Evernote Tips You Should Avoid

Close up of young woman using digital tablet.

Tim Robberts / Getty Images

Evernote provides a cloud-based note-taking and clipping service that lets you store information for access from any web-connected device. Tips for using Evernote are routinely shared on Twitter (just search #evernotetip).

Not All Evernote Tips Are Good Tips

Unfortunately, amidst all the clever suggestions for using Evernote are several very risky tips. The problem: The only thing separating your Evernote collection from prying eyes is a username and password. If you're the victim of a phishing scam or password-stealing malware, that Evernote collection could provide a one-stop-shop for all your sensitive data.

Storing Unencrypted Data on Evernote: A Bad Idea

Some premium (paid) users of Evernote mistakenly assume their Evernote data will somehow be safe from external attacks. However, the security in Evernote premium is simply SSL encryption to encrypt data while it's being transmitted, and AES-256 encryption for stored data, but neither will prevent your data from being stolen by someone who knows your username and password. The only exception to this rule is if you explicitly tell Evernote to encrypt a specific note (there's more on that below). Bottom line: storing unencrypted data on an internet-facing server is not a great idea.

Don't Do These Things on Evernote

With that in mind, following are seven of the worst Evernote (or any cloud-based storage) tips:

  1. Maintain Student Information

    Maybe you're a teacher and you use Evernote to create individual portfolio files for each student, documenting everything. Compromise of the teacher's Evernote credentials potentially exposes sensitive details on students, who also likely happen to be minors. This tip is not only a security risk to those students, it potentially has legal ramifications for the teacher (and the school at which they teach).

  2. Store Credit Card Statements

    Credit card statements often include the account number. Exposure could lead to an increased risk of credit card fraud.

  3. Keep Login Names and Passwords

    Much like password managers, attackers who gain entry to your Evernote account — if it contains a trove of all your online passwords — now potentially have access to all your online accounts.

  4. Build Family Medical Portfolios Including Medical History

    In the past, cybercriminals who have stolen medical information have sometimes blackmailed the victims. Unless this is information you would feel comfortable sharing with friends, neighbors, or even strangers, it's best not stored in the cloud.

  5. Keep Family Social Security Numbers

    Exposure leaves your entire family at risk of identity theft. This type of sensitive information is best kept in a locked file cabinet, not on the internet.

  6. Store Router and Firewall Settings

    Attackers who gain access can use this information to reconfigure DNS settings on your router or enable their own access to your network.

  7. Take a Photo of Your Passport and Send It to Evernote

    A photo of your passport makes it that much easier for counterfeiting. A safer bet would be storing only the passport number (in encrypted form).

How Evernote Stores Your Data

Cloud-based storage services like Evernote don't exist in some sort of mystical cloud place, but instead on a remote computer and accessible to anyone who obtains the username and password. The more accessible the data is to you, the more accessible it is to would-be attackers.

Off-shored, cloud-based storage is a convenience, but recognize that the convenience does carry risk and is probably not the best storage choice for sensitive information.

Are Paid Versions Any More Secure?

Evernote can be had in three ways: through the Basic version or if you pay for Premium or Business. The latter two have more features than Basic, like offline access to notebooks, the ability to forward emails into Evernote, the option to annotate PDFs, and more.

However, neither Premium nor Business has any more security features than Basic. This means that no matter which Evernote plan you go with, you're just as secure as the other two.

How to Make Evernote More Secure

Despite the fact that Evernote is an online account that gives anyone access to your account should they be able to obtain your password, it really isn't any different than any other online account. Anyone who can log in as you can access anything you can, which in this case means all your Evernote content.

You're not without hope, though, because Evernote, like most websites, has ways to make your account more secure so that you can rest assured that your account will most likely never get hacked.

Change Your Password Periodically

The easiest way to safeguard your Evernote account, especially if you suspect that someone already knows your password, is to change your password. Log in to your account and access the Security Summary page to see when you last changed your password. You can click Change Password any time you want to change it. It's best to change your password as often as you can bear.

Not only can you change your password often, but you should also be sure to not use the same password for Evernote that you use for other websites. If another account gets hacked and that password is the same as your Evernote password, it's not hard at all for someone to then gain access to your Evernote account.

Use Two-Step Verification

Another great way to secure your Evernote account is to set up two-step verification. Access that same link from above and click Enable next to that two-step verification option. This forces your account to require not only your password but also a code that is accessible only from your phone. So, as long as you have your phone with you, nobody but you can access your Evernote data, even if they have your password.

Encrypt Individual Notes

Evernote also lets you encrypt your notes for extra protection. This means that nobody can access the text contents of that note unless they know the specific password you used to decrypt that note. For example, someone could access your Evernote account with your password 12345password (please don't use a password that simple!), but then still be unable to open one of your secure notes because you encrypted it behind a strong password like AJon)(302#!$T.

Was this page helpful?