Digital note-taking service Evernote was forced to reset its 50 million-plus users’ passwords after suffering an unauthorized breach on March 2. Today, less than three months on from that incident, it is beefing up account security measures with three new measures, including two-factor authentication, which will initially go live to its premium users.
In the aftermath of the March hack, the company promised that two-step authentication would introduced for all registered users “later this year” and the security measure — which uses SMS to verify the identity of a user — is being introduced, alongside ‘access history’ and ‘authorized applications’ measures.
F**k it, we'll do it live!
Our biggest ever edition of TNW Conference is fast approaching! Join 10,000 tech leaders this May in Amsterdam.
The two-step verification — a variant of which was adopted by Twitter just last week — is the headline feature, and it will work in the same way that it does with Google and other services, as the company explains:
Two-step verification adds an additional security step to logging in to an Evernote account, and ensures that the person logging into Evernote is the rightful owner of that specific account. The login process with two-step verification enabled requires a username, password and unique code that’s sent to the user’s cell phone, generated by the Google Authenticator app or printed out by the user in advance.
Adding more steel to that protection, access history lets users to keep track of the locations from which they have logged into Evernote from, thus alerting them if their account has been accessed by a third-party.
Authorized Applications is an equally important addition since support for Evernote is baked into an increasing number of services. The feature gives users a clear view of which services are coupled to Evernote and full control to disconnect any that they did not authorize themselves, or wish to have decoupled.
The company says it will bring these security features to all users “in the near future”, explaining that it has chosen to trial them among Evernote Premium users because “are the most engaged” and able to provide quality feedback.
“With feedback from our Premium users, we’ll be best prepared to address questions and concerns as we continue the roll out to our larger user base,” the company said in a blog post.
You’re probably familiar with the concept, but here are some screen shots of the new two-factor security system in action.
Headline image via Maksim Kabakou / Shutterstock