Evernote promises improved security

It seems that security has become a daily news story now, with multiple high-profile attacks. Evernote has had previous security problems, but today the company wishes to alleviate a few of those issues. Having already been apart of one of the headlines, the note-taking service would rather not be included as part of the crowd in the future.

Today the company announces three new security features, beginning with two-factor verification. This requires a verification code whenever you are asked to provide your username and password. This will usually only happen when you log into Evernote Web or install it on a new device. It simply means that you will receive a new text message on your phone with a code that must be entered, in addition to your password -- something that many other services like Google, Microsoft and Facebook already do, and that Twitter does poorly. The feature is optional.

Second up is Authorized Applications. According to Evernote's Seth Hitchings, "we want you to open an Evernote app and then quickly accomplish your task. To make that possible, we rarely ask you to sign in. That helps you get your work done, but can be a problem if you lose your phone or computer. Now, you can revoke any version of Evernote from your Evernote Web Account Settings. Once revoked, an app will request a password the next time its launched".

Finally, there is Access History. This shows you a running list of every time your account was accessed over the past thirty days, and includes all versions and includes locations and IP addresses.

It seems that Evernote has all of this done right, but it will take some knocking on both from hackers and security researches to know for sure. Given that the last hack resulted in no compromised user accounts, thanks to passwords being salted and hashed, I have high confidence in the company. Let us see if it upholds my hopes.