Search the Community
Showing results for tags 'security'.
Found 73 results
-
I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes. Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one. I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email. In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content. Any insight is greatly appreciated. Thanks.
- 796 replies
-
- 108
-
-
-
-
-
- feature request
- password protect notebooks
- (and 3 more)
-
I have been an EN user since Beta, and became a Premium user as soon as it was offered. I do not understand why EN is lagging with simple security options, such as easy encryption of notes and notebooks. This really should be as easy as a Right-Click or selection in properties for a Note or Notebook. The existing method of selecting text in a note and then using a Right-Click option to encrypt it is cumbersome at best. Yes, it is a nice feature if one wants to encrypt only a portion of a note. That's fine. But there should be an easy way to (1) encrypt an entire note without selecting text and (2) encrypt an entire notebook. I would be willing to pay a few bucks extra a year for this additional encryption ability. Seems this should be a no-brainier for EN, both as a tech matter and as a business/profit matter.- 36 replies
-
- 19
-
-
- evernote
- encryption
- (and 6 more)
-
I am a new user slowly getting hooked on to Evernote. I have been reading about the concerns related to storing secured information on Evernote cloud. I guess the general recommendation is that if you consider some information should be secured, just do not store it in Evernote. Now my question is what documents should be considered secure. 1. Storing passwords in evernote or any cloud service is a terrible idea. I get this. 2. Bank statements - some have said that the account no in bank statements is secure information. Can someone explain why this is secure information? what happens when some hacker gets access to it? 3. Tax returns - Can this be kept in evernote? This contains soc sec no etc. What do you all do? What kind of information that you DO NOT keep in evernote? Where do you store such information? (e.g another cloud service that supports encryption on storage)? How do you integrate that cloud service with your Evernote workflow?
-
There seems to be a new variation on the "You've been hacked" scam going around - one user DM'd me today in a bit of a panic, so I thought I'd share just in case... I've been getting emails for some time now from a variety of 'expert hackers' who have apparently been able to access my webcam and record me doing unspeakable things - the evidence for which will be sent to my contacts unless I send bitcoin to an anonymous web address. - My web cam has been taped over for years, and my time for unspeakable habits of any sort is usually reserved for sleeping and eating, so it's an empty threat; but if you have a bad conscience... it's a nice bit of social engineering. My recent contact had found a new note titled "Pay Attention - you've been hacked" - which included the same sort of explanation; 'we viewed all your notes, will post them online unless you pay bitcoin' yada yada... The account Access Logs included lots of Russian-based access to the account, so it appears that the password had been leaked* from somewhere and someone did have access to the account. This user had already changed the account password, so my advice was: go to the (internet fraud) cops / tell Evernote. My advice to you, dear reader, would be: If you haven't changed your Evernote password for a while, do it now. I did. (I know that's a pain - your choice if you want to take the risk) Use a different password for Evernote to anything else you might use elsewhere. Have a look at password managers like Lastpass / Bitwarden if that's a problem for you. (They remember passwords and generate secure strings like @tJsVmmQ8d) Use 2FA - two factor authentication - to limit access to the account to you. Sign up to https://haveibeenpwned.com/ with all your email addresses - I do not think that Evernote has any leaks, but lots of other very large organisations do. If your password data leaks, bad actors will try that information on other sites to see what falls out... Check the Access logs for any unusual activity and block any access you don't recognize. Use Evernote's help pages on security I'm sure I missed out some useful tips and tricks - please add -em below in the comments. And the advice I gave above is still good: you get one of these emails or find a note - Go to the cops Tell Evernote ... and tell us here, obviously!! 🙂 EDIT: My Webcam -
-
I use two factor authentication and use a Google Authenticator device. I just logged into the website on a new browser instance and when it asked me for my 2FA code, before I could get my app launched on my phone, Evernote texted me my code. I just checked my account security and Text is not checked, but the app is. Why would Evernote text me this? I had not failed to authenticate, nor had I asked it to use a backup method, which for me would be my backup codes I have saved, not text. Seems to be a security issue with Evernote's servers. @Rich Tener- 34 replies
-
- 1
-
-
- security
- two factor
- (and 1 more)
-
I am a "premium" user, which means I pay to use Evernote. I suddenly realized Evernote is running analytics on its pages, which makes me wonder how much of my behavior on the site is recorded and fed into the Algorithm. I realize Google and others made the internet "free" (as in "free to rock the chain") by taking personal information, instead of money, in return for their products. I am not sure I feel OK both paying in money AND information, though. Can one opt out of the analytics? Cheers, Tomas from Sweden
-
Currently, it's only possible to get a two step verification code via text message or Google Authenticator. it’s important to keep my accounts as secure as possible, so I was really happy when Evernote announced that two-step verification is available to all Evernote users. I enable it immediately. But now i’m forced to use Google Authenticator. I’ve had to switch to Google Authenticator to copy my one-time-paswsword and quickly switch back to Evernote to paste it before it expires! It’s very stressful. For all my other accounts (that use two steps verification) I simply use 1Password (build in time-based one-time password (TOTP)). Only for Evernote I’ve had to install the Google Authenticator App. Hopefully Evernote will supports the time-based one-time password (TOTP) feature of the 1Password extension, so I don’t have to worry about it anymore. -
Great that Evernote supports 2-factor authentication via Google authenticator. What about support for the Fido U2F keys, such as from Yubico? Far more convenient way to get 2-factor authentication! -
2 Step, Access History, and Authorized Applications went out with last night's service update, works on all the clients, and is available to Premium and Business users (with eventual Free user rollout). You've been able to see access history for a while, and is available to all users. The official post is here: http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/
-
Hi all, I just discovered on going to use Evernote on my phone that it was asking me to deactivate a device in order to use it. This led to the discovery that 18 hours ago my account was accessed by an Iphone with an IP address in Egypt. I'm in the UK and using android on a Sony phone. I've used Evernote for years with no problems and am now freaking out that I need to change my password for everything, and also that my whole life is on there and some of its pretty personal or a security risk. Never worried about it before and now I don't know where to start. So this is both a post just to vent and say ARGH! Why don't they send an email to say someone else has logged into your device? Or have more security when it's from another country? And secondly, has anyone else had this happen? Do you think it is an individual and that they might have downloaded and be going through all my notes as we speak? Or is it some kind of bot that doesn't actually care to read this stuff? I don't know where to start - feel I need to look through all 647 notes to see where my security may have been compromised. GAH! I've emailed the support people but is there anything they can do? Damn the internet. Bring back notebooks.
-
Hi - I just got an email saying, " You recently attempted to send an email message from your Evernote account. Unfortunately, we are unable to deliver the email to your intended recipient(s). " However, I didn't try to send any such email (there were 2 of them, both with the subject, "Hey" Does this suggest that my account has been hacked? I also got a password reset notification from Soundcloud yesterday, saying they are resetting my password due to suspicious activity. Can someone please help me understand what's going on?
-
We detected suspicious activity on some users' accounts and have recently emailed them.This is related to reports of users receiving failed email notifications that they never sent, indicating that someone has learned the password to their account. The Evernote service wasn’t compromised, but we believe someone other than the account owner has learned the password to these accounts. Just to be safe, we’ve reset these user’s passwords. If you have not received this email notification from us and you have not seen any failed email notifications that you did not send, then you are likely not impacted. If you would like to take proactive action to further secure your Evernote account, take these steps below: Please visit https://www.evernote.com/ForgotPassword.action to set a new one. We recommend that you choose a strong password that you use only for Evernote. We also suggest that you change your password on any other websites where you may have used the same password. You can find more tips for keeping your account secure on our Customer Security page: https://evernote.com/security/tips/. To learn how to identify if an email that has been sent from Evernote is authentic, please visit this Help and Learning page: https://help.evernote.com/hc/articles/115004380587.- 36 replies
-
- 5
-
-
- answered
- suspicious activity
- (and 4 more)
-
Problems with Two-step authentication: I want to use Google authenticator only, but I receive SMS every time (I've selected Google Authenticator) In Evernote desktop (windows) I must input verification code every time I log in. It's annoying. At least we should have some time delay (30 days, half a year, 1 year ...) -
I noticed that it doesn't seem possible to remove the primary phone number while two-step verification is enabled. Unfortunately, that weakens the security of two-step verification, even when using an authenticator app. This Wired article provides a great overview of the weakness of SMS-based two-step verification and its vulnerability to "sim swap" type attacks: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/ I'd love to see the ability to remove phone numbers as an override for authenticator-based two-step verification. I'd also love to see Evernote adopt the U2F protocol for improved two-factor security: https://www.yubico.com/solutions/fido-u2f/
- 5 replies
-
- 1
-
-
- two step verification
- two step login
- (and 5 more)
-
Is there some way to put a password on individual notes (as opposed to encrypting selections of text)? I've searched high and low ... but cant figure out if this is possible. Thanks
-
Have the ability to lock individual notes, e.g., a password-protected note. It's available in OneNote
-
Evernote urgently needs a way to clear recent search history. I see that people have been asking for this for years, and yet it's still not an option. Where is it even stored? I can't find it in any file, or in the registry. I tried uninstalling Evernote to clear it, and my recent searches came right back after I reinstalled. While trying to find out if this is currently possible, I came across one person who accidentally entered a password in his search history, and another who entered her SSN in the search box to find a PDF, where it is now stuck for anyone to find. Evernote has a serious security problem if its users can't control their own sensitive data.
-
Seems like there's been a little excitement in Herd HQ recently - in September a researcher pointed out a potentially serious weak security point in Evernote for Windows 6.15 and Evernote have been working on a patch. The post describes this as being out in "6.16.1 beta" so the fact I'm now running 6.16.4 public suggest this is all water under the bridge, and a quick reaction from Evernote to the reported threat. Well done chaps (I'm a Brit) for fixing that expeditiously - anyone able to comment with more details? ☺️ https://www.zdnet.com/article/evernote-for-windows-patch-resolves-stored-xss-vulnerability/
-
Hello, Evernote community, We are a small team of developers and we are passionate about our new product which is Saferoom. We have been working hard to provide users with zero-knowledge encryption functionality without destroying user's productivity. We wanted to build an encryption app that will be easy to use and allow anybody protect their personal data. Saferoom is now a set of mobile and desktop that together add full encryption capabilities on-top of Evernote. It means that you work with Evernote normally, and when you need to create or view an encrypted note you use Saferoom. All the time your encrypted items are part of Evernote notes, but you can see them (e.g. decrypt) only inside Saferoom app. And Evernote is just a beginning - we want Saferoom to be like "Passbook" for your encrypted data. Saferoom encrypts whole note including all the resources - independently of the resource type and your password is stored on the device only. It also means that password cannot be restored - that is a price for true zero-knowledge encryption. Our app is available in iTunes Store: https://itunes.apple.com/app/saferoom-one-app-to-encrypt/id964858486 And in Google Play Store: https://play.google.com/store/apps/details?id=com.secomsoft.Saferoom Saferoom Desktop for MacOS and Windows are free: https://itunes.apple.com/app/saferoom-zero-knowledge-encryption/id981600236 Windows: http://en.softonic.com/s/saferoom:windows-mac-iphone-android-windows-phone-7-web-apps/windows https://www.microsoft.com/en-us/store/p/saferoom-for-windows-81/9nblggh40cdw# And also you can use Saferoom Chrome extension: https://chrome.google.com/webstore/detail/saferoom/nnphkaehepldgkjgnlnmfmpcjkklibfj?hl=en-US Here is a video demos of Saferoom capabilities: https://www.youtube.com/channel/UCzyNcs_NN5H_JVxZCeR1bFg/videos?spfreload=10 Any feedback is always welcomed.
- 187 replies
-
- 5
-
-
- encryption
- data privacy
- (and 6 more)
-
I have the red exclamation mark on my Sync button. I don't have a "Conflicting Changes" notebook, but I have pinpointed at least one note that isn't in sync. The log has an "unexpected problem server-side" error repeatedly. I see this message in my logs going back for a month or so, but I don't see any details that would help me understand what the issue is. I'll attach the log (had to truncate it due to size). I'm subscribed, but I did not see a way to contact support. Thanks. AppLog_2018-07-16_a.zip
-
I am constantly getting emails asking me to verify my email address using a link. I NEVER click on links in emails. I tried logging on to my Evernote account and verifying the email there and I just got sent another email with a link. This makes me think that the email is valid but I'm still not going to risk it. Is there any way to stop this? -
Hey, this is how I am thinking to upload my notes into EverNote and wanted to hear your opinion if this is a good way or not? Writing Note in PDF -> Encrypting the PDF's using its own password option -> Archiving the PDF using 7-Zip and encrypting it using 7-Zip's 256 AES password. So, the PDF needs the password to open and to get the pdf, one has to need the password of the RAR file too. So, is this good? And is 7-Zip good for encryption? Many say 7-Zip is one of the best. Waiting for your opinion guys. Thanks in advance! -
Hi everyone, I lead Evernote's security team. We recently received reports from a small number of users that they had discovered unauthorized access on their account from a third-party app called "Geeknote". We believe that someone has learned these users’ passwords from a website or service not associated with Evernote. Our security team investigated these reports and found that Geeknote was being used by malicious actors to automate access to our service. We care about the security of Evernote customers, so we’ve revoked the app from our service to disrupt the abuse and protect customers. If you were previously a Geeknote user, we've emailed you directly to explain this change. If we detected unauthorized access on your account, we've also emailed you and reset your password. If you have not received either email notification from us, then you are likely not impacted. We recommend that you always use a unique password on your Evernote account and setup two-factor authentication to better protect it. See https://evernote.com/security/tips for more tips on how to secure your account. To understand more about Evernote and third-party applications visit: https://evernote.com/privacy/third-party-apps -
As an Evernote user who does sometimes store sensitive information in Evernote (by encrypting specific text), I would like a response from Evernote regarding this. A high profile investor in the cryptocurrency space was recently hacked ($2M USD worth). He mentioned that he did store his private keys in Evernote - but - that this information was encrypted. Based on his story, he claims that somehow someone with access to his email account was somehow able to reset his Evernote password (based on my understanding) and somehow gain access to his encrypted notes too: " I thought I was safe storing my private keys on Evernote because I encrypted them but clearly that didn’t help. I did have 2FA on my Gmail with the authenticator app but that didn’t help because my recovery email address was my college email and there is no 2FA on that. Once the hackers had access to my Gmail, they basically had access to everything" http://ianbalina.com/ian-balina-hacked-2-million-ama-live-stream-w-notes-april-24th-2018/ What I'm not clear on - is even if someone resets your Evernote password and accesses your notes, this shouldn't give them access to any encrypted information, because that is encrypted separately and as far as I know, even Evernote should not have the ability to even know your encryption password. Am I correct, or does Evernote's systems store your encrypted password somehow? I think this is important for everyone to know. If the above person's story is inaccurate then it would be good for Evernote to confirm this, as otherwise, Evernote security looks quite bad here if something like this could really happen.
-
I use Little Snitch and was using a VPN service when I opened Evernote--Little Snitch signaled that Evernote was requesting connection to the Chinese Evernote server, yinxiang.com. When I declined the connection, Evernote wouldn't connect. When I disconnected from the VPN, I got no connection request to yinxian.com. I'm in the US and am uncomfortable with data being on the Chinese server. Why? Is this a problem on the VPN side or Evernote's?
