Jump to content
  • 729

Password Protected Notebooks


EvernoteLover9

Idea

Recommended Posts

  • 0

+1 for the password protect notes.

Can it really be so difficult guys?

 

And before gazumped chimes in with with password protecting shopping lists I'd like to point out that my shopping list & memoirs would be happily open to all snoopers. Knock yourself out.

However, for the vast majority of users who have a sensitive note here and there a password protected option would be extremely useful.

 

If Evernote touts itself as a "take anywhere" tool then it has to understand a stolen mobile phone or tablet is quite a common occurrence and providing an extra layer of protection on top of the device's own is very desirable.

Hell, make it a paid only option if you like, but please make it. 

  • Like 1
Link to comment
  • 0
  • Level 5*

Not gonna comment on shopping lists ;) but yes,  it can be "so difficult".  Basic problem being - do you want to search your secured notes?  Still want OCR on the server for documents and pictures?  Still want access to notes in (at least) six different primary operating systems? There's no software out there (that I'm aware of) can search an encrypted database,  and if your search index is to be used from any device with any OS you need (at least) six different software developments going for an app that can use the same encryption protocols no matter which OS they're running in.

 

There's encryption which does run in different OS's,  but that's a lock-it-and-forget approach which doesn't allow for search and OCR along the way..

 

So it'll cost hundreds of thousands or some millions to code,  and you're willing to buy it;  that makes about 10 possible customers so far...

  • Like 2
Link to comment
  • 0

andy,

yeah there are lots of programmers that have managed to allow encrypted notes and such in their apps, Lastpass etc. but obviously we are evernote users and dont want to use multiple apps depending on what kind of notes we have. 

 

gazumped seems to really have a problem with the idea of passworded notes; he keeps wracking his brain to come up with reasons it would be a bad idea. this time he shifted the discussion to "how do you search inside of encrypted notes, thats impossible, millions of dollars would be needed, willing to buy it yourself?". 
*facepalm*
i appreciate the snideness, but no we aren't asking to search inside password protected notes (no one even brought that up). we just want to be able to be able to password protect them, its actually a pretty simple concept. I'm sure it would take some effort on Evernotes part to figure it out, but it does seem like a pretty important function and I think they will implement it at some point, but it appears it's not a priority for them atm. 

  • Like 1
Link to comment
  • 0

 , but it appears it's not a priority for them

Regardless of your opinion on Gaz's replies, right there is your answer. It's Evernote's product and if they choose to not implement any stronger/better encryption, it's certainly their choice, If it's a deal breaker for anyone, then it's the user's choice to use an app that better suits their needs.

  • Like 1
Link to comment
  • 0

What a lot of rubbish.  I just joined this forum having activated evernote, and finding it suits my needs pretty well.   The only thing I couldn't find was how to password protect a notebook.  I can't believe how many threads there are on this topic and yet the developers ignore the issue.  Utter rubbish.   Why do you people bother asking the powers that be for it when you've been ignored for over 3 years?.  All you people protesting have got too much time on your hands. I'm not wasting my time,  I'm cancelling my registration and going over to OneNote.  Total forum membership period = 10 minutes.   Time wasted on this = 15 minutes including registration, plus the time it will take to delete evernote from all my devices.    Rubbish.   

  • Like 1
Link to comment
  • 0

+1

 

If no password protection, then there should be a method to exclude certain results from search as minimum privacy. Best solution so far is to use OS X's autocomplete feature so that a phrase types out as "-tag:private", and do this every time. Why can't we just exclude a notebook from search, either permanently or with -notebook: syntax?

Link to comment
  • 0

What a lot of rubbish.  I just joined this forum having activated evernote, and finding it suits my needs pretty well.   The only thing I couldn't find was how to password protect a notebook.  I can't believe how many threads there are on this topic and yet the developers ignore the issue.  Utter rubbish.   Why do you people bother asking the powers that be for it when you've been ignored for over 3 years?.  All you people protesting have got too much time on your hands. I'm not wasting my time,  I'm cancelling my registration and going over to OneNote.  Total forum membership period = 10 minutes.   Time wasted on this = 15 minutes including registration, plus the time it will take to delete evernote from all my devices.    Rubbish.   

 

The controversy of your opinion is in your second sentence. You just joined Evernote, and it did not suit your needs in terms of security - no time wasted, - move to another solution. That's cool, and another good customer decision argument for Evernote to prioritize encryption.

 

Most of the people discussing this particular topic are with Evernote from the beginning, they have more than 2000 notes and when information security things heated up, followed by data leak in Evernote, and then in some other major companies, we all understood the importance of protecting our data. Now it is easy to jump from 0 notes in Evernote to zero notes in OneNote, in fact, it is exactly 10 minutes. However, it is really difficult to move from 2k notes from one product to another. I am now testing OneNote and even after only 2 years of Evernote, it is very complicated for me to get used to different workflows. My point is that all those guys protesting in reality don't have much time and this is why they put pressure on Evernote - for now, the cost of moving to another system is higher than the cost of using workarounds for data protection or not to store private data at all.

 

Moreover, this topic was and is a source of inspiration for some third-party products, so it is definitely not rubbish.

  • Like 2
Link to comment
  • 0

Like several others, I would like at a minimum, a notebook password option. There are private things that need that level of protection. I have my computer protected, but as some have noted, we may have some things like journals or medical notes that we want absolute privacy on. I have been using Evernote premium for a few years, but am considering finding something else. 

  • Like 1
Link to comment
  • 0

Much has been said here. I just wanted to cast my vote for password protected notebooks. 

Encrypting text is ok, however the text which is so valuable that you would encrypt it...can be deleted without decrypting it. That user flow doesn't make sense to me. It's a great first step.

I would love to lock a note and/or a notebook.

As many have mentioned, the need for feature keeps me using other software while still loving my Evernote.

Thanks

  • Like 1
Link to comment
  • 0
  • Level 5*

OK - I got the message - you'd like encryption done at the notebook level and I'm sure the people at EN have noted it.

I don't understand why this prevents you from using Evernote. 

Yes, it means you have to work around this, probably encrypting the data before you import it, or using local notebooks.

Does this really make it impossible to use Evernote?

Has anyone tried out the app Saferoom?  It seems to be the best solution I can find.

  • Like 1
Link to comment
  • 0
  • Level 5*
On August 18, 2015 at 5:35 AM, bambooparadox said:

+1 for password protected notebooks

+1 for password protected notes

+1 for password protected text including embedded pictures (jpg-screenshots)

So, it's not sufficient to have a password on the device, and a password on Evernote, you want Evernote to implement 3 other levels of password.

If I was this concerned about a note, I would have it encrypted.

If I was this concerned about notebooks during a presentation, I would be using a special presentation account.

Link to comment
  • 0
  • Level 5*
On November 8, 2015 at 4:37 PM, nddean said:

I am astonished my premium account still doesn't let me have my macbook app protected with some basic password. I don't know if I will continue to pay the premium if I can't have security across devices.

The Evernote app on my Mac has sign in/off with password

Link to comment
  • 0
16 minutes ago, DTLow said:

The Evernote app on my Mac has sign in/off with password

This option is helpful, but not convenient enough. Sign in/off for data protection requires that you should be paranoid about it - you need constantly to remember log off every time. 

I don't store in Evernote government secrets, I don't need serious encryption and I don't want really thinking about it all the time. What I need is convenient option to protect my medical and financial notebooks from the eyes of my friends and coworkers without losing easiness of access to other notebooks. 

Edited by Siberian
Link to comment
  • 0
  • Level 5*
16 minutes ago, EasyTiger said:

Have moved to OneNote also, far better.

It just depends on what you want.  Neither Evernote nor OneNote will fit everyone's needs.
Even though there are parts of the UI I don't like, and some features I'd really like to have, IMO, Evernote is far better than OneNote, especially in:

  • Cross platform syncing
  • Web clipping
  • Searching
  • Tagging
Link to comment
  • 0
  • Level 5*
24 minutes ago, dancer said:

After all this time one would think the company would respond to all these users, but no response. :angry:

I thought the inferred response was: No, not at this time ?

I'm sure they've taken note of the suggestion, and all the +1s and voting.

Its so nice of you OneNoters to participate in the Evernote forums.
Do you see much Evernote posts in the OneNote forums.

Link to comment
  • 0

100% agree here.  Really want this feature.  I use Evernote at work and don't want my search results from OKCupid showing up onscreen when searching for something on Google with a colleague.  So I disable the help on the web.  But I store technical notes and personal notes with Evernote and the twain should not mix.  Could get two Evernote accounts, but I have Premium and want Premium features all the time.  So what should I do?   

Link to comment
  • 0
  • Level 5*
On 1/30/2016 at 10:30 AM, wealthychef said:

But I store technical notes and personal notes with Evernote and the twain should not mix.  Could get two Evernote accounts, but I have Premium and want Premium features all the time.  So what should I do?

I know this is not the answer you'd like to see, but I don't see any alternatives to separate Evernote accounts if you want to ensure your personal notes don't ever show up in your work Evernote and/or work google searches.

Link to comment
  • 0

Yes, it's strange that something along these lines is not implemented.  Even just a password to open the app on a computer would be welcome.  I do currently use the pin on the Android app.  What is also strange is the responses on these forums suggesting that maybe this isn't the app for me if I'm looking for this kind of thing.  

The only reason that I am an Evernote user is because of the combination of these 2 features:

A_)  Automatic searchable "ocr" of images and pdfs.  This is huge.  Until Onenote I am not aware of any similar software that can do this effectively.  I want need this ability to take pictures of documents and other things and find them later without creating tags or notes at the time I took the photo or scanned the document.  

B_)  The cross platform sync that allows me to use a desktop app on OSX and an Android mobile.  

I've found most of Evernote to be quite pleasant.  I don't often have trouble with syncing, the web clipper is indeed pretty nice and the overall flow of it is smooth.  

I'm just starting to play with Onenote but it doesn't look promising.  The Android app is too limited.  I'm also concerned about being tied to Microsoft.  I spent considerable time searching for an open source option that I could host myself but couldn't find anything suitable.  I honestly don't feel that I have other options.  

It's a shame that Evernote hasn't found it's way yet.  And I'm troubled that once they do find their way, they will leave behind many great ideas that someone should be able to continue using.  

Link to comment
  • 0
  • Level 5*
20 minutes ago, Chmedly said:

Even just a password to open the app on a computer would be welcome

If you sign out of Evernote before you quit/exit, it will require a sign in the next time you open Evernote.
Note that you must have an Internet connection and connect to the EN Cloud to sign in.

Link to comment
  • 0
  • Level 5*

i understand the use case, but passwords seem kind of meaningless to me when everything is still searchable (mac) and unencrypted so that anyone with basic computer literacy can rifle through your stuff. 

the problem on a computer has a simple, elegant, and considerably more secure solution: a guest user account. a single click and you can hand your computer over to someone without any worries about them indg your data (assuming a friend or relative sitting next to you -- a hacker would make mincemeat of this).

when you step away from your computer, just turn on the password-protected screen saver (a swipe on the mac using hot corners). problem solved, right?

  • Like 1
Link to comment
  • 0

It seems to me th is whole debate on password protected notes (lots of users requesting it, and Evernote team steadily turning it down for years) is the result of a misunderstanding. 

Basically the users are saying that password protected notes would add a little privacy in case their wife, husband or children click on the Evernote link in the family computer browser

Evernote people are saying that:

- this would give a false sense of security and that it's better to properly encrypt the secret part of the notes within or outside Evernote.

- that it would make searching into these notes impossible etc.

Well we're mixing up security and privacy+ease of use here: Users aren't even asking for the password Encrypted notes, they're asking for password Protected notes: if you have the password/pin code you can see the note, if you don't well, you can't. 

Users are ready to accept that this is not a top-notch security feature, it doesn't need to show on your (impressive) security overview page. Classify it as an ease of use feature if you will. As long as people don't log off their account when they're they're fully responsible of what happens with it when they're not around. However this feature will give them some peace of mind and possibility to do some damage control in case they eventually forget to log off some time.

Regards. 

 

  • Like 2
Link to comment
  • 0

+1  I really want this feature.   It is simply not enough to provide a screen saver password.   I have kids that access my computer for various things.  Mostly school stuff , Netflix and youtube.      And that god forsaken Mine Craft.

I have notes that pertain to business, diaries and some notes that are adult in nature.   I don't want kids that have access to my computer to also have access to my evernote.   I would really love to have a password per notebook so that I can let kids use the evernote but not access the diary and other personal data.

 

Please add this feature!   Nothing complex.  Just something that I can put a simple lock code on.    The IPhone App allows a 4 digit code. . .  That would be awesome on my Mac.

 

Link to comment
  • 0

Just adding another voice to this. For me it's important  that I can get to most of my notebooks without having to use a password because I use it 'on the hoof' to record all kinds of stuff and don't want to be slowed down tapping in a password on an iPhone etc.

However I would like some notebooks for sensitive information that are password protected. I'm not worried about the CIA or any such concerns that need encryption, I just don't want other people using my computer to be able to see some stuff. 

As it is I use the  'Day One' app which is perfect for the security that I require but the text formatting is too limited and I'd ideally use evernote if I could

Link to comment
  • 0
  • Level 5*
3 hours ago, MyCall said:

I just don't want other people using my computer to be able to see some stuff. 

As mentioned above, you can sign out of Evernote.  Its what I would do if I shared my computer with other people.

Also, you might want to add your vote for this feature; left corner at the top of the page - the vote is now 12

Link to comment
  • 0

 

7 minutes ago, DTLow said:

As mentioned above, you can sign out of Evernote.  Its what I would do if I shared my computer with other people.

Also, you might want to add your vote for this feature; left corner at the top of the page - the vote is now 12

Yes I understood that and likewise I can password protect my entire account on the computer but as I stated I want instant access to most of my evernotebooks and only want to password protect some of them. Thanks for suggesting I vote which I have now done

Link to comment
  • 0

It's amazing that more than one and a half year after this idea was suggested it still hasn't been implemented yet. Really, the ability to protect a note or a notebook with a password is trivially implemented and would definitely attract the people who don't use Evernote for the lack of such a feature.

Link to comment
  • 0
  • Level 5*
18 hours ago, sophieschoice said:

Thanks for sharing this.  It's a great read, and I recommend that it be read by anyone concerned at all about the security of your information in Evernote.

Unfortunately it does not address our current concern about the lack of encryption of our notes on the EN Cloud servers.

Some key points:

Quote
Evernote Defends User Data Security and Transparency
Posted by Chris O’Neill, CEO on 03 Mar 2016
 
We created Evernote to be your digital brain. Shortly after we set that as our goal, we wrote our
3 Laws of Data Protection to codify these principles:
  1. Your Data is Yours
  2. Your Data is Protected
  3. Your Data is Portable
Our 3 Laws inform virtually every decision we make, and we believe they are worth fighting for.
. . .
That’s why Evernote is standing with Apple and other technology companies to protect the security of user data. In the interest of promoting trust and transparency, Evernote is signing on as an amicus curiae (“friend of the court”) on a legal brief to be filed today in support of Apple’s motion to vacate a court order compelling it to assist the FBI in bypassing security features to access an encrypted iPhone. Also joining the brief are Amazon.com, Box, Cisco Systems, Dropbox, Facebook, Google, Microsoft, Mozilla, Nest Labs, Pinterest, Slack, Snapchat, WhatsApp, and Yahoo.
. . .
We are committed to transparency about our responses to law enforcement data demands, and we believe our users should receive notice when government agencies request their data. We also disclose the number of requests for user data we receive each year through our Transparency Report.
. . .
When the government asks us for access to user data, we are going to make sure those requests are valid and narrowly tailored. We do this to defend your rights.

 

Link to comment
  • 0
  • Level 5*

There's an interesting distinction being made between data located on the physical device and data in the cloud. It's the exact same stuff in many cases, but it is treated completely differently. Both Apple and Evernote want to do everything possible to protect the security of the physical device. However, when it comes to the cloud, neither one wants to offer encryption. We don't think twice about locking the doors of our houses, which arguably contain much less "valuable" stuff than the cloud, but we can't get that kind of security for the cloud. People keep their sensitive financial documents in safes or locked filing cabinets, but we are encouraged to put that stuff into the cloud (Evernote had a blog post on that yesterday), where anyone in the world could (potentially) gain access. I wonder why that is. This attitude is pervasive among software developers -- it isn't just Evernote or Apple who have made this artificial distinction between data on the phone and on the servers.

Undeniably, the most egregious incidents of unauthorized access have been to data on the cloud -- sometimes millions of people at a time are put at risk by a single hack. Frankly speaking, the phone is not the weak point in the security equation. I like what I hear Apple saying about encryption and I like to hear Apple and Evernote's commitments to giving customers control over their data security, but until encryption becomes the default setting for everything on the cloud, we are all more exposed to risk than we should be. The technology is out there, ready and waiting to be included in the application.

  • Like 2
Link to comment
  • 0
  • Level 5*

@GrumpyMonkey - yup;  modern version of the old (and slightly creepy) saying:  "Two people can keep a secret - if one of them's dead"  (Allegedly by a certain Mr M Twain). 

If you want something 100% secure,  the cloud is not the way to go.

  • Like 2
Link to comment
  • 0
  • Level 5*
10 hours ago, gazumped said:

If you want something 100% secure,  the cloud is not the way to go.

There is no such thing as 100% secure.  Most people's home and PC/Mac are far easier to break into than most Cloud storage.  It  is far more likely that your spouse, partner, roommate, relative, friend will hack your computer that anyone will hack your Cloud storage.

There will always be some risk, but we must keep pushing on the companies that provide Cloud storage to provide highly secure, zero-knowledge encrypted storage of all of our data, or at least give us the option of doing so.

Link to comment
  • 0
  • Level 5*
2 hours ago, JMichaelTX said:

There is no such thing as 100% secure.  Most people's home and PC/Mac are far easier to break into than most Cloud storage.  It  is far more likely that your spouse, partner, roommate, relative, friend will hack your computer that anyone will hack your Cloud storage.

There will always be some risk, but we must keep pushing on the companies that provide Cloud storage to provide highly secure, zero-knowledge encrypted storage of all of our data, or at least give us the option of doing so.

I don't know about 100%, but I think we are talking about your being more secure off the cloud than on it. I haven't heard this before about home computers being easier to break into (I've got an encrypted drive and long, random password), or that someone you know is more likely to hack your computer (I suppose it depends on the kind of people you know). Do you have numbers for this claim?

Speaking from personal experience, people have tried (and often succeeded) in hacking "my" data on the cloud several times (is it "my" data when it is on someone else's servers and their terms of service clearly state that they aren't responsible if the data is hacked?) : (1) Evernote was hacked, (2) my medical records have apparently been stolen at least once (from a former university), (3) my credit card information has been leaked on numerous occasions through hacks (the latest one was last week, in fact), (4) and at one point Dropbox exposed every single user to hacking when it messed up an update and opened up all of the accounts. I wonder how the millions of customers at Ashley Madison would respond to your claim that family members are more likely to hack personal data? I wonder how the millions of people who had their personnel files leaked by the government would feel about that claim? I just don't think there are millions and millions of family members breaking into their loved ones' computers. And, they also aren't throwing that stuff online for everyone to see. The numbers don't seem to back up your claim. There is some pretty horrendous stuff going on out there, after all.

More importantly, to your last point, I don't know which one is "inherently" more or less secure -- the cloud or your home computer. In most cases, I suspect the cloud, if managed properly, has the potential to be much "more" secure, because we are talking about tight physical control over the data and the possibility of extremely well-trained security experts watching over it. One company I think is doing a great job of this is SpiderOak -- you have zero knowledge encryption, everything is built around the principle of protecting your security / privacy, and it seems like it would be pretty difficult to actually gain access to data, even if an employee somehow managed to rent a U-Haul, make off with all of the servers, because everything is encrypted. It's not 100% secure, but it is pretty close to it.

We agree on the conclusion, even if we don't on the steps you took to get there -- we ought to be expecting people who hold our data on their servers to at least offer us the option of zero-knowledge encryption.

  • Like 1
Link to comment
  • 0
  • Level 5*
4 hours ago, GrumpyMonkey said:

I don't know about 100%, but I think we are talking about your being more secure off the cloud than on it. I haven't heard this before about home computers being easier to break into (I've got an encrypted drive and long, random password), or that someone you know is more likely to hack your computer (I suppose it depends on the kind of people you know). Do you have numbers for this claim?

Perhaps I mislead you with the term "hack".  What I meant about your home computer being "hacked" is that it is likely that it is easily accessible to others in the household.  Often times people will share one computer with everyone in the household.  Often home users either don't use a password to login to their computer, or it is very simple, or it is shared with everyone, or at least some, in the household.  Even if they have separate computer logins, data about the other user is often accessible. Most  families/households have fights (some more than others), and breakups, estrangements, and theft of household members happens, but perhaps not often reported.  "Borrowing" of their parents credit cards, cash, jewelry, etc is not unheard of.  I would expect some sensitive information on the household computer to be accessed by others.

And then there is always the domestic help and repair people who are in people's homes, often without the owners being present.

In addition to that, home users are more likely to get a computer virus or trojan, giving access to others.  

I'm not going to get into a debate with you over statistics.  I haven't seen you present any "numbers" or statistics either.

My point is that just keeping your information out of the cloud does not give you the 100% security that @gazumped implied.

I see no reason to get sidetracked by this discussion when the main point, that we both agree on, is that:

7 hours ago, JMichaelTX said:

There will always be some risk, but we must keep pushing on the companies that provide Cloud storage to provide highly secure, zero-knowledge encrypted storage of all of our data, or at least give us the option of doing so.

 

Link to comment
  • 0
  • Level 5*
15 hours ago, JMichaelTX said:

does not give you the 100% security that @gazumped implied.

It rather depends what you're keeping secure.  Putting things in the cloud does not,  we all seem to agree,  give total security.  You can pretty much bet that not telling anyone else your secret,  and not writing it down anywhere,  works pretty well most of the time. Anything else is a compromise.

Link to comment
  • 0
  • Level 5*
17 hours ago, JMichaelTX said:

Perhaps I mislead you with the term "hack".  What I meant about your home computer being "hacked" is that it is likely that it is easily accessible to others in the household.  Often times people will share one computer with everyone in the household.  Often home users either don't use a password to login to their computer, or it is very simple, or it is shared with everyone, or at least some, in the household.  Even if they have separate computer logins, data about the other user is often accessible. Most  families/households have fights (some more than others), and breakups, estrangements, and theft of household members happens, but perhaps not often reported.  "Borrowing" of their parents credit cards, cash, jewelry, etc is not unheard of.  I would expect some sensitive information on the household computer to be accessed by others.

And then there is always the domestic help and repair people who are in people's homes, often without the owners being present.

In addition to that, home users are more likely to get a computer virus or trojan, giving access to others.  

I'm not going to get into a debate with you over statistics.  I haven't seen you present any "numbers" or statistics either.

My point is that just keeping your information out of the cloud does not give you the 100% security that @gazumped implied.

I see no reason to get sidetracked by this discussion when the main point, that we both agree on, is that:

 

If "hacking" means letting my family members use my computer, then I guess I have been "hacked" a lot. I am not terribly worried about my wife seeing our banking statements, after all, but I guess different families do stuff differently. I don't see any numbers yet, so I am going to disregard your claim about how much more "likely" you are to get hacked at home than in the cloud. 

"Millions" is a number, right? And, I gave you specific hacking events, at least one of which affected you. 1) About 50 million Evernote users had their passwords reset. The data accessed? Unknown. 2) My medical records. That would be the number 1. But, if we look at other hacks, 100 million were hacked just last year http://www.foxnews.com/politics/2015/12/23/cyberattack-surge-100m-medical-records-hacked-in-2015-officials-say.html. 3) My credit card information. That would be the number 1. But, if we look at other hacks, Target lost about 40 million credit card numbers the other day. 4) Dropbox. I think they had about 20 million users back in 2011. 5) My Ashley Madison account. That would be the number 1. No. Just kidding. There were over 30 million for that hack. 6) The US government lost about 20 million personnel files. What are we up to now? About 260 million people's data on third-party servers were hacked. And, these are just a few random examples. Are you honestly going to argue that more people at home (about the entire population of the US) are getting their information hacked, even by your definition of "hacking"? I find that doubtful. 

Why does it matter? Well, if you think we are more likely to get hacked at home, that suggests Evernote's cloud is safer, and there really isn't much incentive for us to push them for more security, or for them to offer it. However, if the reality is the opposite, and it is glaringly obvious that unencrypted data on the cloud puts hundreds of millions of us at risk every day, I'd say that is great incentive for Evernote to step up and distinguish themselves from other services by offering the most secure and reliable cloud environment available for your second brain. That beats work chat any day, in my opinion. 

Link to comment
  • 0
  • Level 5*

By the way, this argument isn't theoretical or a matter of semantics. Today Evernote published the second part of a blog post about how to use Evernote for your taxes. It sounds really convenient and I'd love to do it, but without encryption, I don't think it is such a good idea. Why not?

Well, the blog post concludes by saying: "If you have any remaining tax-related paper, ask your accountant or tax preparer if you can keep scanned copies of it instead—if you can, scan it to Evernote and shred the paper." Sounds like good advice, except that it demonstrates to me that Evernote sees its service as a safe place to keep your data unencrypted. You shred it at home (which is under lock and key among hundreds of millions of other homes with piles and piles of worthless paper), as if someone is likely to break into your house, rifle through your stuff, and steal your tax papers. But, you leave it online, where it could potentially be accessed by anyone anonymously and with near total impunity. That sounds like a terrible idea.

You might say that could never happen. But, it has happened already with Dropbox. https://www.grahamcluley.com/2014/05/dropbox-box-leak/ 

Some users might say that Evernote is not Dropbox, so it is OK. I don't have a good answer for that except to say that Evernote has been hacked in the past, and if something can happen to one cloud provider, it can happen to others, so why not give users the tools to protect themselves, just in case?

Other users might say that my claim above sounds impossible, because Dropbox is encrypted, and it actually undermines my point about encryption, because didn't I just finish a long post about how much we need it? Yes, Dropbox encrypts the data, but they hold the key. What I am looking for is zero knowledge encryption -- no employee could read it. No one except for you. 

Tech savvy users might say that is all fine and good, but the Dropbox problem was connected with sharing. OK. True. But, with a secure service (like SpiderOak), your shared stuff can be password protected, and when you share the link, it comes with a password for the other party. In other words, the link is insufficient to get the document, and the user would be protected, even from a mistake like the one Dropbox made.

Long story short, I think Evernote needs to change its position on encryption and that will only come about when they recognize the unnecessary risks they are exposing their users to, especially when they advocate storing sensitive data in the service. I know the developers know much more than I do about encryption, and I am certain they are capable of implementing it -- some of them even have security backgrounds, and they take the physical security of the data centers very seriously. What I don't know is why they continue to resist prioritizing it. That has been a mystery for nearly a decade now.

Link to comment
  • 0
  • Level 5*
5 hours ago, GrumpyMonkey said:

Why does it matter? Well, if you think we are more likely to get hacked at home, that suggests Evernote's cloud is safer, and there really isn't much incentive for us to push them for more security, or for them to offer it.

Nope, your inference is wrong.  I never said nor suggested that the "Evernote's cloud is safer".

I don't know why you keep belaboring this point.  You seem to keep ignoring my point: 

On 3/9/2016 at 4:31 PM, JMichaelTX said:

There is no such thing as 100% secure.

That's all.  So if anyone thinks they can be 100% safe just by never putting anything in the Cloud, then they would be sadly mistaken.

Now, can we get back to the real issue:  How do we convince companies like Evernote to offer zero-knowledge encryption?

Link to comment
  • 0
  • Level 5*
On March 11, 2016 at 0:28 PM, Joshow said:

I think it would be so useful to have the option to password protect per notebook, as opposed to just one password for the entire app.

How would you see this working with search - would candidates only be listed if you've "unlocked" the notebook?

  • Like 2
Link to comment
  • 0
On 2/8/2016 at 5:26 AM, Sylvain D. said:

It seems to me th is whole debate on password protected notes (lots of users requesting it, and Evernote team steadily turning it down for years) is the result of a misunderstanding. 

Basically the users are saying that password protected notes would add a little privacy in case their wife, husband or children click on the Evernote link in the family computer browser

Evernote people are saying that:

- this would give a false sense of security and that it's better to properly encrypt the secret part of the notes within or outside Evernote.

- that it would make searching into these notes impossible etc.

Well we're mixing up security and privacy+ease of use here: Users aren't even asking for the password Encrypted notes, they're asking for password Protected notes: if you have the password/pin code you can see the note, if you don't well, you can't. 

Users are ready to accept that this is not a top-notch security feature, it doesn't need to show on your (impressive) security overview page. Classify it as an ease of use feature if you will. As long as people don't log off their account when they're they're fully responsible of what happens with it when they're not around. However this feature will give them some peace of mind and possibility to do some damage control in case they eventually forget to log off some time.

Regards. 

 

This. Give me the ability to put some basic level of non-access on specific notes/notebooks.

I am not trying to stop someone who is legitimately trying to hack my computer. I am not trying to stop a determined IT professional at my office. Those situations make up 0.001% of the cases I care about.

99.999% of the time is just someone casually using my computer during a work meeting or other casual situation. They either don't mean to look - they click on the wrong note, or on the wrong notebook and the first note that pops up is something personal like some a note on my parent's finances - or they purposefully click when the casual opportunity exists. Let's be honest it is human nature to peek but given even the least resistance wouldn't try further. In either case a very simple level of protection would suffice and I am pretty sure this is all most of us are asking for.

I don't care if the note remains unencrypted. I don't care if it is in fact still sitting on my hard drive unencrypted. I just want the program to not DISPLAY it until I type in a password or PIN.

Help me protect from casual/opportunistic situations and I would be on Professional version in a heartbeat because it would let me use the program for both work and personal. I am not putting super secret things on there that will ruin me...just stuff I would prefer not be made public. 99.999% of the time any ridiculously simple form of privacy would suffice.

I am not trying to protect super secret stuff but just don't want certain things casually available.

Link to comment
  • 0

Evernote's opposition to this feature is beyond understanding. It looks like religious radicalism to me.

 

As far as i'm concerned, the moment if i happen to find a solution which suits my need instead of looking down on their users and lecturing them on how they should behave with their own data (like "you should encrypt your notes out of the tool", are you serious ?!), i'll be out of it.

Link to comment
  • 0
  • Level 5*
1 hour ago, Sylvain D. said:

Evernote's opposition to this feature is beyond understanding. It looks like religious radicalism to me

As far as i'm concerned, the moment if i happen to find a solution which suits my need instead of looking down on their users and lecturing them on how they should behave with their own data (like "you should encrypt your notes out of the tool", are you serious ?!), i'll be out of it.

Can someone point to me where Evernote has expressed opposition to encryption?

There are a huge list of other features that are missing in the apps.  It's not that Evernote has expressed opposition to those either.

There are limited resources and some features are going to be implemented before others. There are priorities.

Meanwhile, I have used work-arounds so that I can encrypt notes.

Link to comment
  • 0
  • Level 5*
9 minutes ago, DTLow said:

Can someone point to me where Evernote has expressed opposition to encryption?

There are several forms of expressing opposition to something, and Evernote has done all of these over the years:

  1. Do nothing, voice no opinion, even after requests for many years by many users
  2. Suggest loss of user features, like being unable to search
  3. Stating it is not a business priority (see below)

@Rich Tener is Evernote’s head of security.

On 2/1/2016 at 3:49 PM, Rich Tener said:

@JMichaelTX, the new encrypted text block will still only encrypt plain text like it does today. Adding fully encrypted notes or notebooks still isn't a business priority, so we don't have any plans to add those features.

Link to comment
  • 0
36 minutes ago, DTLow said:

Can someone point to me where Evernote has expressed opposition to encryption?

There are a huge list of other features that are missing in the apps.  It's not that Evernote has expressed opposition to those either.

There are limited resources and some features are going to be implemented before others. There are priorities.

Meanwhile, I have used work-arounds so that I can encrypt notes.

I want to be very clear. We aren't asking for encryption. We are asking for something as simple as not loading the screen with the note/notebook until a password is entered. 

Again, not looking for any true security but rather protection from the most casual / opportunistic peeking which solves 99.9%+ of occurrences we care about. 

Everyone recognizes Evernote is not meant as a vault but rather convenience. 

Link to comment
  • 0
  • Level 5*
51 minutes ago, mkg said:

I want to be very clear. We aren't asking for encryption. We are asking for something as simple as not loading the screen with the note/notebook until a password is entered. 

It wasn't clear - You are posting in a discussion which started
 

On April 13, 2015 at 1:31 PM, elgrayso said:

Password Encrypt certain notes. 

I agree password protected notebooks is separate from encryption and is a feature which Evernote should consider.
But again, its a question of priorities - which feature should be addressed first, and which platform?

Password protected notebooks is posted as a feature request at https://discussion.evernote.com/topic/94861-password-protection-for-individual-notebooks/?do=findComment&comment=400794 

also here in the Mac forum https://discussion.evernote.com/topic/66306-request-password-protected-notebooks/?do=findComment&comment=299249

Please upvote the request (voting buttons in the top left corner). 

Link to comment
  • 0
  • Level 5*
45 minutes ago, DTLow said:

It wasn't clear - You are posting in a discussion which started

Really?  It was clear to me when @mkg stated several posts ago (yesterday):

On 3/17/2016 at 11:35 AM, mkg said:

I don't care if the note remains unencrypted. I don't care if it is in fact still sitting on my hard drive unencrypted. I just want the program to not DISPLAY it until I type in a password or PIN.

Seems like a reasonable request, since it is already available on mobile devices.

48 minutes ago, DTLow said:

But again, its a question of priorities - which feature should be addressed first, and which platform?

We, as users, can't really deal with priorities other than casting an UpVote.  I think pretty much everyone understands that every software company will get more requests than they can afford to implement.  So, IMO, for each request, users can vote, and state their case for, or against the request.

But it should be clear to all that even if a request gets a huge number of UpVotes, it does not mean that request will be accepted or implemented.  Ultimately Evernote will decide what they believe is in their best business interest, as evidenced by the post by the Evernote Security Chief.  This is pretty much how it works with all software companies, although some seem to be more sensitive to user needs/requests than others.  Some companies get it right, some get it wrong, such as WordPerfect and Blackberry.

Good luck to all.  May your requests be fulfilled soon!

Link to comment
  • 0
  • Level 5*

Personally, I am not interested in the least in simply password protected notes or notebooks. If Evernote implements password protection, that's fine, but it doesn't really do anything for me. It is, as others have mentioned, largely (not completely) a separate issue from encryption. 

What I want to see is encryption for notes and notebooks. Other apps have mastered this, so it isn't an impossible technical feat beyond the skills of Evernote developers. You can search in them just fine, so that is a red herring. Some even require a password every time you open the app -- a solution that would seem to address both problems (password protection and encryption). The problem, as far as I can tell, is a lack of will. Evernote hasn't prioritized this (or passwords on notes), so it hasn't happened. 

If Evernote is still meant to be our external brain, I think that implies a lot of very personal / sensitive information will be stored in it, so I think we'd all benefit from encryption. Requiring a password (touch id on iOS) to open the app and encrypting the contents would be a wonderful solution, in my opinion.

Link to comment
  • 0
  • Level 5*

Well, I see that there are two levels of security that would be useful a lot of folks:

  1. Simple password protect the account and/or specific notebooks
    1. This is designed to keep "honest people honest"  :-)
    2. Keep out prying eyes of family or co-workers
    3. But offer no real barrier to serious hackers
    4. Easy to use, and hopefully easy to implement (but who knows?)
  2. Zero-Knowledge Encryption
    1. The ultimate in security/privacy protection
    2. Designed to keep your info private from everyone, including hackers, government, and the company who stores your info.
    3. Of course, we have to realize there is no such thing as 100% security
    4. Only security that is better than others
Link to comment
  • 0

I wish someone would just do something.  I just want the ability to password protect Evernote on my Mac exactly the way they do it on iOS.  You don't enter the password, you don't get to see the notes.  And give us the opportunity to set a timeout when the password will be required again.  What is so hard about this?  I'm not asking for encryption.  I just want someone to not be able to get in.  

  • Like 2
Link to comment
  • 0
  • Level 5*
45 minutes ago, pirate727 said:

 I just want the ability to password protect Evernote on my Mac exactly the way they do it on iOS.

I'm not sure how you're doing this on IOS.

If you sign out of the app, you have to enter a password to sign in.

Most people (including myself) don't bother to sign out, and never have to sign in after the initial sign in.

>>And give us the opportunity to set a timeout when the password will be required again.

Although its not available in Evernote, there is a password timeout setting you can specify on the Mac

Link to comment
  • 0
1 hour ago, DTLow said:

If you sign out of the app, you have to enter a password to sign in.

I don't actually sign out of Evernote on iOS.  I just close the app.  When I reopen the app, it requires the 4 digit passcode I set up for it.  The latest version allows me to use Touch ID to get in.  I think this is a premium feature.  But it requests the password every time upon reopen.

>>Although its not available in Evernote, there is a password timeout setting you can specify on the Mac.

I guess I never even thought about the Mac (screen) password.  Suddenly it makes me want to make it more than just a 4 digit number.  LOL  But that would work.

<Question> If you change your password on the Evernote website, will it prevent access at the PC level until the correct password is entered, or will it still show you the local notes and just not sync?

Link to comment
  • 0
  • Level 5*
23 minutes ago, pirate727 said:

If you change your password on the Evernote website, will it prevent access at the PC level until the correct password is entered, or will it still show you the local notes and just not sync?

If you sign out, when signing back in, my understanding is that the Evernote will connect to the cloud severs to verify the password.  In fact, thats a downside to signing out - you need internet access to sign back in

>>When I reopen the app, it requires the 4 digit passcode I set up for it.
Got it - you're asking for the pin code feature on the Mac

Link to comment
  • 0

This is really not an optional feature. I have one Premium account that I use for Work and personal. Really don't want my Book of Shadows, novel and Status of repainting the family room on my work system. As has been stated a simple password is fine. 

But this has obviously been a featurerequested without action for a long time. Significant enough for me that I am considering moving to One Note.

 

Link to comment
  • 0

Dropbox just implemented the ability to add a pin or use your thumb to access it, which I'm super happy about as there are some files I'd prefer people not to see by accident (e.g. finances).  I would love it if Evernote implemented something as sweet and simple as that, accepting it's not encrypted.

I appreciate there is a list of priorities, however it's surprising that this hasn't been addressed as yet as I would imagine a significant proportion of the user base use Evernote for business and personal notes which are sensitive in nature.

Wholly agree with mkg, when he says "Again, not looking for any true security but rather protection from the most casual / opportunistic peeking which solves 99.9%+ of occurrences we care about. "

Link to comment
  • 0
  • Level 5*
1 hour ago, jacobsevernoteideas said:

GREAT IDEA...I have shared some notes with colleagues via my phone & thought it would be really nice to have some notes inaccessible...especially for a Premium User.

In the meantime, to make notes inaccessible, you can encrypt the text and pdf attachments.

Link to comment
  • 0

I use Evernote everyday for about 3 years, but there is something important that I am missing, what might be a reason to switch to another tool.
In these days of security issues/discussions Evernote should have this feature: password/pin protected notes or notebook.
I like to put passwords for websites etc as a reminder in Evernote or other secret stuff.
For now it is to risky..

If Evernote doesn't want to loose the race with free apps from Apple en Microsoft it should offer more benefits.

 

 

Link to comment
  • 0
On 4/16/2016 at 3:55 AM, dfo said:

I use Evernote everyday for about 3 years, but there is something important that I am missing, what might be a reason to switch to another tool.
In these days of security issues/discussions Evernote should have this feature: password/pin protected notes or notebook.
I like to put passwords for websites etc as a reminder in Evernote or other secret stuff.
For now it is to risky..

If Evernote doesn't want to loose the race with free apps from Apple en Microsoft it should offer more benefits.

 

 

Hey there @dfo, welcome to the Forums! Please check out this previous thread and add your vote, our development team regularly reviews product feedback submitted through the Evernote User Forum.

 

 

Link to comment
  • 0
  • Level 5*
13 hours ago, Totobob said:

I would like to have a notebook that is protected from display by a password.

I up-voted the feature request

Have you looked a encryption?

- Text within a note can be encrypted with a password

- pdf attachments can be encrypted with a password

Link to comment
  • 0

+1

Surprised this hasn't implemented yet.  Please add.  

I would like to keep a personal journal and store important and sensitive information in Evernote but do not feel comfortable without a password to protect a notebook in which this information would be stored. 

Link to comment
  • 0

Dear EN Team! I love EN!

I would really like to use EN for things that I wouldn't want anyone else to read, like a private journal. A bit of extra security hear would really open EN up to new territory for me. In this, Search should not show results when the notebook is closed/locked (in fact, search doesn't need to work outside in with this notebook at all).

 

Graciously,

Tyler

 
  • Like 3
Link to comment
  • 0

Hi Tyler! Thanks for the feature idea. This is a request we've been getting from our users, so we're looking into what's required to get this off the ground. Thanks for your patience as we work towards this.

Link to comment
  • 0
  • Level 5*
4 hours ago, BeneficialBob said:

Notebook encryption is the number 1 thing that is holding back people from using Evernote more. It should be raised in priority. 

I don't know if it is the number one thing, because people generally seem apathetic about security, with an attitude that security is impossible, so why bother? It's unfortunate, because even if encryption is not 100% security (nothing is), it is pretty effective.

https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html

Evernote knows more than we do about encryption, and even had a private meeting with Snowden in 2015 to talk about it, but to no avail. Snowden has a pretty authoratative voice when it comes to encryption.

https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html

I am not terribly optimistic about the possibilty of changing things at Evernote, because years of requesting it have not had any effect. But, if lots of people put pressure on Evernote, perhaps it will adopt better encryption. It fits their company philosophy (three data laws), it fits the product (put everything in it), and it certainly fits the trend among companies dealing with cloud security.

Speaking for myself, I use other apps for data I wouldn't be comfortable printing out and distributing at a party (Would you really want to share everything you clipped from the web? Is that anyone else's business?), so relatively little goes into my Evernote account anymore. I still recommend it to students and even did a class the other day on how to incorporate it into their studies, but with the warning that they be very careful about putting anything personal into it (actually, notes can be very personal as well, so they got a warning about that too).

 

 

Link to comment
  • 0
  • Level 5*

Well, if there is one thing it seems that many of us can agree upon, it is that Evernote should offer zero-key encryption on a per Notebook basis.

Having said that, one can become so obsessive about security, that they almost never do anything, go anywhere, share anything.  I suppose that is one approach, but not one for me.

While the use of, and benefit of, Evernote would be much improved by the encryption I mentioned above, it is still very useful now if one simply takes reasonable precautions:

  1. Before putting into Evernote, Use AES-256 encryption in PDF or zip (some zip tools now offer 256-AES) files for all information that is sensitive
  2. Don't put anything unencrypted into Evernote that could be harmful to you, or you would be embarrassed by, if obtained by a malicious third party.

For me, the pretty much covers everything I would want to put into Evernote.

Link to comment
  • 0
  • Level 5*

True. Evernote can still be useful (it is for me), but there are other convenient tools out there that have encryption, so it isn't a matter of never going anywhere or never doing anything -- you simply use something besides Evernote. In the case of Apple Notes, it just takes a touch of your fingerr to encrypt. I would say this is the worst outcome for Evernote, and I am sorry to see it, but it was a choice they made.

The good news is that Evernote has many, many more features than a lot of its competitors, and it does a lot of things better. If only they had encryption, I think it would all really come together into a perfect package. 

Link to comment
  • 0
  • Level 5*
On June 3, 2016 at 4:16 PM, GrumpyMonkey said:

I don't know if it is the number one thing, because people generally seem apathetic about security, with an attitude that security is impossible, so why bother?

I think you're right about the apathy.
For me, the information I need encrypted, is encrypted.  
There are many third party tools out there.
 
I'm not going to let the Evernote feature set prevent me from encryption,
In fact - I'm not sure I want my notes locked into Evernote because I want to control the encryption/decryption.

My preferred method is encrypted pdfs, using my Mac Preview feature.
Its not the strongest encryption, but its convienent and the resulting attachment is portable.

  • Like 1
Link to comment
  • 0

I would have liked to open Evernote app on my Mac similarly as I do on my iOS devices (iPhone or iPad). On my iOS devices I enter a simple passcode. I am surprised that this is not available for Evernote on Mac, since a Mac can be shared by family members (wife, children, etc).

Solutions such as signing out of Evernote app is not so simple. You have to enter both username and password, together with a 2-step verification code. Constantly signing out and in would be too cumbersome. A simple 4-digit passcode would hold.

It is interesting that passcode is available in Evernote for iOS devices and these devices are password protected. You must unlock an iOS device in order to use it. However, a Mac is usually unlocked if it is shared among family members. If you share a computer with your family, the computer is "open" for use. My point is that it is more necessary to have a passcode for Evernote on desktop computers or laptops, than on iOS devices (or android devices).

Some has suggested to have a guest account or that each member of family has its own account. The problem is that some software, such as Adobe Creative Cloud, are pestering with notifications across the user accounts, and even prompt for passwords! My 10-year-old kid (on his account) was very confused by such pestering notifications. So, having multiple accounts is not an ideal solution for my needs. A simple passcode would hold.

  • Like 1
Link to comment
  • 0

Hi

Or being able to mark some notebooks as private and a need to re-renter password before anything (search, context, tags etc.) is shown from the private notebooks.

Let me explain the reasoning/use case of why anyone would ever want this feature. I have a premium account and I have started keeping articles, notes in evernote. But before that I was using evernote for private stuff - diary. Now I want to use evernote during my work also to access the public stuff (articles etc. mentioned earlier) and add to them. Now I don't want to have my diary open at my work station. But I want my stuff to be at one place (the reason I am using evernote in the first place). So it would be great if I could mark some notebooks as private and nothing from them shows up till I manually go and unlock them using my password.

Currently the only way I could do that was by putting all the public stuff into a public notebook and sharing it with a dummy evernote account that I log in during my work.

 

My organization does not use evernote business and I am not even remotely interested in trying to convince anyone to start using evernote right now because of the following 

  1. we are primary linux based
  2. the web client is not good enough

So please don't suggest to go for Evernote business.

  • Like 2
Link to comment
  • 0
  • Level 5*

Hi.  Totally understand your use case,  and I agree this could be useful for some technically savvy users.  But Evernote is about being useful to its 200M users - most (or at least a significant portion) of whom won't leave a workstation open for others to see,  or more probably won't have anyone who could see it.  I don't see this being developed in the near future.  You may be better off looking elsewhere for your note-taking software...

Link to comment
  • 0

Hi Aseem! Thanks for the idea. It's one we've heard before, but it's generally been directed at the desktop teams. As a workaround, I know there are extensions that shut down certain tabs if you haven't looked at it in a while - possibly it could be configured to password protect certain sites? Haven't looked into it, tbh

  • Like 1
Link to comment
  • 0
  • Level 5*

...and actually you wouldn't have to go 'public' with a notebook to share it with your work account. If you opened another basic account and used that for private items,  share a notebook with your desktop account which you can open via a browser window if and when necessary.  Shut down the window and the notes are 'hidden' again..

Link to comment
  • 0
7 hours ago, gazumped said:

...and actually you wouldn't have to go 'public' with a notebook to share it with your work account. If you opened another basic account and used that for private items,  share a notebook with your desktop account which you can open via a browser window if and when necessary.  Shut down the window and the notes are 'hidden' again..

The problem with multi account approach is that it is messy because Evernote has weird limitations of not allowing me to add new tags to a shared notebook. And spreading things  around goes against the idea of evernote in the first place.

 

21 hours ago, scruggles said:

Hi Aseem! Thanks for the idea. It's one we've heard before, but it's generally been directed at the desktop teams. As a workaround, I know there are extensions that shut down certain tabs if you haven't looked at it in a while - possibly it could be configured to password protect certain sites? Haven't looked into it, tbh

Work around can be done. Multiple accounts is a work around that I am using. But that is not really convenient. Say I am sitting with a colleague and I we are working on something. Both of us looking at the screen. I need to look up something and I search. Now the search also turns up some notes that are in the private category. And the situation may turn odd.

Usually when I am at home and using my laptop I login into the premium account on the web. Now the first thing in the morning I have to remember that I need to logout premium account and login the basic/public account. If I forget and I open up the tab Evernote web turns up all notes by default in the order created. It usually contains private category and public category. 

Say I want someone's help and let someone sit on my workstation with me standing behind. They want to access the article that I was just reading. But hey I cannot let them do that as search can turn up things that I don't them to be able to see. 

I can go on with the use case basing on Evernote's motto "The more you keep in Evernote the better it gets". But lack of some features make it inconvenient. 

Link to comment
  • 0
21 hours ago, scruggles said:

Hi Aseem! Thanks for the idea. It's one we've heard before, but it's generally been directed at the desktop teams. As a workaround, I know there are extensions that shut down certain tabs if you haven't looked at it in a while - possibly it could be configured to password protect certain sites? Haven't looked into it, tbh

Also what do you "generally been directed at the desktop teams"? Didn't get that.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...