2013 seems the be the year of 2-factor (or 2-step) authentication.
“Two-step verification is entirely optional. Before setting it up, please be aware that if you lose access to your secondary access method, you run the risk of permanently locking yourself out of your account,” Seth Hitchings, Evernote developer relations team leader, warns at the very beginning of the announcement, and then continues to explain the feature.
Unlike Twitter, Evernote decided on two methods of delivery of the 6-digit verification code: by SMS or by a smartphone app such as the popular and widespread Google Authenticator. One-time backup codes are also provided in case users don’t have the phone with them while trying to access their account.
Unfortunately, only Evernote Premium and Evernote Business users are currently able to take advantage of the feature, but it is expected to be rolled out for the rest in due time. Two other new security features – Authorized Applications and Access History – will be immediately available to all users.
Hitchings also warned that before setting up the feature (in the Evernote Web Account Settings), all versions of Evernote that one uses have to be updated – including Skitch, Penultimate, Evernote Food, and Evernote Hello.
“Once you’ve set up two-step verification, you may need to sign into each of the apps that you use. This will only happen once,” he assures.
Still, some partner apps may stop working, but here is where specific application passwords, which that can be revoked in case of computer or phone compromise, come in handy.
Evernote’s latest security improvement was probably at least partially motivated by the recent breach into its networks and the potential compromise of personal and login information of its 50+ million users.