Evernote Tips You Should Avoid

Close up of young woman using digital tablet.
Tim Robberts/Taxi/Getty Images

Evernote provides a cloud-based note taking and clipping service that lets you store information for access from any Web-connected device. Tips for using Evernote are routinely shared on Twitter (just search #evernotetip).

Unfortunately, amidst all the clever suggestions for using Evernote are several very risky tips. The problem: the only thing separating your Evernote collection from prying eyes is a username and password. If you're the victim of a phishing scam or password-stealing malware, that Evernote collection could provide a one-stop-shop for all your sensitive data.

Some premium (paid) users of Evernote mistakenly assume their Evernote data will somehow be safe from external attacks. However, the security in Evernote premium is simply SSL encryption, which merely encrypts the data while it is being transmitted. It does not prevent it from being stolen by anyone who obtains the username and password.

Premium users can highlight a portion of text notes for an additional layer of password protection, but third-party tests reveal that in the local database, the selected text still remains searchable in plain text. Whole notes, images, and notebooks cannot be encrypted. Of course, you could secure the local database using third-party encryption tools, but that doesn't make access from the cloud any more secure.

Bottom line: storing unencrypted data on an Internet-facing server is not a great idea. With that in mind, following are seven of the worst Evernote (or any cloud-based storage) tips:

For Teachers

I'm a teacher and I use @evernote to create individual portfolio files for each student, documenting everything. Compromise of the teacher's Evernote credentials potentially exposes sensitive details on students, who also likely happen to be minors. This tip is not only a security risk to those students, it potentially has legal ramifications for the teacher (and the school at which they teach).

Store Credit Card Statements

Credit card statements often include the account number. Exposure could lead to increased risk of credit card fraud.

Store Login Names and Passwords

Attackers who gain entry to your Evernote account now potentially have access to all your online accounts.

Build Family Medical Portfolios Including Medical History

In the past, cybercriminals who have stolen medical information have sometimes blackmailed the victims. Unless this is information you would feel comfortable sharing with friends, neighbors or even strangers, it is best not stored in-the-cloud.

Keep Family Social Security Numbers in an Encrypted Note

Exposure leaves your entire family at risk of identity theft. This type of sensitive information is best kept in a locked file cabinet, not in-the-cloud.

Keep Router/Firewall Settings

Attackers who gain access can use this information to reconfigure DNS settings on your router or enable their own access to your network.

Take a Photo of Your Passport and Send It to Evernote

A photo of your passport makes it that much easier for counterfeiting. A safer bet would be storing only the passport number (in encrypted form).

Cloud-based storage services like Evernote are not really "in-the-cloud". The data is simply off-shored to a remote computer and accessible to anyone who obtains the username and password. The more accessible the data is to you, the more accessible it is to would-be attackers. Off-shored, cloud-based storage is a convenience, but recognize that the convenience does carry risk and is probably not the best storage choice for sensitive information.