Evernote rolls out 2-factor authentication for paying customers
Posted on 30 May 2013.
2013 seems the be the year of 2-factor (or 2-step) authentication.

Following the introduction of the feature by the likes of Apple, Microsoft, Twitter and WordPress, Evernote is the latest popular service to offer the option to its users.

"Two-step verification is entirely optional. Before setting it up, please be aware that if you lose access to your secondary access method, you run the risk of permanently locking yourself out of your account," Seth Hitchings, Evernote developer relations team leader, warns at the very beginning of the announcement, and then continues to explain the feature.

Unlike Twitter, Evernote decided on two methods of delivery of the 6-digit verification code: by SMS or by a smartphone app such as the popular and widespread Google Authenticator. One-time backup codes are also provided in case users don't have the phone with them while trying to access their account.

Unfortunately, only Evernote Premium and Evernote Business users are currently able to take advantage of the feature, but it is expected to be rolled out for the rest in due time. Two other new security features - Authorized Applications and Access History - will be immediately available to all users.

Hitchings also warned that before setting up the feature (in the Evernote Web Account Settings), all versions of Evernote that one uses have to be updated - including Skitch, Penultimate, Evernote Food, and Evernote Hello.

"Once youíve set up two-step verification, you may need to sign into each of the apps that you use. This will only happen once," he assures.

Still, some partner apps may stop working, but here is where specific application passwords, which that can be revoked in case of computer or phone compromise, come in handy.

Evernote's latest security improvement was probably at least partially motivated by the recent breach into its networks and the potential compromise of personal and login information of its 50+ million users.


How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Sep 19th