Skip to main content

Evernote follows Microsoft, Twitter and Apple with two-factor authentication

Evernote is joining Microsoft, Twitter, and Apple with new security features, including two-step verification.

The system, which requires a verification code each time you sign into Evernote, aims to keep your account secure, even if your password is hacked.

Two-step verification will initially be available only to Premium and Business users. Only once the company has optimised its process and feels "comfortable with our ability to support a wide audience" will it roll the new authentication process out to everyone.

Users who opt in will be prompted to enter a six-digit verification code delivered via text message every time they log into Evernote Web or install the app on a new device. Evernote will provide a set of one-time backup codes for travellers.

"This combination of something you know (your password) and something you have (your phone) makes two-step verification a significant security improvement over passwords alone," Evernote developer Seth Hitchings wrote in a blog post.

The system isn't foolproof, though. According to the company, once two-step verification is set up, some of Evernote's partner apps and integration may stop working. In that case, users will need to create a special Application Password for each app, available via Evernote's security section.

Those who elect to use the new authentication process do run the risk of being permanently locked out of their account if they lose access to their secondary access method. "Make sure to closely follow the setup procedure to ensure that this doesn't happen," Hitchings warned.

Evernote, meanwhile, launched two additional security features: Access History and Authorised Applications. The first provides a 30-day history — with dates, IP addresses, and locations — of each time any of your Evernote accounts was accessed.

Authorised Applications allows users to cancel any version of Evernote from the central Evernote Web Account Settings. If your phone or computer is stolen, this could prevent a thief from rummaging through your personal or business notes. Just revoke the account online, and the app will request a password the next time it is launched.

These measures come after Evernote was hacked in early March, forcing the company to reset the passwords of its 50+ million users.