Note-taking service Evernote has become the latest online vendor to offer users two-factor security authentication features.
The company said that its service, which
allows users to store notes, reminders and other important pieces of
data, would be rolling out the feature as part of a larger security
update which will also include the ability access user history and
authorise outside applications.
Under the new system, customers will be
able to link their accounts with a mobile device or number. When the
user accesses a service which requires an account name and password, a
third dialogue will also require the input of a numerical code sent to
the device via SMS.
“This will usually only happen when you log into Evernote Web or install it on a new device,” the company explained.
“This combination of something you know
(your password) and something you have (your phone) makes two-step
verification a significant security improvement over passwords alone.”
Evernote has been under pressure
to beef up its security protections since early May, when a breach
allowed attackers to lift user credentials and forced the company to
require users to reset their account information.
The use of two-factor authentication has
long been advocated by security experts who view the method as a means
for thwarting social engineering attacks such as phishing operations
which can easily gather usernames and passwords.
While it has been shown theoretically
possible to intercept the SMS transmissions via malware-born 'man in the
middle' attacks, such operations have been shown to be complex and
extremely difficult to carry out on a large scale.