Jump to content
  • 7
zotje

Require security Pin when opening Evernote

Idea

There needs to be a security pin that locks Evernote from being accessed by strangers.  If someone loses or gets their laptop stolen, all the notes are there for the picking. A security pin is the least we would need to put up a barrier.  It would also be great if we could remove the laptop from accessible devices and make it trigger a deletion of all the data from the laptop before it can be accessed.  Right now, it just stops anyone from syncing the account, but all data is still there to view.

 

Thanks,

Glenn

Share this post


Link to post

33 replies to this idea

Recommended Posts

  • 1
1 hour ago, zotje said:

If someone loses or gets their laptop stolen, all the notes are there for the picking. A security pin is the least we would need to put up a barrier. 

I have password on my computer to control access to the device; also a screensaver password
I also have a password on my evernote account to control access to my notes

I also have an encryption password on sensitive data in my notes

I do like the PIN feature on my iPad; I use Touch ID (fingerprint)

  • Like 1

Share this post


Link to post
  • 1
35 minutes ago, zotje said:

There needs to be a security pin that locks Evernote from being accessed by strangers.  If someone loses or gets their laptop stolen, all the notes are there for the picking. A security pin is the least we would need to put up a barrier.  It would also be great if we could remove the laptop from accessible devices and make it trigger a deletion of all the data from the laptop before it can be accessed.  Right now, it just stops anyone from syncing the account, but all data is still there to view.

 

Thanks,

Glenn

They are there for the picking anyway. Your Evernote database on your PC/Mac is largely clear-text. You should both encrypt your hard drive and secure your device with a password.

  • Like 2

Share this post


Link to post
  • 1
5 minutes ago, DTLow said:

Good point, on Macs we have FileVault built into the OS https://support.apple.com/en-ca/HT204837

PCs have Bitlocker depending on the version of Windows you have or you can right-click and encrypt your Evernote folder - it will turn green when encrypted.

You can use VeraCrypt on both platforms too. There are others as well. Always ALWAYS encrypt your machine. Otherwise, I can steal it, take out the HD and attach it to a USB enclosure and have full access to your data.

  • Like 1

Share this post


Link to post
  • 0
22 minutes ago, EdH said:

They are there for the picking anyway. Your Evernote database on your PC/Mac is largely clear-text. You should both encrypt your hard drive and secure your device with a password.

Good point, on Macs we have FileVault built into the OS https://support.apple.com/en-ca/HT204837.  This also has a remote-wipe feature

  • Like 1

Share this post


Link to post
  • 0

Thanks everyone!  I already had my personal laptop's drive encrypted with bitlocker.  I am probably just paranoid but I wanted some sort of functionality similar to keepass where it prompts me for a passcode when it times out or the computer has been locked.  Maybe it is just overkill, but when you sit in the airport in Atlanta and realize you left your laptop in a TSA bin in North Carolina, it would definitely calm my anxiety.

Share this post


Link to post
  • 0
2 hours ago, zotje said:

Thanks everyone!  I already had my personal laptop's drive encrypted with bitlocker.  I am probably just paranoid but I wanted some sort of functionality similar to keepass where it prompts me for a passcode when it times out or the computer has been locked.  Maybe it is just overkill, but when you sit in the airport in Atlanta and realize you left your laptop in a TSA bin in North Carolina, it would definitely calm my anxiety.

Your laptop should be configured to lock when the lid is closed (assuming not on a docking station.) So for the TSA scenario to work, you'd have to turn your laptop on, log in, then walk away. I'd never log my laptop in for the TSA or anyone without a warrant.

Share this post


Link to post
  • 0

I would like Evernote's security to work on my PC the same way it does on my smartphone.  There should be a parameter such that if Evernote has not been used for a specified number of minutes, it should require the password.

I don't have any personal information on my computers for which I would be in trouble if my computer were to be stollen - except what I have in LastPass and in Evernote.  So, I expect my Evernote data to be encrypted and password-protected.  I don't want to have to log in and out of my computer every time I use it.  I don't want to have to enter passwords to access any of my files - except those in LastPass and in Evernote.

So, why does the Evernote team not take security seriously?  It's secured in the cloud but not on our machines?  This should be an easy enhancement to add.  We end-users should not have to take on the job of figuring out how to secure our data.  Evernote should do this.

Share this post


Link to post
  • 0
12 hours ago, artlieberman said:

I would like Evernote's security to work on my PC the same way it does on my smartphone.  There should be a parameter such that if Evernote has not been used for a specified number of minutes, it should require the password.

I don't have any personal information on my computers for which I would be in trouble if my computer were to be stollen - except what I have in LastPass and in Evernote.  So, I expect my Evernote data to be encrypted and password-protected.  I don't want to have to log in and out of my computer every time I use it.  I don't want to have to enter passwords to access any of my files - except those in LastPass and in Evernote.

So, why does the Evernote team not take security seriously?  It's secured in the cloud but not on our machines?  This should be an easy enhancement to add.  We end-users should not have to take on the job of figuring out how to secure our data.  Evernote should do this.

All of your evernote data is on your PC in plain text unless you have specifically encrypted text in a note.. If you want to take security seriously, encrypt your hard drive and secure your account with a password. That is a better solution than hundreds of app developers creating their own security model. 

The desktop model is quite different than the phone model. Desktops don't segregate data by app into secure databases like apps do, so by using a PIN on an app, the developer is tying into the platform security model and it is secure. If they put a pin on your Evernote app, that would be about as secure as putting a rope around a door handle and looping it to a nail to secure your house. 

Share this post


Link to post
  • 0
13 hours ago, artlieberman said:

I would like Evernote's security to work on my PC the same way it does on my smartphone.  There should be a parameter such that if Evernote has not been used for a specified number of minutes, it should require the password.

I added my vote to this request (voting buttoms in the top left corner of the discussion)

While I'm sure Evernote "take security seriously", there are limited development resources.  The work must be prioritzed 

 

Share this post


Link to post
  • 0

Looking forward to this feature. I am sure it would please plenty of users.

Share this post


Link to post
  • 0

I would like this feature too. It would be useful for me at work. Without PIN anyone who can access the PC I use at work can read all my notes.

Share this post


Link to post
  • 0
5 hours ago, jozefk said:

Without PIN anyone who can access the PC I use at work can read all my notes.

Your Evernote data is protected by your account password; log out of your account.

Share this post


Link to post
  • 0

Ok, so my Evernote data is in plain text on my PC somewhere.  But... if someone steals my PC, they might click on the Evernote icon to see what it is.  But they probably won't go scouring the disk drive looking for the actual data files.  If we had a time-out parameter that would require us to re-enter the password after X minutes of disuse [refer to how LastPass works], at least we'd be making it more difficult for someone to see my data.  I don't want to have to remember to log out every time I walk away from my computer.

Share this post


Link to post
  • 0
13 minutes ago, artlieberman said:

So... why doesn't Evernote encrypt our data?

It is on their servers. They are relying on your PC and local security, just like 99.9% of all apps out there that don't support local data encryption. Your user profile should be locked via password, and your hard drive should be encrypted.

If you don't want anyone able to get to the data at all even if logged in as you, which your IT department could do, you'll need to just use the website. 

Share this post


Link to post
  • 0
38 minutes ago, artlieberman said:

But... if someone steals my PC, they might click on the Evernote icon to see what it is.  But they probably won't go scouring the disk drive looking for the actual data files.  If we had a time-out parameter that would require us to re-enter the password after X minutes of disuse ...

Do you not have device security?

My local disc is encrypted (Mac FileVault); also screen timeout.

  • Like 1

Share this post


Link to post
  • 0
18 hours ago, DTLow said:

Your Evernote data is protected by your account password; log out of your account.

That means I log in and out every moment I leave the desk and come back. Not the best solution.

  • Like 1

Share this post


Link to post
  • 0
12 hours ago, jozefk said:

That means I log in and out every moment I leave the desk and come back. Not the best solution.

Windows+L to lock your machine when you leave it.

  • Thanks 1

Share this post


Link to post
  • 0
11 hours ago, CalS said:

Windows+L to lock your machine when you leave it.

Everybody already know the PIN and that's how it should be anyway. It's company's PC not my personal one.

Share this post


Link to post
  • 0
11 hours ago, jozefk said:

Everybody already know the PIN and that's how it should be anyway. It's company's PC not my personal one.

Then you shouldn't install Evernote on your company PC unless you agree to effectively share that data with your company. It is their PC. You can uninstall Evernote, remove the folders, then use the web version.

I honestly cannot think of a single app on Windows that has a PIN lock on it. Or my Mac. It is something that has become a bit more common on mobile platforms as parents let kids play games or watch netflix, but don't want them to have access to apps like Evernote, Lastpass, etc. Plus, it is strangely common that people don't lock their phone, which is why most apps with confidential info have their own password schemes, but those all hook (generally, on iOS at least) into TouchID/FaceID.

If you only have some notes that are sensitive, you can encrypt those individually by selecting the text, right-clicking, and encrypt. Just don't forget your password. There is no recovery available for a lost password on an encrypted note.

  • Like 2

Share this post


Link to post
  • 0
17 minutes ago, EdH said:

I honestly cannot think of a single app on Windows that has a PIN lock on it.

LastPass on my PC.   I have it's settings such that it will require the access password to be typed again if LastPass has not been used for 30 minutes.  This would be a really simple thing for Evernote to implement.

Share this post


Link to post
  • 0
Just now, artlieberman said:

LastPass on my PC.   I have it's settings such that it will require the access password to be typed again if LastPass has not been used for 30 minutes.  This would be a really simple thing for Evernote to implement.

I understand it is simple to say that, but Lastpass is nothing but a password manager. A 100% password manager and it is encrypted on all platforms everywhere. Totally different purpose. I don't know about an app for Windows. I use it, but it is an extension in Chrome and Brave for me, not an app in the start menu or an app that even resides on my PC - other than wherever Chrome keeps Extension information.

And again, a PIN is 100% useless for Evernote even if they created it. The evernote database is essentially PLAIN TEXT. You can read it in Notepad.

Share this post


Link to post
  • 0
36 minutes ago, artlieberman said:

Well, then, the bigger question:  Why doesn't Evernote encrypt the data?

I would like to see end-to-end encryption.  

We can encrypt our own data but we lose Evernote features; OCR, indexing for search, ...

 

Share this post


Link to post
  • 0

@artlieberman

If it is really important to you there are volume encryption tools that you can use to encrypt your data.  BitLocker is built into Windows.

  • Like 1

Share this post


Link to post
  • 0
1 hour ago, artlieberman said:

Well, then, the bigger question:  Why doesn't Evernote encrypt the data?

I would expect a significant performance penalty when working with a large encrypted database, but if they were able to make encryption optional, that may be a reasonable compromise for those who require encryption, I would think.

On the other hand, encryption could turn out to be a support nightmare for them.  A business level subscription option, maybe?

Share this post


Link to post
  • 0
9 minutes ago, Don Dz said:

I would expect a significant performance penalty when working with a large encrypted database, but if they were able to make encryption optional, that may be a reasonable compromise for those who require encryption, I would think.

On the other hand, encryption could turn out to be a support nightmare for them.  A business level subscription option, maybe?

Or, encrypt the hard drive via Bitlocker (Windows) or FileVault (macOS).

  • Free
  • Very fast
  • often handled at hardware level vs software encryption

Share this post


Link to post
  • 0
2 hours ago, EdH said:

Or, encrypt the hard drive via Bitlocker (Windows)

Only available in Windows Pro and Enterprise, not Home, as I understand it.

Share this post


Link to post
  • 0

BitLocker is available on my Surface with Windows 10 Home.  Don't know if it is different with a PC...

Share this post


Link to post
  • 0
3 minutes ago, Don Dz said:

With Home it only works with devices with TPM chips, apparently the Surface is one of them.

Bitlocker requires a TPM chip.  I don't think it is limited to Home.

Share this post


Link to post
  • 0
11 minutes ago, s2sailor said:

Bitlocker requires a TPM chip.  I don't think it is limited to Home.

Search for either "bitlocker without tpm chip windows 10", or “Allow Bitlocker without compatible TPM chip”.

It is my understanding the workarounds only works with Windows Pro or Enterprise, with Home you need TPM.

Not an expert, just reading the sites.

Share this post


Link to post
  • 0

Most PCs today have a TPM. 

 

Besides, this is a red herring. The OP was about installing Evernote on a work pc and not wanting the company to have access. That isn’t Home, it is probably encrypted anyway, and anything you install on your work PC is available to your company. Period. 

  • Thanks 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...