting text in a note and then using a Right-Click option to encrypt it is cumbersome at best. Yes, it is a nice feature if one wants to encrypt only a portion of a note. That's fine. But there should be an easy way to (1) encrypt an entire note without selecting text and (2) encrypt an entire notebook. I would be willing to pay a few bucks extra a year for this additional encryption ability. Seems this should be a no-brainier for EN, both as a tech matter and as a business/profit matter.
  16. glenn-lincoln


    Evernote has a large page convincing people of it's security. Everybody's information is secure, right? Has anyone noticed that hacking large companies data is becoming MUCH more frequent?! Today, Equifax said that it may have been hacked again. Yahoo was hacked recently releasing info on 300 billion accounts. But here's the thing, if Evernote gets compromised, you lose a LOT more than just a username and password, you lose everything! Evernote NEEDS to adopt a ZERO KNOWLEDGE encryption, meaning that not even employees of the company can see what is on people's accounts, and if someone were to hack EVERNOTE, all they would get is encrypted info. Evernote will say that that's all people would get now, but if employees can see the data, hackers will be able to see the data. The data needs to be encrypted on the desktop, and needs to stay encrypted in the cloud. No matter how good Evernote's encryption is, it will be hacked at some point. PLEASE adopt zero-knowledge!
  17. I noticed that it doesn't seem possible to remove the primary phone number while two-step verification is enabled. Unfortunately, that weakens the security of two-step verification, even when using an authenticator app. This Wired article provides a great overview of the weakness of SMS-based two-step verification and its vulnerability to "sim swap" type attacks: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/ I'd love to see the ability to remove phone numbers as an override for authenticator-based two-step verification. I'd also love to see Evernote adopt the U2F protocol for improved two-factor security: https://www.yubico.com/solutions/fido-u2f/
  18. Hi, I hope this is the right place for this. I have just set up 2 factor authentication and went through the process of setting up my primary phone number etc. I wanted to set up a backup phone number as it is suggested and is a very sensible precaution. However it won't let me put in my phone number. I get a validation message saying 'Enter a valid phone number that can receive SMS messages.' The number I am trying to use is a UK landline. I suspect it thinks it can't send an SMS message to it as it is not a mobile. All BT openreach landlines in the UK are capable of receiving SMS messages, either with a phone that supports it (as I have) or through a text-to-speech implementation. As that is the only other number registered to me, it is the obvious choice as a backup number. I don't know if that is the same in other countries or not. I'm hoping a friendly Evernote employee will read this and be able to get the validation changed. Thanks for your time.
  19. Hi everyone, I lead Evernote's security team. We have received reports regarding what appears to be suspicious activity affecting a small percentage of our users. Our team is working with individual users to better secure their accounts and our security team believes that someone has learned these users’ passwords from a website or service not associated with Evernote. If you, or the people in your network receive an email from Evernote mentioning that we’ve detected suspicious activity, please know that this is not a hoax or spam message; it’s from us. To more quickly notify our customers in the future, we will roll out a new feature that will notify customers when we detect a new login from a new location or device.
  20. Hi, I use Google Authenticator in the past and then change my phone. I would like to enable Google Authenticator on my new phone but cannot find the barcode to scan. My question is How to re enable Evernote on the Google Authenticator app? Imagine you are traveling and cannot get the code by phone. All your travel information are in Evernote and you log out by mistake. You will be in big trouble, right?
  21. I updated my Evernote account password via web account management and now my notes won't sync from the Windows PC client software. It's like different Evernote security/authentication servers are in use, and the sync between them is not working, or working abnormally slowly. Or a flag got set on my account because two different sets of passwords don't match. I don't know what the real deal is. The only way I can sign into the Windows PC client software is with my old password. When I try to use the new password, I am told it's an invalid password. I have logged out of everything Evernote multiple times on both my phone and the Windows client software. I can get into my web account management portal, I can access my notes in the Windows PC client. I just cannot make sync work now that my password has changed. Do I need to revert back to my old password? I would prefer not, but if that's what I have to do to get it to work, please let me know.
  22. Novroax

    Security flaw

    Hi, finally I could reach you, My issue is that when I open the app, it takes a second to ask the password. Until then all my data is visible. So what's the point of securing it with anything if anyone can have as many glimpses as the wish for? There could be also a more complicated password option and for some people even 2 factor authentication could be a choice. The latter for premiums. Thank you for your time, novroax
  23. Hi - I just got an email saying, " You recently attempted to send an email message from your Evernote account. Unfortunately, we are unable to deliver the email to your intended recipient(s). " However, I didn't try to send any such email (there were 2 of them, both with the subject, "Hey" Does this suggest that my account has been hacked? I also got a password reset notification from Soundcloud yesterday, saying they are resetting my password due to suspicious activity. Can someone please help me understand what's going on?
  24. I'm hoping that this is a silly question. I'm excited about the integration with Slack and Evernote, but my question is how secure is it? Meaning, my co-workers or co-worker/Slack admins can't access my personal Evernote even though I have connected my Slack account with my personal Evernote? I love being able to save Slack "clips"/ my working discussions with my Evernote for record-keeping, but am worried about co-workers or others browsing my personal Evernote which, like I said, I connected to my work Slack. Thanks for the help. I couldn't find any info online... I am sure that this connection would never be engineered this way, but thought I should ask.
  25. Has anyone found a way around the fact that you can't edit text inside an encryption? I have encrypted account information in a note that I'd like to space out and bold the titles to and it's super frustrating that all I can add are spaces because it's super wonky when on a phone.