Jump to content
darrel

Password protect Evernote in total

Recommended Posts

I understand that you can protect an "individual note" . But is there a way to password protect the execution of entire Evernote program? Meaning that, one will have to type a password to OPEN evernote.

 

Thanks

Darrel

  • Like 1

Share this post


Link to post

Hi. Welcome to the forums.

You cannot "protect" an individual note. You can only encrypt the text in it, and the encryption is quite weak, As I understand it, your notes (and any other app) are easily read by anyone with physical access unless you secure your device. On the desktop, you can easily secure the it by password protecting your computer and encrypting your drive (truecrypt for Windows and File Vault for Mac). It only takes a few minutes to set up. I don't agree think there is any added benefit to logging out of your account under this scenario.

On mobile there are pin locks available for Premium users, but these will just prevent casual access. and a determined hacker with physical access to the device will be able to read your notes. Make sure to lock your device and be able to remote wipe it / wipe after a certain number of unsuccessful password attempts.

  • Like 1

Share this post


Link to post

Thanks for that advise GM. May be I have not correctly understood everything you said. My concern is this. I realize that evernote gets synchronized on my home PC , on my office PC  om my mobile as well as the Ipad since all of them run the application. My fear is that the chances of hacking my notes is multiple as every device has evernote installed.how would you protect that happening?

sorry GM - it would be much appreciated if you could explain in the most simplest way. Cheers

Share this post


Link to post

Thanks for that advise GM. May be I have not correctly understood everything you said. My concern is this. I realize that evernote gets synchronized on my home PC , on my office PC om my mobile as well as the Ipad since all of them run the application. My fear is that the chances of hacking my notes is multiple as every device has evernote installed.how would you protect that happening?

sorry GM - it would be much appreciated if you could explain in the most simplest way. Cheers

You are asking good questions. The answer is actually pretty simple: encrypt and password protect your devices. The iPad is easy. You just set up a pin code for the lock screen and set it to wipe your data after ten failed attempts. The device is already encrypted.

The home pc is easy with truecrypt. Google that for more.

Work? It depends on how much control you have. If none, it might be best to use the web client if it is possible for you to get by with it.

In other words, it is far more effective to secure the devices, and not only is it easy to do, but it protects all your data, not just a single app.

Share this post


Link to post

Thanks again. I may be a pain until I am sure of what I got to do. :) . sorry about that. My home PC has password to log into (at the start up of windows 8). My Ipad has the same and also the office PC. Are these the protections that you refer to for each device? or is it something else.

Now think like this. Let's say we have all our devices password protected to start them running. And lets say  I log in with my password and start working on  my home pc. Evernote which is one of the applications in my PC now becomes accessible. Can an outsider through the internet also have access to the files (immaterial that the device had a password)

Share this post


Link to post

Hi. Yes, password protection is the first step, but I would encrypt the drive for good measure.

As for hacking, you would have to be pretty badly infected, but of course it is possible for a compromised computer to expose you. Anti-virus software will help if you are concerned.

Evernote encrypts all its communications, so the only way a hacker will succeed is if they already have control of your computer. At that point, Evernote is probably the least of your concerns :)

Share this post


Link to post

Learnt one thing only now -Password protect and Encryption are 2 things. Thanks for that. I will definitely encrypt my drives. Can i ask you further if I have trouble in doing so.

Share this post


Link to post

Learnt one thing only now -Password protect and Encryption are 2 things. Thanks for that. I will definitely encrypt my drives. Can i ask you further if I have trouble in doing so.

FWIW... I'm PC & for several years, had my EN database in a Truecrypted container with no issues. Please note that although this worked for me for several years, putting your EN database in a TC container is not supported. ("Not supported" doesn't always translate to "bad". It may just mean "not supported"). Due to another issue (scaling - I apparently have one of the larger EN databases), I've moved my DB out of an encrypted container solely to eliminate all other possible issues when dealing with support on my scaling issue.

  • Like 1

Share this post


Link to post

Learnt one thing only now -Password protect and Encryption are 2 things. Thanks for that. I will definitely encrypt my drives. Can i ask you further if I have trouble in doing so.

 

Sure! BNF is the expert on TrueCrypt, though. I think taking things one step at a time is a good start. Password protecting your devices is the first step. There are other things you can do (http://www.christopher-mayo.com/?p=288).

 

I'm currently working with my computer password protected, with an encrypted local drive (FileVault on the Mac), hourly backups of everything including my Evernote database (using TimeMachine on the Mac), and I've got all of my sensitive data in a Local Notebook. All of this sounds like a lot of effort, but it is actually extremely easy to set up (on a Mac) and takes no time at all to manage on a daily basis (I just plug in an external drive for the backups and the Mac does the rest). There are similar solutions for Windows (as you might expect, it requires a little more effort, but it is easily doable).

Share this post


Link to post

"and I've got all of my sensitive data in a Local Notebook"

 

I think it is easy for me to understand the steps given by GM. So I will go with it. What did you mean by "Local Drive"? . can i have a similar thing done for sensitive data using a potable external drive.?

 

Share this post


Link to post

"and I've got all of my sensitive data in a Local Notebook"

 

I think it is easy for me to understand the steps given by GM. So I will go with it. What did you mean by "Local Drive"? . can i have a similar thing done for sensitive data using a potable external drive.?

Another good question. On the Mac, you can have a notebook on an external drive (http://discussion.evernote.com/topic/4003-change-evernote-files-location/#entry18729), but it is not supported by Evernote (meaning that you are on your own if anything goes wrong). On Windows, it is possible to do this, but it is a little complicated, and probably unnecessary.

Cloud = Evernote's servers in California.

Local Drive = The drive inside your computer (SSD or HDD).

External Drive = Flash drive, backup drive, or anything else that you plug into your computer.

Local Notebook = A notebook in your Evernote account that is on your local drive ONLY and NOT synced to Evernote's servers. You can create notes in this notebook, search for them, edit them, etc., but you will not be able to see them on another device because they do not sync.

Unfortunately, as secure as local notebooks are, they don't take advantage of Evernote's strength: syncing across multiple devices.

Share this post


Link to post

 Good explanation of the different storage locations.

 

 


Unfortunately, as secure as local notebooks are, they don't take advantage of Evernote's strength: syncing across multiple devices.

 

 

I take the other position.

Fortunately, local notebooks do not sync across other devices.

 

If I lose or someone steals my smartphone (or tablet), my confidential information on the local notebook does not get into the hands of the bad guy.

Share this post


Link to post

Good explanation of the different storage locations.

 

 

Unfortunately, as secure as local notebooks are, they don't take advantage of Evernote's strength: syncing across multiple devices.

 

I take the other position.

Fortunately, local notebooks do not sync across other devices.

 

If I lose or someone steals my smartphone (or tablet), my confidential information on the local notebook does not get into the hands of the bad guy.

True. I think that is where the quandary is. Without encrypted notebooks, we don't want to sync the data, but if we don't sync the data, Evernote isn't reaching its full potential. Personally, I think the obvious answer is to provide zero-knowledge encryption of notebooks so that the data goes from our device, into Evernote servers, and synced to our other devices without getting decrypted anywhere along the way. This would be a huge help for Business and Premium users who have to handle sensitive data (especially third party data). I'm sure that Evernote has thought about all of this long and hard, but given recent events (state-sponsored hacking / spying / surveillance) I think it has become even more necessary.

The local notebooks are a solution, but I'd prefer to have a solution that syncs :)

Share this post


Link to post

To expand on your comment about government hacking:

 

"if we don't sync the data, Evernote isn't reaching its full potential"...
+
"The local notebooks are a solution, but I'd prefer to have a solution that syncs"...

 

with the NSA and GCHQ.
 

Share this post


Link to post

To expand on your comment about government hacking:

 

"if we don't sync the data, Evernote isn't reaching its full potential"...

+

"The local notebooks are a solution, but I'd prefer to have a solution that syncs"...

 

with the NSA and GCHQ.

Indeed. That is why I believe the best solution is encryption all around on at least one notebook. You can't stop the NSA and others from doing this, because apparently we have decided this kind of Orewellian dystopia is preferable to privacy, so at least you make what the state hackers/spies get is of little use. Of course, in some ways this draws more attention to you and gets your data thrown into the never-delete pile (http://www.pcworld.com/article/2042673/nsa-can-retain-encrypted-communications-of-americans-possibly-indefinitely.html), but at least it isn't immediately readable, and if 50 million people (Evernote's user base) were doing it, then the task would become near impossible for the NSA.

There is a lot we don't know yet. For example, how do these hacker spies deal with SSL or the 2048-bit RSA and 256-bit AES that a cloud service like SpiderOak uses? I think we probably haven't gotten to the point where this kind of stuff is easy for them to handle, but I have no evidence on which to base this, because we just don't have enough data yet. This year looks to be full of revelations. There isn't much a company like Evernote can do about these government-level initiatives, but encryption would be one way to insulate their users so that no matter what kind of nutty laws get passed, everyone is secure.

This thread is about password protection, not encryption, but I've always thought that the two go together. What is the point, after all, of password protecting a notebook so that your friends can't rummage through your Evernote account if Spotlight indexes everything anyhow? And, I'm not terribly concerned about my friends, because they typically can't / won't bring state and federal cases against me for perceived infractions of the law (remember, all the government needs is suspicion of criminal activity to get the ball rolling in this Kafkaesque drama -- how many innocent people are in prisons already because of inadequate legal representation?). I am a little more concerned about an analyst somewhere reading over my shoulder. It's not all doom and gloom (we do have local notebooks, after all), but I can see the possibility for encrypted notebooks to enable users a little more flexibility in securing their data.

Share this post


Link to post

I understand that you can protect an "individual note" . But is there a way to password protect the execution of entire Evernote program? Meaning that, one will have to type a password to OPEN evernote.

 

Thanks

Darrel

this is a  most useful function,when I use Evernote at office

Share this post


Link to post

 

 

I understand that you can protect an "individual note" . But is there a way to password protect the execution of entire Evernote program? Meaning that, one will have to type a password to OPEN evernote.

 

Thanks

Darrel

this is a  most useful function,when I use Evernote at office

http://discussion.evernote.com/topic/34705-evernote-password-protection/

 

thanks for reply,

Game protector is a great software,but when EverNote is running in the background (in the tray), then I open the Evernote again,the game protecter don't work.

Like the mobile device pincode, is better.

China's Evernote follower YouDaoNote有道笔记  http://note.youdao.com has the fonction and works well.

YouDaoNote becomes the No.1 note app in China, though it can't compare with EN,but some founction is basic and useful.

Hope EN better and better. listen  the user's advise is better too :D

Share this post


Link to post

I understand that you can protect an "individual note" . But is there a way to password protect the execution of entire Evernote program? Meaning that, one will have to type a password to OPEN evernote.

 

Thanks

Darrel

this is a  most useful function,when I use Evernote at office
http://discussion.evernote.com/topic/34705-evernote-password-protection/

thanks for reply,

Game protector is a great software,but when EverNote is running in the background (in the tray), then I open the Evernote again,the game protecter don't work.

Like the mobile device pincode, is better.

China's Evernote follower YouDaoNote有道笔记  http://note.youdao.com has the fonction and works well.

YouDaoNote becomes the No.1 note app in China, though it can't compare with EN,but some founction is basic and useful.

Hope EN better and better. listen  the user's advise is better too :D

I doubt an EN pin code would function differently from Game Protector. After all, if you continue to run the program in the background... IOW, you're going to need to close the program for a pincode to work each time.

Share this post


Link to post

I In my windows laptop, i use a free piece of software called TrueCrypt to encrypt the database of evernote, see http://www.truecrypt.org, i have created a container file

with TrueCrypt, move the database to the container, then create NTFS symbolic links to them in the original location,
i created the symbolic links using the mklink command .
 
Unfortunately, a MAC versions of TrueCrypt is not available, i use MacFort instead of TC in may MacBook, this software is pretty simple to use,

Share this post


Link to post

I In my windows laptop, i use a free piece of software called TrueCrypt to encrypt the database of evernote, see http://www.truecrypt.org, i have created a container file

with TrueCrypt, move the database to the container, then create NTFS symbolic links to them in the original location,

i created the symbolic links using the mklink command .

 

Unfortunately, a MAC versions of TrueCrypt is not available, i use MacFort instead of TC in may MacBook, this software is pretty simple to use,

see http://www.madowsoft.com/how-to-encrypt-evernote-with-password-protection.html

Why not just use FileVault? It's free, already available on every Mac, and it will protect everything on your computer.

Share this post


Link to post

 

I In my windows laptop, i use a free piece of software called TrueCrypt to encrypt the database of evernote, see http://www.truecrypt.org, i have created a container file

with TrueCrypt, move the database to the container, then create NTFS symbolic links to them in the original location,

i created the symbolic links using the mklink command .

 

Unfortunately, a MAC versions of TrueCrypt is not available, i use MacFort instead of TC in may MacBook, this software is pretty simple to use,

see http://www.madowsoft.com/how-to-encrypt-evernote-with-password-protection.html

Why not just use FileVault? It's free, already available on every Mac, and it will protect everything on your computer.

 

 

I just want to encrypt the Evernote database folder, not my entire home folder, i don't want to protect everything on my computer,

FileVault will take up large disk space and slow down my computer.

Share this post


Link to post

I In my windows laptop, i use a free piece of software called TrueCrypt to encrypt the database of evernote, see http://www.truecrypt.org, i have created a container file

with TrueCrypt, move the database to the container, then create NTFS symbolic links to them in the original location,

i created the symbolic links using the mklink command .

Unfortunately, a MAC versions of TrueCrypt is not available, i use MacFort instead of TC in may MacBook, this software is pretty simple to use,

see http://www.madowsoft.com/how-to-encrypt-evernote-with-password-protection.html

Why not just use FileVault? It's free, already available on every Mac, and it will protect everything on your computer.

I just want to encrypt the Evernote database folder, not my entire home folder, i don't want to protect everything on my computer,

FileVault will take up large disk space and slow down my computer.

Thanks. I wasn't aware that file vault significantly impacts performance and eats up storage.

Share this post


Link to post

Learnt one thing only now -Password protect and Encryption are 2 things. Thanks for that. I will definitely encrypt my drives. Can i ask you further if I have trouble in doing so.

FWIW... I'm PC & for several years, had my EN database in a Truecrypted container with no issues. Please note that although this worked for me for several years, putting your EN database in a TC container is not supported. ("Not supported" doesn't always translate to "bad". It may just mean "not supported"). Due to another issue (scaling - I apparently have one of the larger EN databases), I've moved my DB out of an encrypted container solely to eliminate all other possible issues when dealing with support on my scaling issue.

Just for the record, my local EN database has been living on my Truecrypt encrypted X: drive for many years, on two different Windows PCs. As the drive is therefore not available to my PC until I mount it (and provide the decryption key), Evernote is set (in the Evernote options) NOT to load on PC startup. On my home PC I start it manually. On my work PC I use a desktop switching app (I can't remember the name of it, and I'm not near that PC at the moment to check), and I have that set up to start up all the apps that either live on or have data on the encrypted drive - notably Firefox portable, which is installed on the X: drive, and Evernote, whose data is on the X: drive.

To be honest, the issue of supportability never occurred to me, as EN does support you moving your DB to a location of your choice, and Truecrypt is essentially invisible to apps using data on encrypted drives.

Of course, all of this only secures your local data. Anybody with your Evernote password (or your email password to request an Evernote password reset) can get access to your data via the EN web app.

Share this post


Link to post

The best thing is exactly like DROPBOX do. When you open the app you're asked for a four-digit code. After ten bad attempts, all tha data are wiped from your mobile devide. That's exactly what ALL THE USERS want.

 

Dare you to do a survey??

  • Like 1

Share this post


Link to post

I don't want it.

 

As a grown up computer user, when I'm away from my machine I lock it quickly and simply with a hot corner.

 

If someone else wants to use my machine, I normally say no, but if pushed I switch to a Guest account.

 

Both things take a couple of seconds.

 

All my data is behind a password, not just what I have in Evernote. I've chosen not to encrypt my hard drives, my risk, I'm a grown up, I decide.

 

I think Evernote have been pretty clear about this over the last few years. For the time being at least, it is your responsibility to secure your computer and the data on it.

  • Like 1

Share this post


Link to post

The best thing is exactly like DROPBOX do. When you open the app you're asked for a four-digit code. After ten bad attempts, all tha data are wiped from your mobile devide. That's exactly what ALL THE USERS want.

 

Dare you to do a survey??

 

You're not speaking for ALL USERS. I certainly don't want what you're suggesting.

 

Evernote has done a good job with its recent introduction of two-factor authentication for protecting our accounts. It's not Evernote's job to protect the files on your PC. There are so many free and simple solutions to this that it's a non-problem.

  • Like 1

Share this post


Link to post

The best thing is exactly like DROPBOX do. When you open the app you're asked for a four-digit code. After ten bad attempts, all tha data are wiped from your mobile devide. That's exactly what ALL THE USERS want.

 

Dare you to do a survey??

 

I don't know where you think you get the authority to speak for "ALL THE USERS".  Nor do I know where you even think you know what ALL THE USERS want. 

Share this post


Link to post

But like DROPBOX do, you can customize that feature, ENABLING/DISABLING by a simply check in options. So, people like you, can follow like now..

But the fact is that android devices are sensible to someone can collect your data in a inadvertence, so most of users want to be able to ENABLE / DISABLE that feature.

Share this post


Link to post

It's simply. talking to people at the street, listening to forums.... 

The feature of asking for a pin code each time you open the app, it would be an optional customizable feature through a simple check, like DROPBOX do.

Share this post


Link to post

But the fact is that android devices are sensible to someone can collect your data in a inadvertence, so most of users want to be able to ENABLE / DISABLE that feature.

 

Encrypt your Android device. Put a short time out on the screen lock. Enable remote tracking/wiping etc. Job done, and all your device's content is protected. Simple.

Share this post


Link to post

It's a shame that Evernote hasn't taken the approach of the unfortunately outdated Palm desktop.  In that database, each single memo, contact, scheduled event, or to do item could be individually marked as private, requiring a password to view it.   Private records could be shown, masked, or hidden.  Additionally, the entire program could itself be password protected.  The same is true with the Palm OS on the mobile devices.  It was the best security that has ever been offered for such programs (IMO)   I suspect this could be easily implemented in Evernote and could make everyone happy.  If you don't want it, you don't engage it, but if you do, it's there on several levels.  I still use Palm desktop for just that reason, but unfortunately there is no current operating system which lets me go back and forth between my windows laptop and mobile device.

Share this post


Link to post

 

The last couple of minutes of this interview indicate that new "sexy" encryption options will be available "soon" (by the end of the year apparently)

 

http://techcrunch.co...ar-old-startup/

 

 

Thanks for the link Metro. For those who don't want to listen to the whole thing, security stuff comes from 27:27, where Phil talks about the March hacking and Evernote response. Prism-related comments come from 29:51. Encryption comments come from 31:00. Phil promises super sexy at 32:46.

 

If I had to take a guess what will happen from what he said, we will have zero-knowledge encryption (Evernote will be unable to decrypt your data -- only you will be able to do it). We will not be getting encrypted notebooks. We will not be getting encrypted databases. Instead, we will encrypt entire notes or sections of attachments. That's my interpretation of the interview. Personally, speaking as a lazy person, I want to be able to throw all of my sensitive stuff into an encrypted notebook of some kind, so I am hoping that I am wrong about this, but Phil promises sexy, so let's wait and see. My guess about the release date (at least for some teaser videos) would be the upcoming ETC on 9/26 and 9/27.

Share this post


Link to post

Interesting talk. Thanks for the pointers to the security section.

For the first 15 minutes, he talked a lot about their "external brain" designed to store everything - more and more memories - bigger and bigger - find anything and everything - access it everywhere.

 

He was open to the questions posed to him, but did not mention the scaling issues that some of us are facing involving large amounts of notes. Unless this is resolved, the problem will continue to increase as our database grows. Evernote is just 5 years old - I've only used it for 3 years. Imagine the scaling problems we will face in another 5 years of data collection. The current work-arounds involve 1.) regularly culling PDF's, notes, attachments from the database, or 2.) create additional Evernote accounts to split the data, or 3.) restrict the creation of new notes.
 

Security is important, but if I can't access Evernote as designed (and marketed) as a multi-device program, encryption becomes a moot point. Personally, I have cut back to only using Evernote on my home desktop.

  • Like 1

Share this post


Link to post

Well, I wouldn't expect him to bring up a problem in an interview unless he is asked about it. 

  • Like 1

Share this post


Link to post

Well, I wouldn't expect him to bring up a problem in an interview unless he is asked about it. 

 

You are correct. Corporate officials steer the conversation to happy talk.

So it is up the users who are affected to be vocal about this issue, as I did in the previous message.

Share this post


Link to post

 

I In my windows laptop, i use a free piece of software called TrueCrypt to encrypt the database of evernote, see http://www.truecrypt.org, i have created a container file

with TrueCrypt, move the database to the container, then create NTFS symbolic links to them in the original location,
i created the symbolic links using the mklink command .
 
Unfortunately, a MAC versions of TrueCrypt is not available, i use MacFort instead of TC in may MacBook, this software is pretty simple to use,

 

Would it be possible for you to give a step-by-step on your method here for Windows?  I'd be VERY interested.  Just putting TrueCrypt on my computer now...

Share this post


Link to post

In Evernote, go to Tools | Options | General, and see where your Evernote database is currently stored.  Then, in Windows File Explorer, select that folder, and right click and choose Properties to see how much space it's taking up. 

 

In Truecrypt, create an encrypted drive larger than that (I'd suggest at least twice as big, to allow for growth). 

 

Mount the drive in Truecrypt, and then go back to Evernote's Tools | Options | General and tell Evernote you want to move your data to your encrypted drive.  You'll also want to untick the option to start Evernote on startup, as you'll have to wait to start up Evernote until after you've mounted your Truecrypt drive.

 

Julie

  • Like 1

Share this post


Link to post

As far as I know when you lost Evernote password, the easiest way is to use the registered mail to reset your lost password.

Share this post


Link to post
On 11/08/2013 at 10:53 AM, Metrodon said:

The last couple of minutes of this interview indicate that new "sexy" encryption options will be available "soon" (by the end of the year apparently)

 

 

 

 

http://techcrunch.co...ar-old-startup/

 

So finally what was the "sexy" encryption option he announced in 2013 ? 

He = the CEO of Evernote !

Or just another mistake, like the recent privacy policy updates ?

Share this post


Link to post
4 hours ago, Tboy said:

So finally what was the "sexy" encryption option he announced in 2013 ? 

He = the CEO of Evernote !

Or just another mistake, like the recent privacy policy updates ?

Actually "He" is no longer the CEO
I use my own encryption resources for privacy, but never think of them as "sexy"

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...