Evernote hack shows that passwords aren’t good enough - robertsonbeirch1984
Evernote revealed over the weekend that information technology was the victim of a information breach, emailing users and posting a notice on its Web site that attackers had gained admittance to usernames, electronic mail addresses, and encrypted passwords related with Evernote accounts. As a precaution, Evernote unexpected all 50 million users to reset their passwords. That's a good step, just it's not in truth not good enough—so Evernote is accelerating its plan to wrap out two-factor authentication.
Evernote wasn't to begin with designed as a business help, at least until the December release of Evernote for Business. Evernote is primarily a note-taking and organizational tool synonymous to Microsoft's OneNote. Evernote provides a lay out of services—including Evernote Food, Evernote Peek, Skitch, Penultimate and more—as Web-based tools or apps across a range of in operation systems and mobile platforms. Its capability to access and synchronize data across a broad range of devices makes it appealing as a commercial enterprise tool.
By its nature, Evernote is a prime example of a service where you stash both personal and professional data.Like some cloud-based service, it comes with some inherent risk. Any time you place business data in the cloud—particularly sensitive data such as customer names or addresses, banking OR financial inside information, or proprietary society research—you are trusting the vendor to protect it. The big caution, though, is that you are still ultimately responsible for what happens to your data.
One password to principle them every last?
Evernote claims that the password data captured by the attackers was encrypted, but it still successful all users select new passwords, just just in case. As respected security department authority Brian Krebs notes in his blog berth connected the Evernote breach, the standard hashing and salting algorithms put-upon past vendors to inscribe password data offers piddling aegis that can be cracked with relative ease.
One solution would be to role stronger passwords or passphrases, and to ensure that you don't use the same countersign for more than one divine service. When you do, a data breach at one vendor tail expose your watchword, which could then allow the attacker to access all of your accounts alternatively of modification the harm to the one that was breached.
Of course, memory tens surgery hundreds of passwords is a bit of a Herculean task—specially if you're using strengthened, complex passwords. My PCWorld peer John Mello suggests few options for simplifying password management, such as OneID, KeePass, and RoboForm.
The real lesson of the Evernote hack, though, is that passwords preceptor't offer identical good protection for your information. Unique passwords that are colonial declare oneself punter protection than using your dog's key out or no password in the least, just ultimately all passwords can comprise cracked or guessed, minded plenty time and effort.
Moving to multi-factor authentication
Thereupon in mind, Evernote is connection Facebook, Dropbox, Microsoft SkyDrive, PayPal, Gmail, and a growing number of online service providers by adopting 2-factor authentication.
Multi-ingredien hallmark provides an extra layer of protection to safeguard your data. Telephone set-based hallmark, for exemplify, can dramatically boost security. You've probably encountered a prompt for phone-based authentication when you sample to log-in to a bank's website from a device you don't normally use.
With phone-based authentication, a hit-or-miss or one-time code is sent to a mobile call up, and must be entered in improver to the standard username and password. Whatever solutions use a mobile app to generate a one-clock Bowling pin. Either way, in order for an assaulter to entree the account they'd have to both crack your password and be in possession of your cellular telephone.
There are many other options aside from phone-based authentication, much as access tokens, smartcards and electronic mail verification. The exact method varies widely. Regardless the carrying out, two-factor authentication provides an extra layer of protection, and Evernote should be commended for oblation it.
Source: https://www.pcworld.com/article/457050/evernote-hack-shows-that-passwords-arent-good-enough.html
Posted by: robertsonbeirch1984.blogspot.com
0 Response to "Evernote hack shows that passwords aren’t good enough - robertsonbeirch1984"
Post a Comment