Jump to content

Idea

Recommended Posts

  • 0

+1

 

I really think that Evernote should look into implementing this. I would personally like to apply a simple way of securing a notebook/notes for my Journal.

 

Not to start this game - but OneNote have have password-protection for a long time... but to honest, I'm a huge evernote fan. It'd just be nice to have this feature.

 

Keep up the great work guys!

Share this post


Link to post
  • 0

Just popping in here - and first joining the forum community - to agree with the need to password-protect or encrypt whole notebooks, and also to suggest one work-around to my fellow frustrated users.

The greatest issue I've faced is at work. I use Evernote for work stuff, but am afraid of someone pulling up my journal and other private info, which could easily be done by accident by someone who is unfamiliar with EN. This has restricted my full use of EN at work - yet it's crucial to EN's long-term viability to be inclusive of all, or at least most, spheres of my life.

 

As a simple work-around, I just merged all the old entries in my journal into a single note, and encrypted it all together. This was a little harder than I thought it would be - I had to eliminate images and, surprisingly, lists with checkboxes, in order to encrypt everything. That wasn't a huge loss, since I had only a few images, and checkboxes aren't exactly a critical feature. However, this work-around wouldn't fly for stuff that really needs to remain in separate notes.

Share this post


Link to post
  • 0

+1 for me, too. 

 

Just need somewhere that I can put one more level between me any any other "wandering" eyes. 

 

Please give us a "password" option in the notebook settings. 

Share this post


Link to post
  • 0

This is a great request - please make this happen! 

 

I would like to use evernote as a repository for my account passwords 

Share this post


Link to post
  • 0

I have EN installed at home and my office. What freaks me out is that someone at work can easily dismount the hard drive, attach it to another PC and just copy the whole EN database, or just reboot the machine from a USB stick and copy all the EN data.

 

I could maybe use something like bitlocker or other hard drive encryption but in reality this would be overkill. Most of the time it is also impossible to use hard drive encryption due to work policy where you don't have authorization or control over these kind of changes.

 

An option to encrypt a notebook would be extremely welcome in this cases. LastPass encrypts the whole local database and is also fully searchable so I really don't understand why cannot Evernote do something like this. I will gladly pay for premium access just for this feature.

 

I will be contacting support for letting them know. There are many users that want this.

 

EDIT: Well, it looks like it is not possible to contact them directly if you are not a premium customer. The only option I had on the support pages was "Ask the community". Ridiculous that it is not possible to give them feedback. I wonder how much the EN official employers monitor this forum.

  • Like 3

Share this post


Link to post
  • 0

I have EN installed at home and my office. What freaks me out is that someone at work can easily dismount the hard drive, attach it to another PC and just copy the whole EN database, or just reboot the machine from a USB stick and copy all the EN data.

 

I could maybe use something like bitlocker or other hard drive encryption but in reality this would be overkill. Most of the time it is also impossible to use hard drive encryption due to work policy where you don't have authorization or control over these kind of changes.

 

An option to encrypt a notebook would be extremely welcome in this cases. LastPass encrypts the whole local database and is also fully searchable so I really don't understand why cannot Evernote do something like this. I will gladly pay for premium access just for this feature.

 

I will be contacting support for letting them know. There are many users that want this.

 

There is a third-party application that should be available soon to help alleviate the problem.

https://discussion.evernote.com/topic/81336-saferoom-zero-knowledge-encryption-for-evernote-and-more/

  • Like 2

Share this post


Link to post
  • 0

 

I have EN installed at home and my office. What freaks me out is that someone at work can easily dismount the hard drive, attach it to another PC and just copy the whole EN database, or just reboot the machine from a USB stick and copy all the EN data.

 

I could maybe use something like bitlocker or other hard drive encryption but in reality this would be overkill. Most of the time it is also impossible to use hard drive encryption due to work policy where you don't have authorization or control over these kind of changes.

 

An option to encrypt a notebook would be extremely welcome in this cases. LastPass encrypts the whole local database and is also fully searchable so I really don't understand why cannot Evernote do something like this. I will gladly pay for premium access just for this feature.

 

I will be contacting support for letting them know. There are many users that want this.

 

There is a third-party application that should be available soon to help alleviate the problem.

https://discussion.evernote.com/topic/81336-saferoom-zero-knowledge-encryption-for-evernote-and-more/

 

 

I've been beta-testing Saferoom for Mac and iOS, and it seems to do an admirable job of encrypting, though it comes with some MASSIVE trade-offs, and it is not exactly a simple application to use. 

The trade-offs largely are a result not of Saferoom's shortcomings, but because Evernote was simply not designed to have fully zero-knowledge-encrypted data within it. 

That being said, for people who desperately need to store confidential information in Evernote and are unable to use other options that exist because of finances or workflow constraints, Saferoom is deficiently a great option. 

 

I store my confidential information (well, its actually other people's confidential information), in a different program, Everything I store in Evernote is largely inconsequential if it leaks, so I'm not sure if I will have to rely on Saferoom a great deal, but it has definitely been fun to beta test. 

  • Like 1

Share this post


Link to post
  • 0

@Scott:

 

Thanks for sharing your use of Saferoom.

How would you compare using Saferoom to using encrypted PDFs in Evernote?

Share this post


Link to post
  • 0

Another yes from me.  I had taken all my high security, high value notes and put them in a local notebook.  They aren't notes I need to access often (e.g. letters exchanged in an on-going lawsuit might not be accessed more than once every two years, but when you need them they are critical).  I put them in a local notebook because I didn't want them getting hacked on the cloud, and Evernote has had security failures in the past.

 

To make a very long story short, in one of the Evernote upgrades, Evernote's own software wiped out my local notebooks.  I had them all backed up, but since I didn't know what upgrade wiped them out I didn't know what restore to use from the timeline of past backups.  I think it took about two weeks to get back most of what I lost (but I didn't get back a lot of it).

 

Anyway, the Evernote support guy told me he recommends never using local notebooks for this reason (and that's something when Evernote's own employees are telling you to stay away from a feature).  He told me to store everything online.  And then I asked about encryption, and then...well that's where this thread started.

  • Like 1

Share this post


Link to post
  • 0

Anyway, the Evernote support guy told me he recommends never using local notebooks for this reason (and that's something when Evernote's own employees are telling you to stay away from a feature).

That's scary for those of us who have local notebooks!

Share this post


Link to post
  • 0

@Scott:

 

Thanks for sharing your use of Saferoom.

How would you compare using Saferoom to using encrypted PDFs in Evernote?

Vastly different solutions to very different problems. Saferoom is capable of encrypting the entire contents of a note, both the text you write and the attachments you add. This means you could have a reasonably active note that you are modifying fairly regularly that is also zero-knowledge encrypted. Saferoom also works on iOS and Mac and Windows (perhaps Android?). You can access your encrypted content on any of those devices. 

 

Encrypted PDFs work well for, well, safeguarding PDF content. This content, however, is not easily modifiable, so this solution applies primarily to content you are not actively editing. Encrypted PDFs can also trip up some mobile devices, or some apps on some mobile devices, which makes it potentially a bit unreliable for ensuring you have access on all of your devices. 

 

 

It really depends on your needs. Encrypted PDFs are pretty easy to create and solve a very specific problem well. Saferoom works well for encrypting totally arbitrary content that you may be actively modifying, but it is a bit clunky. 

  • Like 2

Share this post


Link to post
  • 0

@Scott:

 

OK, thanks.  Most, if not all, of the info I need encrypted is static information, and usually in a PDF.

If it is NOT in a PDF, I can easily create the PDF from Word, Excel, etc.

So, for me, Saferoom does not offer that much of an advantage over encrypted PDFs.

 

What would be most useful to me is the exact subject of this thread:  Encrypt an entire Notebook.

That way I could just throw all my sensitive PDFs (or other data) into that Notebook and not have to bother with encrypting each and every PDF.

  • Like 2

Share this post


Link to post
  • 0

What would be most useful to me is the exact subject of this thread:  Encrypt an entire Notebook.

That way I could just throw all my sensitive PDFs (or other data) into that Notebook and not have to bother with encrypting each and every PDF.

Agreed. Ability to access content everywhere + real security would be a boost over local notebooks, particularly if EN support is advising users to avoid local notebooks due to data integrity issues.
  • Like 1

Share this post


Link to post
  • 0

I appreciate Saferoom's efforts to bring us something that EN is not providing but it does seem a little cumbersome at the moment.

After 2 years of discussion, I was hoping the EN developers would look at this thread and see the need and demand for such encryption. I am totally fine with not being able to index/search contents of encrypted notes if the contents are encrypted. That just makes sense to me as well.

Still keeping fingers cross this will one day happen.

  • Like 2

Share this post


Link to post
  • 0

I would love to see this feature implemented. I have been using evernote for a while now and I'm finally getting comfortable with it. I would really love for this feature to be enabled, contrary to what others may think,

 

I think this feature would be more helpful than a second account. Not a lot of people want to go through the hassle of relogging just to check a reminder or whatnot. We love your "All-in-One Place" feeling to the app, I think this would definitely help make evernote a personal experience.

Share this post


Link to post
  • 0

This is the one basic feature ive been waiting for since the beginning. Every year or so I look into it to see if they've added it yet. 

 

Password Encrypt certain notes. 

 

A lot of us keep our Evernote logged in on our "safe" personal computers (home and office). So anyone that sits down has full access to everything. Not to mention logging into evernote in a public place and having personal info pop up on the screen because it was the last note you made (as opposed to that note not displaying until you type in it's password). 

 

 

do we still not have this feature? just checking. 

 

Share this post


Link to post
  • 0

you are aware of course that you can encrypt the text of any part of a note or all of the text of a note?

is that not enough for you?

or maybe you have too many secrets?

:)

Share this post


Link to post
  • 0

ive tried text encryption. it doesnt work for me (Safari, Mavericks). No option when following the instructions. Look at this example of my top secret omlette recipe. (no right-click encryption options)

 

pesto.png

 

Even if it did work, I think highlighting a bunch of text ( a document could be very large) and encrypting and unencrypting every time is unintuitive and cumbersome to workflow. A document that quickly prompts you for a password when first opened would be extremely useful. 

Share this post


Link to post
  • 0

that's weird!

on my machine (in yosemite) it looks like this :

 

Screen%20Shot%202015-04-14%20at%209.35.0

 

do you also not have the option in the 'Edit' menu like this?

 

Screen%20Shot%202015-04-14%20at%209.34.3

  • Like 1

Share this post


Link to post
  • 0

it looks like it works when i use the software. 

however a lot of the time I am not on my home computer; i am at work, school, or a friends house. 

it wouldnt be an easy solution for me to install evernote on all of these each time. 

 

but thank you, i got my answer. i'll check back in a couple years and see if theyve added password protectable notes. i'm sure it will happen eventually. 

Share this post


Link to post
  • 0

I float in and out of the forums looking into encryption or "lockable" notebooks and would be happy to add my +1 to any type of extra security. Just call me paranoid but with all the privacy concerns, why would something as important as Evernote notes be left in the open and unlocked? 

Share this post


Link to post
  • 0

I'm not trying to sound like a scorned user, but this is one of the reasons I will probably switch to one note next month when my premium account is up for renewal. It's a fairly mundane request to be able to secure private notes, imo.

To be fair to evernote, I'm starting to like to more free form nature of onenote and the ability to sketch and handwrite (such that it is on an iPad) than enote allows for as well.

Share this post


Link to post
  • 0

I wish that Evernote worked like the tor browser iOS app, each time you opened the app, you put in a passcode then you can access your notes, this would work great with specific notes.

Share this post


Link to post
  • 0

It'd annoy the spit out of me every time I checked my shopping list though..

  • Like 1

Share this post


Link to post
  • 0

It'd annoy the spit out of me every time I checked my shopping list though..

 

Unless you had a secret sauce passed down through the generations...

Share this post


Link to post
  • 0

A lot of us keep our Evernote logged in on our "safe" personal computers (home and office). So anyone that sits down has full access to everything. Not to mention logging into evernote in a public place and having personal info pop up on the screen because it was the last note you made (as opposed to that note not displaying until you type in it's password). 

I'm all for note level encryption, but I don't think we need to include "safe" computer protection in the mix.  This can be managed with normal Windows screen saver password protection.  Protect EN and everything else that's open on the home/work system.

Share this post


Link to post
  • 0

I'm baffled as to how many posts and threads there are on this topic- I don't have time to read all of them.  But really, locking a notebook cannot be that hard to implement.   I use EN to store all kinds of content quickly from many devices- like 20+ notes per day.  I don't have time to sort through all the notes and tag them and put them in their own notebooks.  I have assistants who do this.  I don't want these assistants looking at some of the notes.  To have one notebook where I can stash private notes would be ideal.

I can't think of a successful database-driven service that does not offer this.   Maybe Evernote is just waiting to cash out from a buyout- maybe Google can come to the rescue.

Share this post


Link to post
  • 0

You can have an unsynced Notebook on your desktop and if your Premium or Business, you can have one on your mobile device as well.

Or you could get a second account, free or paid, and save all your private notes in that one. All you need to set up another account is an alternate email address.

I'm baffled as to how many posts and threads there are on this topic- I don't have time to read all of them. But really, locking a notebook cannot be that hard to implement. I use EN to store all kinds of content quickly from many devices- like 20+ notes per day. I don't have time to sort through all the notes and tag them and put them in their own notebooks. I have assistants who do this. I don't want these assistants looking at some of the notes. To have one notebook where I can stash private notes would be ideal.

I can't think of a successful database-driven service that does not offer this. Maybe Evernote is just waiting to cash out from a buyout- maybe Google can come to the rescue.

Share this post


Link to post
  • 0

It sounds easier to set up a work-around for confidential notes than it would be for Evernote to reschedule their pre-planned development for the next x months to get this fix out there - if they've even decided it would be cost-effective to do anything at all...

Share this post


Link to post
  • 0

Agree with comments made - something simple would be a great help. Not a replacement for full scale encryption, just a light filter to keep selected personal files out of perusing view ..

Donna

Share this post


Link to post
  • 0

To me, locked notebooks is by the far the single-most important feature from OneNote that I would want to see implemented in Evernote.

 

I understand that I can have two separate accounts, but switching between accounts is pretty cumbersome.

 

If the Mac version for OneNote didn't suck, and if Evernote weren't on every device (even my Kindle Fire HDX!) and so widely integrated with so many other apps and services, I would have already switched to OneNote just for that one feature.

  • Like 1

Share this post


Link to post
  • 0

+1 

 

Really stupid that this is not an option. And I've googled and seen a few threads about this, and see people defending it not being a feature saying thigns like "You can lock your computer". Guess what, you can lock your phone just as easily. There is absolutely no reason this should not be a feature, and it is not something that is complicated to implement. As people have said, this is not something to protect our credit card information from CyberWarfare, its just so that people borrowing my computer wont click in on private notes (with malicious intent or not.) 

 

Evernote is all about convinience, that is its only selling point, there is no one function evernote has that is not easily repeatable through other software. And it is very inconvinient for a lot of users that this feature is not implemented. 

Share this post


Link to post
  • 0

I switched to OneNote in the end. Usually not a Microsoft fan (being mostly a Mac user) but they have done an exceptional job on OneNote. If you use it with OneDrive you can get up to 30GB free cloud storage too and no need to worry about taking up space and being charged (for going over) Evernote's limited space. Password protection on sections too.

 

But anyway, thats's a different discussion.

Share this post


Link to post
  • 0

I switched to OneNote in the end. Usually not a Microsoft fan (being mostly a Mac user) but they have done an exceptional job on OneNote. If you use it with OneDrive you can get up to 30GB free cloud storage too and no need to worry about taking up space and being charged (for going over) Evernote's limited space. Password protection on sections too.

But anyway, thats's a different discussion.

I switched from Evernote to Onenote last year. I got Office 365 (annual subscription) which includes free updates of the Office suite software and one terabyte of cloud storage. Onenote doesn't work as well for me as Evernote USED to. But Evernote does not scale well. They are aware of this and have continued to not address the problem. It got to the point where EN simply would not work on my PC, iPhone or iPad due to the large number of notes I had (66,000+) I had. So for me, the $100/year for the version of Office 365 I signed up for was worth it, since I had two EN premium accounts. But as you say, that's a different discussion.

Share this post


Link to post
  • 0

Hi Guys ,

I found a simple turn around for that, which is selecting the text and control click (mac) for the option "encrypt this text"

it's not ideal , but at least the content of the note is protected. 

i'would also love to have this password.Also in writing, security would be great !

And to guys like bankrobber that don't add any useful info to the proposed topic, don't bother to reply ...

Hope that this helps !!

cheers

 

Original post by :

Meryn StolEvernote user since 2009.In the Evernote desktop clients, you can encrypt any piece of text by right click in it and choosing "Encrypt selected text". I don't know about mobile. You can't encrypt the whole note, but you could encrypt all text within a note. That comes down to about the same.


The encryption function prompts for a password which is used as the key to encode the selection. You need the password (the key) to decode the selection again.
  • Like 1

Share this post


Link to post
  • 0

+1

 

This would be a welcomed feature, especially in the absence of not having a PIN option for the Mac desktop application (like DayOne has).

Share this post


Link to post
  • 0

In "colornote", a less developped similar app (you can't share the notes between phone and computers), it's very easy to do it (a click in the menu bar).

Share this post


Link to post
  • 0

Hi,

 

Please evernote can you add a password/code function to the desktop version? 

 

I love and use evernote daily. I'd be lost without it in fact. I use it for many things, this includes sensitive information that I wouldn't want work or family or friends to see. Passwords and such. Quite often my laptop may be borrowed to work purposes to use a program or fix something, or leisure for friends to watch a film on the weekend. I can easily sign out of other private accounts such as my work logins, hotmail or facebook, but my only worry when I'm handing my laptop over to be borrowed is that others can look in my evernote if they wanted to. This gives me anxiety. 

 

My only option is not to store this sensitive info in there but this is very annoying as it's adding unnecessary complexity to the way I store things - need multiple apps etc

 

It's a basic add on to do an optional password on the desktop version. - Or please add function to password certain protect notes would be very helpful.

 

Please add this feature.

 

Thanks.

  • Like 1

Share this post


Link to post
  • 0

Hi,

 

Please evernote can you add a password/code function to the desktop version? 

 

I love and use evernote daily. I'd be lost without it in fact. I use it for many things, this includes sensitive information that I wouldn't want work or family or friends to see. Passwords and such. Quite often my laptop may be borrowed to work purposes to use a program or fix something, or leisure for friends to watch a film on the weekend. I can easily sign out of other private accounts such as my work logins, hotmail or facebook, but my only worry when I'm handing my laptop over to be borrowed is that others can look in my evernote if they wanted to. This gives me anxiety. 

 

My only option is not to store this sensitive info in there but this is very annoying as it's adding unnecessary complexity to the way I store things - need multiple apps etc

 

It's a basic add on to do an optional password on the desktop version. - Or please add function to password certain protect notes would be very helpful.

 

Please add this feature.

 

Thanks.

totally. but i'd add it to mobile and browser versions as well.

 

another problem with not having password protected notes:

say you had a slightly embarassing note, like a poem you wrote, or notes to talk to you therapist about, etc. if you use evernote on your work computer, sometimes evernote will display the most recent note. So even if you wrote a personal note from home, your work computer could get restarted and all of a sudden your personal note is loaded on your work computer screen.

like you said, this makes you need two note taking apps. one for almost everything (evernote), and one for personal notes.

 

with how popular and useful evernote is, its totally silly that you cant password encode notes. and its also silly that so many people  come out and defend not having this option

Share this post


Link to post
  • 0

+1 on windows/mac

 

At the very least, why can we not just password protect a selected notebook so when I click on a password protected notebook it requires me to punch in a password saved for that notebook.

 

I used to use Evernote sometimes within my software dev team meetings to take some meeting notes while on a projector. It hasn't happened yet, but I also have a notebook that has personal team related information, like member contracts, resumes, etc that I could get into serious trouble by inadvertently clicking the wrong notebook and displaying I shouldn't to the rest of the team!

 

This might sound silly, but it is the sole reason that I simply cannot use this for work related activity.

Share this post


Link to post
  • 0

EN should encrypt EVERYTHING by default, decrypting through logging in with a password, why does this seem such a hard thing to implement? Users should be able to lock/encrypt a note, a notebook, as they prefer. 

  • Like 1

Share this post


Link to post
  • 0

Evernote is just a super tool used across multiple platforms - Android, IOS, Windows but without a simple password/pin protect option for notebook/notes it has a major security flaw in case of lost device, device sharing. I have read the discussions on this topic and unfortunately soon have to look for alternatives.

Can someone in a senior technical position at Evernote please comment on any direction to provide this feature - your users are faithful but as with most products ignoring such basic, practical and consistent user feedback can lead to security-conscious users going elsewhere. Thanks

Share this post


Link to post
  • 0

Yes, I've been using One Note for years and just tried Evernote, I love it and have installed it on three devices; I would welcome password protected notebooks too. :)

Share this post


Link to post
  • 0

FYI, if it's only the occasional note that you want to encrypt and share across devices, 1Password has an always-encrypted Notes feature, that is accessible across all your devices via iCloud, Dropbox or direct sync. It's not a replacement for Evernote, but it works pretty well for what it is, and it's full-text searchable.

  • Like 1

Share this post


Link to post
  • 0

FYI, if it's only the occasional note that you want to encrypt and share across devices, 1Password has an always-encrypted Notes feature, that is accessible across all your devices via iCloud, Dropbox or direct sync. It's not a replacement for Evernote, but it works pretty well for what it is, and it's full-text searchable.

 

After finally admitting to myself that Evernote is firmly ignoring users who are asking for this - they've never so much as acknowledged the request as far as I know - that's exactly what I switched to. Consequently, I find myself using Evernote a bit less often. 

 

Still pretty frustrated by Evernote's seeming indifference to this customer request. Their social channel managers and CEO don't even respond to tweets about it. It's like they all just want us to go away...?

Share this post


Link to post
  • 0

Thanks for the recommandatie about 1password, this exactly the approach I would forsere in EN. Solid Security to initially get in and EVERYTHING inside is ALWAYS secured. For EN not to be encrypted is fundamentally wrong, it's reasoning the wrong way round. So what's the argument for not doing so, Investment, indexing, laws, time?

Investment: I'd expect a lot more potential with an encrypted version of EN, people skipping the app for a justified concern about their data would actually seriously consider it. With all the news around leaks, who wouldn't want their data secured.

Indexing, surely this can be built in, if 1password can, why couldn't EN? If needed there could be a choice, with indexing or without, where with perhaps offers less space and slower Performance.

Laws, I'd be surprised if any law forced EN to keep all content wide open, rather I'd expect the opposite, for laws to protect my privacy.

Time, this would be a matter of reprioritization, if this is a feature a lot of users want, then just do it.

  • Like 1

Share this post


Link to post
  • 0

The recent Ashley Madison hack and threats to publicly post hacked data online serves as a stark reminder that data stored online is not secure. Zero knowledge encryption is long overdue.

  • Like 2

Share this post


Link to post
  • 0

The recent Ashley Madison hack and threats to publicly post hacked data online serves as a stark reminder that data stored online is not secure. Zero knowledge encryption is long overdue.

massive hacking incidents are now a regular part of the news, aren't they. ashley madison one day, hacked vehicles the next. of course, each incident has its own unique conditions, but the lesson to learn here, i think, is that everyone gets hacked (evernote has been hacked at least twice already).

in my opinion, we ought to assume that anything unencrypted on the cloud is either already hacked and public information, or it will be any day now. this either severely curtails our usage (grocery lists and web clippings?) or causes us to look elsewhere for an app that provides the level of security we need.

you're right about zero knowledge encryption being long overdue. my understanding is that onenote offers it now, so it looks like evernote is years behind the curve here. i hope they re-evaluate their priorities soon. their competitors have.

  • Like 2

Share this post


Link to post
  • 0

I simply cannot believe that this is not an option. Evernote is supposed to be the notebook that is everywhere. Apparently this does not include collaborative environment with multi-user stations. 

 

For example: I work in a building with two stories of laboratories, ~50 researchers with about two dozen experimental stations. Any given experimental station may have a dozen or so users who log on to collect data using that instrument at different times. I should be able to lock my evernote "user account" on the native client.

 

At the very least, implement an automatic logout of the web client after a period of inactivity. It's just unreal to me that I can't have my lab notebook with me while I conduct an experiment, like I can, say with this other piece of super- advanced technology known as a paper notebook...

Share this post


Link to post
  • 0
I think this isn't the best solution for desktop/workstation but this is what I need and I can got for now. I used a cryptographic program called VeraCrypt (like old TrueCrypt) and I created a volume with 8Gb, it's enough to me. So, I installed Evernote and before first sync, I changed default data directory to the protected disk. 

 

Some drawbacks can be, you need to remember to lock your workstation and/or close Evernote (even on system tray).

 

I hope this can help someone.

 


Share this post


Link to post
  • 0

i doubt veracrypt is doing anything. when you unencrypt and open evernote, it syncs unencrypted to the servers, where your data sits in plain text vulnerable to any hack, rogue employee, or govt intrusion. i guess the only benefit is if someone tried to physically break into your computer and steal data.

  • Like 1

Share this post


Link to post
  • 0

I agree with GrumpyMonkey -- It is more beneficial to encrypt a full note especially if it has attachments, than it is to encrypt only text in a note. Why can't the GUID be extended in the database for those notes that have full encryption versus those that are not encrypted. The first part of the GUID can designate the folder and the second indicating whether the note is encrypted through a concatenation methodology. 

Share this post


Link to post
  • 0

Yes please implement this on all platforms. Even colornote on Android allows you to lock a note with a master password. I don't want somebody who accidentally sees my evenote notebooks being able to see confidential or sensitive information.

  • Like 1

Share this post


Link to post
  • 0

+1 This should be a top priority for Evernote.  I want to store my vital records in Evernote but just not worth the risk until they get this added.  Using Sharefile for now.

Share this post


Link to post
  • 0

+1 This should be a top priority for Evernote.  I want to store my vital records in Evernote but just not worth the risk until they get this added.  Using Sharefile for now.

i'm no expert in security or encryption, but i don't think sharefile is any more secure than dropbox. they hold the encryption keys. this means that they can rummage through your account whenever they want. they'll also unencrypt it and turn it over to the us govt. if asked to do so. and, if they are hacked, your stuff is at risk. i'd recommend spideroak imstead.

without zero knowledge (i hold the key and no one else has access), there isn't much point in evernote introducing passwords for notebooks.

Share this post


Link to post
  • 0

Support the recommendation to introduce some level of password security for files.it would be very helpful for a variety of purposes.mnot necessary to be high level security encryption...I hav written before and now wondering if anyone has heard from the software company about their plans to address this issue???? Are they saying it is under consideration,or in the works ...or not ??????mi briefly looked for a feedback email and could not find one, so assuming this is the place - would love to hear from them.

  • Like 1

Share this post


Link to post
  • 0

Support the recommendation to introduce some level of password security for files.it would be very helpful for a variety of purposes.mnot necessary to be high level security encryption...I hav written before and now wondering if anyone has heard from the software company about their plans to address this issue???? Are they saying it is under consideration,or in the works ...or not ??????mi briefly looked for a feedback email and could not find one, so assuming this is the place - would love to hear from them.

Share this post


Link to post
  • 0

no plans that i am aware of, though a year or two ago the then-ceo suggested plans for "sexy" encryption, so i guess you never know. evernote generally doesn't discuss its plans. try saferoom for a third-party solution.

Share this post


Link to post
  • 0

+1 for all platforms. Would be great if Evernote support could leave a reply here given all the interest. Love Evernote but this is becoming an important enough feature for me that I'll leave for a competitor if someone else develops the right feature set. 

Share this post


Link to post
  • 0

This is a user forum. Want to ask Evernote a direct question? Open a support ticket or send them a tweet.

Share this post


Link to post
  • 0

+1 for password protected notebooks

+1 for password protected notes

+1 for password protected text including embedded pictures (jpg-screenshots)

Share this post


Link to post
  • 0
Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.

 

As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.

  • Like 4

Share this post


Link to post
  • 0

 

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.
 
As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.

 

Thank you, thank you, thank you.

 

This sort of feedback is wonderful. I'd love to see more of it.

Toss in some detailed explanation would be the topping on the cake.

  • Like 1

Share this post


Link to post
  • 0

I recently upgraded to the professional edition but may need to cancel or at least stop using Evernote for work. The problem is that the encryption solution I have found - encrypting each note individually - is really not very workable. Evernote should offer something along the lines of what LastPass does for its password sharing. That is let users create a master password or pass phrase. They are responsible for keeping track of this password and Evernote never stores it on their systems. When a user starts up Evernote, they are prompted for the master password. Then anything that is transmitted to Evernote is first encrypted with that pass phrase using AES256 or some equally strong encryption. When notes are synced with other devices, the user would also need to provide the pass phrase on the device. The same would apply for the web interface. The key is that Evernote should never store the user's master pass phrases. In the case of notes passed in by email, they would be stored unencrypted until they are synced with a user device. After all, if you are emailing the document you shouldn't be too concerned about encrypting it. If there is other functionality lost due to the lack of access to my notes on Evernote servers, I would be perfectly fine with that.  As far as data stored on the device, for me, I am fine if it remains unencrypted on the devices. I just want my information protected when stored on Evernote servers.


 


  • Like 2

Share this post


Link to post
  • 0

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.

 
As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.

 

Rich, thank you so much for posting here, and providing clarification of Evernote's view on NB encryption.

I very much appreciate you being an advocate for this, and look forward to hearing from you on other security topics.

 

I see this is your first post in these forums, so please allow me to welcome you here.  I'm sure others, like JBenson2, do as well.

  • Like 1

Share this post


Link to post
  • 0

 

Hi everyone, I'm the head of security here at Evernote. I wanted to let you know that I understand your requests for full note and notebook encryption. I'm an advocate for expanding our encrypted note text feature to include one or both of those and I appreciate everyone's input on this thread.
As a few people mentioned, adding these features requires time and resources. Building these isn't a business priority for our product teams right now, so we don't have any plans or timelines to add those features.

 

Hi there Rich - great to see you joining this conversation! It's refreshing to see an Evernote employee participating here. I appreciate you telling us bluntly that it's not a priority for the product planners. I hope they realize that market leaders don't stay that way forever - when a company ignores the needs of it's core users (the vocal ones who want to see the product evolve), and focus on the wrong things, users will leave. I appreciate fully that developer resources are finite, and there are always more features than an ability to create those features...but I can genuinely say I haven't see a useful new product feature from Evernote in the past two years. I see the frequent updates, but none of the new features serve my needs. My needs, like those of here in this thread, are enhanced security. I want to rely upon Evernote to keep my information safe, and right now I'm not confident in the product's ability to do so.

 

Are the product planners willing to listen to the community and ask us what we want?

  • Like 1

Share this post


Link to post
  • 0

From a purely selfish point of view I think this is a great piece of information. For me the rationale of Evernote has always been a place where I can add information and then quickly find it again. Adding encryption greatly reduces this capability, creates support headaches and generally distracts the company from the route that I want it to follow. Half way house measures like not encrypting titles and/or meta data would also create support issues and confuse many users.

I think it's clear from Rich's post that they are listening and that they are choosing not to pursue encryption at least for for the time being.

Share this post


Link to post
  • 0

Can't agree with Metro on this. Forum flags are at half mast today.

From a selfish point of view, this is terrible news, and it means that I will continue being unable to enjoy using Evernote for the forseeable future. It is exactly the wrong way for the company to go, in my opinion. As for reducing any capacity, not necessarily (not at all in competitors) and certainly not if you don't use it, which is the same as if it is not there!

But, I'm glad to see Evernote has carefully considered it, decided it doesn't fit their vision / isn't a priority, and let us know where they stand right now. Making it clear what is going on is the way to generate goodwill and grow the business, especially if any solution like this is, at the very least, months or years down the road.

  • Like 1

Share this post


Link to post
  • 0

For me the rationale of Evernote has always been a place where I can add information and then quickly find it again. Adding encryption greatly reduces this capability, creates support headaches and generally distracts the company from the route that I want it to follow. Half way house measures like not encrypting titles and/or meta data would also create support issues and confuse many users.

 

I haven't seen any evidence to support your assertion that somehow adding encryption would make things worse.

There are a number of companies offering highly secure, zero knowledge key, encryption, and I haven't heard or seen any reports of the issues you allude to.

 

Not encrypting metadata (Titles, Tags, dates, etc), is not a "half way" measure, it is a smart measure that protects the sensitive info in the Note contents while still allowing great search capability.  I see no reason that this would "confuse many users", if the feature is clearly documented, and a well-thought-out and tested UI is provided.

 

It's like having a bank vault to put your very expensive valuables and documents into, while still making it easy to bank by Internet for your day-to-day, or hour-to-hour, needs.

 

In fact, from a business position, it would be a very smart approach that I believe would set Evernote apart from the crowd while appealing to many.

  • Like 2

Share this post


Link to post
  • 0

From a purely selfish point of view I think this is a great piece of information. For me the rationale of Evernote has always been a place where I can add information and then quickly find it again. Adding encryption greatly reduces this capability

 

So...you don't care about the security of that information?  :huh: I generally don't question when others want certain features in a product, but to not want more security is, honestly, surprising.

 

1password allows me to search everything, and it's far more secure than Evernote, so I don't see how/why adding encryption would somehow make Evernote less useful than it is today.

  • Like 1

Share this post


Link to post
  • 0

In Day One you can set a password, but the data is not encrypted and can be read by anyone with physical access to your computer.

See: Why I Don't Use Day One For Private Journaling

 

 

I love Evernote, but it's preventing me from putting in sensitive content. For example, I can't keep a personal journal notebook, because other people (i.e. girlfriend, family members, etc.) could one day be looking at those notes, especially since they know that I use Evernote often for many purposes.

 

Evernote already has the ability to encrypt single notes. This is useful for things like storing passwords or other temporary sensitive content. But it's not practical to encrypt many notes one by one.

 

I wish I could password-protect a whole notebook. This way, I can do a lot more with Evernote. If I can encrypt single notes, then why can't Evernote just allow me to encrypt entire notebooks? If reason behind this is because Evernote thinks one could lose a lot of data if a notebook password is forgotten, then perhaps Evernote can help recover the passwords through email.

 

In the meantime, I'm stuck with using other apps (i.e. Pages, Day One, etc) to password-protect my content.

 

Any insight is greatly appreciated.

 

Thanks.

Share this post


Link to post
  • 0

i think anyone with physical access to a computer is in a pretty good position to eventually get at your data, unfortunately, depending on their resources (time, money, manpower, expertise). If you turn on file vault on your mac (free and easy to use), you greatly increase your security. In fact, it doesn't matter if an app has password protection or not, because with file vault everything is under lock and key.

the problem with evernote is that your computer may be locked down and quite impenetrable to most folks, but Evernote takes data out of your computer (zero-knowledge encryption), which is only accessible to anyone in physical possession of it, and then it sends it to evernote servers (with no encryption), which are open to the world.

password protection is nice and all, but without security (encryption), it is window dressing.

  • Like 1

Share this post


Link to post
  • 0
There are some people who would like ultra high-level encryption to cover 100% of their entire Evernote database, but it appears that Evernote believes there is a much bigger market comprised of general users.
 

I examined my 40,000 notes in Evernote

 

50% are web clippings using Clearly

any: source:Clearly source:web.clip

 

10% are forwarded emails

source:mail.*

 

I also have a large % of scanned notes.

 

But... only 1/3rd of 1% are encrypted notes

encryption:

 

 

Why such as small % of encrypted notes? 

I use Evernote to store all sorts of events from my life, interesting facts, politics, and the more important feature: quick searches.

For high-security needs, I store my confidential information (passwords, account numbers, etc.) in LastPass.

And for highly confidential information (tax returns, for example), I store them locally, not in the cloud.

 

edit: Almost all of my photos are stored in Flickr

  • Like 2

Share this post


Link to post
  • 0

Thanks for the search reminders.

I would have thought that 50% of mine would have been web clips.

But I guess I'm making more use of IFTT workflows and sends to EN from my feed reeder, than actual web clipper use.

But web clipper was 25%.

10% forwarded email.

And a whopping 11 notes with encryption. It's frankly just not really worth using, as is.

LastPass on the other hand has 800 sets of credentials and secure notes.

I am disappointed to hear that it's not a business priority given we're still waiting for the previous CEO's "sexy encryption" mention.

But I am thankful for the OAuth, and multi-factor. Access security and transparency are great, and I enjoy using them.

  • Like 1

Share this post


Link to post
  • 0

I use Evernote to store all sorts of events from my life, interesting facts, politics, and the more important feature: quick searches.

For high-security needs, I store my confidential information (passwords, account numbers, etc.) in LastPass.

And for highly confidential information (tax returns, for example), I store them locally, not in the cloud.

 

I used to use LastPass, and while it's great for passwords, I found it clumsy and ugly for other types of content (secure notes, etc.). I also didn't particularly like their security model. I have sensitive information in Evernote, because it's hugely advantageous for me to keep it there and have access to it from any device. Wouldn't it be wonderful if Evernote took security seriously enough for you to note have to use another app, or keep things offline, to have secure access? 

Share this post


Link to post
  • 0

Having sensitive info synced across all devices is kind of what LP is all about...

I'm wondering what more one might want from a security model than trust no one encryption with a multitude of multi factor login options.

And to add in LP enterprise, the usage logging across the enterprise is great, and much more useful to me than a personal decentralized model like keypass or 1password.

  • Like 1

Share this post


Link to post
  • 0

 

There are some people who would like ultra high-level encryption to cover 100% of their entire Evernote database, but it appears that Evernote believes there is a much bigger market comprised of general users.
 

I examined my 40,000 notes in Evernote

 

50% are web clippings using Clearly

any: source:Clearly source:web.clip

 

10% are forwarded emails

source:mail.*

 

I also have a large % of scanned notes.

 

But... only 1/3rd of 1% are encrypted notes

encryption:

 

 

Why such as small % of encrypted notes? 

I use Evernote to store all sorts of events from my life, interesting facts, politics, and the more important feature: quick searches.

For high-security needs, I store my confidential information (passwords, account numbers, etc.) in LastPass.

And for highly confidential information (tax returns, for example), I store them locally, not in the cloud.

 

edit: Almost all of my photos are stored in Flickr

 

 

You nailed it - the vast majority of most people's stuff doesn't need to be secure or encrypted. Evernote is far more useful for far more people without encryption.

 

It's important to remember that a lot of the people that come to this forum come with edge cases, we are not necessarily representative of the user base as a whole. It's not to say that those edge cases aren't valid, but they are at the edge. The fragrant Burger n' Fries for example, quickly reached a critical mass from a scaling perspective and has mostly had to abandon Evernote. If there were thousands of users in the same situation then I'm sure Evernote would dedicate more resources to finding a solution. I'd guess the number of users with 50k+ notes is dwarfed by the number who have less than a thousand. Similarly, although encryption would be useful for a vociferous user group on here, I'm betting the vast majority of the user base couldn't care less. They don't need to secure their web clippings, recipes, wine bottle photos, shopping lists etc etc - but being able to find their stuff is absolutely key.

  • Like 2

Share this post


Link to post
  • 0

Good progress and even better discussion since the response from Rich Tener. Thanks for this! Way to go, users talk to developers and vice versa.

 

As stated before, all should be encrypted, period, and it will be at some point in time, whatever tool we are using some time from now will have EVERYTHING encrypted, ALL the time, that's one.

 

Now the question is what and by when will provide this functionality, personally i don't think it is a matter of prioritizing requirements, rather it should be perceived as a basic need. Ask yourself why you would want to post any un-encrypted data anywhere? A hand written note is un-encrypted, and that's ok, since only those few individuals in and around the "note" can read it. Take a picture of it and post it online, in the cloud, and suddenly it's ok that anybody can read it (after user names/passwords have leaked or ....), why is that? 

 

This discussion will appear strange a while from now, when all is encrypted all the time. 

Share this post


Link to post
  • 0

I don't need anything in Evernote encrypted, I'm sure there are lots of users just like me.

 

I'm guessing the majority or else the product teams at Evernote would be under internal pressure to add encryption - they are clearly not.

 

There are 2 sides to this argument.

  • Like 1

Share this post


Link to post
  • 0

I don't need anything in Evernote encrypted, I'm sure there are lots of users just like me.

 

I'm guessing the majority or else the product teams at Evernote would be under internal pressure to add encryption - they are clearly not.

 

There are 2 sides to this argument.

My use has shifted so that this is also the case for me. I have other tools that are more secure that I keep those important files in. Evernote gets only the things that do not need encryption. 

  • Like 2

Share this post


Link to post
  • 0

I don't need anything in Evernote encrypted, I'm sure there are lots of users just like me.

 

I'm guessing the majority or else the product teams at Evernote would be under internal pressure to add encryption - they are clearly not.

 

There are 2 sides to this argument.

I'm not sure there are two sides, encrypting everything should be relatively simple, we did it ourselves for a cloud based platform we use, which has consequently switched to encrypting everything for all their customers all the time, we tend to over complicate things too much. Why should anyone/thing be able to see any of your data ever, confidential or not?

Share this post


Link to post
  • 0

To make it useful, to make it searchable, to provide "context" or any new form of applied intelligence that they are working on. It's pretty clear that this is their vision, locking away the data stops all of this. 

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...