Securing documents while you travel in Evernote

[nigelrumsey 17]

Hi, we're going on a trip soon - San Francisco & Portland from the UK since you ask!   Every time we travel I come up against the best way to secure copies of our important travel documents - passport, credit cards etc.

 

In the past I've scanned them and put them in Dropbox, on the basis if a disaster did happen and we lost everything I could go it an internet café and print copies. I just wonder if there's a way I can do this in Evernote - now my default for everything!

 

I'm going to be taking my mini-iPad and I know I can encrypt text in Evernote, but not images. I'd be interested what others do. Do you put scans in Evernote and trust to the passcode to keep them safe?

 

Any suggestions appreciated! Thanks.

[gazumped 11,652]

Hi.  Personally I would not,  under any circumstances,  scan ID documents and credit cards onto the internet.  I'd say take physical copies and keep them with you at all times,  and have backup copies in the UK with someone who could email or fax details to you in case of emergency.  You could, maybe,  scan the items into a PDF,  password encrypt the PDF and save that in DropBox or Evernote..  but that's a good question - I'll be interested to see what others here think.

[GrumpyMonkey 4,319]

Hi. I travel a lot ( a couple months a year internationally) and use a combination of SpiderOak and DEVONthink (OSX and iOS only) for this. Zero-knowledge encryption (SpiderOak) with wifi or bluetooth sync to iOS (DEVONthink) means no need for the cloud or even a wifi connection to sync devices, which is perfect for traveling and extremely secure.

http://www.christopher-mayo.com/?p=2376

However, I live mainly in an OSX / iOS world (in the system outlined above files are perfectly accessible via Windows machines, but it isn't well-suited to regular work in both OSs). Evernote is obviously (if you read the linked post) the simpler solution and it is also perfectly compatible with any device or OS (a rare thing). Scanning, converting to PDF, and encrypting the PDFs (I recommend 256-bit) before putting them into Evernote is easily done and quite secure as well. Just make sure to practice opening them before you go (iOS used to have trouble with encrypted PDFs).

Placing anything in Dropbox unencrypted is not advisable if you want to keep the data private or secure. The same goes for Evernote.

http://www.christopher-mayo.com/?p=1605

Understanding the limits of the cloud services will help you choose the most appropriate strategy for your particular use case. For a few encrypted PDFs, Evernote is a great choice For large scale encryption needs (hundreds or thousands of items), I would recommend local notebooks with an encrypted TimeMachine backup (easily done) or DEVONthink + SpiderOak (or an encrypted thimb drive) if you need to sync items among Apple products. It all depends on your personal situation. In the Windows world, OneNote is an encrypted option as well, but that is a whole other discussion.

[nigelrumsey 17]

Thanks Gents. I think the encrypted PDF is the answer, I'll have a play with that over the weekend.

 

Christopher - that's a VERY detailed post! I like the idea of Devonthink but two places to store everything just wouldn't work for me. My brain can just about cope with Evernote!

[eric99 978]

I use 7-zip AES256 encryption. On Android I installed the "7zipper"-app to decrypt.

[GrumpyMonkey 4,319]

Thanks Gents. I think the encrypted PDF is the answer, I'll have a play with that over the weekend.

 

Christopher - that's a VERY detailed post! I like the idea of Devonthink but two places to store everything just wouldn't work for me. My brain can just about cope with Evernote!

Yep. I'm the same. But, it's nice to have options available. For just a few documents, the encrypted PDF in Evernote route is the easiest.

[briancaldwell 202]

Whenever I travel I put into Evernote image scans of my passport, drivers license, credit cards, travel itinerary, car, hotel and flight details, and screenshots of maps for the cities and attractions that I plan to see. If I feel paranoid about this stuff being in Evernote, I delete the more sensitive notes when I return from my trip, but these notes have been invaluable on every trip I've taken in the past 7 years.

 

I do not use encryption, but I do secure my account with 1) a strong primary password, 2) 2-factor authorization, 3) PIN lock on the Evernote application, and 4) Fingerprint lock on the device. I believe this is sufficient. 

 

I disagree with GrumpyMonkey, there is no need for using encryption in my opinion, but I also climb rocks, so I'm not averse to calculated risk when strict precautions are maintained to ameliorate risk. 

 

[EDIT] I should add that I also have two physical copies of these items printed out, stored in two physically separated places. Of course this is (obviously) actually MUCH more risky than having only digital versions that are secured in the manner that I state above.

[GrumpyMonkey 4,319]

I think we all need to evaluate our own risk tolerances and choose how we handle our data based on that assessment. In that sense, I agree with Brian. Evernote has a lot of options that can increase our security, and many people probably feel it is adequate.

However, while some people will feel fine with a simple password and unencrypted content, others will not feel secure as long as governments (US and others), employees (at Evernote or any other third party apps you give access to), and hackers (state sponsored or not) have access to our data. I do not recommend anyone ever put any sensitive data unencrypted onto the cloud. Why do I say this? In the past:

(1) Google employees have inappropriately accessed accounts,
(2) Dropbox has allowed anyone access to any account with an authentication bug,
(3) Microsoft has gone through email accounts without permission and disclosed that information,
(4) the US government has lost sensitive personal information on tens of millions of people to hackers,
(5) Sony has suffered a massive hack losing emails, information on employees, etc.
(6) Evernote has been hacked.

The list of unauthorized access and theft goes on and on, and I bet it gets longer again today, because security problems are now daily news. This isn't something unique to Evernote, and it isn't an issue of trust or anything like that. It is a matter of encryption -- if zero-knowledge encryption had been employed then all of the incidents I mentioned above in the public and private sector would have been greatly reduced in severity, and many of them probably wouldn't have occurred in the first place (why bother hacking data you cannot read?). If you aren't persuaded by my opinion (I am, after all, an amateur with absolutely no expertise in security-related matters), perhaps an expert will be more convincing: Bruce Schneier https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html

Evernote would be a lot more appropriate for storing sensitive information if it implemented better encryption options. Even Evernote's CEO once spoke of "sexy encryption" options that Evernote planned to introduce. Those plans have apparently been scrapped. I hope they reconsider their decision not to encrypt our data at rest and not to provide encrypted notes / notebooks.

 

Giving users the best tools available to protect their data and letting them choose the level of security appropriate for their stuff is the best policy, in my opinion.