Jump to content
Join the #EverBetterChallenge and finish what you start in 2019. Read more... ×

Idea

Recommended Posts

  • 0

Only genuine employees get an employee badge.

  • Like 1

Share this post


Link to post
  • 0

We should all keep in mind that none of us here, who are not Evernote employees, have the data to declare what is an "edge case" or what is a "common" use case.  

 

While it is generally accepted that forums tend to attract more users with complaints than with praise, I have seen studies that suggest that for every complaint posted, there are probably many more users with the same complaint who either don't bother to post, or just quit using the product.  Some estimate that there are 10X, or greater, the users with the complaint that don't post.  

 

This is certainly true for me.  I, along with many other users, hate the Mac iTunes UI.  Yet I have never made even one post in an Apple forum, or to Apple feedback, voicing my complaint.

 

All of this is purely academic, and irrelevant.   ;)

 

What ultimately matters is what Evernote decides to provide.

 

I am encouraged by one thing Evernote Security Head stated:

 

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.

 

Why would Evernote appoint a Head of Security who is pro encryption if, as a business, they did not have any interest in providing it?  IAC, he is in a great position to continue to voice the need for this feature to the people that make the decisions.

 

So, I think there is good reason to continue to request better encryption, and to hope that Evernote will provide it, albeit that it is not likely to be provided in the near term.

Share this post


Link to post
  • 0

I'm wondering what more one might want from a security model than trust no one encryption with a multitude of multi factor login options.

And to add in LP enterprise, the usage logging across the enterprise is great, and much more useful to me than a personal decentralized model like keypass or 1password.

 

From my perspective, LastPass represents a massive target, and they've had enough near/partial breach scenarios that I wasn't willing to trust all my data to their security. They take security very seriously, and are good about communicating to their users, but this last attack was enough motivation for me to switch to something else (that, plus the utter awfulness of their UI).

 

I'm not a security expert, but I like 1password's approach: there is no centralized server to hack. All data is encrypted locally via individual data blobs. If you use Dropbox to sync your 1password files, like I do, these encrypted blobs are on the Dropbox server, but they're not linked to Dropbox for decryption. They have a good explanation of authentication vs. encryption that sums it up nicely: authentication (what Evernote uses for cloud access) is more flexible, but encryption is safer. 1password also has really strong stand-alone apps on Android, iOS, etc.

  • Like 1

Share this post


Link to post
  • 0

I'm not a security expert, but I like 1password's approach: there is no centralized server to hack. All data is encrypted locally via individual data blobs. If you use Dropbox to sync your 1password files, like I do, these encrypted blobs are on the Dropbox server, but they're not linked to Dropbox for decryption. They have a good explanation of authentication vs. encryption that sums it up nicely: authentication (what Evernote uses for cloud access) is more flexible, but encryption is safer. 1password also has really strong stand-alone apps on Android, iOS, etc.

 

 

Excellent point about 1Password.

 

Further, once I open 1Password on *any* device that I've sync'd via Dropbox, all data within 1PW is completely searchable.

I do this all the time, and it works well.

 

So, those that say encryption prevents searching, might want to rethink that statement.   ;)

 

The other great thing is that when 1PW app is closed, I can't read the data via other means.  So it is always secure on my Mac.  :)

  • Like 1

Share this post


Link to post
  • 0

Naw, it really isn't any different.

Presumably most people are using dropbox or icloud to sync their 1password library.

So on the one hand you have a sync service distributing a pre-encrypted blob which the sync service cannot decrypt.

And on the other you have LastPass.  Also a sync service distributing a pre-encrypted blob which the sync service cannot decrypt.

Just like in this thread, where some are asking for TNO pre-encryption for notes which the sync service cannot decrypt.

 

In all cases, even if the service was hacked, that doesn't get you into the encrypted data.

Further I would argue that the security oversight, controls, and history are better with Lastpass than icloud and dropbox.

If you were not following security news, did you hear from Dropbox when a software update allowed for about an hour, all accounts to be logged in with any password entered?  Lastpass errs on the side of caution and transparency, whereas icloud and dropbox are far more opaque. 

 

Unlike using Dropbox/icloud to sync/distribute my passwords, with Lastpass we can:

  • restrict which countries can log in
  • restrict login attempts from TOR
  • turn off email verification/bypass for unknown devices and locations
  • pick from 8 different multi-factor options (including up to 5 Yubikeys on one account). 
  • scale it up to supporting a whole enterprise
    • keeping items encrypted and access logged, but being able to share single items, folders or nested folders.
    • being able to keep enterprise and personal sites separate and usable in a single view, but separate-able with a single click. Or letting them use read-only credentials to log in without being able to view them.
    • being able to report on or create automated reminders for weak or duplicated passwords across all lastpass accounts.
    • Being able to view in a report the master password strength and multi-factor use across the enterprise to determine that no one needed to change their passwords based on a maybe that hashes but not encrypted blobs might have been lost, in the last LP notification.  Knowing there isn't enough life in the universe to have time to crack the hashes.  And that even if they did and had credentials, they still couldn't log in to download a encrypted blob.

 

Because the Lastpass service is tightly integrated with the app, there is great site by site, note by note usage/access logging for verification purposes.

Other than a strong password, do you know with reasonable certainty, that no one else has accessed data in your vault, or is not currently attempting to brute force into a copy of your vault?

 

Lastpass too can be used completely offline.  Via any of, the stored encrypted blob +plus browser plugin, mobile apps, the windows app LastPass Pocket, Portable thumbdrive instances.

There's every reason Evernote could a do a very similar model.

Share this post


Link to post
  • 0

As stated before, all should be encrypted, period, and it will be at some point in time, whatever tool we are using some time from now will have EVERYTHING encrypted, ALL the time, that's one. Now the question is what and by when will provide this functionality, personally i don't think it is a matter of prioritizing requirements, rather it should be perceived as a basic need. Ask yourself why you would want to post any un-encrypted data anywhere? A hand written note is un-encrypted, and that's ok, since only those few individuals in and around the "note" can read it. Take a picture of it and post it online, in the cloud, and suddenly it's ok that anybody can read it (after user names/passwords have leaked or ....), why is that? This discussion will appear strange a while from now, when all is encrypted all the time. 

 

Agreed 100%. Evernote has the choice to be a leader in this space, or a follower once the rest of the world is on board. There's a groundswell pushing toward "https everywhere", VPN for security (I just backed an Indiegogo product called Keezel that creates dead-simple VPN for all devices via WiFi), and there have been such an unrelenting stream of massive hacks and data breaches, digital security is something even casual users are starting to think about...but even if they're not demanding better security from Evernote, there's no reason why Evernote should wait around to deliver it. Users might not think what they have in their notebooks need securing, but with the prevalence of identity theft, even casual, seemingly innocent bits of information could be used against them.

 

Evernote's seemingly casual approach to security - there isn't even a password option on the desktop client - will not help them in the long run.

  • Like 1

Share this post


Link to post
  • 0

A couple of months ago I decided to give up on them and moved over to DevonThink Pro Office and rendered my use of Evernote for useless webclips I come across while searching online for stuff. I must say this movement is causing me real trouble because I have information spread in two platforms and I guess I will little by little move away from Evernote totally, as it is quite a PITA my current setup..After so many years of being an Evernote advocate and supporting Evernote as a Premium User since 2009 (or 2008 I can't remember), my next step will be to downgrade my account. Too bad I did not remember to stop the automatic renewal I set back then with my paypal account.

 

Give Pocket a try. It's a great cross-platform tool for web reading - I used to use Evernote for that purpose, but ultimately found it pretty clunky. Pocket is really focused and fast at what it does.

 

I too am seeing less value from Evernote and may let my account downgrade - I simply don't get the value from it that I used to as I've moved more of my data to 1password. And I used to be a HARDCORE Evernote evangelist!  :(

Share this post


Link to post
  • 0

i think the searchability thing is probably a red herring. other apps manage to achieve full zero-knowledge encryption and still have the contents searchable.

i also think the "i don't need encryption" sentiment is probably not so widespread. it peobably ought to be restated as "i don't need encryption that gets in my way." if the encryption was seemless, as it is with other apps, who wouldn't appreciate more security?

0% of my notes in evernote ever were encrypted, because it has always been cumbersome, and for many years it was ineffective. local notebooks are wonderful, as long as they don't get uploaded to evernote servers (this has happened in the past) and you don't use multiple devices. 100% of my stuff is encrypted in other apps, because it happens in the background, and i don't even notice it.

if evernote had the will, i am sure there is a way. it is (as i always say), their choice. but, a choice it is, not technical difficulties (as far as i can tell).

  • Like 1

Share this post


Link to post
  • 0

<snip> other apps manage to achieve full zero-knowledge encryption and still have the contents searchable. <snip>

 

 

Is there a Windows program that has zero-knowledge (trust no one) encryption and is searchable?

Share this post


Link to post
  • 0

<snip> other apps manage to achieve full zero-knowledge encryption and still have the contents searchable. <snip>

 

Is there a Windows program that has zero-knowledge (trust no one) encryption and is searchable?

onenote? i don't know about searching (sorry, i don't use it). my problem is syncing with other devices, and when it comes to that, there are only a couple of osx / ios things out there. if you only use one device, get a surface, use evernote local notebooks, and you are all set.

Share this post


Link to post
  • 0

No, not OneNote.

 

See: https://spekxvision.wordpress.com/2015/04/14/still-no-secure-cloud-sync-for-onenote/

 

"OneNote 2013 does offer strong encryption, and in fact this is TNO. You can enter a password for a section in any of the Windows/iphone/iPad apps, and the section will be encrypted on the client side. The downside, and it is a big downside, is that you have to do this for each section individually.. not notebook, or section group, but each section. If you have tens or hundreds of sections in your notebook, as I do, that means typing the password for each one when you want to open it!

It also means that you can’t search or index that section while it’s locked – it’s only when you open it, that it can be read. This is equivalent to encrypting each file on disk (since OneNote does indeed use a file for each section).

So – I tried this for a while, and immediately found it a pain to use.. I have a section for each client, product, project, and doing a ‘search all’ would take ten minutes just to temporarily unlock each one. Ideally, they would allow a password to be bulk-applied to multiple sections, so you can unlock the lot in a single action, but they don’t."

 

What ever OneNote does or doesn't do with encryption isn't greatly different than Evernote does in more Apples to Apples comparisons.

Meaning that you aren't just dumping a OneNote file in OneDrive/Skydrive or running it locally.

But actually putting it on Sharepoint Online for collaboration, browser access, sync to ipad, etc.

Encryption is either unavailable or no different than Evernote's.

  • Like 1

Share this post


Link to post
  • 0

i think the searchability thing is probably a red herring. other apps manage to achieve full zero-knowledge encryption and still have the contents searchable.

i also think the "i don't need encryption" sentiment is probably not so widespread. it peobably ought to be restated as "i don't need encryption that gets in my way." if the encryption was seemless, as it is with other apps, who wouldn't appreciate more security?

0% of my notes in evernote ever were encrypted, because it has always been cumbersome, and for many years it was ineffective. local notebooks are wonderful, as long as they don't get uploaded to evernote servers (this has happened in the past) and you don't use multiple devices. 100% of my stuff is encrypted in other apps, because it happens in the background, and i don't even notice it.

if evernote had the will, i am sure there is a way. it is (as i always say), their choice. but, a choice it is, not technical difficulties (as far as i can tell).

I couldn't have phrased it any better!!!!

Share this post


Link to post
  • 0

unfortunately, windows is kind of barren right now. it sounds like onenote isn't the answer either, though sections seem light years ahead of text (evernote).

on mac, i'd recommend devonthink, which syncs without the cloud at all. if you want to sync via dropbox, it works effortlessly, [EDIT: security issue it had with DB resolved]-- a combination of spideroak and indexing makes everything available on any platform. it works really well.

http://www.christopher-mayo.com/?p=2376

voodoopad recently revamped its backend to increase encryption security, but the app is really slow to get updates, so it is difficult to recommend. it is the only app, though, that has managed to get encryption + dropbox sync working seamlessly (when devonthink revises its security, it will be a better choice, i think). if a single independent developer managed to implement seamless encryption years ago, why can't evernote's team of dozens do it?

nvalt also has encryption, but only for text (what it is built for). it's been humming along for years, but brett is working on something new, so we might have yet another mac option soon. again, one guy managed to do what evernote's team couldn't / wouldn't.

there is still no one like evernote (on every platform) who has mastered encryption, but onenote is inching ahead (in my opinion). i doubt the onenote team (or any of the other developers) are "better" than evernote's. they just decided encryption was necessary, and evernote hasn't made that decision.

this is a great time for evernote to stand up and distinguish itself as the most secure notetaking / personal information manager for everyone. i wish they would.

[EDIT]: added a bit more stuff.

  • Like 3

Share this post


Link to post
  • 0

there is still no one like evernote (on every platform) who has mastered encryption, but onenote is inching ahed (in my opinion). this is a great time for evernote to stand up and distinguish itself as the most secure notetaking / personal information manager for everyone. i wish they would.

 

Roger that!   :D

  • Like 1

Share this post


Link to post
  • 0
That is sort of what I expected. As I suggested on my earlier post, Evernote is concentrating on the larger marketplace.

 

"There are some people who would like ultra high-level encryption to cover 100% of their entire Evernote database, but it appears that Evernote believes there is a much bigger market comprised of general users."

 

Searchable zero-knowledge (trust no one) encryption is a wonderful concept (that has been requested for several years), but for a program supporting multiple O/S, including Windows, it's as scarce as hen's teeth. 

 

So until something shows up and proves itself in the future, I will stick with my notebook and use a variety of programs, as well as Evernote with note encryption. Thank you for the suggestions.

  • Like 1

Share this post


Link to post
  • 0

Oh... and about the OneNote "TNO" encryption...

Maybe not so much (other than perhaps you bought a retail copy that you use in your own home):

 

https://technet.microsoft.com/en-us/library/cc179125.aspx

  • If you do allow users to password protect documents, and they later forget or lose the password, you can use the DocRecrypt tool to reset or remove the password. For more information, see the Remove or reset file passwords in Office 2013 article.

  • And the selection of encryption methods can be controlled through group policy.  AES and 3DES shouldn't be assumed.  They can be configured to be any of:

    • AES, DES, DESX, 3DES, 3DES_112, and RC2

  • https://technet.microsoft.com/en-us/library/jj923033.aspx

    • Previously, if the original creator of a file password either forgot the password or left the organization, the file was rendered unrecoverable. By using Office 2013 and an escrow key, which is generated from your company or organization’s private key certificate store, an IT admin can “unlock” the file for a user and then either leave the file without password protection, or assign a new password to the file. You, the IT admin, are the keeper of the escrow key which is generated from your company or organization’s private key certificate store. You can silently push the public key information to client computers one time through a registry key setting that you can manually create or you can create it through a Group Policy script. When a user later creates a password-protected Office 2013 Word, Excel, or PowerPoint file, this public key is included in the file header. Later, an IT pro can use the Office DocRecrypt tool to remove the password that is attached to the file, and then, optionally, protect the file by using a new password.

And you have to wonder that there wouldn't be an escrow key on Sharepoint Online hosted content.

  • Like 1

Share this post


Link to post
  • 0

Oh... and about the OneNote "TNO" encryption...

Maybe not so much (other than perhaps you bought a retail copy that you use in your own home):

 

https://technet.microsoft.com/en-us/library/cc179125.aspx

  • If you do allow users to password protect documents, and they later forget or lose the password, you can use the DocRecrypt tool to reset or remove the password. For more information, see the Remove or reset file passwords in Office 2013 article.

  • And the selection of encryption methods can be controlled through group policy.  AES and 3DES shouldn't be assumed.  They can be configured to be any of:

    • AES, DES, DESX, 3DES, 3DES_112, and RC2

  • https://technet.microsoft.com/en-us/library/jj923033.aspx

    • Previously, if the original creator of a file password either forgot the password or left the organization, the file was rendered unrecoverable. By using Office 2013 and an escrow key, which is generated from your company or organization’s private key certificate store, an IT admin can “unlock” the file for a user and then either leave the file without password protection, or assign a new password to the file. You, the IT admin, are the keeper of the escrow key which is generated from your company or organization’s private key certificate store. You can silently push the public key information to client computers one time through a registry key setting that you can manually create or you can create it through a Group Policy script. When a user later creates a password-protected Office 2013 Word, Excel, or PowerPoint file, this public key is included in the file header. Later, an IT pro can use the Office DocRecrypt tool to remove the password that is attached to the file, and then, optionally, protect the file by using a new password.

And you have to wonder that there wouldn't be an escrow key on Sharepoint Online hosted content.

 

 

this is for a corporate environment in which the corporation is given control over the function of the keys (quite a bit of control, in fact, with lots of options). this sounds like a good thing, especially for a company who wants to use encryption widely.

 

for individual users, my understanding is that you can encrypt with zero-knowledge encryption -- only you have the key. 

Share this post


Link to post
  • 0

i think the searchability thing is probably a red herring. other apps manage to achieve full zero-knowledge encryption and still have the contents searchable.

i also think the "i don't need encryption" sentiment is probably not so widespread. it peobably ought to be restated as "i don't need encryption that gets in my way." if the encryption was seemless, as it is with other apps, who wouldn't appreciate more security?

0% of my notes in evernote ever were encrypted, because it has always been cumbersome, and for many years it was ineffective. local notebooks are wonderful, as long as they don't get uploaded to evernote servers (this has happened in the past) and you don't use multiple devices. 100% of my stuff is encrypted in other apps, because it happens in the background, and i don't even notice it.

if evernote had the will, i am sure there is a way. it is (as i always say), their choice. but, a choice it is, not technical difficulties (as far as i can tell).

 

Totally agree with the red herring statement, it's distracting.

 

Wrt privacy, see "why privacy matters", i also think we're reasoning upside down here, basic principle needs to be, all encrypted, default. 

 

We need to move from postcard thinking, where everyone can read, to correspondence in an envelope, not able (not allowed) to be read by all, along the way. 

 

 

A couple of months ago I decided to give up on them and moved over to DevonThink Pro Office and rendered my use of Evernote for useless webclips I come across while searching online for stuff. I must say this movement is causing me real trouble because I have information spread in two platforms and I guess I will little by little move away from Evernote totally, as it is quite a PITA my current setup..After so many years of being an Evernote advocate and supporting Evernote as a Premium User since 2009 (or 2008 I can't remember), my next step will be to downgrade my account. Too bad I did not remember to stop the automatic renewal I set back then with my paypal account.

 

Give Pocket a try. It's a great cross-platform tool for web reading - I used to use Evernote for that purpose, but ultimately found it pretty clunky. Pocket is really focused and fast at what it does.

 

I too am seeing less value from Evernote and may let my account downgrade - I simply don't get the value from it that I used to as I've moved more of my data to 1password. And I used to be a HARDCORE Evernote evangelist!  :(

 

 

Thanks for the very useful suggestions. 

Share this post


Link to post
  • 0

+1 for the password protect notes.

Can it really be so difficult guys?

 

And before gazumped chimes in with with password protecting shopping lists I'd like to point out that my shopping list & memoirs would be happily open to all snoopers. Knock yourself out.

However, for the vast majority of users who have a sensitive note here and there a password protected option would be extremely useful.

 

If Evernote touts itself as a "take anywhere" tool then it has to understand a stolen mobile phone or tablet is quite a common occurrence and providing an extra layer of protection on top of the device's own is very desirable.

Hell, make it a paid only option if you like, but please make it. 

  • Like 1

Share this post


Link to post
  • 0

Not gonna comment on shopping lists ;) but yes,  it can be "so difficult".  Basic problem being - do you want to search your secured notes?  Still want OCR on the server for documents and pictures?  Still want access to notes in (at least) six different primary operating systems? There's no software out there (that I'm aware of) can search an encrypted database,  and if your search index is to be used from any device with any OS you need (at least) six different software developments going for an app that can use the same encryption protocols no matter which OS they're running in.

 

There's encryption which does run in different OS's,  but that's a lock-it-and-forget approach which doesn't allow for search and OCR along the way..

 

So it'll cost hundreds of thousands or some millions to code,  and you're willing to buy it;  that makes about 10 possible customers so far...

  • Like 2

Share this post


Link to post
  • 0

andy,

yeah there are lots of programmers that have managed to allow encrypted notes and such in their apps, Lastpass etc. but obviously we are evernote users and dont want to use multiple apps depending on what kind of notes we have. 

 

gazumped seems to really have a problem with the idea of passworded notes; he keeps wracking his brain to come up with reasons it would be a bad idea. this time he shifted the discussion to "how do you search inside of encrypted notes, thats impossible, millions of dollars would be needed, willing to buy it yourself?". 
*facepalm*
i appreciate the snideness, but no we aren't asking to search inside password protected notes (no one even brought that up). we just want to be able to be able to password protect them, its actually a pretty simple concept. I'm sure it would take some effort on Evernotes part to figure it out, but it does seem like a pretty important function and I think they will implement it at some point, but it appears it's not a priority for them atm. 

  • Like 1

Share this post


Link to post
  • 0

 , but it appears it's not a priority for them

Regardless of your opinion on Gaz's replies, right there is your answer. It's Evernote's product and if they choose to not implement any stronger/better encryption, it's certainly their choice, If it's a deal breaker for anyone, then it's the user's choice to use an app that better suits their needs.

  • Like 1

Share this post


Link to post
  • 0

I just started using Evernote but damn this is a huge hurdle for me. I'm not sure I can continue using without such a simple thing.

 

Why on earth is it not part of Evernote already and why are people having to beg for it?!

Share this post


Link to post
  • 0

What a lot of rubbish.  I just joined this forum having activated evernote, and finding it suits my needs pretty well.   The only thing I couldn't find was how to password protect a notebook.  I can't believe how many threads there are on this topic and yet the developers ignore the issue.  Utter rubbish.   Why do you people bother asking the powers that be for it when you've been ignored for over 3 years?.  All you people protesting have got too much time on your hands. I'm not wasting my time,  I'm cancelling my registration and going over to OneNote.  Total forum membership period = 10 minutes.   Time wasted on this = 15 minutes including registration, plus the time it will take to delete evernote from all my devices.    Rubbish.   

  • Like 1

Share this post


Link to post
  • 0

You did say it very harsh but i am afraid, you are right.

I will also go out of evernote because they do not want to secure my data.

Sorry, but this is the only way to point out that they are on the wrong track.

Share this post


Link to post
  • 0

I am astonished my premium account still doesn't let me have my macbook app protected with some basic password. I don't know if I will continue to pay the premium if I can't have security across devices.

Share this post


Link to post
  • 0

+1

 

If no password protection, then there should be a method to exclude certain results from search as minimum privacy. Best solution so far is to use OS X's autocomplete feature so that a phrase types out as "-tag:private", and do this every time. Why can't we just exclude a notebook from search, either permanently or with -notebook: syntax?

Share this post


Link to post
  • 0

What a lot of rubbish.  I just joined this forum having activated evernote, and finding it suits my needs pretty well.   The only thing I couldn't find was how to password protect a notebook.  I can't believe how many threads there are on this topic and yet the developers ignore the issue.  Utter rubbish.   Why do you people bother asking the powers that be for it when you've been ignored for over 3 years?.  All you people protesting have got too much time on your hands. I'm not wasting my time,  I'm cancelling my registration and going over to OneNote.  Total forum membership period = 10 minutes.   Time wasted on this = 15 minutes including registration, plus the time it will take to delete evernote from all my devices.    Rubbish.   

 

The controversy of your opinion is in your second sentence. You just joined Evernote, and it did not suit your needs in terms of security - no time wasted, - move to another solution. That's cool, and another good customer decision argument for Evernote to prioritize encryption.

 

Most of the people discussing this particular topic are with Evernote from the beginning, they have more than 2000 notes and when information security things heated up, followed by data leak in Evernote, and then in some other major companies, we all understood the importance of protecting our data. Now it is easy to jump from 0 notes in Evernote to zero notes in OneNote, in fact, it is exactly 10 minutes. However, it is really difficult to move from 2k notes from one product to another. I am now testing OneNote and even after only 2 years of Evernote, it is very complicated for me to get used to different workflows. My point is that all those guys protesting in reality don't have much time and this is why they put pressure on Evernote - for now, the cost of moving to another system is higher than the cost of using workarounds for data protection or not to store private data at all.

 

Moreover, this topic was and is a source of inspiration for some third-party products, so it is definitely not rubbish.

  • Like 2

Share this post


Link to post
  • 0

Like several others, I would like at a minimum, a notebook password option. There are private things that need that level of protection. I have my computer protected, but as some have noted, we may have some things like journals or medical notes that we want absolute privacy on. I have been using Evernote premium for a few years, but am considering finding something else. 

  • Like 1

Share this post


Link to post
  • 0

You can up-vote this post by clicking the up arrow to the left of the thread title.

 

Up-vote Post.jpg

  • Like 2

Share this post


Link to post
  • 0

Much has been said here. I just wanted to cast my vote for password protected notebooks. 

Encrypting text is ok, however the text which is so valuable that you would encrypt it...can be deleted without decrypting it. That user flow doesn't make sense to me. It's a great first step.

I would love to lock a note and/or a notebook.

As many have mentioned, the need for feature keeps me using other software while still loving my Evernote.

Thanks

  • Like 1

Share this post


Link to post
  • 0

OK - I got the message - you'd like encryption done at the notebook level and I'm sure the people at EN have noted it.

I don't understand why this prevents you from using Evernote. 

Yes, it means you have to work around this, probably encrypting the data before you import it, or using local notebooks.

Does this really make it impossible to use Evernote?

Has anyone tried out the app Saferoom?  It seems to be the best solution I can find.

  • Like 1

Share this post


Link to post
  • 0
On August 18, 2015 at 5:35 AM, bambooparadox said:

+1 for password protected notebooks

+1 for password protected notes

+1 for password protected text including embedded pictures (jpg-screenshots)

So, it's not sufficient to have a password on the device, and a password on Evernote, you want Evernote to implement 3 other levels of password.

If I was this concerned about a note, I would have it encrypted.

If I was this concerned about notebooks during a presentation, I would be using a special presentation account.

Share this post


Link to post
  • 0
On November 8, 2015 at 4:37 PM, nddean said:

I am astonished my premium account still doesn't let me have my macbook app protected with some basic password. I don't know if I will continue to pay the premium if I can't have security across devices.

The Evernote app on my Mac has sign in/off with password

Share this post


Link to post
  • 0
16 minutes ago, DTLow said:

The Evernote app on my Mac has sign in/off with password

This option is helpful, but not convenient enough. Sign in/off for data protection requires that you should be paranoid about it - you need constantly to remember log off every time. 

I don't store in Evernote government secrets, I don't need serious encryption and I don't want really thinking about it all the time. What I need is convenient option to protect my medical and financial notebooks from the eyes of my friends and coworkers without losing easiness of access to other notebooks. 

Edited by Siberian

Share this post


Link to post
  • 0

wow can't believe this so basic feature is missing ??

Just upgraded to premium account and now I noticed this feature is missing so I probably going to cancel because I really need this feature.

 

Share this post


Link to post
  • 0

I loved Evernote, but I have now switched to OneNote. After all this time one would think the company would respond to all these users, but no response. :angry:

Share this post


Link to post
  • 0
1 minute ago, dancer said:

I loved Evernote, but I have now switched to OneNote. After all this time one would think the company would respond to all these users, but no response. :angry:

Have moved to OneNote also, far better.

Share this post


Link to post
  • 0
16 minutes ago, EasyTiger said:

Have moved to OneNote also, far better.

It just depends on what you want.  Neither Evernote nor OneNote will fit everyone's needs.
Even though there are parts of the UI I don't like, and some features I'd really like to have, IMO, Evernote is far better than OneNote, especially in:

  • Cross platform syncing
  • Web clipping
  • Searching
  • Tagging

Share this post


Link to post
  • 0
24 minutes ago, dancer said:

After all this time one would think the company would respond to all these users, but no response. :angry:

I thought the inferred response was: No, not at this time ?

I'm sure they've taken note of the suggestion, and all the +1s and voting.

Its so nice of you OneNoters to participate in the Evernote forums.
Do you see much Evernote posts in the OneNote forums.

Share this post


Link to post
  • 0

This would be such a great improvement and it's strange it's not implemented yet.

Perfect for diaries etc.

Share this post


Link to post
  • 0

100% agree here.  Really want this feature.  I use Evernote at work and don't want my search results from OKCupid showing up onscreen when searching for something on Google with a colleague.  So I disable the help on the web.  But I store technical notes and personal notes with Evernote and the twain should not mix.  Could get two Evernote accounts, but I have Premium and want Premium features all the time.  So what should I do?   

Share this post


Link to post
  • 0
On 1/30/2016 at 10:30 AM, wealthychef said:

But I store technical notes and personal notes with Evernote and the twain should not mix.  Could get two Evernote accounts, but I have Premium and want Premium features all the time.  So what should I do?

I know this is not the answer you'd like to see, but I don't see any alternatives to separate Evernote accounts if you want to ensure your personal notes don't ever show up in your work Evernote and/or work google searches.

Share this post


Link to post
  • 0
On 8/27/2015 at 6:36 PM, JMichaelTX said:

 

Roger that!   :D

Please do this Evernote. Please be the one application/site that people can depend upon to have true privacy.

Share this post


Link to post
  • 0

Yes, it's strange that something along these lines is not implemented.  Even just a password to open the app on a computer would be welcome.  I do currently use the pin on the Android app.  What is also strange is the responses on these forums suggesting that maybe this isn't the app for me if I'm looking for this kind of thing.  

The only reason that I am an Evernote user is because of the combination of these 2 features:

A_)  Automatic searchable "ocr" of images and pdfs.  This is huge.  Until Onenote I am not aware of any similar software that can do this effectively.  I want need this ability to take pictures of documents and other things and find them later without creating tags or notes at the time I took the photo or scanned the document.  

B_)  The cross platform sync that allows me to use a desktop app on OSX and an Android mobile.  

I've found most of Evernote to be quite pleasant.  I don't often have trouble with syncing, the web clipper is indeed pretty nice and the overall flow of it is smooth.  

I'm just starting to play with Onenote but it doesn't look promising.  The Android app is too limited.  I'm also concerned about being tied to Microsoft.  I spent considerable time searching for an open source option that I could host myself but couldn't find anything suitable.  I honestly don't feel that I have other options.  

It's a shame that Evernote hasn't found it's way yet.  And I'm troubled that once they do find their way, they will leave behind many great ideas that someone should be able to continue using.  

Share this post


Link to post
  • 0
20 minutes ago, Chmedly said:

Even just a password to open the app on a computer would be welcome

If you sign out of Evernote before you quit/exit, it will require a sign in the next time you open Evernote.
Note that you must have an Internet connection and connect to the EN Cloud to sign in.

Share this post


Link to post
  • 0

i understand the use case, but passwords seem kind of meaningless to me when everything is still searchable (mac) and unencrypted so that anyone with basic computer literacy can rifle through your stuff. 

the problem on a computer has a simple, elegant, and considerably more secure solution: a guest user account. a single click and you can hand your computer over to someone without any worries about them indg your data (assuming a friend or relative sitting next to you -- a hacker would make mincemeat of this).

when you step away from your computer, just turn on the password-protected screen saver (a swipe on the mac using hot corners). problem solved, right?

  • Like 1

Share this post


Link to post
  • 0

It seems to me th is whole debate on password protected notes (lots of users requesting it, and Evernote team steadily turning it down for years) is the result of a misunderstanding. 

Basically the users are saying that password protected notes would add a little privacy in case their wife, husband or children click on the Evernote link in the family computer browser

Evernote people are saying that:

- this would give a false sense of security and that it's better to properly encrypt the secret part of the notes within or outside Evernote.

- that it would make searching into these notes impossible etc.

Well we're mixing up security and privacy+ease of use here: Users aren't even asking for the password Encrypted notes, they're asking for password Protected notes: if you have the password/pin code you can see the note, if you don't well, you can't. 

Users are ready to accept that this is not a top-notch security feature, it doesn't need to show on your (impressive) security overview page. Classify it as an ease of use feature if you will. As long as people don't log off their account when they're they're fully responsible of what happens with it when they're not around. However this feature will give them some peace of mind and possibility to do some damage control in case they eventually forget to log off some time.

Regards. 

 

  • Like 2

Share this post


Link to post
  • 0

+1  I really want this feature.   It is simply not enough to provide a screen saver password.   I have kids that access my computer for various things.  Mostly school stuff , Netflix and youtube.      And that god forsaken Mine Craft.

I have notes that pertain to business, diaries and some notes that are adult in nature.   I don't want kids that have access to my computer to also have access to my evernote.   I would really love to have a password per notebook so that I can let kids use the evernote but not access the diary and other personal data.

 

Please add this feature!   Nothing complex.  Just something that I can put a simple lock code on.    The IPhone App allows a 4 digit code. . .  That would be awesome on my Mac.

 

Share this post


Link to post
  • 0

Just adding another voice to this. For me it's important  that I can get to most of my notebooks without having to use a password because I use it 'on the hoof' to record all kinds of stuff and don't want to be slowed down tapping in a password on an iPhone etc.

However I would like some notebooks for sensitive information that are password protected. I'm not worried about the CIA or any such concerns that need encryption, I just don't want other people using my computer to be able to see some stuff. 

As it is I use the  'Day One' app which is perfect for the security that I require but the text formatting is too limited and I'd ideally use evernote if I could

Share this post


Link to post
  • 0
3 hours ago, MyCall said:

I just don't want other people using my computer to be able to see some stuff. 

As mentioned above, you can sign out of Evernote.  Its what I would do if I shared my computer with other people.

Also, you might want to add your vote for this feature; left corner at the top of the page - the vote is now 12

Share this post


Link to post
  • 0

 

7 minutes ago, DTLow said:

As mentioned above, you can sign out of Evernote.  Its what I would do if I shared my computer with other people.

Also, you might want to add your vote for this feature; left corner at the top of the page - the vote is now 12

Yes I understood that and likewise I can password protect my entire account on the computer but as I stated I want instant access to most of my evernotebooks and only want to password protect some of them. Thanks for suggesting I vote which I have now done

Share this post


Link to post
  • 0

It's amazing that more than one and a half year after this idea was suggested it still hasn't been implemented yet. Really, the ability to protect a note or a notebook with a password is trivially implemented and would definitely attract the people who don't use Evernote for the lack of such a feature.

Share this post


Link to post
  • 0
18 hours ago, sophieschoice said:

Thanks for sharing this.  It's a great read, and I recommend that it be read by anyone concerned at all about the security of your information in Evernote.

Unfortunately it does not address our current concern about the lack of encryption of our notes on the EN Cloud servers.

Some key points:

Quote
Evernote Defends User Data Security and Transparency
Posted by Chris O’Neill, CEO on 03 Mar 2016
 
We created Evernote to be your digital brain. Shortly after we set that as our goal, we wrote our
3 Laws of Data Protection to codify these principles:
  1. Your Data is Yours
  2. Your Data is Protected
  3. Your Data is Portable
Our 3 Laws inform virtually every decision we make, and we believe they are worth fighting for.
. . .
That’s why Evernote is standing with Apple and other technology companies to protect the security of user data. In the interest of promoting trust and transparency, Evernote is signing on as an amicus curiae (“friend of the court”) on a legal brief to be filed today in support of Apple’s motion to vacate a court order compelling it to assist the FBI in bypassing security features to access an encrypted iPhone. Also joining the brief are Amazon.com, Box, Cisco Systems, Dropbox, Facebook, Google, Microsoft, Mozilla, Nest Labs, Pinterest, Slack, Snapchat, WhatsApp, and Yahoo.
. . .
We are committed to transparency about our responses to law enforcement data demands, and we believe our users should receive notice when government agencies request their data. We also disclose the number of requests for user data we receive each year through our Transparency Report.
. . .
When the government asks us for access to user data, we are going to make sure those requests are valid and narrowly tailored. We do this to defend your rights.

 

Share this post


Link to post
  • 0

There's an interesting distinction being made between data located on the physical device and data in the cloud. It's the exact same stuff in many cases, but it is treated completely differently. Both Apple and Evernote want to do everything possible to protect the security of the physical device. However, when it comes to the cloud, neither one wants to offer encryption. We don't think twice about locking the doors of our houses, which arguably contain much less "valuable" stuff than the cloud, but we can't get that kind of security for the cloud. People keep their sensitive financial documents in safes or locked filing cabinets, but we are encouraged to put that stuff into the cloud (Evernote had a blog post on that yesterday), where anyone in the world could (potentially) gain access. I wonder why that is. This attitude is pervasive among software developers -- it isn't just Evernote or Apple who have made this artificial distinction between data on the phone and on the servers.

Undeniably, the most egregious incidents of unauthorized access have been to data on the cloud -- sometimes millions of people at a time are put at risk by a single hack. Frankly speaking, the phone is not the weak point in the security equation. I like what I hear Apple saying about encryption and I like to hear Apple and Evernote's commitments to giving customers control over their data security, but until encryption becomes the default setting for everything on the cloud, we are all more exposed to risk than we should be. The technology is out there, ready and waiting to be included in the application.

  • Like 2

Share this post


Link to post
  • 0

@GrumpyMonkey - yup;  modern version of the old (and slightly creepy) saying:  "Two people can keep a secret - if one of them's dead"  (Allegedly by a certain Mr M Twain). 

If you want something 100% secure,  the cloud is not the way to go.

  • Like 2

Share this post


Link to post
  • 0
10 hours ago, gazumped said:

If you want something 100% secure,  the cloud is not the way to go.

There is no such thing as 100% secure.  Most people's home and PC/Mac are far easier to break into than most Cloud storage.  It  is far more likely that your spouse, partner, roommate, relative, friend will hack your computer that anyone will hack your Cloud storage.

There will always be some risk, but we must keep pushing on the companies that provide Cloud storage to provide highly secure, zero-knowledge encrypted storage of all of our data, or at least give us the option of doing so.

Share this post


Link to post
  • 0
2 hours ago, JMichaelTX said:

There is no such thing as 100% secure.  Most people's home and PC/Mac are far easier to break into than most Cloud storage.  It  is far more likely that your spouse, partner, roommate, relative, friend will hack your computer that anyone will hack your Cloud storage.

There will always be some risk, but we must keep pushing on the companies that provide Cloud storage to provide highly secure, zero-knowledge encrypted storage of all of our data, or at least give us the option of doing so.

I don't know about 100%, but I think we are talking about your being more secure off the cloud than on it. I haven't heard this before about home computers being easier to break into (I've got an encrypted drive and long, random password), or that someone you know is more likely to hack your computer (I suppose it depends on the kind of people you know). Do you have numbers for this claim?

Speaking from personal experience, people have tried (and often succeeded) in hacking "my" data on the cloud several times (is it "my" data when it is on someone else's servers and their terms of service clearly state that they aren't responsible if the data is hacked?) : (1) Evernote was hacked, (2) my medical records have apparently been stolen at least once (from a former university), (3) my credit card information has been leaked on numerous occasions through hacks (the latest one was last week, in fact), (4) and at one point Dropbox exposed every single user to hacking when it messed up an update and opened up all of the accounts. I wonder how the millions of customers at Ashley Madison would respond to your claim that family members are more likely to hack personal data? I wonder how the millions of people who had their personnel files leaked by the government would feel about that claim? I just don't think there are millions and millions of family members breaking into their loved ones' computers. And, they also aren't throwing that stuff online for everyone to see. The numbers don't seem to back up your claim. There is some pretty horrendous stuff going on out there, after all.

More importantly, to your last point, I don't know which one is "inherently" more or less secure -- the cloud or your home computer. In most cases, I suspect the cloud, if managed properly, has the potential to be much "more" secure, because we are talking about tight physical control over the data and the possibility of extremely well-trained security experts watching over it. One company I think is doing a great job of this is SpiderOak -- you have zero knowledge encryption, everything is built around the principle of protecting your security / privacy, and it seems like it would be pretty difficult to actually gain access to data, even if an employee somehow managed to rent a U-Haul, make off with all of the servers, because everything is encrypted. It's not 100% secure, but it is pretty close to it.

We agree on the conclusion, even if we don't on the steps you took to get there -- we ought to be expecting people who hold our data on their servers to at least offer us the option of zero-knowledge encryption.

  • Like 1

Share this post


Link to post
  • 0
4 hours ago, GrumpyMonkey said:

I don't know about 100%, but I think we are talking about your being more secure off the cloud than on it. I haven't heard this before about home computers being easier to break into (I've got an encrypted drive and long, random password), or that someone you know is more likely to hack your computer (I suppose it depends on the kind of people you know). Do you have numbers for this claim?

Perhaps I mislead you with the term "hack".  What I meant about your home computer being "hacked" is that it is likely that it is easily accessible to others in the household.  Often times people will share one computer with everyone in the household.  Often home users either don't use a password to login to their computer, or it is very simple, or it is shared with everyone, or at least some, in the household.  Even if they have separate computer logins, data about the other user is often accessible. Most  families/households have fights (some more than others), and breakups, estrangements, and theft of household members happens, but perhaps not often reported.  "Borrowing" of their parents credit cards, cash, jewelry, etc is not unheard of.  I would expect some sensitive information on the household computer to be accessed by others.

And then there is always the domestic help and repair people who are in people's homes, often without the owners being present.

In addition to that, home users are more likely to get a computer virus or trojan, giving access to others.  

I'm not going to get into a debate with you over statistics.  I haven't seen you present any "numbers" or statistics either.

My point is that just keeping your information out of the cloud does not give you the 100% security that @gazumped implied.

I see no reason to get sidetracked by this discussion when the main point, that we both agree on, is that:

7 hours ago, JMichaelTX said:

There will always be some risk, but we must keep pushing on the companies that provide Cloud storage to provide highly secure, zero-knowledge encrypted storage of all of our data, or at least give us the option of doing so.

 

Share this post


Link to post
  • 0
15 hours ago, JMichaelTX said:

does not give you the 100% security that @gazumped implied.

It rather depends what you're keeping secure.  Putting things in the cloud does not,  we all seem to agree,  give total security.  You can pretty much bet that not telling anyone else your secret,  and not writing it down anywhere,  works pretty well most of the time. Anything else is a compromise.

Share this post


Link to post
  • 0
17 hours ago, JMichaelTX said:

Perhaps I mislead you with the term "hack".  What I meant about your home computer being "hacked" is that it is likely that it is easily accessible to others in the household.  Often times people will share one computer with everyone in the household.  Often home users either don't use a password to login to their computer, or it is very simple, or it is shared with everyone, or at least some, in the household.  Even if they have separate computer logins, data about the other user is often accessible. Most  families/households have fights (some more than others), and breakups, estrangements, and theft of household members happens, but perhaps not often reported.  "Borrowing" of their parents credit cards, cash, jewelry, etc is not unheard of.  I would expect some sensitive information on the household computer to be accessed by others.

And then there is always the domestic help and repair people who are in people's homes, often without the owners being present.

In addition to that, home users are more likely to get a computer virus or trojan, giving access to others.  

I'm not going to get into a debate with you over statistics.  I haven't seen you present any "numbers" or statistics either.

My point is that just keeping your information out of the cloud does not give you the 100% security that @gazumped implied.

I see no reason to get sidetracked by this discussion when the main point, that we both agree on, is that:

 

If "hacking" means letting my family members use my computer, then I guess I have been "hacked" a lot. I am not terribly worried about my wife seeing our banking statements, after all, but I guess different families do stuff differently. I don't see any numbers yet, so I am going to disregard your claim about how much more "likely" you are to get hacked at home than in the cloud. 

"Millions" is a number, right? And, I gave you specific hacking events, at least one of which affected you. 1) About 50 million Evernote users had their passwords reset. The data accessed? Unknown. 2) My medical records. That would be the number 1. But, if we look at other hacks, 100 million were hacked just last year http://www.foxnews.com/politics/2015/12/23/cyberattack-surge-100m-medical-records-hacked-in-2015-officials-say.html. 3) My credit card information. That would be the number 1. But, if we look at other hacks, Target lost about 40 million credit card numbers the other day. 4) Dropbox. I think they had about 20 million users back in 2011. 5) My Ashley Madison account. That would be the number 1. No. Just kidding. There were over 30 million for that hack. 6) The US government lost about 20 million personnel files. What are we up to now? About 260 million people's data on third-party servers were hacked. And, these are just a few random examples. Are you honestly going to argue that more people at home (about the entire population of the US) are getting their information hacked, even by your definition of "hacking"? I find that doubtful. 

Why does it matter? Well, if you think we are more likely to get hacked at home, that suggests Evernote's cloud is safer, and there really isn't much incentive for us to push them for more security, or for them to offer it. However, if the reality is the opposite, and it is glaringly obvious that unencrypted data on the cloud puts hundreds of millions of us at risk every day, I'd say that is great incentive for Evernote to step up and distinguish themselves from other services by offering the most secure and reliable cloud environment available for your second brain. That beats work chat any day, in my opinion. 

Share this post


Link to post
  • 0

By the way, this argument isn't theoretical or a matter of semantics. Today Evernote published the second part of a blog post about how to use Evernote for your taxes. It sounds really convenient and I'd love to do it, but without encryption, I don't think it is such a good idea. Why not?

Well, the blog post concludes by saying: "If you have any remaining tax-related paper, ask your accountant or tax preparer if you can keep scanned copies of it instead—if you can, scan it to Evernote and shred the paper." Sounds like good advice, except that it demonstrates to me that Evernote sees its service as a safe place to keep your data unencrypted. You shred it at home (which is under lock and key among hundreds of millions of other homes with piles and piles of worthless paper), as if someone is likely to break into your house, rifle through your stuff, and steal your tax papers. But, you leave it online, where it could potentially be accessed by anyone anonymously and with near total impunity. That sounds like a terrible idea.

You might say that could never happen. But, it has happened already with Dropbox. https://www.grahamcluley.com/2014/05/dropbox-box-leak/ 

Some users might say that Evernote is not Dropbox, so it is OK. I don't have a good answer for that except to say that Evernote has been hacked in the past, and if something can happen to one cloud provider, it can happen to others, so why not give users the tools to protect themselves, just in case?

Other users might say that my claim above sounds impossible, because Dropbox is encrypted, and it actually undermines my point about encryption, because didn't I just finish a long post about how much we need it? Yes, Dropbox encrypts the data, but they hold the key. What I am looking for is zero knowledge encryption -- no employee could read it. No one except for you. 

Tech savvy users might say that is all fine and good, but the Dropbox problem was connected with sharing. OK. True. But, with a secure service (like SpiderOak), your shared stuff can be password protected, and when you share the link, it comes with a password for the other party. In other words, the link is insufficient to get the document, and the user would be protected, even from a mistake like the one Dropbox made.

Long story short, I think Evernote needs to change its position on encryption and that will only come about when they recognize the unnecessary risks they are exposing their users to, especially when they advocate storing sensitive data in the service. I know the developers know much more than I do about encryption, and I am certain they are capable of implementing it -- some of them even have security backgrounds, and they take the physical security of the data centers very seriously. What I don't know is why they continue to resist prioritizing it. That has been a mystery for nearly a decade now.

Share this post


Link to post
  • 0
5 hours ago, GrumpyMonkey said:

Why does it matter? Well, if you think we are more likely to get hacked at home, that suggests Evernote's cloud is safer, and there really isn't much incentive for us to push them for more security, or for them to offer it.

Nope, your inference is wrong.  I never said nor suggested that the "Evernote's cloud is safer".

I don't know why you keep belaboring this point.  You seem to keep ignoring my point: 

On 3/9/2016 at 4:31 PM, JMichaelTX said:

There is no such thing as 100% secure.

That's all.  So if anyone thinks they can be 100% safe just by never putting anything in the Cloud, then they would be sadly mistaken.

Now, can we get back to the real issue:  How do we convince companies like Evernote to offer zero-knowledge encryption?

Share this post


Link to post
  • 0
On March 11, 2016 at 0:28 PM, Joshow said:

I think it would be so useful to have the option to password protect per notebook, as opposed to just one password for the entire app.

How would you see this working with search - would candidates only be listed if you've "unlocked" the notebook?

  • Like 2

Share this post


Link to post
  • 0
On 2/8/2016 at 5:26 AM, Sylvain D. said:

It seems to me th is whole debate on password protected notes (lots of users requesting it, and Evernote team steadily turning it down for years) is the result of a misunderstanding. 

Basically the users are saying that password protected notes would add a little privacy in case their wife, husband or children click on the Evernote link in the family computer browser

Evernote people are saying that:

- this would give a false sense of security and that it's better to properly encrypt the secret part of the notes within or outside Evernote.

- that it would make searching into these notes impossible etc.

Well we're mixing up security and privacy+ease of use here: Users aren't even asking for the password Encrypted notes, they're asking for password Protected notes: if you have the password/pin code you can see the note, if you don't well, you can't. 

Users are ready to accept that this is not a top-notch security feature, it doesn't need to show on your (impressive) security overview page. Classify it as an ease of use feature if you will. As long as people don't log off their account when they're they're fully responsible of what happens with it when they're not around. However this feature will give them some peace of mind and possibility to do some damage control in case they eventually forget to log off some time.

Regards. 

 

This. Give me the ability to put some basic level of non-access on specific notes/notebooks.

I am not trying to stop someone who is legitimately trying to hack my computer. I am not trying to stop a determined IT professional at my office. Those situations make up 0.001% of the cases I care about.

99.999% of the time is just someone casually using my computer during a work meeting or other casual situation. They either don't mean to look - they click on the wrong note, or on the wrong notebook and the first note that pops up is something personal like some a note on my parent's finances - or they purposefully click when the casual opportunity exists. Let's be honest it is human nature to peek but given even the least resistance wouldn't try further. In either case a very simple level of protection would suffice and I am pretty sure this is all most of us are asking for.

I don't care if the note remains unencrypted. I don't care if it is in fact still sitting on my hard drive unencrypted. I just want the program to not DISPLAY it until I type in a password or PIN.

Help me protect from casual/opportunistic situations and I would be on Professional version in a heartbeat because it would let me use the program for both work and personal. I am not putting super secret things on there that will ruin me...just stuff I would prefer not be made public. 99.999% of the time any ridiculously simple form of privacy would suffice.

I am not trying to protect super secret stuff but just don't want certain things casually available.

Share this post


Link to post
  • 0

Evernote's opposition to this feature is beyond understanding. It looks like religious radicalism to me.

 

As far as i'm concerned, the moment if i happen to find a solution which suits my need instead of looking down on their users and lecturing them on how they should behave with their own data (like "you should encrypt your notes out of the tool", are you serious ?!), i'll be out of it.

Share this post


Link to post
  • 0
1 hour ago, Sylvain D. said:

Evernote's opposition to this feature is beyond understanding. It looks like religious radicalism to me

As far as i'm concerned, the moment if i happen to find a solution which suits my need instead of looking down on their users and lecturing them on how they should behave with their own data (like "you should encrypt your notes out of the tool", are you serious ?!), i'll be out of it.

Can someone point to me where Evernote has expressed opposition to encryption?

There are a huge list of other features that are missing in the apps.  It's not that Evernote has expressed opposition to those either.

There are limited resources and some features are going to be implemented before others. There are priorities.

Meanwhile, I have used work-arounds so that I can encrypt notes.

Share this post


Link to post
  • 0
9 minutes ago, DTLow said:

Can someone point to me where Evernote has expressed opposition to encryption?

There are several forms of expressing opposition to something, and Evernote has done all of these over the years:

  1. Do nothing, voice no opinion, even after requests for many years by many users
  2. Suggest loss of user features, like being unable to search
  3. Stating it is not a business priority (see below)

@Rich Tener is Evernote’s head of security.

On 2/1/2016 at 3:49 PM, Rich Tener said:

@JMichaelTX, the new encrypted text block will still only encrypt plain text like it does today. Adding fully encrypted notes or notebooks still isn't a business priority, so we don't have any plans to add those features.

Share this post


Link to post
  • 0
36 minutes ago, DTLow said:

Can someone point to me where Evernote has expressed opposition to encryption?

There are a huge list of other features that are missing in the apps.  It's not that Evernote has expressed opposition to those either.

There are limited resources and some features are going to be implemented before others. There are priorities.

Meanwhile, I have used work-arounds so that I can encrypt notes.

I want to be very clear. We aren't asking for encryption. We are asking for something as simple as not loading the screen with the note/notebook until a password is entered. 

Again, not looking for any true security but rather protection from the most casual / opportunistic peeking which solves 99.9%+ of occurrences we care about. 

Everyone recognizes Evernote is not meant as a vault but rather convenience. 

Share this post


Link to post
  • 0
51 minutes ago, mkg said:

I want to be very clear. We aren't asking for encryption. We are asking for something as simple as not loading the screen with the note/notebook until a password is entered. 

It wasn't clear - You are posting in a discussion which started
 

On April 13, 2015 at 1:31 PM, elgrayso said:

Password Encrypt certain notes. 

I agree password protected notebooks is separate from encryption and is a feature which Evernote should consider.
But again, its a question of priorities - which feature should be addressed first, and which platform?

Password protected notebooks is posted as a feature request at https://discussion.evernote.com/topic/94861-password-protection-for-individual-notebooks/?do=findComment&comment=400794 

also here in the Mac forum https://discussion.evernote.com/topic/66306-request-password-protected-notebooks/?do=findComment&comment=299249

Please upvote the request (voting buttons in the top left corner). 

Share this post


Link to post
  • 0
45 minutes ago, DTLow said:

It wasn't clear - You are posting in a discussion which started

Really?  It was clear to me when @mkg stated several posts ago (yesterday):

On 3/17/2016 at 11:35 AM, mkg said:

I don't care if the note remains unencrypted. I don't care if it is in fact still sitting on my hard drive unencrypted. I just want the program to not DISPLAY it until I type in a password or PIN.

Seems like a reasonable request, since it is already available on mobile devices.

48 minutes ago, DTLow said:

But again, its a question of priorities - which feature should be addressed first, and which platform?

We, as users, can't really deal with priorities other than casting an UpVote.  I think pretty much everyone understands that every software company will get more requests than they can afford to implement.  So, IMO, for each request, users can vote, and state their case for, or against the request.

But it should be clear to all that even if a request gets a huge number of UpVotes, it does not mean that request will be accepted or implemented.  Ultimately Evernote will decide what they believe is in their best business interest, as evidenced by the post by the Evernote Security Chief.  This is pretty much how it works with all software companies, although some seem to be more sensitive to user needs/requests than others.  Some companies get it right, some get it wrong, such as WordPerfect and Blackberry.

Good luck to all.  May your requests be fulfilled soon!

Share this post


Link to post
  • 0

Personally, I am not interested in the least in simply password protected notes or notebooks. If Evernote implements password protection, that's fine, but it doesn't really do anything for me. It is, as others have mentioned, largely (not completely) a separate issue from encryption. 

What I want to see is encryption for notes and notebooks. Other apps have mastered this, so it isn't an impossible technical feat beyond the skills of Evernote developers. You can search in them just fine, so that is a red herring. Some even require a password every time you open the app -- a solution that would seem to address both problems (password protection and encryption). The problem, as far as I can tell, is a lack of will. Evernote hasn't prioritized this (or passwords on notes), so it hasn't happened. 

If Evernote is still meant to be our external brain, I think that implies a lot of very personal / sensitive information will be stored in it, so I think we'd all benefit from encryption. Requiring a password (touch id on iOS) to open the app and encrypting the contents would be a wonderful solution, in my opinion.

Share this post


Link to post
  • 0

Well, I see that there are two levels of security that would be useful a lot of folks:

  1. Simple password protect the account and/or specific notebooks
    1. This is designed to keep "honest people honest"  :-)
    2. Keep out prying eyes of family or co-workers
    3. But offer no real barrier to serious hackers
    4. Easy to use, and hopefully easy to implement (but who knows?)
  2. Zero-Knowledge Encryption
    1. The ultimate in security/privacy protection
    2. Designed to keep your info private from everyone, including hackers, government, and the company who stores your info.
    3. Of course, we have to realize there is no such thing as 100% security
    4. Only security that is better than others

Share this post


Link to post
  • 0

I wish someone would just do something.  I just want the ability to password protect Evernote on my Mac exactly the way they do it on iOS.  You don't enter the password, you don't get to see the notes.  And give us the opportunity to set a timeout when the password will be required again.  What is so hard about this?  I'm not asking for encryption.  I just want someone to not be able to get in.  

  • Like 2

Share this post


Link to post
  • 0
45 minutes ago, pirate727 said:

 I just want the ability to password protect Evernote on my Mac exactly the way they do it on iOS.

I'm not sure how you're doing this on IOS.

If you sign out of the app, you have to enter a password to sign in.

Most people (including myself) don't bother to sign out, and never have to sign in after the initial sign in.

>>And give us the opportunity to set a timeout when the password will be required again.

Although its not available in Evernote, there is a password timeout setting you can specify on the Mac

Share this post


Link to post
  • 0
1 hour ago, DTLow said:

If you sign out of the app, you have to enter a password to sign in.

I don't actually sign out of Evernote on iOS.  I just close the app.  When I reopen the app, it requires the 4 digit passcode I set up for it.  The latest version allows me to use Touch ID to get in.  I think this is a premium feature.  But it requests the password every time upon reopen.

>>Although its not available in Evernote, there is a password timeout setting you can specify on the Mac.

I guess I never even thought about the Mac (screen) password.  Suddenly it makes me want to make it more than just a 4 digit number.  LOL  But that would work.

<Question> If you change your password on the Evernote website, will it prevent access at the PC level until the correct password is entered, or will it still show you the local notes and just not sync?

Share this post


Link to post
  • 0
23 minutes ago, pirate727 said:

If you change your password on the Evernote website, will it prevent access at the PC level until the correct password is entered, or will it still show you the local notes and just not sync?

If you sign out, when signing back in, my understanding is that the Evernote will connect to the cloud severs to verify the password.  In fact, thats a downside to signing out - you need internet access to sign back in

>>When I reopen the app, it requires the 4 digit passcode I set up for it.
Got it - you're asking for the pin code feature on the Mac

Share this post


Link to post
  • 0

This is really not an optional feature. I have one Premium account that I use for Work and personal. Really don't want my Book of Shadows, novel and Status of repainting the family room on my work system. As has been stated a simple password is fine. 

But this has obviously been a featurerequested without action for a long time. Significant enough for me that I am considering moving to One Note.

 

Share this post


Link to post
  • 0

Dropbox just implemented the ability to add a pin or use your thumb to access it, which I'm super happy about as there are some files I'd prefer people not to see by accident (e.g. finances).  I would love it if Evernote implemented something as sweet and simple as that, accepting it's not encrypted.

I appreciate there is a list of priorities, however it's surprising that this hasn't been addressed as yet as I would imagine a significant proportion of the user base use Evernote for business and personal notes which are sensitive in nature.

Wholly agree with mkg, when he says "Again, not looking for any true security but rather protection from the most casual / opportunistic peeking which solves 99.9%+ of occurrences we care about. "

Share this post


Link to post
  • 0
1 hour ago, jacobsevernoteideas said:

GREAT IDEA...I have shared some notes with colleagues via my phone & thought it would be really nice to have some notes inaccessible...especially for a Premium User.

In the meantime, to make notes inaccessible, you can encrypt the text and pdf attachments.

Share this post


Link to post
  • 0

I use Evernote everyday for about 3 years, but there is something important that I am missing, what might be a reason to switch to another tool.
In these days of security issues/discussions Evernote should have this feature: password/pin protected notes or notebook.
I like to put passwords for websites etc as a reminder in Evernote or other secret stuff.
For now it is to risky..

If Evernote doesn't want to loose the race with free apps from Apple en Microsoft it should offer more benefits.

 

 

Share this post


Link to post
  • 0
On 4/16/2016 at 3:55 AM, dfo said:

I use Evernote everyday for about 3 years, but there is something important that I am missing, what might be a reason to switch to another tool.
In these days of security issues/discussions Evernote should have this feature: password/pin protected notes or notebook.
I like to put passwords for websites etc as a reminder in Evernote or other secret stuff.
For now it is to risky..

If Evernote doesn't want to loose the race with free apps from Apple en Microsoft it should offer more benefits.

 

 

Hey there @dfo, welcome to the Forums! Please check out this previous thread and add your vote, our development team regularly reviews product feedback submitted through the Evernote User Forum.

 

 

Share this post


Link to post
  • 0
13 hours ago, Totobob said:

I would like to have a notebook that is protected from display by a password.

I up-voted the feature request

Have you looked a encryption?

- Text within a note can be encrypted with a password

- pdf attachments can be encrypted with a password

Share this post


Link to post
  • 0

+1 for this. All well and good for encrypting text, but when I snap pictures of credit card and bank statements I want protection on these too. 

Share this post


Link to post
  • 0

+1

Surprised this hasn't implemented yet.  Please add.  

I would like to keep a personal journal and store important and sensitive information in Evernote but do not feel comfortable without a password to protect a notebook in which this information would be stored. 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×