Evernote Breach: What It Means To Enterprise IT
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
3/5/2013 | 3:12:29 PM
re: Evernote Breach: What It Means To Enterprise IT
I am a customer of Evernote and Blizzard's Battle.Net. I also use Google's Authenticator (on my smart phone) to access my Gmail accounts.

With 2-factor authentication, a downside is the inconvenience that comes when you lose your physical authenticator (token or smart phone). In my opinion, that is minor comparing to having your one-and-only password compromised and you have to change the password right away or your account is at risk as every minute goes by.
User Rank: Strategist
3/5/2013 | 11:49:47 AM
re: Evernote Breach: What It Means To Enterprise IT
Heh. "Cloud huggers". :)
User Rank: Ninja
3/5/2013 | 3:05:58 AM
re: Evernote Breach: What It Means To Enterprise IT
This is all nice until hackers find a way to clone hardware dongles or fake their presence or even find ways around them entirely. The cloud naysayers typically do not dislike the concept of cloud computing, but they shudder that someone else somewhere in a place unknown is in charge of security for the services. Evernote hosts a bunch of grocery lists, but this can happen to any cloud service provider and it did happen to many of them. Hackers only need to crack the digital doors in one place with the cloud. In distributed non-cloud on premises systems hackers would need to attack each of those systems individually. And that is not supposed to be more secure? May this is a logic the cloud huggers cannot follow.....
User Rank: Author
3/4/2013 | 7:29:31 PM
re: Evernote Breach: What It Means To Enterprise IT
What are the potential downsides of Blizzard's mobile phone two-factor authenticator approach with the Evernote user crowd?

Laurianne McLaughlin
David Berlind
David Berlind,
User Rank: Apprentice
3/4/2013 | 4:51:58 PM
re: Evernote Breach: What It Means To Enterprise IT
Great thoughts here Jonathan. The Blizzard approach is pretty interesting. I have to say that it's hard to believe that a lot of consumer facing companies don't offer the same thing. For example, I'd opt-in if my bank (a pretty big bank) allowed me the option of a hardware token for online banking (my friends who live in Europe have them, but I'm told they're culturally to inconvenient for Americans).

It has been a while since I brushed up on my token expertise -- but I'm trying to figure out why, for example, RSA can turn this opportunity into a big business. Give me one SecureID token that, as an end-user, I can apply the services of my choosing (my bank, Evernote, etc.).

Finally, in its post-breach messaging, I'm surprised Evernote didn't advise users and customers to be cautious about continued usage of your old Evernote password for other services.
John Humkey
John Humkey,
User Rank: Apprentice
3/4/2013 | 2:57:47 PM
re: Evernote Breach: What It Means To Enterprise IT is blocked by my companies web filtering as (Personal Storage Site) . . . so I'd say the breach means . . . nothing at all.

Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.