As part of the setup process, you’ll be given a set of one-time codes to use in the event that you are unable to access your phone. The company warns that you should not keep these codes in Evernote, since of course you’ll only need them when you don’t have access to your Evernote account.
For those who don’t know, two-factor authentication (also called two-step verification) requires you to use more than one form of authentication to access an account. Typically, this information includes “knowing something” such as a password and “having something” such as a mobile device. In Evernote’s case, the feature requires that you to enter a special code in addition to your regular username and password.
Here’s the security measure in action:
In the aftermath of a massive hack in late February, Evernote promised that two-factor verification would be introduced for all registered users “later this year.” The feature arrived in May alongside two new other security measures, “access history” and “authorized applications.”
The problem was that two-factor authentication was only made available to paying customers. At the time, Evernote promised again to bring it to all users “in the near future,” saying it chose to trial them among its Premium users because they “are the most engaged” and able to provide quality feedback.
Evernote says turning on the feature is straightforward (just follow the steps in the Security section of Evernote Web). Unfortunately, free users need to install an authenticator app on their phones such as Google Authenticator. Premium users can meanwhile simply have their code delivered as a text message.
“We take the security of your data very seriously,” Evernote said as part of today’s announcement. That statement is a bit difficult to believe if a security feature can’t be made available to everyone at the same time. Still, better late than never.
Top Image Credit: Ian Walton/Getty Images