Evernote brings two-step verification to Premium and Business users

Months after it became a victim of a nasty hacking attack, popular note-taking service Evernote, has introduced three new security features


First among these is the two-step verification procedure. Over the months we've been seeing a whole lot of services taking to this method, to beef up their security - Apple being the most recent one to do so. 

The six-digit verification code will be sent via a text message

The six-digit verification code will be sent via a text message



As of now the two-step verification procedure is available only for Evernote Premium and Evernote Business users, but will be made available to all users soon. Also called as two-factor authentication, this method has been designed such that a user's account will remain secure even in the event of someone else getting to know their password. It manages this by requiring a verification code, whenever a user is asked to provide his/her username and password. A user will be asked to furnish these only when they log into Evernote Web or install it on a new device.  Essentially, it is a combination of something a user knows - his password, and something he has - his phone, and hence it is believed to be a significant step up from passwords. 


Evernote Premium users will be sent a six-digit verification code on their mobile phone via a text message. Alternatively, if they choose to, it will be generated by an app, say Google Authenticator on their smartphone. Users will also be given a set of one-time backup codes for when they are travelling. 


The two-step authentication process is optional, though. It also involves the risk of getting permanently locked out of one's own account, if the user loses access to their secondary access method. Hence, they need to follow the setup procedure correctly. 


Before users set out to enable the setup process, they will have to ensure that all versions of Evernote they use, including Skitch, Penultimate, Evernote Food, Evernote Hello, are updated. They will have to then go to the security section of their Evernote Web Account Settings. Once they have set up the two-step verification, users may be asked to sign into the apps they use. Importantly, once users set up the security feature, they will notice that some partner apps and integrations have stopped working. To fix this, they will have to create a Special Application Password for each app. This can be done from the security section too. 

Authorising apps

Authorising apps



The next security feature introduced is Authorised Applications, and it is available for all Evernote users. In the event of a user losing his phone or computer, users can revoke any version of Evernote from their Evernote Web Account Settings. Once that happens, an app will request a password the next time it is launched. 


Lastly, there is the Access History security feature on Evernote that is also available to all Evernote users. It shows a user a running list every time their account was accessed over a period of 30 days. This list includes all the versions of Evernote that a user has accessed along with locations and IP addresses. If a user feels that at some point his account was accessed without his knowledge, he can quickly look up the access history. 

Published Date: May 31, 2013 10:01 am | Updated Date: May 31, 2013 10:01 am