If you’re one of the many digital packrats who rely on Evernote to save the detritus of your life in one place, you’ll be happy to know that the company is taking steps to save your data from hackers.
Evernote today added two-factor authentication to its service, as an optional feature for all users. (In May, 2013, it offered two-factor authentication for premium and business users only.) It adds an additional step to the login process: First, you enter your password, then you need to enter a special code from your phone.
The idea is that even if someone guesses your password (or figures it out through a brute-force attack, trying one password after another) they’ll still have trouble logging in, unless they also have your phone. It’s more secure than a password alone, which is why many services, such as Twitter, have recently added it — but two-factor authentication is not a security panacea.
Still, this move was essential given that Evernote suffered a massive hack in March, 2013, that may have compromised the passwords for as many as 50 million customers.
Evernote’s two-step login supports Google Authenticator, an app that runs on Android or iOS and generates the random six-digit codes needed for two-step logins like this. Think of Authenticator as a digital version of those little RSA SecureID tokens that display a different code every minute or two. Google created Authenticator for its own login process, and has opened it up to other companies that want to use the technology.
If you’re an Evernote Premium subscriber, you can choose to have the codes sent to you via SMS instead of using Authenticator.
If you’re like me, you stuff everything you might possibly want to save, ever, into Evernote. The fact that it’s adding extra security is a bit reassuring.