Ricky 11 Posted June 16, 2018 Share Posted June 16, 2018 How in the ? do I change my encryption passphrase?! This is so ? stupid that it has to be this difficult. I've deleted the note, recopied the text, uncheck the remember passphrase, exited Evernote and it is still stuck on that passphrase. Do I have to reinstall Evernote to reset this? What if one screws up on his passphrase? ?!! Link to comment
Level 5* CalS 5,280 Posted June 16, 2018 Level 5* Share Posted June 16, 2018 Right click on the encrypted icon and select Decrypt Text Permanently, then encrypt again. Link to comment
Level 5 jbenson2 2,147 Posted June 16, 2018 Level 5 Share Posted June 16, 2018 22 hours ago, CalS said: Right click on the encrypted icon and select Decrypt Text Permanently, then encrypt again. I am concerned that this change will cause the encryption passphrase to change for all of my existing and future encrypted notes. And if it only affects the note in question, it would be confusing to have multiple passphrases for a variety of notes. So I have never tried this change technique. Do you know if the new passphrase will apply just to the specific note only, or is it a universal change for all encrypted notes? Link to comment
Level 5* DTLow 5,736 Posted June 17, 2018 Level 5* Share Posted June 17, 2018 3 hours ago, jbenson2 said: Do you know if the new passphrase will apply just to the specific note only, or is it a universal change for all encrypted notes? The encryption passphrase is not universal In theory we could use a different passphrase for each encryption; which I agree could be confusing. I use a password manager (LastPass) to manage my passwords, including Evernote Notes. Link to comment
Level 5* CalS 5,280 Posted June 17, 2018 Level 5* Share Posted June 17, 2018 3 hours ago, jbenson2 said: Do you know if the new passphrase will apply just to the specific note only, or is it a universal change for all encrypted notes? Changing the encryption password on one bit of text does not affect the passwords on other bits of text, in my testing anyway. You can have more than one encryption password. Agreed, practical issue is remembering which password if you have a bunch of notes with encrypted text and a bunch of passwords. Link to comment
howdoogie 14 Posted September 27, 2018 Share Posted September 27, 2018 This is a very relevant topic. I have old notes with my old encryption pass-phrases. It is scary because there's no way you'll remember all of the passphrases over time, nor is it smart to keep your passphrase the same for all of eternity... The fact that passphrases are not consistent, lastpass + evernote is also something I've started to implement slowly. Evernote needs to REALLY step up their encryption/security game. It's BAD. I know Evernote's response will be, "Don't use Evernote for sensitive information". Easier said than done. I won't even get into the fact that Evernote truly needs to implement an app Passcode lock for Macbook/Desktop versions of evernote (similar to what they have on iPhone app). It is unacceptable and rather absurd to be missing this feature on desktop. Again, I know Evernote's response will be, "You should have a passcode lock for access to your PC/Macbook and you will be fine". Again, for any power user of evernote, most will agree the above responses are... aggravating(?) to say the least. Of course power users will have implemented the above already. Link to comment
Level 5* DTLow 5,736 Posted September 27, 2018 Level 5* Share Posted September 27, 2018 17 minutes ago, howdoogie said: I know Evernote's response will be, "Don't use Evernote for sensitive information". Actually Evernote supports text encryption for sensitive information It's not something I use; I don't want to be locked in to Evernote, >>I have old notes with my old encryption pass-phrases. It is scary because there's no way you'll remember all of the passphrases over time, I'm on a Mac and we get to specify a hint to assist with the pass-phrase. Also, using a password manager like Lastpass is a good idea. This tool is driven by web urls; fortunately each note has a unique link. Link to comment
howdoogie 14 Posted September 27, 2018 Share Posted September 27, 2018 51 minutes ago, DTLow said: Actually Evernote supports text encryption for sensitive information It's not something I use; I don't want to be locked in to Evernote, >>I have old notes with my old encryption pass-phrases. It is scary because there's no way you'll remember all of the passphrases over time, I'm on a Mac and we get to specify a hint to assist with the pass-phrase. Also, using a password manager like Lastpass is a good idea. This tool is driven by web urls; fortunately each note has a unique link. I agree. I am a little TOO locked into Evernote + Lastpass. I use the passphrase reminders, have about 20 of them now. Passwords however should be unique, 12+ characters long with unique characters. This is not very conducive to "passphrase reminders". Thus, the only reasonably safe method to keep sensitive information in Evernote is to use Lastpass to generate a unique password, use that password to encrypt each text in Evernote, and then dig up ALL encrypted messages throughout Evernote at the frequency you feel comfortable updating your password (I would recommend, at a minimum once per year, ideally more). The entire process is simply untenable over time. Note: each time you encrypt a text in Evernote, it doesn't prompt you to enter a new passphrase. I did notice a new feature however - Evernote encourages you to use the same passphrase for all encrypted notes, and prompts you to NOT change the password. However, there is no way to change the passphrase for all past notes. Thus, you are correct. Time to diversify and wean myself off Evernote -> download my personal Evernote database (export for offline use) + keep with my password manager. Link to comment
BrightHomesRE 31 Posted September 27, 2018 Share Posted September 27, 2018 I would recommend not using Evernote for sensitive information. Period. Link to comment
Level 5* DTLow 5,736 Posted September 27, 2018 Level 5* Share Posted September 27, 2018 3 hours ago, SVHOODS said: I would recommend not using Evernote for sensitive information. Period. I have no concerns with storing sensitive information if it's encrypted. I'm not a fan of Evernote's text encryption feature; I prefer the native encryption in attachments (PDFs, office/iwork documents...) Other users make use of the Local Notebook feature. Link to comment
Level 5* CalS 5,280 Posted September 27, 2018 Level 5* Share Posted September 27, 2018 14 hours ago, SVHOODS said: I would recommend not using Evernote for sensitive information. Period. Not sure I would go that far. Agree 100% don't put anything sensitive on the web in its "naked" form, whether it be cloud storage or EN. OTOH, local notebooks are a reasonable place for sensitive information. Those notes and documents can also be encrypted in those local notebooks if one opts. And, depending upon one's level of comfort, sensitive notes can be synced if encrypted. Horses for courses relative to risk tolerance I suppose. Link to comment
BrightHomesRE 31 Posted September 27, 2018 Share Posted September 27, 2018 5 minutes ago, CalS said: Not sure I would go that far. Agree 100% don't put anything sensitive on the web in its "naked" form, whether it be cloud storage or EN. OTOH, local notebooks are a reasonable place for sensitive information. Those notes and documents can also be encrypted in those local notebooks if one opts. And, depending upon one's level of comfort, sensitive notes can be synced if encrypted. Horses for courses relative to risk tolerance I suppose. Thanks for the comment, @CalS and I do agree that it is relative to one's risk tolerance. Link to comment
Level 5* CalS 5,280 Posted September 27, 2018 Level 5* Share Posted September 27, 2018 5 minutes ago, SVHOODS said: Thanks for the comment, @CalS and I do agree that it is relative to one's risk tolerance. You are welcome. To be clear, in addition to storing some encrypted data on EN, I also have a VeraCrypt container that I sync to DropBox, with the documents in the container encrypted by whichever app owns them. Kind of my level of 0 risk tolerance. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.