The Evernote scare on March 4th is something that no customer wants to hear about through social media or on the news especially learning that their information might have been stolen. When a security breach affected Evernote, a digital note taking service, security was taken seriously.
Evernote sent out an e-mail to users about possible threats to usernames, e-mail addresses and also encrypted passwords. Immediately Evernote sent out a password reset to all 50 million users. Instead of wasting time trying to figure out which users were affected they decided to reset all of the passwords for security reasons. A very bold and efficient choice to help keep information safe.
.Acts such as this should be appreciated by Evernote customers as Evernote is looking out for their customers rather than the company itself. This is something that will distinguish this company in a highly competitive industry.
After the dust had settled and Evernote had figured out the details, they were fortunate to have no critical information actually stolen from them. No identity theft of any nature. Saying that the worst of scare may be that there users could receive spam from hackers who obtained the emails from the mailing list. But no personal information had been stolen during the attack.
Evernote also supplied all users with some tips that would help them be more secure in the future. One of them explaining to users and others that when you get a password reset sent to your e-mail you should never click through to the password reset but rather go to the browser provided to reset your password. This is a more secure way of dealing with password resets and even though it is one more step it could save you down the road.
The newest addition that will be rolling out for Evernote’s security will be a two-factor authentication token. “Evernote had been planning to implement a two-factor authentication later in the year but now the project has been accelerated” said Ronda Scot of Evernote.
Blizzard Technology offers this sort of two factor password protection. They are dedicated to keeping people’s information safe. This is going to the new level of security in 2013 for people that need safe data. The cost is small for such a service and what you get for it is “piece of mind” that your data will be a lot safer. Twitter and Google already have these critical passwords setups and now more and more companies are adopting such passwords to help keep data safe.
Another tip that Evernote added was to avoid easy or simple passwords or dictionary words. These passwords that are connected to your family or loved ones are easier to remember but when it comes to critical data try to stray away from passwords that can be easily compromised.
How safe is your data? Well if you are using a SaaS provider then your data is already on it’s way to being more secure, than it has ever been. SaaS providers require the use of modern browsers which are much further ahead in terms of security and this alone will cancel out 80% of security issues with cloud based data.
Also most companies require a very secure pass code that isn’t as easy as your mother’s maiden name. Services include transparency of the relationship as a key factor when trusting someone else with your data. You need to know who is handling your data and on what level.
We think Evernote did a great job in recognizing a break-in occurring, and immediately, emailing users and sending a system wide password reset out that would allow for tighter security. Good decisions such as these that will set one SaaS company ahead of others.