Search the Community
Showing results for tags 'security'.
Found 171 results
-
I use two factor authentication and use a Google Authenticator device. I just logged into the website on a new browser instance and when it asked me for my 2FA code, before I could get my app launched on my phone, Evernote texted me my code. I just checked my account security and Text is not checked, but the app is. Why would Evernote text me this? I had not failed to authenticate, nor had I asked it to use a backup method, which for me would be my backup codes I have saved, not text. Seems to be a security issue with Evernote's servers. @Rich Tener -
Problems with Two-step authentication: I want to use Google authenticator only, but I receive SMS every time (I've selected Google Authenticator) In Evernote desktop (windows) I must input verification code every time I log in. It's annoying. At least we should have some time delay (30 days, half a year, 1 year ...) -
2 Step, Access History, and Authorized Applications went out with last night's service update, works on all the clients, and is available to Premium and Business users (with eventual Free user rollout). You've been able to see access history for a while, and is available to all users. The official post is here: http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/
-
Hi all, I just discovered on going to use Evernote on my phone that it was asking me to deactivate a device in order to use it. This led to the discovery that 18 hours ago my account was accessed by an Iphone with an IP address in Egypt. I'm in the UK and using android on a Sony phone. I've used Evernote for years with no problems and am now freaking out that I need to change my password for everything, and also that my whole life is on there and some of its pretty personal or a security risk. Never worried about it before and now I don't know where to start. So this is both a post just to vent and say ARGH! Why don't they send an email to say someone else has logged into your device? Or have more security when it's from another country? And secondly, has anyone else had this happen? Do you think it is an individual and that they might have downloaded and be going through all my notes as we speak? Or is it some kind of bot that doesn't actually care to read this stuff? I don't know where to start - feel I need to look through all 647 notes to see where my security may have been compromised. GAH! I've emailed the support people but is there anything they can do? Damn the internet. Bring back notebooks.
-
We detected suspicious activity on some users' accounts and have recently emailed them.This is related to reports of users receiving failed email notifications that they never sent, indicating that someone has learned the password to their account. The Evernote service wasn’t compromised, but we believe someone other than the account owner has learned the password to these accounts. Just to be safe, we’ve reset these user’s passwords. If you have not received this email notification from us and you have not seen any failed email notifications that you did not send, then you are likely not impacted. If you would like to take proactive action to further secure your Evernote account, take these steps below: Please visit https://www.evernote.com/ForgotPassword.action to set a new one. We recommend that you choose a strong password that you use only for Evernote. We also suggest that you change your password on any other websites where you may have used the same password. You can find more tips for keeping your account secure on our Customer Security page: https://evernote.com/security/tips/. To learn how to identify if an email that has been sent from Evernote is authentic, please visit this Help and Learning page: https://help.evernote.com/hc/articles/115004380587.- 33 replies
-
- 5
-
-
- answered
- suspicious activity
- (and 4 more)
-
I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes. Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one. I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email. In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content. Any insight is greatly appreciated. Thanks.
- 682 replies
-
- 75
-
-
-
-
- feature request
- password protect notebooks
- (and 3 more)
-
Evernote urgently needs a way to clear recent search history. I see that people have been asking for this for years, and yet it's still not an option. Where is it even stored? I can't find it in any file, or in the registry. I tried uninstalling Evernote to clear it, and my recent searches came right back after I reinstalled. While trying to find out if this is currently possible, I came across one person who accidentally entered a password in his search history, and another who entered her SSN in the search box to find a PDF, where it is now stuck for anyone to find. Evernote has a serious security problem if its users can't control their own sensitive data.
-
Great that Evernote supports 2-factor authentication via Google authenticator. What about support for the Fido U2F keys, such as from Yubico? Far more convenient way to get 2-factor authentication! -
I have been an EN user since Beta, and became a Premium user as soon as it was offered. I do not understand why EN is lagging with simple security options, such as easy encryption of notes and notebooks. This really should be as easy as a Right-Click or selection in properties for a Note or Notebook. The existing method of selecting text in a note and then using a Right-Click option to encrypt it is cumbersome at best. Yes, it is a nice feature if one wants to encrypt only a portion of a note. That's fine. But there should be an easy way to (1) encrypt an entire note without selecting text and (2) encrypt an entire notebook. I would be willing to pay a few bucks extra a year for this additional encryption ability. Seems this should be a no-brainier for EN, both as a tech matter and as a business/profit matter.- 25 replies
-
- 9
-
-
- evernote
- encryption
- (and 6 more)
-
Seems like there's been a little excitement in Herd HQ recently - in September a researcher pointed out a potentially serious weak security point in Evernote for Windows 6.15 and Evernote have been working on a patch. The post describes this as being out in "6.16.1 beta" so the fact I'm now running 6.16.4 public suggest this is all water under the bridge, and a quick reaction from Evernote to the reported threat. Well done chaps (I'm a Brit) for fixing that expeditiously - anyone able to comment with more details? ☺️ https://www.zdnet.com/article/evernote-for-windows-patch-resolves-stored-xss-vulnerability/
-
Hello, Evernote community, We are a small team of developers and we are passionate about our new product which is Saferoom. We have been working hard to provide users with zero-knowledge encryption functionality without destroying user's productivity. We wanted to build an encryption app that will be easy to use and allow anybody protect their personal data. Saferoom is now a set of mobile and desktop that together add full encryption capabilities on-top of Evernote. It means that you work with Evernote normally, and when you need to create or view an encrypted note you use Saferoom. All the time your encrypted items are part of Evernote notes, but you can see them (e.g. decrypt) only inside Saferoom app. And Evernote is just a beginning - we want Saferoom to be like "Passbook" for your encrypted data. Saferoom encrypts whole note including all the resources - independently of the resource type and your password is stored on the device only. It also means that password cannot be restored - that is a price for true zero-knowledge encryption. Our app is available in iTunes Store: https://itunes.apple.com/app/saferoom-one-app-to-encrypt/id964858486 And in Google Play Store: https://play.google.com/store/apps/details?id=com.secomsoft.Saferoom Saferoom Desktop for MacOS and Windows are free: https://itunes.apple.com/app/saferoom-zero-knowledge-encryption/id981600236 Windows: http://en.softonic.com/s/saferoom:windows-mac-iphone-android-windows-phone-7-web-apps/windows https://www.microsoft.com/en-us/store/p/saferoom-for-windows-81/9nblggh40cdw# And also you can use Saferoom Chrome extension: https://chrome.google.com/webstore/detail/saferoom/nnphkaehepldgkjgnlnmfmpcjkklibfj?hl=en-US Here is a video demos of Saferoom capabilities: https://www.youtube.com/channel/UCzyNcs_NN5H_JVxZCeR1bFg/videos?spfreload=10 Any feedback is always welcomed.
- 187 replies
-
- 5
-
-
- encryption
- data privacy
- (and 6 more)
-
I noticed that it doesn't seem possible to remove the primary phone number while two-step verification is enabled. Unfortunately, that weakens the security of two-step verification, even when using an authenticator app. This Wired article provides a great overview of the weakness of SMS-based two-step verification and its vulnerability to "sim swap" type attacks: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/ I'd love to see the ability to remove phone numbers as an override for authenticator-based two-step verification. I'd also love to see Evernote adopt the U2F protocol for improved two-factor security: https://www.yubico.com/solutions/fido-u2f/
- 5 replies
-
- 1
-
-
- two step verification
- two step login
- (and 5 more)
-
I have the red exclamation mark on my Sync button. I don't have a "Conflicting Changes" notebook, but I have pinpointed at least one note that isn't in sync. The log has an "unexpected problem server-side" error repeatedly. I see this message in my logs going back for a month or so, but I don't see any details that would help me understand what the issue is. I'll attach the log (had to truncate it due to size). I'm subscribed, but I did not see a way to contact support. Thanks. AppLog_2018-07-16_a.zip
-
Hey, this is how I am thinking to upload my notes into EverNote and wanted to hear your opinion if this is a good way or not? Writing Note in PDF -> Encrypting the PDF's using its own password option -> Archiving the PDF using 7-Zip and encrypting it using 7-Zip's 256 AES password. So, the PDF needs the password to open and to get the pdf, one has to need the password of the RAR file too. So, is this good? And is 7-Zip good for encryption? Many say 7-Zip is one of the best. Waiting for your opinion guys. Thanks in advance! -
Hi, I have long notes and I have small notes. I see that I can only encrypt small note texts? I think we would love the LONG NOTES - ALL TEXT ENCRYPTION feature i.e., no matter how long the note is, we should be able to encrypt all the texts. LONG NOTE ALL THE TEXTS ENCRYPTION feature gives the peace of mind. Kindly consider this and you will have a LIFELONG PREMIUM customer. I like EverNote very much due to its smoothness Regards. Thanks in advance!
-
Requesting the option to protect a specific note from accidental deletion while still being able to edit it. This is NOT read-only, this is read-and-edit only. Hope to hear from Evernote as to whether the suggested feature is going to be added. Best regards, Kitezh47 -
Currently, it's only possible to get a two step verification code via text message or Google Authenticator. it’s important to keep my accounts as secure as possible, so I was really happy when Evernote announced that two-step verification is available to all Evernote users. I enable it immediately. But now i’m forced to use Google Authenticator. I’ve had to switch to Google Authenticator to copy my one-time-paswsword and quickly switch back to Evernote to paste it before it expires! It’s very stressful. For all my other accounts (that use two steps verification) I simply use 1Password (build in time-based one-time password (TOTP)). Only for Evernote I’ve had to install the Google Authenticator App. Hopefully Evernote will supports the time-based one-time password (TOTP) feature of the 1Password extension, so I don’t have to worry about it anymore. -
Hi everyone, I lead Evernote's security team. We recently received reports from a small number of users that they had discovered unauthorized access on their account from a third-party app called "Geeknote". We believe that someone has learned these users’ passwords from a website or service not associated with Evernote. Our security team investigated these reports and found that Geeknote was being used by malicious actors to automate access to our service. We care about the security of Evernote customers, so we’ve revoked the app from our service to disrupt the abuse and protect customers. If you were previously a Geeknote user, we've emailed you directly to explain this change. If we detected unauthorized access on your account, we've also emailed you and reset your password. If you have not received either email notification from us, then you are likely not impacted. We recommend that you always use a unique password on your Evernote account and setup two-factor authentication to better protect it. See https://evernote.com/security/tips for more tips on how to secure your account. To understand more about Evernote and third-party applications visit: https://evernote.com/privacy/third-party-apps -
As an Evernote user who does sometimes store sensitive information in Evernote (by encrypting specific text), I would like a response from Evernote regarding this. A high profile investor in the cryptocurrency space was recently hacked ($2M USD worth). He mentioned that he did store his private keys in Evernote - but - that this information was encrypted. Based on his story, he claims that somehow someone with access to his email account was somehow able to reset his Evernote password (based on my understanding) and somehow gain access to his encrypted notes too: " I thought I was safe storing my private keys on Evernote because I encrypted them but clearly that didn’t help. I did have 2FA on my Gmail with the authenticator app but that didn’t help because my recovery email address was my college email and there is no 2FA on that. Once the hackers had access to my Gmail, they basically had access to everything" http://ianbalina.com/ian-balina-hacked-2-million-ama-live-stream-w-notes-april-24th-2018/ What I'm not clear on - is even if someone resets your Evernote password and accesses your notes, this shouldn't give them access to any encrypted information, because that is encrypted separately and as far as I know, even Evernote should not have the ability to even know your encryption password. Am I correct, or does Evernote's systems store your encrypted password somehow? I think this is important for everyone to know. If the above person's story is inaccurate then it would be good for Evernote to confirm this, as otherwise, Evernote security looks quite bad here if something like this could really happen.
-
I use Little Snitch and was using a VPN service when I opened Evernote--Little Snitch signaled that Evernote was requesting connection to the Chinese Evernote server, yinxiang.com. When I declined the connection, Evernote wouldn't connect. When I disconnected from the VPN, I got no connection request to yinxian.com. I'm in the US and am uncomfortable with data being on the Chinese server. Why? Is this a problem on the VPN side or Evernote's? -
I am a "premium" user, which means I pay to use Evernote. I suddenly realized Evernote is running analytics on its pages, which makes me wonder how much of my behavior on the site is recorded and fed into the Algorithm. I realize Google and others made the internet "free" (as in "free to rock the chain") by taking personal information, instead of money, in return for their products. I am not sure I feel OK both paying in money AND information, though. Can one opt out of the analytics? Cheers, Tomas from Sweden
-
I understand that not all users will find this important, but I do. If Evernote for Windows is installed for "all users", the current loged in user for a Windows desktop is presistent even after Evernote is uninstalled. Even if I try, I can not find this to be a secure way to handle log-ins. In my opinion, a user should be loged out of Evernote if the software is uninstalled. Does anyone agree? -
Evernote stores a lot of my life. With a high frequency of data hacks, password theft and other online security issues I have a note solution: i would like the ability to store more. To add notes which require pin access each time they are to be viewed. To store for example a back up of all wallet cards incase of loss, back up of passport, passwords and other secure items. I think many users will value this function.- 2 replies
-
- 1
-
-
- security
- innovation
- (and 1 more)
-
I would love to use Evernote at work, but uploading meeting minutes and other confidential data to the cloud is not an option. Therefore, we would like to host our own Evernote server on our premises. We're a fast growing company with 1k+ employees.
-
I just got an email 1 hour ago (so 7:50am Pacific, Feb 26), alerting me that someone logged in to my account on Feb 22 at 21:35UTC. That is four days ago! Most services I use that give me email alerts asking if it was me come within minutes, often seconds. This needs to be fixed, or gotten rid of. I don't recall what I was doing Thursday and whether or not I used a different PC to log into Evernote. I use a number of PCs at work, so it is entirely possible.
