Skip to main content

Evernote hack: company now rolling out two-factor authentication

Following the recent hack that forced Evernote to reset the passwords of its 50 million users, the company is pushing ahead with new security measures originally intended to launch later in 2013.

"I can confirm that we had been planning to roll out optional two-factor authentication to all of our Evernote users later this year," a company spokeswoman said in an email. "Those plans have now been accelerated."

The weekend's data breach managed to access only user names, passwords, and email addresses; content stored within the service was not changed or lost, the company said Sunday. In an email to users, Evernote explained that its operations and security team had "discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service."

As a result, the company will implement two-factor authentication, which, according to RSA Security, uses two of the follow three proofs for confirmation: something known (like a password), something processed (like an bank card), and something unique about your appearance or person (like a fingerprint).

Basically, logging into your account would require something like a password and a code sent in the form of a text message. Evernote did not immediately respond to a request for explanation of what its new two-factor authentication will entail.

By adopting this approach, Evernote will join companies like Dropbox, Facebook, Google, PayPal, Amazon, and others.