Following in the footsteps of Twitter, Apple, Dropbox, Google and others who recently ramped up security by rolling out two-step account verification, the note-taking platform Evernote today announced similar security features. Small wonder, given recent security exploits which prompted Evernote to issue a password reset across the board.
In a nutshell, two-step authentication makes your notes more secure by requiring a verification code sent to your phone whenever you’re asked to provide your username and password.
This will usually happen when logging into the web interface or installing Evernote apps on a new device, such as your iPhone, iPad or Mac. Additionally, Evernote is also launching Access History and Authorized Applications features. I’ve included more information right after the break…
According to a blog post, you can use the free Google Authenticator iOS and Android app to generate six-digit verification codes or have them delivered to your iPhone via text messaging.
Like Google, Evernote too can generate a set of one-time backup codes for when you’re traveling or are offline and thus unable to generate/receive verification codes.
To enable the two-step thing, visit the Security section of your Evernote Account Settings on the web.
Two-step verification is optional, but keep in mind that you run the risk of permanently locking yourself out of your account should you loose access to your authorized device. Though initially limited to Evernote Premium and Business accounts, Evernote will soon roll out two-step verification to everyone.
If a third-party app stops working after you’ve enabled two-step verification, simply create an app-specific password in the Evernote Security section on the web.
Authorized Applications is another handy enhancement.
As the name suggests, it’s basically a new section of the Evernote web interface where you can revoke access to any Evernote app. This is what you’ll first want to do should you, God forbid, loose your iPhone or iPad.
Access History, pictured below, is also available via the Evernote web interface.
This section lists all the devices, apps and services that have accessed your Evernote account recently. It’s an additional layer of security that will come in handy should you suspect unauthorized access to your account.
Here, you can see exactly what device accessed your Evernote account, when and from where, based on a rough location estimated from the device’s IP address.
Having recently started using Evernote apps on a pretty much regular basis, I’ve immediately secured my account with two-step verification. My only grievance is about Evernote asking for my phone number even though I wanted to opt for two-factor authentication via the Google Authenticator app.
I know it’s for my own sake – SMS is the last resort for passcode delivery when all else fails – but I’d still prefer keeping my phone number private and instead create the codes in Google Authenticator.
Now, if only my bank implemented two-factor authentication…