Hello. This week’s Taming the Trunk is a bit of a PSA about changes coming soon to Evernote’s Two Factor Authorisation (2FA) via SMS, which is being retired.

First thing to say is Two Factor Authorisation (2FA) is not being stopped, it’s just text message (SMS) authorisation. Authenticator apps will still work fine, and I highly recommend that you use one.

This removal is not happening immediately. Right now its just for new users and existing users will get in-app warnings and emails asking them to update to an authenticator app.

What is SMS Two Factor Authorisation (2FA)

If you only use an email address and password to log into Evernote, you may not have come across the 2FA feature before.

What it means is that after you’ve typed in your email address and password you get an SMS text message with a one-time code number and you get logged in.

This is much more secure than just using a password.

Here’s something to keep you up at night!

Just using an email address and password is not the best way to secure any app, including Evernote. Use an authenticator app but more on that in a bit.

Why is SMS Two Factor Authorisation not secure?

It’s better than just a password but there’s a few reasons why it’s not totally secure and these are some of the reasons Evernote is retiring it.

There’s a hack called SIM Swapping where rogues are tricking phone companies to port a number to a different phone. Sometimes you need very little information, maybe just the phone number and a one other piece of security information.

There’s also something called an SS7 attack whereby rascals eavesdrop on phone transmissions and listen for 2FA codes as well as your location.

This CNET article explains a bit more about why SMS 2FA is not the best.

How to setup 2FA in Evernote

Its not too difficult, you can do it in a few minutes and all accounts, paid or free can use the feature.

The first thing to do is get yourself an authenticator app. I use Google Authenticator but Microsoft, Authy and others work as well. These instructions will be for the Google version.

Head over to your Evernote account info on the web. In the Windows and Mac apps Account Info is in the Tools menu.

Head to ‘Security Summary’ and then click ‘Enable’ under Two Step Verification.

Once clicked follow the instructions, check your email address is correct and wait for an email so you can verify your email address and begin the process.

The next message you get is a reminder to download your authenticator app. Its only mentions Google Authenticator but others will also work.

You’ll then get asked to scan a QR code with the app just like this.

Next add the Authenticator code into the box and click continue.

You’ll get given a bunch of emergency authentication codes so if you can’t use the authenticator app you can still get into Evernote.

DO NOT STORE THESE IN EVERNOTE!

Put them somewhere safe like a password manager.

Just to make sure you’ve copied the emergency codes you’ll be asked to enter one in the next screen.

That’s it. Next time you want to logon you’ll be asked for your email address, password and a one-time authenticator code from the app.

I would highly recommend setting up 2FA for not just Evernote but all your online accounts. It adds one more level of security.

Have a great weekend.

All the best

Jon