Not All Evernote Tips Are Good Tips
Unfortunately, amidst all the clever suggestions for using Evernote are several very risky tips. The problem: The only thing separating your Evernote collection from prying eyes is a username and password. If you’re the victim of a phishing scam or password-stealing malware, that Evernote collection could provide a one-stop-shop for all your sensitive data.
Storing Unencrypted Data on Evernote: A Bad Idea
Some premium (paid) users of Evernote mistakenly assume their Evernote data will somehow be safe from external attacks. However, the security in Evernote premium is simply SSL encryption to encrypt data while it’s being transmitted, and AES-256 encryption for stored data, but neither will prevent your data from being stolen by someone who knows your username and password. The only exception to this rule is if you explicitly tell Evernote to encrypt a specific note (there’s more on that below). Bottom line: storing unencrypted data on an internet-facing server is not a great idea.
Don’t Do These Things on Evernote
With that in mind, following are seven of the worst Evernote (or any cloud-based storage) tips:
How Evernote Stores Your Data
Cloud-based storage services like Evernote don’t exist in some sort of mystical cloud place, but instead on a remote computer and accessible to anyone who obtains the username and password. The more accessible the data is to you, the more accessible it is to would-be attackers. Off-shored, cloud-based storage is a convenience, but recognize that the convenience does carry risk and is probably not the best storage choice for sensitive information.
Are Paid Versions Any More Secure?
Evernote can be had in three ways: through the Basic version or if you pay for Premium or Business. The latter two have more features than Basic, like offline access to notebooks, the ability to forward emails into Evernote, the option to annotate PDFs, and more. However, neither Premium nor Business has any more security features than Basic. This means that no matter which Evernote plan you go with, you’re just as secure as the other two.
How to Make Evernote More Secure
Despite the fact that Evernote is an online account that gives anyone access to your account should they be able to obtain your password, it really isn’t any different than any other online account. Anyone who can log in as you can access anything you can, which in this case means all your Evernote content. You’re not without hope, though, because Evernote, like most websites, has ways to make your account more secure so that you can rest assured that your account will most likely never get hacked.
Change Your Password Periodically
The easiest way to safeguard your Evernote account, especially if you suspect that someone already knows your password, is to change your password. Log in to your account and access the Security Summary page to see when you last changed your password. You can click Change Password any time you want to change it. It’s best to change your password as often as you can bear.
Use Two-Step Verification
Another great way to secure your Evernote account is to set up two-step verification. Access that same link from above and click Enable next to that two-step verification option. This forces your account to require not only your password but also a code that is accessible only from your phone. So, as long as you have your phone with you, nobody but you can access your Evernote data, even if they have your password.
Encrypt Individual Notes
Evernote also lets you encrypt your notes for extra protection. This means that nobody can access the text contents of that note unless they know the specific password you used to decrypt that note. For example, someone could access your Evernote account with your password 12345password (please don’t use a password that simple!), but then still be unable to open one of your secure notes because you encrypted it behind a strong password like AJon)(302#!$T.
