Search the Community
Showing results for tags 'security'.
Found 167 results
-
Hi all, I just discovered on going to use Evernote on my phone that it was asking me to deactivate a device in order to use it. This led to the discovery that 18 hours ago my account was accessed by an Iphone with an IP address in Egypt. I'm in the UK and using android on a Sony phone. I've used Evernote for years with no problems and am now freaking out that I need to change my password for everything, and also that my whole life is on there and some of its pretty personal or a security risk. Never worried about it before and now I don't know where to start. So this is both a post just to vent and say ARGH! Why don't they send an email to say someone else has logged into your device? Or have more security when it's from another country? And secondly, has anyone else had this happen? Do you think it is an individual and that they might have downloaded and be going through all my notes as we speak? Or is it some kind of bot that doesn't actually care to read this stuff? I don't know where to start - feel I need to look through all 647 notes to see where my security may have been compromised. GAH! I've emailed the support people but is there anything they can do? Damn the internet. Bring back notebooks.
-
I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes. Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one. I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email. In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content. Any insight is greatly appreciated. Thanks.
- 650 replies
-
- 59
-
-
-
-
- feature request
- password protect notebooks
- (and 3 more)
-
I have the red exclamation mark on my Sync button. I don't have a "Conflicting Changes" notebook, but I have pinpointed at least one note that isn't in sync. The log has an "unexpected problem server-side" error repeatedly. I see this message in my logs going back for a month or so, but I don't see any details that would help me understand what the issue is. I'll attach the log (had to truncate it due to size). I'm subscribed, but I did not see a way to contact support. Thanks. AppLog_2018-07-16_a.zip
-
other Feature Request - Encryption of Entire Notebook and/or Notes
mapjr posted an idea in General Feature Requests
I have been an EN user since Beta, and became a Premium user as soon as it was offered. I do not understand why EN is lagging with simple security options, such as easy encryption of notes and notebooks. This really should be as easy as a Right-Click or selection in properties for a Note or Notebook. The existing method of selecting text in a note and then using a Right-Click option to encrypt it is cumbersome at best. Yes, it is a nice feature if one wants to encrypt only a portion of a note. That's fine. But there should be an easy way to (1) encrypt an entire note without selecting text and (2) encrypt an entire notebook. I would be willing to pay a few bucks extra a year for this additional encryption ability. Seems this should be a no-brainier for EN, both as a tech matter and as a business/profit matter.- 22 replies
-
- 7
-
-
- evernote
- encryption
- (and 6 more)
-
I noticed that it doesn't seem possible to remove the primary phone number while two-step verification is enabled. Unfortunately, that weakens the security of two-step verification, even when using an authenticator app. This Wired article provides a great overview of the weakness of SMS-based two-step verification and its vulnerability to "sim swap" type attacks: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/ I'd love to see the ability to remove phone numbers as an override for authenticator-based two-step verification. I'd also love to see Evernote adopt the U2F protocol for improved two-factor security: https://www.yubico.com/solutions/fido-u2f/
-
Is it better security and better privacy?
Mr Jumbo Guy posted a topic in Evernote General Discussions
Hey, this is how I am thinking to upload my notes into EverNote and wanted to hear your opinion if this is a good way or not? Writing Note in PDF -> Encrypting the PDF's using its own password option -> Archiving the PDF using 7-Zip and encrypting it using 7-Zip's 256 AES password. So, the PDF needs the password to open and to get the pdf, one has to need the password of the RAR file too. So, is this good? And is 7-Zip good for encryption? Many say 7-Zip is one of the best. Waiting for your opinion guys. Thanks in advance! -
long notes full encryption LONG NOTES - ALL TEXTS ENCRYPTION Feature
Mr Jumbo Guy posted an idea in General Feature Requests
Hi, I have long notes and I have small notes. I see that I can only encrypt small note texts? I think we would love the LONG NOTES - ALL TEXT ENCRYPTION feature i.e., no matter how long the note is, we should be able to encrypt all the texts. LONG NOTE ALL THE TEXTS ENCRYPTION feature gives the peace of mind. Kindly consider this and you will have a LIFELONG PREMIUM customer. I like EverNote very much due to its smoothness Regards. Thanks in advance! -
Locked notes -- Preventing accidental deletion while being able to edit the locked note
Kitezh47 posted an idea in General Feature Requests
Requesting the option to protect a specific note from accidental deletion while still being able to edit it. This is NOT read-only, this is read-and-edit only. Hope to hear from Evernote as to whether the suggested feature is going to be added. Best regards, Kitezh47 -
Saferoom - Zero-Knowledge Encryption for Evernote and more
ilia5101982 posted a topic in Evernote Integrations
Hello, Evernote community, We are a small team of developers and we are passionate about our new product which is Saferoom. We have been working hard to provide users with zero-knowledge encryption functionality without destroying user's productivity. We wanted to build an encryption app that will be easy to use and allow anybody protect their personal data. Saferoom is now a set of mobile and desktop that together add full encryption capabilities on-top of Evernote. It means that you work with Evernote normally, and when you need to create or view an encrypted note you use Saferoom. All the time your encrypted items are part of Evernote notes, but you can see them (e.g. decrypt) only inside Saferoom app. And Evernote is just a beginning - we want Saferoom to be like "Passbook" for your encrypted data. Saferoom encrypts whole note including all the resources - independently of the resource type and your password is stored on the device only. It also means that password cannot be restored - that is a price for true zero-knowledge encryption. Our app is available in iTunes Store: https://itunes.apple.com/app/saferoom-one-app-to-encrypt/id964858486 And in Google Play Store: https://play.google.com/store/apps/details?id=com.secomsoft.Saferoom Saferoom Desktop for MacOS and Windows are free: https://itunes.apple.com/app/saferoom-zero-knowledge-encryption/id981600236 Windows: http://en.softonic.com/s/saferoom:windows-mac-iphone-android-windows-phone-7-web-apps/windows https://www.microsoft.com/en-us/store/p/saferoom-for-windows-81/9nblggh40cdw# And also you can use Saferoom Chrome extension: https://chrome.google.com/webstore/detail/saferoom/nnphkaehepldgkjgnlnmfmpcjkklibfj?hl=en-US Here is a video demos of Saferoom capabilities: https://www.youtube.com/channel/UCzyNcs_NN5H_JVxZCeR1bFg/videos?spfreload=10 Any feedback is always welcomed.- 186 replies
-
- 5
-
-
- encryption
- data privacy
- (and 6 more)
-
Set up two step verification with 1Password instead of the Google Authenticator.
Roberthaas posted an idea in General Feature Requests
Currently, it's only possible to get a two step verification code via text message or Google Authenticator. it’s important to keep my accounts as secure as possible, so I was really happy when Evernote announced that two-step verification is available to all Evernote users. I enable it immediately. But now i’m forced to use Google Authenticator. I’ve had to switch to Google Authenticator to copy my one-time-paswsword and quickly switch back to Evernote to paste it before it expires! It’s very stressful. For all my other accounts (that use two steps verification) I simply use 1Password (build in time-based one-time password (TOTP)). Only for Evernote I’ve had to install the Google Authenticator App. Hopefully Evernote will supports the time-based one-time password (TOTP) feature of the 1Password extension, so I don’t have to worry about it anymore. -
Great that Evernote supports 2-factor authentication via Google authenticator. What about support for the Fido U2F keys, such as from Yubico? Far more convenient way to get 2-factor authentication!
-
We have disabled the Geeknote app for all Evernote accounts
Rich Tener posted a topic in Evernote General Discussions
Hi everyone, I lead Evernote's security team. We recently received reports from a small number of users that they had discovered unauthorized access on their account from a third-party app called "Geeknote". We believe that someone has learned these users’ passwords from a website or service not associated with Evernote. Our security team investigated these reports and found that Geeknote was being used by malicious actors to automate access to our service. We care about the security of Evernote customers, so we’ve revoked the app from our service to disrupt the abuse and protect customers. If you were previously a Geeknote user, we've emailed you directly to explain this change. If we detected unauthorized access on your account, we've also emailed you and reset your password. If you have not received either email notification from us, then you are likely not impacted. We recommend that you always use a unique password on your Evernote account and setup two-factor authentication to better protect it. See https://evernote.com/security/tips for more tips on how to secure your account. To understand more about Evernote and third-party applications visit: https://evernote.com/privacy/third-party-apps -
As an Evernote user who does sometimes store sensitive information in Evernote (by encrypting specific text), I would like a response from Evernote regarding this. A high profile investor in the cryptocurrency space was recently hacked ($2M USD worth). He mentioned that he did store his private keys in Evernote - but - that this information was encrypted. Based on his story, he claims that somehow someone with access to his email account was somehow able to reset his Evernote password (based on my understanding) and somehow gain access to his encrypted notes too: " I thought I was safe storing my private keys on Evernote because I encrypted them but clearly that didn’t help. I did have 2FA on my Gmail with the authenticator app but that didn’t help because my recovery email address was my college email and there is no 2FA on that. Once the hackers had access to my Gmail, they basically had access to everything" http://ianbalina.com/ian-balina-hacked-2-million-ama-live-stream-w-notes-april-24th-2018/ What I'm not clear on - is even if someone resets your Evernote password and accesses your notes, this shouldn't give them access to any encrypted information, because that is encrypted separately and as far as I know, even Evernote should not have the ability to even know your encryption password. Am I correct, or does Evernote's systems store your encrypted password somehow? I think this is important for everyone to know. If the above person's story is inaccurate then it would be good for Evernote to confirm this, as otherwise, Evernote security looks quite bad here if something like this could really happen.
-
ANSWERED Little Snitch: Evernote requesting connection to yinxiang.com
JaneDoes posted a topic in Evernote General Discussions
I use Little Snitch and was using a VPN service when I opened Evernote--Little Snitch signaled that Evernote was requesting connection to the Chinese Evernote server, yinxiang.com. When I declined the connection, Evernote wouldn't connect. When I disconnected from the VPN, I got no connection request to yinxian.com. I'm in the US and am uncomfortable with data being on the Chinese server. Why? Is this a problem on the VPN side or Evernote's? -
I am a "premium" user, which means I pay to use Evernote. I suddenly realized Evernote is running analytics on its pages, which makes me wonder how much of my behavior on the site is recorded and fed into the Algorithm. I realize Google and others made the internet "free" (as in "free to rock the chain") by taking personal information, instead of money, in return for their products. I am not sure I feel OK both paying in money AND information, though. Can one opt out of the analytics? Cheers, Tomas from Sweden
-
Security issue: User is not loged out if software is uninstalled
hakont posted a topic in Evernote for Windows
I understand that not all users will find this important, but I do. If Evernote for Windows is installed for "all users", the current loged in user for a Windows desktop is presistent even after Evernote is uninstalled. Even if I try, I can not find this to be a secure way to handle log-ins. In my opinion, a user should be loged out of Evernote if the software is uninstalled. Does anyone agree? -
Pin accessed secure note for password and wallet back up
James SYDNEY posted an idea in General Feature Requests
Evernote stores a lot of my life. With a high frequency of data hacks, password theft and other online security issues I have a note solution: i would like the ability to store more. To add notes which require pin access each time they are to be viewed. To store for example a back up of all wallet cards incase of loss, back up of passport, passwords and other secure items. I think many users will value this function.- 2 replies
-
- 1
-
-
- security
- innovation
- (and 1 more)
-
I would love to use Evernote at work, but uploading meeting minutes and other confidential data to the cloud is not an option. Therefore, we would like to host our own Evernote server on our premises. We're a fast growing company with 1k+ employees.
-
I just got an email 1 hour ago (so 7:50am Pacific, Feb 26), alerting me that someone logged in to my account on Feb 22 at 21:35UTC. That is four days ago! Most services I use that give me email alerts asking if it was me come within minutes, often seconds. This needs to be fixed, or gotten rid of. I don't recall what I was doing Thursday and whether or not I used a different PC to log into Evernote. I use a number of PCs at work, so it is entirely possible.
-
Have the ability to lock individual notes, e.g., a password-protected note. It's available in OneNote
-
Why does evernote want to connect to tealiumiq?
privacy+security guru posted a topic in Evernote General Discussions
I installed the latest update ( Version 6.13 –455673 Direct) for MacOS and noticed Evernote attempts to connect to tealiumiq upon startup. I know that tealiumiq is used for "tag management" and advertising. Can you please answer: Why exactly does Evernote want to attempt to tealiumiq's servers, is this connection necessary for the application and service to function properly, what data is sent to tealiumiq, how long is this information stored at tealiumiq, is it shared with any other organization, and is it used to advertise or market to users in any way? Thank you. -
I can't image this has not been requested in the past, but I want to request encryption support for the Evernote client database (.exb). Currently the synced content is readily available in the clear and an account password is not needed to access it. All it takes is for someone to set up a temp Evernote account, then rename the target .exb database filename to match the name of the temp account and bam... they have the data. No password required. Massive concern in today's world.
-
Hi, I am about to use Evernote for my personal and work. And I have some queries: 1) How secure and private are my confidential notes in Evernote? 2) Can any Evernote employee access and see my confidential notes? I know people can see my notes and things only if I give access to them but here I am talking about Evernote employees. 3) Is there any way to prevent Evernote from auto-saving into the cloud and make Evernote to save the notes on my PC? Thanks in advance. Guddu
-
Evernote has a large page convincing people of it's security. Everybody's information is secure, right? Has anyone noticed that hacking large companies data is becoming MUCH more frequent?! Today, Equifax said that it may have been hacked again. Yahoo was hacked recently releasing info on 300 billion accounts. But here's the thing, if Evernote gets compromised, you lose a LOT more than just a username and password, you lose everything! Evernote NEEDS to adopt a ZERO KNOWLEDGE encryption, meaning that not even employees of the company can see what is on people's accounts, and if someone were to hack EVERNOTE, all they would get is encrypted info. Evernote will say that that's all people would get now, but if employees can see the data, hackers will be able to see the data. The data needs to be encrypted on the desktop, and needs to stay encrypted in the cloud. No matter how good Evernote's encryption is, it will be hacked at some point. PLEASE adopt zero-knowledge!
-
Incorrect phone number validation for the UK
rowanmoor posted a topic in Evernote General Discussions
Hi, I hope this is the right place for this. I have just set up 2 factor authentication and went through the process of setting up my primary phone number etc. I wanted to set up a backup phone number as it is suggested and is a very sensible precaution. However it won't let me put in my phone number. I get a validation message saying 'Enter a valid phone number that can receive SMS messages.' The number I am trying to use is a UK landline. I suspect it thinks it can't send an SMS message to it as it is not a mobile. All BT openreach landlines in the UK are capable of receiving SMS messages, either with a phone that supports it (as I have) or through a text-to-speech implementation. As that is the only other number registered to me, it is the obvious choice as a backup number. I don't know if that is the same in other countries or not. I'm hoping a friendly Evernote employee will read this and be able to get the validation changed. Thanks for your time.
