Evernote introduces two-step verification for paying customers
Users can now protect their access to the Evernote cloud note-taking service via a two-step verification system, although this extra security measure is currently only available to paying customers (Evernote Premium and Business). Two other security features also benefit those who have a free account.
After enabling the two-step verification feature, users must enter a one-time password when logging into Evernote.com, or when installing the app; the service sends these passwords to the user's designated phone number via SMS text messages. Alternatively, the code can also be generated with the Google Authenticator app. Application-independent passwords can be generated for third-party programs that don't yet support the new security feature; these passwords are then used in the same way as the normal password was before.
The two-step verification feature will even protect the account if a user's access data falls into the wrong hands – a smartphone with a number registered with Evernote for obtaining the one-time password is a mandatory requirement. If a user loses access to this device, Evernote say they run the risk of being permanently being locked out of their account, though there are one time backup codes issued to users that can be used to regain access.
Evernote says that it also plans to offer the two-step verification feature to those have a free account once the company has optimised its internal processes for it. The note-taking service has also enabled two further security features that are designed to benefit all users: firstly, the web interface now informs users about which IP addresses have logged into the Evernote account at what time and, secondly, Evernote's web account settings now allow users to revoke the access permission of any Evernote application that logs in automatically; this will cause the password to be requested when the application is next launched.