Evernote is planning on implementing two-factor authentication with its services soon in light of its recent security blunder. Evernote was hacked over the weekend and its users’ emails, usernames, and passwords were all compromised. The company had to initiate a password reset on all accounts in order to protect its users information. While all of the accounts were compromised, Evernote says that there were no signs of personal notes or account details being accessed
The company stated that it had planned on implementing the two-factor authentication sometime in the future, but because of this security breach, it plans on accelerating the implementation very soon. The authorizations can be delivered in a variety of ways, including SMS messaging, a code delivered via phone call, a one-time code delivered by a smartphone app, or perhaps (and least likely) a code delivered via a hardware token, similar to the Battle.net Authenticator.
Evernote isn’t the first company to be taking advantage of two-factor authentication. Like I mentioned above, Battle.net has its own Authenticator that players can purchase to further protect their accounts. There is also a Battle.net authenticator app available for free on Android and iOS. The authenticator was a security feature added after many player accounts were hacked resulting in many valuable in-game items being lost. Dropbox also implemented a two-factor authentication feature when they had a security breach that compromised all of its users’ emails.
There is no specific date as to when two-factor authentication will find its way to Evernote’s services, but it’s a step in the right direction. Security officials stated that Evernote used the MD5 cryptographic algorithm to hash its passwords, but it turns out that that algorithm is considered to be a terrible choice for security. If they had two-factor authentication, Evernote would still have been hacked, but at least its users’ account information would have been protected.
[via Android Community]