Two-Step Verification was up until recently only available to Evernote Premium customers. Regular users of the service could not enable the extra security for their accounts, but that changed yesterday with the announcement that all users of the service can now set up Two-Step Verification on the site.
Let me explain what it does, before I go over the set up process. Two-Step verification is a popular technology to add a second layer of protection to a user’s login process on a website or service.
Instead of just having to enter the username and password to get in, a temporary code has to be entered in the second sign in step (hence the two-factor) to complete it and log on.
The random code is either generated using a smartphone application, or sent directly to the phone via SMS.
Two-Factor Authentication on Evernote
To add the second layer of protection to your Evernote account, do the following:
- Open the Evernote website in your web browser of choice and sign in to your account.
- On your account’s main page – the page that opens up after a successful login – select the arrow icon next to your username in the upper right corner of the screen, and select Account Settings from its context menu.
- Select Security on the left sidebar here. You may be asked to enter your password again at this step.
Note: You can also open the Security Settings page directly by following this link.
Locate the Two-Step Verification option here, and click on the Enable link underneath it.
This opens an overlay window on the screen that explains what Two-Step Verification is.
Two-step verification adds an extra layer of protection to your account. Whenever you sign in to any Evernote application you’ll need to enter both your password and also a verification code. This verification code will be sent to your mobile device via text message.
Only the most recent versions of Evernote applications support two-step verification. Before continuing, please check for updates and run any Evernote applications that are installed on your devices.
It notes that you need to update your Evernote applications on your mobile devices to the latest version, as it may not support Two-Factor Authentication otherwise. It is highly suggested to do so before you continue the process.
When you click continue, the following screen appears.
With Two-Step Verification enabled you will always need your password and one of the following to access your Evernote account:
- A verification code (via text message or an authenticator app)
- A backup code
If you are unable to provide a verification or backup code, you will lose access to your account.
This page explains what you need to sign in when you enable Two-Step Verification on Evernote, and that you won’t be able to access your account anymore if you do not have access to the verification code or backup code.
When you click on continue, you are asked to verify your email address.
You are taken back to the Security page where you find the information that a verification email has been sent to the connected email account.
You need to check your emails now for the Evernote email and copy the code so that you can paste it into the field on the Evernote website. If you have not received it, check your spam folder. If it is not in there as well, click on the resend link on the Security page.
Once the code is accepted, you are asked to enter your mobile phone number on the next page. Make sure the country is the right one, and enter your phone number below it.
A click on continue will sent a text message to the phone number. You need to enter the code that it contains on the Evernote website.
You then get the option to add a backup phone number. This can be used if you lose access to your primary phone (number), so that you can log in to your account. The step is optional, and you may skip it if you do not want to set it up or do not have a second phone number that can accept SMS messages.
You can switch from using SMS to generate codes to Google’s Authenticator application instead, if you have an Apple, Android or Blackberry phone. The page links to the phone stores where you can install the app for your device.
The benefit of using an authenticator application instead of SMS is that you do not have to pay every time you log in (for the SMS), and that you can generate a code even if your phone has no network connection at the time.
Once you have the application installed, click on the continue button that applies to your phone.
You may need to verify the Google Authenticator application first on Google itself, before you can add other accounts to it. Just select the Add new account option after pressing the menu button in the app on your phone, and scan the barcode on the Evernote website that is displayed to you for that purpose.
The application will generate a code for you that you need to enter here to continue.
Four backup codes are displayed to you on the next page. You need to save them to a secure location on your computer, or write them down, as you need them to get into the account if you cannot use the two-step verification anymore.
You will be asked to enter one of the backup codes on the next page, so make sure you got those at hand and do not just skip the page.
Once you have entered the backup code, you have completed the set up. Every time you sign in to Evernote now, you will be asked to enter the username and password first, and then on the second layer the code that you either receive via SMS or the Google Authenticator application.