If you see a device on your account or access from somewhere that you don't recognize, your password may have been exposed or compromised when another app or website was breached. If you received a "Verify your Evernote account" email, it means that we blocked an attempt to access your account. To help protect your account, we send you an email when we notice unusual log-in activity.
If you've received a "Verify your Evernote account" email, but are unsure whether it was sent from Evernote, you can learn what to by visiting our Help and Learning Center: How to identify if an email received from Evernote is authentic and What to do if you suspect unauthorized access to your Evernote account. You can also follow the steps below.
The Evernote service is secure, but we want to make sure you take the necessary action to secure your account further. To make sure your account is as secure as possible, please do the following:
1. Change your password immediately
Go to the Security Summary page in your account settings and click Change password. While there, confirm that the email address on file is up-to-date so you don't miss any important email communications from Evernote, or in the event we need to verify your account.
Use a different password on Evernote than any other site you log into. That way, if someone learns your password on another site, you won’t have to worry about them also being able to access your Evernote account. Avoid using simple passwords that could be looked up in a dictionary. Instead, choose a complex password that is at least 8 characters long and contains a mix of uppercase and lowercase letters, numbers, and special characters. Equally good is picking a phrase that is at least 20 characters long. A password manager can make both of these easy to do. We suggest using one.
Remember to keep your account login information private. An Evernote employee will never ask for your password.
2. Set up two-step verification
Go to the Security Summary page in your account settings to enable two-step verification. Two-step verification provides an additional layer of security and can protect your account even if your password is compromised. Learn more >>
3. Review the authorized applications, devices list, and access history for your account, and revoke access to any unauthorized devices and applications
Review the authorized applications, devices list, and access history for your account. Revoke access to any applications or devices that you are suspicious of or that have accessed your account from an IP address you don't know. When reviewing the authorized applications, devices list, and access history for your account, here are a few details to help you determine whether the activity was yours:
- Application: Do you recognize and use the application?
- Device: Do you own or recognize the device?
- Access History - App: Did you use this Evernote app?
- Access History - Accessed: Do you remember logging in on this date?
- Access History - IP address: Is this an IP address you recognize? Do you remember logging in from the estimated location?
5. Encrypt sensitive text inside your notes
Encrypt sensitive text inside your note. When you encrypt text in a note, a separate password will be required to view the text, even if someone, including you, has access to your account
5. Secure sensitive information
If you stored any sensitive data in your account like passwords, credit card numbers, or cryptocurrency keys, you should consider changing them to stop or prevent misuse
Note:
There are a few ways someone other than you could have learned the password to your account. For example, if you use the same password on Evernote that you use on another site, it may have been taken from a site not associated with Evernote. Please check a security breach site (such as https://haveibeenpwned.com/) for details on security breaches from other companies that included your email and/or password so you can review and take action.
Keywords:
hack
hacked
someone in my account
account compromise
comprimise
compromise
security
secure account
lockdown account
lock down account
account stolen
stolen account
using my account
hacker
unauthorized
new login detected
Updated