Yesterday, as a result of having discovered a concerted attempt to access secure areas of the Evernote Service platform, Evernote triggered a system wide password reset. According to this blog post, they found no evidence that any user content was accessed, changed or lost, nor any evidence that payment information was compromised. I assume that means credit card information.
I’m almost always logged in to Evernote, and I found out about the reset when I switched to the open Evernote window on my MacBook and saw this:
I’ve blacked out my user name and blurred the displayed note thumbnails.
At first I was rather confused. I thought that either I had a network connectivity problem or my account had been hacked. I checked my email, but had not yet received any notice, so I went to Twitter. Fortunately, Evernote had tweeted about the issue, so I immediately knew what was wrong and what to do. I am satisfied with Evernote’s reaction to this situation. However, the incident made me think a bit about how much I’m relying on this service.
I have been taking notes with Evernote for about 2.5 years. In terms of volume, I’m not a power user by any means, but along with my blogs, the content I have stored in this service is some of the most valuable to me. Because because my schedule doesn’t allow me to block off a certain about of time every day on the same device for my personal work and because Evernote allows me to easily synchronize across all the devices I use, I rely on it heavily for most of my writing.
Since I am able to access my content on my computer wherever I am and in my offline notebooks on all my mobile devices, I have been comfortable trusting the service with my most important ideas and writing. A few months ago, Evernote support engineers helped me recover a note that was lost because of my own error. They did something smart; they offered me a trial premium subscription so I could restore a previous version of the note. In doing so they gained a happy user and a paying subscriber.
What I realized yesterday is that if I am not logged in to Evernote, I am not able to access my content even if it is stored locally on my computer. Of course, this is actually a good security feature, as it prevents anyone from accessing that content if they manage to get access to my computer without my knowledge. On the other hand, logging in to the service requires an Internet connection, so I must not forget to stay logged in if I plan to use Evernote on my MacBook when I’m going outside an Internet coverage area.
Finally, I also realized that Evernote could for whatever reason revoke my account at any time, and I would be unable to access my content on their service, even if that content is stored locally on my machine. I used to feel reassured by having a local copy of my content, but now I’m not so sure that’s sufficient. Even though I’m a satisfied user and I have a good opinion of the company’s respect for their users, knowing this makes me somewhat uneasy. I might have to think more about taking steps to back up my Evernote content regularly in a place that I control, like a disaster recovery system.