Remember when Evernote sent out a message last Sunday via email alerting its 50 million users of a massive security breach that involves a possible leak of usernames, email addresses, and passwords? To correct this privacy mishap, the productivity platform announced the fix they intend to employ as soon as possible: two-factor authentication.
In last Sunday’s warning, Evernote apologized for the annoyance of having to reset your password, but they “believe this simple step will result in a more secure Evernote experience.” The investigation on the matter showed no signs of any payment information for Premium and Business members being accessed, but it did reveal that the hackers responsible for the attack accessed a list of Evernote usernames, email addresses, and passwords that are “protected by one-way encryption”.
According to Information Week, Evernote already had previous plans of implementing an optional two-factor authentication to its users later this year, but because of the recent data breach that it suffered, they have decided to increase their efforts in finalizing their plans now.
What exactly is two-factor authentication? As explained by Graham Cluley, senior technology consultant at Sophos, to Information Week, it’s just an added measure to prevent attackers from accessing encrypted passwords. You can garner two-factor authentication through a one-time code that is generated in one of three ways: by an app installed on your smartphone, via text message sent to your phone, or by a hardware fob. Companies like Blizzard even offer more than one alternative, making available hardware tokens (available for $6.50) while also offering a free app for smartphones. Other companies that have adopted two-factor authentication include Amazon Web Services, Dropbox, Facebook, Google and Gmail, LastPass, Microsoft SkyDrive and Xbox Live, PayPal, Yahoo Mail, as well as various websites that provide money-related services.