Evernote To Add Two Factor Authentication Following Hack

0
Evernote To Add Two Factor Authentication Following Hack

In an email released by Evernote to its nearly 50 million customers on Sunday, the company made news by detailing an attack they had suffered and its insistence that all users reset their passwords. In the aftermath of this attack, the company has announced today that they will be joining Amazon Web Services, Dropbox, Facebook, Google and Gmail, LastPass, Microsoft SkyDrive and Xbox Live, PayPal, Yahoo Mail, along with numerous financial related web sites in implementing two factor authentication.

Evernote To Add Two Factor Authentication Following Hack

Evernote did not believe that users passwords had been decrypted, but because of their reliance on the MD5 cryptographic algorithm to hash passwords before storage, it seems the company felt that it was just a matter of time before the hackers would have been able to access user information.

This Hedge Fund Believes The New Real Estate Cycle Is “Well Underway”

REITChilton Capital's REIT Composite was up 6.1% last month, compared to the MSCI U.S. REIT Index, which gained 4.4%. Year to date, Chilton is up 6.3% net and 6.5% gross, compared to the index's 8.8% return. The firm met virtually with almost 40 real estate investment trusts last month and released the highlights of those Read More


“We were already planning to roll out optional two-factor authentication to all of our users later this year,” said Evernote spokeswoman Ronda Scott via email. “We are accelerating those plans now.”

While it is unlikely that two factor authentication would have stopped the attack itself, it would certainly have made this mandatory password reset unnecessary as users would have had considerably more protection than they do presently.

Typically, two factor authentication is delivered by one of the following means: a hardware fob that creates a one-time code, a smartphone app that creates a one-time code, or as a text message sent to the user containing a one-time code. Video game makers, Blizzard, have even gone so far as to insist their users use one of the two means listed here for authentication in all real money games.

One notable company missing from the list of two factor authenticators is Twitter. Following an attack in January, Bob Lord, Twitter’s director of information security, said “our investigation has thus far indicated that the attackers may have had access to limited user information — usernames, email addresses, session tokens and encrypted/salted versions of passwords — for approximately 250,000 users.” While Twitter is absent from this list, it is clear that they are working towards this end. Though they made no official statement, following the attack Twitter did post a job opening that required engineers with two factor authentication experience.

What this means to Evernote and Twitter users is that this is not a matter of flipping a switch, it will require integration into each of their networks. In order to retain user trust, they better get cracking now, before getting cracked again.

[via: InformationWeek]

Previous article Chinese Market Tanks On Concerns Of Housing Slump
Next article No One Would Have Purchased This Stock
While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at [email protected]</i>

No posts to display