evernote.com Open in urlscan Pro
34.128.169.110  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Why Evernote
 * Solutions
   * Note taking
   * Self organizing
   * Productivity
   * Teams
 * Explore
   * AI features
   * Collaboration
   * Web Clipper
   * Advanced search
   * Document scanning
   * Personalization
   * Tasks
   * Calendar
 * Pricing

 * Log in

Download
 * Why Evernote
 * Solutions
    * Note taking
    * Self organizing
    * Productivity
    * Teams

 * Explore
    * AI features
    * Collaboration
    * Web Clipper
    * Advanced search
    * Document scanning
    * Personalization
    * Tasks
    * Calendar

 * Pricing

 * Log in

Download


SECURITY TIPS

There are several important security steps that you can take to better secure
your Evernote data:


PASSWORDS

Use a different password on Evernote than any other site you log into. That way,
if someone learns your password on another site, you won’t have to worry about
them also being able to access your Evernote account.

Avoid using simple passwords that could be looked up in a dictionary. Instead,
choose a complex password that is at least 8 characters long and contains a mix
of uppercase and lowercase letters, numbers, and special characters. Equally
good is picking a phrase that is at least 20 characters long.

A password manager can make both of these easy to do. We suggest using one.


SET UP TWO-STEP VERIFICATION (2SV)

Enable two-step verification on your Evernote account to better secure it in the
event that someone learns your password.

Two-step verification, also known as two-factor or multi-factor authentication,
adds an additional layer of security to the login process, requiring you to
enter a special code from your phone, in addition to your regular username and
password. The goal of this extra step is to combine something you know (your
password) with something only you would have access to (your phone).

Setting up two-step verification is straightforward. Just follow the steps in
the Security section of Evernote Web. All users can generate codes locally using
an application on their mobile device (we recommend Google Authenticator).

One very important thing to note. As part of the setup process, you will be
given several one-time codes to use in the event that you are unable to access
your phone. Don’t store these codes in Evernote since you’ll need them when you
don’t have access to your Evernote account.


AUTHORIZED APPLICATIONS AND ACCESS HISTORY

You can review, and optionally revoke Evernote applications and other services
that have access to your account in the Applications section of Evernote Web,
which is located in the Account Settings. Alternatively, when you reset your
Evernote password in Evernote Web, you can Revoke all applications as part of
the password reset workflow. If you revoke all applications, any attackers with
access to your account will lose their access.

You can review the IP addresses and the names of devices and applications that
have recently accessed your account, in the Access History section of Evernote
Web. The locations of devices or applications listed are not 100% exact (we use
Maxmind GeoIP for this feature). Mobile devices and VPN tunnels, in particular,
may route through private networks to internet IP addresses located in different
geographic locations not anywhere near the original location of the originating
device.


END- TO-END ENCRYPTION

If you are using an Evernote desktop client, such as Windows Desktop and
Evernote for Mac, you can encrypt any text inside a note using a passphrase to
add an extra level of protection to private information. This end-to-end
encryption feature only lets someone that knows the passphrase decrypt the text.
We never receive a copy of your passphrase or the encryption key we derive from
it. If you forget your passphrase, we cannot recover your data.

When you use this feature, we encrypt your text using AES (Advanced Encryption
Standard) with a 128 bit key. We derive this key from your passphrase using a
unique salt and PBKDF2 with 50,000 rounds of SHA-256. We use this key, along
with an initialization vector, to encrypt your data in CBC (Cipher Block
Chaining) mode.


LOST OR STOLEN DEVICES

If a thief steals a device you have Evernote installed on, they will be able to
access your Evernote data as easily as your email, photos, and other
applications on that device. To protect yourself against this situation, you
should enable the security controls available to you in your device's operating
system. These include setting a screen or passcode lock, screensaver or
auto-lock timeout, and encrypting your device’s storage.

In most cases, you only need to log into Evernote on your phone, tablet and
desktop computer once. If you lose one of these devices, you should revoke its
access to your account. Follow these instructions.


HOW TO VERIFY AN EMAIL IS FROM EVERNOTE

Hackers might try to lure you to log into a site that looks like Evernote, but
isn’t really Evernote. We call this password-stealing attack “phishing.” Before
entering your Evernote username and password into a site, be sure to verify that
the URL in your browser starts with https://www.evernote.com/ or
https://evernote.com.

Every email that Evernote sends is cryptographically signed and sent from IP
addresses we publish. If you receive an email from one of these domains, you can
trust it. 

Evernote:

 * @evernote.com
 * @emails.evernote.com
 * @comms.evernote.com
 * @discussion-notification.evernote.com
 * @mail-svc.evernote.com
 * @account.evernote.com
 * @notifications.evernote.com
 * @messages.evernote.com

If you receive an email that looks like it is from Evernote, but the sender
address is not one of those domains, we did not send it and you should delete
it.

For more information on spam and malware email claiming to be from Evernote,
please see this help & learning article.


MALWARE PROTECTION

A common way for you to get malware on your computer is by visiting a site that
tries to exploit a security vulnerability in your browser or the browser plugins
you have installed. This is called a “drive-by download.” A great way to protect
yourself is to prevent web browser plugins from automatically running. Follow
the steps for your browser:

Firefox: configure your plugins to “Ask to Activate”. See this page for details
on how to do this for Adobe Flash.

Chrome: make sure you are running the latest version and you will be prompted
when a site wants to run a plugin.

You should only run plugins when necessary, for example downloading a financial
statement, and only if you trust the website.

You should also keep your software up to date. When an application alerts you
that an update is available, install it right away. Be cautious of updates that
appear in a web browser as many of these are fake and will try to trick you into
installing malware.



 * Security Overview
 * Teams Security Features
 * Customer Security Tips
 * Report a Security Issue
 * Product Security Updates

Choose a language:
English
 * 
 * 
 * 
 * 
 * 

Solutions
 * Why Evernote
 * Note taking
 * Self organization
 * Productivity
 * Teams
 * Students
 * Compare plans

Explore
 * AI features
 * Collaboration
 * Web Clipper
 * Advanced search
 * Document scanning
 * Personalization
 * Calendar
 * Tasks
 * Integrations

Resources
 * Evernote news
 * Help & learning
 * Templates
 * Forum
 * Find an Expert
 * Developers
 * Contact us
 * Careers
 * About Bending Spoons

Get Started
 * Sign up for free
 * Log in
 * Download

Choose a language:
English
 * 
 * 
 * 
 * 
 * 

© 2024 Evernote Corporation. All rights reserved.
Cookie Preferences
Security
Legal
Privacy


WE VALUE YOUR PRIVACY

Continue without accepting

We care about your privacy and respect the choices you make on your data. We use
cookies that are essential for the website to function correctly. Only with your
consent we and our partners will also use cookies to improve your website
experience and provide you with personalized services and advertising.

You can give your consent by tapping “Accept all cookies”. Alternatively, you
can customize your preferences by tapping “Customize your preferences”. If you
don’t want us to use non-essential cookies, tap “Continue without accepting” in
the top-right corner. To know more about how we process your data with cookies,
take a look at our cookie policy.

Customize preferencesAccept all cookies