Evernote Hacked forces Password Reset

Articles all over the Net about Evernote Hack:

• http://krebsonsecurity.com/2013/03/evernote-forces-password-reset-for-50m-users/
• http://arstechnica.com/security/2013/03/evernote-resets-all-user-passwords-after-coordinated-breach-attempt/
• http://www.darkreading.com/blog/240149848/evernote-resets-everyone-s-passwords-after-intrusion.html
• http://nakedsecurity.sophos.com/2013/03/02/evernote-hacked-almost-50-million-passwords-reset-after-security-breach/

Evernote is an app I have stayed away from, despite or maybe because of it's great utility, once you start using it, your going to use it for everything.

Which will expose way to much useful information to attacker if the data ever gets compromised, including information that could compromise physical security (my background).

Additionally, with the type of cloud based system used for Evernote, there is no way to make it really secure IMO.


Brian, from Krebs on Security article link at top, mentions this really good interview he did about password encryption http://krebsonsecurity.com/2012/06/how-companies-can-beef-up-password-security/

Explains the difference, in simple terms, between password hash & cryptographic hash.