This Week in Cybersecurity: Evernote and Google

Usually stories about cybersecurity are gruesome details about accounts getting hacked or an entire site being compromised and reset. This week was a little different. Google did a password security push to remind users about Internet security while Evernote boarded the two-step verification party bus.

Last week Twitter bowed to the critics and set up two-step verification in the wake of hundreds of thousands compromised accounts. (They had already tried to ask users to monitor their passwords better the month before.) This week Evernote also implementation two-step verification as either a preemptive strike against hackers or a three-month late response to the 50 million reset passwords from early march.

evernote1The two-step verification on Evernote is the same format that Twitter uses. If someone knows your password they won’t be able to access your account unless they also have your cell phone number. Evernote sends a text to enter a code before you (or the hacker) can access your content.

Along with Evernote and Twitter, Google also has two-step verification, something that Evernote specifically mentions in their blog post. However, in a blog post published yesterday on password safety, Google failed to even bring it up as an option for keeping one’s password secure.

default-ogbThe article listed four ways for Google users to keep their passwords safe along with a video about creating a strong password. The tips were underwhelming from such a prominent tech giant:

  1. Don’t use the same password for all of your accounts
  2. Make your password hard to guess
  3. Keep your passwords somewhere safe
  4. Have a recovery plan

They explicitly state that passwords like “password” or “123456” are weak passwords. This is barely even Internet security 101. Ending with their two-step verification set up would’ve been a great call to action or fifth suggestion at the bottom of the article. A couple people even brought it up in the comments. Plus, these tips aren’t helpful to users who had a strong password and a recovery plan but still had their Twitter accounts hacked in February or had to reset their Evernote passwords in March.

The editor explained that the reasoning behind the blog article coincides with their Good to Know site, which was launched last January and teaches about Internet safety.

Knowing how to stay safe and secure online is important, which is why we created our Good to Know site… we’ll also be posting regularly with privacy and security tips. We hope this information helps you understand the choices and control that you have over your online information.

Hopefully this means the password article was the tip of the iceberg of Internet advice, and it’s only getting better from here.

At the very least, these articles, tools and increased security show users that they’re being heard and the companies are working to make their sites better. Let’s just hope the future of the Internet looks more like fewer compromised accounts and less like airport security.

About the author

Amanda Dodge