An unauthorized infringement compelled Evernote to reset 50 million plus user passwords on the March 2. In less than 3 months after the breach, it is adopting more stringent security, with three new measures which include a two factor authentication, initially to go live to its premium users.
In lieu of the breach in March, the company proposes to introduce a two-step authentication for all registered users "later this year" and a security measure- which will use SMS for verifying the identity of a user- to be introduced, along with 'access history' and 'authorized applications' measures.
The two-step verification was adopted by Twitter as well to better protect user accounts from hacking and unauthorized entries. The feature will function in the same way that it does with Google and other services. As the company says that Two-step verification will include an additional security measure to log into an Evernote account in order to make sure that the person logging is the rightful owner of that specific account. The process with two step verification enabled requires a username, password and a unique code that's sent across to the user's cellphone and generated by Google Authenticator app or can be printed out by the user in advance.
Adding more skin to the protection, access history will keep users informed about the locations from which they have logged into Evernote from, which can be altered if their account has been accessed by a third-party.
Authorized application is another important security feature which lets users have a clear view of which services are associated with Evernote and have full control to do away with any service that they do not approve of.
The company intends to bring all these security features to all users in the near future. Premium users will be chosen to trial as they are the most engaged and will able to provide quality feedback.
“With feedback from our Premium users, we’ll be best prepared to address questions and concerns as we continue the roll out to our larger user base,” the company said in a blog post.