Evernote provides a cloud-based clipping and note-taking service that allows you to store information for access from any web-connected device. Tips for using Evernote are routinely shared on Twitter (just search #evernotetip).
Unfortunately, among all the smart tips for using Evernote are some very risky tips. The problem: The only thing that separates your Evernote collection from prying eyes is a username and password. If you’re the victim of a phishing scam or password-stealing malware, that Evernote collection could provide a one-stop shop for all your sensitive data.
Some Premium (paid) Evernote users mistakenly assume that their Evernote data will somehow be safe from outside attacks. However, Evernote Premium’s security is simply SSL encryption to encrypt data while it’s in transit, and AES-256 encryption for data in storage, but it also won’t prevent your data from being stolen by someone who knows your username and password. . The only exception to this rule is if you explicitly tell Evernote to encrypt a specific note (more on that below).
In short: storing unencrypted data on a server with Internet access is not a good idea. With that in mind, here are seven of the worst Evernote (or any cloud-based storage) tips:
1) Maintain student information
Maybe you’re a teacher and you use Evernote to create individual portfolio files for each student, documenting everything. Compromising the teacher’s Evernote credentials potentially exposes sensitive details about the students, who are also likely minors. This advice is not only a safety risk for those students, but potentially has legal ramifications for the teacher (and the school they teach at).
2) Save credit card statements
Credit card statements often include the account number. The exposure could lead to a higher risk of credit card fraud.
3) Preserve usernames and passwords
Like password managers, attackers who manage to break into your Evernote account – if it contains a piece of all of your online passwords – now potentially have access to all of your online accounts.
4) Build Family Medical Portfolios Including Medical History
In the past, cybercriminals who have stolen medical information have sometimes blackmailed victims. Unless you’re comfortable sharing this information with friends, neighbors, or even strangers, it’s best not to store it in the cloud.
5) Keep Family Social Security Numbers
The exposure leaves your entire family at risk of identity theft. This type of sensitive information is best kept in a locked filing cabinet, not on the Internet.
6) Save router and firewall settings
Attackers who gain access can use this information to reconfigure DNS settings on your router or allow their own access to your network.
7) Take a photo of your passport and send it to Evernote
A photo of your passport makes it much easier for forgery. A safer bet would be to store only the passport number (in encrypted form).
How Evernote stores your data
Cloud-based storage services like Evernote don’t exist in some kind of mystical place in the cloud, but on a remote computer accessible to anyone with a username and password. The more accessible the data is to you, the more accessible it is to potential attackers.
Cloud-based off-shore storage is a convenience, but recognize that convenience comes with risks and is probably not the best storage option for sensitive information.
Are the paid versions safer?
Evernote can be had in three ways: through the Basic version or if you pay for Premium or Business. The latter two have more features than Basic, like offline access to laptops, the ability to forward emails to Evernote, the option to annotate PDFs, and much more.
However, neither Premium nor Business have more security features than Basic. This means that no matter which Evernote plan you go with, you’re just as secure as the other two.
How to make Evernote more secure
Even though Evernote is an online account that gives anyone access to your account in case they can get your password, it’s really no different than any other online account. Anyone who can access like you can access anything you can, which in this case means all of your Evernote content.
You’re not without hope, though, because Evernote, like most websites, has ways to make your account more secure so you can rest assured that your account will most likely never get hacked.
The easiest way to protect your Evernote account, especially if you suspect someone already knows your password, is to change it. Sign in to your account and go to the Security Summary page to see the last time you changed your password. You can click Change Password anytime you want to change your password. It is better that you change your password as often as you can.
Not only can you change your password frequently, but you also need to make sure that you don’t use the same password for Evernote that you use for other websites. If another account is hacked and the password is the same as your Evernote password, it is not difficult for anyone to access your Evernote account.
Another great way to protect your Evernote account is to set up two-step verification. Access the same link from above and click Activate next to the two-step verification option. This forces your account to require not only your password, but also a code that you can only access from your phone. So as long as you have your phone with you, no one but you can access your Evernote data, even if they have your password .
Evernote also allows you to encrypt your notes for added protection. This means that no one can access the text content of that note unless they know the specific password you used to decrypt that note. For example, someone could access your Evernote account with your password 12345password (please don’t use such a simple password!), but you still won’t be able to open one of your secure notes because you encrypted it behind a strong password like AJon) (302#!$T.