Evernote 20,000 Note Milestone!!!

I just crossed 20,000 notes in Evernote, so I thought now might be a good time to update my occasional series on Evernote. Early in the life of RestartGTD I used to manually count up Evernote pages and track them.

Unfortunately my original note counting methodology was a hack that did not work accurately. Because Evernote has added monthly note counts, here is an example for my account as of December 25, 2016, look for the red arrows 1/3 of the way from the left, near the top of the page:

So, since I can use these Evernote generated non-hack counts, I decided to take a trip down memory lane and scrape out the monthly totals for the 102 months that I’ve been an evernote subscriber.

Here is the previous total and the more accurate Evernote-generated total note count for 102 months:

The count totals diverge in 2013 where SKITCH started defaulting to saving in Evernote. But I suspect that the convoluted “trick Evernote into counting notes” method that I was using, was in a word “bad”. Anyway, I trust the monthly total that Evernote now generate as it predicts the actual number of notes in my account within 2 notes. All comes back but 2 tablespoons! (notes)

So over the 102 months of Evernote, I’ve increased my usage of evernote month by month from 1 note per month on average, to almost 200 notes per month. Here is the same graph plotted with a rolling average notes per month plotted on a second Y axis in Excel 2016’s “hideous orange”:

I continue to use Evernote as my GTD reference filing system … only. I’ve tried tracking projects in Evernote but prefer OneNote for detailed next action decomposition work. But as a reference filing system, Evernote has definitely achieved “roach motel” lock in of my information. The pattern in the orange average is very “ratchet” like. Jutting up, drifting down, but then jutting up again, and again.

bill meade

3×5 Cool Tool

Amazon_com___Oxford_At_Hand_Note_Card_Case__Black__63519____Index_Card_Binding_Cases___Office_Products

Purpose of this post is to share a *find* … of the 3×5 kind. I have started carrying an Oxford hand-note-card case. And, it is FANTASTIC!!!

I keep the case with 10 or so blank 3×5 cards (stored in the middle pouch so the cards do not get beat up) in my right front pocket. Even the pen holder is useful. I keep a skinny red pen in the case, so I can drag the case out and be ready to capture. Ideas, projects, action items, … whatever. There are also front and back slots to keep cards that have been written. So the case allows me to keep next actions with me, separate from blank cards.

The workflow:

  • Take card case out, and capture the GTD open loop.
  • Slide the open loop into the front or back slot
  • Front slot is for general GTD open loops that can be closed without capture in my digital system. Probably about 50% of the open-loop-cards I capture will be completed without being entered electronically.
  • Back slot is for project related cards that for the most part end up in OneNote or Evernote.

The confession:

  • I lost the first hand note case I purchased, but because it had become indispensable for me, I’ve re-ordered another from Amazon.com

Discussion:

  • How can someone who uses both Evernote and OneNote need 3×5 cards?

Because my brain loves 3×5 cards. The most powerful organizing that I do is to lay out 3×5 cards on a giant table, and then re-organize them by sliding them into columns of related ideas.

popuporganizing01-1-1.jpg

When I put my entire trusted system into the MOST EXCELLENT OmniFocus, my brain refused to use the system. I could not bring myself to sit down at my desk. I *think* in Ready for Anything David Allen actually says “If you get too organized, your brain will refuse to use your system.” Certainly the case for me. So as I’ve documented in the evolution of my trusted system, I use 3×5 cards as my default “one idea, one piece of paper” capture system.

bill meade

Evernote vs. OneNote … Redux

Presentation1

Introduction:

In my current job, I’m working with a lot of people from Microsoft. If I mention “Evernote” I often hear “You mean OneNote … Right!?!”

This post is just a small scream out to the inner Microserfs (The t-shirt with “IBM Weak as a kitten, dumb as a sack of hammers!” alone makes the book worth reading!!!) of my anonymous Microsoft partisans:

OneNote and Evernote are different. Really different.

Let me use a Microserf-ish analogy:

  • OneNote is Excel. Evernote is Power Query.
  • Or, OneNote is Excel, and Evernote is PowerPivot.

Yes, their functionalities overlap. But no, they are not competitors. To a GTD person, they are complements, not substitutes. Oops, another analogy from economics just inserted itself.

There is a healthy humility at Microsoft today. Gone are the arrogant people looking at your extended hand and saying “Do I need to know you?” They’ve been replaced by mortals who worry about being laid off as well as worrying about whether their market share can be *significant*.

My Microserf partisans, embrace this humility!

But, don’t let your healthy humility combine with an unhealthy fear of failure, that will react with humility to produce defensiveness. OneNote is great. OneNote is powerful.

But not as powerful as OneNote+Evernote.

Read that last sentence again!

Bill Meade

Getting Things Done: Reviewing GTD in a complicated organizing program

Evernote_Premium

Source: PixelLight.com

Introduction

I have an artist friend, Mark VanderSys

Better_Light_2011_Owners_Conference_Report

Source: BetterLight.com (2/3 down the page)

who runs a small, extremely high-touch graphics business: PixelLight.com. By extremely high-touch I mean: gigapixel pictures with digital scan backs, heavily customized web sites, and seemingly impossible pictures without parallax (i.e., the entire width of the picture is taken at a perfect 90 degree angle to the subject) and …

Better_Light_2011_Owners_Conference_Report

extremely clean low-retouch photography

Architecture_-_pixellight

New Addition:
The picture at the top of this post is an un-retouched image taken of objects spinning. It was taken with a BetterLight.com digital scan back in a standard 4×5 industrial bellows camera, Mark gave a tutorial at BetterLight where he showed step by step how the picture was taken. Click here for the magic pixie dust demo via an .mov file that shows the process.

Mark and I have been implementing Getting Things Done together for several years. Mark uses a customer requirements planning program, Asana.com, to organize, share, and track his work. Mark and I just spent two hours looking over his implementation of Asana, and reflecting on how GTD lives in very complicated, very powerful systems like Asana.

Lessons Learned

  • Using Skype to share screens is easy!
    1. Get your Skype session going.
    2. Click on the plus thought bubble at the bottom of the screen
    Skype3. Click share screen in the pop up:
    Fullscreen_2014_09_27__3_49_PM4. Continue your conversation while sharing your screen!
  • Complexity of the tool, Asana, Omni-Focus, whatever, expands like a gas to fill your energy and memory, leading to feelings of being overwhelmed. And,
  • … complexity crowds GTD logic out of your mind.
  • When GTD gets crowded out by a tool, we naturally stop managing self-expectations. You are now standing at the top of the GTD off-ramp.

How to implement a new program

  • Get some work into the system. Don’t worry be crappy.
  • Get to know the system, really try to make it work. But, relax. Rome was not built in day.
  • When you get frustrated, talk to your GTD buddy. Getting started with GTD is much easier when you have a buddy. Mark VanderSys is my GTD buddy.

What your GTD buddy will tell you:

  • Slow down.  Rome was not built in a day.
  • Go back to basics. Now that you know a bit about Asana (or OmniFocus, or whatever) it is time to re-read the first three chapters of Getting Things Done. As you go through the chapters s-l-o-w-l-y, write ideas on 3×5 cards, page by page through chapters 1 through 3.
  • Focus on how the program allows each of GTD’s tools to be implemented. Make notes of next actions for doing GTD more fully.

Organizing Work with Hierarchy … and in an Intertwingled World

Amazon_com__Intertwingled__Information_Changes_Everything_eBook__Peter_Morville__Kindle_Store

 

Source: Preface Intertwingled

 

  • Organizing tools allow different kinds of organization. In particular, different kinds of project-next action relationships.
    • Paper
      … with a next action focus, manila folders, creates an implicit one-to-many work hierarchy. One project, one manila folder, and inside many next actions. All the next actions relate only to the project indicated by the folder’s name.  
    • Outline tools
      … like OmniFocus (built around OmniOutliner), Evernote, and OneNote use an implicit one-to-many work hierarchy. That is, you start with a project, and then create N next actions to complete the project. But advanced tools like OmniFocus go a bit further. Next actions can relate not only to projects in a hierarchical way. Next actions can also relate to contexts. So the simple one-to-many hierarchy of project and actions, begins to fray. GTDers are coached to think of projects and contexts as a kind of matrix organization structure, and then next actions live at the intersection of project and context.
    • CRM (Customer Requirements Management)
      … systems like ASANA however, are not limited to one-to-many work hierarchy. Yes, you can create a project and then a task underneath the project. But in addition, Asana tasks can be related explicitly to multiple projects.

      This is a many-to-many link which CRM systems have evolved so that a next action can be tracked in relation to many projects. With many-to-many relationships, CRM allow GTDers to use “more colors of the rainbow” by tracking multiple projects that a next action relates to, but CRM systems shatter top-down one-to-many work hierarchy that a GTD person is used to seeing, and substitute an extra step of running queries, to see the full status of a next action against its projects. Very disorienting … at first.

  • Ugh, I’m feeling scared. Overwhelmed, dizzy. What can I do if I need to use a CRM system to implement GTD in my intertwingled life?
    • Go back up to what your GTD buddy told you above:
      Add_New_Post_‹_RestartGTD_—_WordPress
    • Just be aware of what the electronic system can do. And use GTD within that electronic system, as fully as you can. Don’t force yourself to use too much complexity.
    • Wait. Over time, as you keep your eye on GTD inside the system, you’ll have ideas. For example, you might have the idea in Asana, of doing a query that shows you the next actions in the system, that will move the most projects forward. Might be useful to try!
    • Experiment. Let these ideas come, and then experiment with them.

Thanks Mark VanderSys for a fun afternoon of GTD buddy check in!

bill meade

Evernote Bugs … or bad Evernote weather … or an uninitialized variable (file name?)

Introduction

In the past week I’ve noticed problems with Evernote capturing from Web Clipper and Clearly. For example, go to this WIRED article on an artist who did a self portrait with GPS equipment and DHL taking the equipment around the world.

Artist_Admits_He_Didn_t_Actually_Use_GPS__DHL_to_Create__Biggest_Drawing_in_the_World____WIRED

Wired

When I opened the article in Chrome for Mac, Evernote Web Clipper, and clicked Save:

Artist_Admits_He_Didn_t_Actually_Use_GPS__DHL_to_Create__Biggest_Drawing_in_the_World____WIRED_and_Skype

Evernote said that it saved the clip:

Artist_Admits_He_Didn_t_Actually_Use_GPS__DHL_to_Create__Biggest_Drawing_in_the_World____WIRED_and_Evernote_Premium But … the clip did not appear in Evernote on my Mac after I synchronized.

WARNING!!!

GTD Evernote users, *might* want to check that web clippings are actually being captured. Just to be sure.

Fast Ways To Double-Check-Web Clipper:

  • When Web Clipper displays the confirmation that your note has been captured:
    Artist_Admits_He_Didn_t_Actually_Use_GPS__DHL_to_Create__Biggest_Drawing_in_the_World____WIRED_and_Evernote_PremiumClick on the title of the article to open the note in Evernote, to make sure the note is there.
  • Or, instead of using Web Clipper, capture the note with Clearly. I’ve had no trouble with Clearly capturing notes this week.
  • Open Evernote on your computer, click the Sync icon
    Evernote_PremiumAnd then click on the “All Notes” (or “Clear” icon if you have run a search) and then scroll to the top of your notes to make sure the note Clearly or Web Clipper says it captured, is there.

This might be a problem of capture (from Web Clipper or Clearly) or it might be a problem of synchronizing. I’m using Evernote Mac 5.6.0 which I think is a beta release.

ScanSnap GTD Tricks #1: Next Action Stamp

Getting_Started_with_GETTING_THINGS_DONE_–_2014_–_in_27_steps___RestartGTD

As I was depositing a check with my ScanSnap this morning, I had the idea that I should post a few ScanSnap GTD tricks. Then Joe Terrana posted a comment to the 2014 Getting Started with Getting Things Done post, with a cool *new* trick.

Amazon_com___Ideal_4912__3_4__x_2__Custom_Self-Inking_Rubber_Stamp___Business_Stamps_And_Print_Kits___Office_Products

Source: Amazon.com

Go to Amazon, then order this custom rubber stamp, and then follow the instructions to “Contact Seller” and send them “Next Action” as the message for the stamp.

Then once the scanner arrives, you can stamp paper with “Next Action” scan the paper into Evernote (Click here to subscribe to Evernote), and then after Evernote does optical character recognition (OCR) on the stamped part of the note, you can search for “Next actions” and find all of your scanned next actions.

Very slick.

Very Simple!

Thank you Joe for the ScanSnap GTD Trick #1.

bill meade

p.s., I had the idea, since Evernote also attempts to recognize hand-written characters, that I could scan a note card with “Next Action” on it, and perhaps achieve the same result as using a custom rubber stamp. Here is what the card looks like:

Evernote_Premium

Expecting Evernote to be able to read my handwriting is not a fair test, I know. But, it seemed like a fun trial. Evernote’s explanation of how OCR works says that it take a “few minutes.” I’ve always assumed that Evernote takes “over night” to complete OCR operations, so we’ll see how long it takes for this note:

  • 1st check on indexing status: 20 minutes later … not indexed.
  • 2nd check on indexing status: 11 hours later … not indexed.
  • 3rd check on indexing status: 23:10 later … not indexed.
  • 4th check on indexing status: 33 hours later … INDEXED!!!!

However long it takes, I’ll update this post after Evernote indexes the card to see if it is possible to simply write “Next Action” and have OCR recover the magic GTD words.

You can tell if an Evernote note has been indexed by clicking on the i at the upper right of the note:

Fullscreen_2014_09_17__8_01_PM

And then looking at “Attachment Status” 3/4 of the way down the dialog box (red arrow).

While it is true that GTD indexing can be measured in minutes 33 * 60 = 1,980 minutes. It is not a safe workflow to depend on Evernote scanning documents immediately.

Success … kind of

After my index card was OCR’d by Evernote, I am able to search for the word “Next” but alas, “action” in my hand writing was not recognized. :-(

Evernote_Premium

I was not able to determine precisely how long it took for Evernote to do the text recognition.

Lesson Learned:

You can buy a self inking stamp, and Evernote will read it. Thanks again Joe Terrana for giving me the stamp idea, so I could have the stepping stone idea of just writing “next action” on the card.

It would be smart to create a sample card for yourself, scan it, and then see if Evernote can recognize your hand writing. In fact, if you’ve already written “next action” on a 3×5 card that you scanned into Evernote, you might be able to test this out today. Just search on the GTD Magic Words! 

Quick Index of Most-Read Posts

Featured

Number 3 Reason GTDers Don’t Use Evernote … after installing Evernote

url

TLDR: Why people set up and then don’t use Evernote

  1. The first reason is that implementing GTD changes too many things at once.
    So, Evernote, even if it is installed and working, won’t be used. Evernote is a sub-casualty of the 83% failure rate of GTD implementations.
  2. The second reason is because we blow off the GTD weekly reviews, infecting our GTD system with guilt that comes into focus (like a magnifying glass starting a fire) when we sit down to use Evernote. End result is we stop sitting down to our computers and stop using Evernote. *Note* This is also why people stop using Outlook, Omni-Focus, etc. for GTD.
  3. The third reason why GTD people don’t use Evernote after implementing it, that Evernote can be implemented in too many ways. And, … no two ways to implement Evernote agree. Too many choices to an overwhelmed brain = no choice. So, stop web surfing about Evernote, and start experimenting with your own work.

If you too have abandoned Evernote while trying to implement GTD, please share why?

Done! Good! Now go buy something to organize with, on Amazon! Invest in organization.

Introduction:

Why GTD people stop using Evernote is a surprisingly popular topic. So, I’m going to identify a couple more of the big reasons that GTD people stop using Evernote. This post is about reason 3, how the many alternative ways of implementing Evernote, stop people from using Evernote.

My_First_Comedy_Show_Ever___A_Stand_Up_Life

Source: .com

The perfect illustration of a GTD user implementing Evernote is not just a deer in headlights. The perfect illustration is a deer in a dozen of the spot lights used in police helicopters to run down fugitives.

User: “I think I’ll try using Evernote”

  • {event} Client installation on an iPad happens
    (10% of users who attempt to install quit here)

    • Wait, what? Why aren’t people installing Evernote on their PCs first? Seems that the PC is passing in influence. See RestartGTD’s Browser De Jure page for GTD viewership. GTD like it or not is becoming an iPad thing.
  • {event} Account setup happens
    (50% of potential users quit here)
  • {event does not happen} Opening Evernote for the first time on iPad
    (25% of potential users quit here)
  • {event} User opens Evernote for the first time

Even if we give Evernote 100% of the loyal users who open Evernote on their iPad for the first time, Evernote has still lost 85% of its users by the time a user opens Evernote for the first time.

Worse success rate than a David Allen GTD seminar!

Of course, I could be wrong about the percentages above. Still … Evernote is computer (desktop or laptop) first. With its new users swarming in from iPad and iPhone land, there are going to be a lot of wasteful problems (from the perspective of GTD).

For example,

  • once the person who has followed the steps above sees their Evernote account, what will they see? None of their existing information. = #EvernoteProblem
  • how can we fix this?
    • By installing Evernote Web Clipper and Clearly for a week or 10 days, so the user has some web-browsing history built up, that s/he will recognize when Evernote first opens. = #EvernoteProblem
    • By *distracting* the user to next import their paper with a scanner (scroll down to the file cabinet picture) before they open Evernote. Oh, crap, this requires Evernote to be installed on a PC with a scanner. Oops. = #EvernoteProblem
    • By scanning directly from scanner to Evernote on iPad or phone.
    • Without something drastic, can we fix this?

Hypothesis:

= #EvernoteProblem * #GTD Problem = .15 *.17 = Success Rate of Evernote & GTD

.15*.17=.03 Or, 3%

Ouch!

How can trying to implement Evernote with GTD be a good idea if it kills off an additional 14% of successful GTD users beyond what David Allen’s Company experiences?

  1. Once a GTD user puts their information into Evernote, it becomes easier to do reference filing correctly, than to not do reference filing. Reference filing is a keystone GTD skill. This helps *a lot* with people staying with GTD!
  2. Those 14% of GTD users were going to fade anyway. I *think* this because I talk to people who are “formerly known as GTD users” and they say “I use about 50% of GTD. I was really into it at first, but then it became too much to keep up with.”
    • Why? When I ask, “Do you use Evernote web clipper?” they invariably say “What is Evernote Web Clipper?”
    • Hypothesis: 14% of GTD users would be saved if they tried Evernote for their reference filing.
  3. Evernote is a platform, not a well-known, habitually used product. So what?
    • So … the marketeers at Evernote are clueless at how to help people who have a dozen police helicopter spot lights in their eyes. Platforms give markets new-to-the-world-capabilities, marketing people are trained to more efficiently sell old-to-the-world-capabilities.
    • So … in GTD terms, a new platform allows us to experiment with new degrees of freedom in organizing. The way our brains work with new platforms is trial and error. Our brains will try using the electronic tools, then pull back and compost on how the new platform *feels*. Then, confidence in a new way to use the tool appears from nowhere, and we implement the tool. And iterate improvements from there.

BIG Evernote LESSON FOR GTD USERS:

Don’t web surf to figure out how to use Evernote. Experiment with your own next actions, projects, reference filing, and inboxing. See what pleases you and run with that. When you feel *hindered* by Evernote, stop doing that. 

You can start with paper, that worked for me! See GTD Time Lapse for my 5 year history of GTD evolution.

You can go all digital. That did not work for me. I went back to paper + Evernote.

The trick is to start. Don’t think “I can’t start without the perfect system.” Think, what can I improve the most, with the least effort. Or, better, what would be fun to really focus on and improve? After 200+ MBA students, I think getting a ScanSnap and Evernote going as your reference filing system can’t be beat.

Whatever you do, keep evolving your GTD. GTD is like a bicycle. When you stop moving, you fall over.

bill meade

Evernote Two Factor Authentication: Part 2 Step-by-Step

Photo Library - 16569

Introduction:

This is the 2nd post in a 2-part series on Evernote 2 factor authentication.  The first post (here) explains what 2 factor authentication is and why it is good.  And then this post points you to a Rick Broida eight step set-up procedure for Evernote’s 2 factor authentication at PC World, and then … adds a few instructions where I *suspect* people might experience confusion.

Step 1:

Hardest part of any step by step is the first step. Rick’s first step is to sign into your Evernote account. If you do not yet have an Evernote account, you will need to go to Evernote and sign up, before you can turn on 2 factor authentication.  Click here to do so.

Also, you will need some way to read a QR code on your phone. So if you have an Android phone go here and pick a free QR Code reader and install it on your phone. If you have an iPhone click here.

Step 6:

Rick’s step-by-step flows smoothly until he gets to step 6 where account verification rear’s its head.

Account verification is simply using the 2nd factor in 2 factor authentication. Evernote has set up two ways to verify your identity when you open Evernote in a fresh computing environment (new computer, new phone, web-surfing-in-from internet cafe, etc.). Either authentication method you choose, you will begin the authentication process by opening Evernote and seeing this:

Edit_Post_‹_RestartGTD_—_WordPress_and_Android

  • Way1: text messaging.
    If you choose text messaging to obtain your 2nd factor, when you attempt to log into Evernote, you’ll see the above screen, and then wait with your phone in hand, to receive the 6 digit code.
  • Way2: using Google’s app for authentication (for Android, iOS, and Blackberry).
    If you choose to obtain your 2nd factor via a Google app (which I showed in the previous post) you will need to pick up your phone, start the Authenticator App, and then copy the 6 digit number for Evernote from the phone into the dialog box on the screen above. Here is what I see (because I use 2 factor authentication on Gmail as well as on Evernote):

Android

Both ways produce the same 6 digit code, no big deal. Only difference is how you receive the code.

Discussion:

Day to day, using Google authenticator on your phone is the best way to go because:

  1. Google’s app is *instant* while text messages takes extra time
  2. Text messages have a likelihood of disappearing in direct proportion to the urgency with which you need to access your information.
    • So, the more urgent it is for you to get into Evernote, the more likely your text authentication code will be lost.
  3. Authenticator apps are clean, you open them and look at your code. Text apps are spaghetti monsters.

BUT…

Evernote has positioned text messaging as a premium service. Wait, what? Perhaps texting is the premium service because if you use text messages you will not have to install Google Authenticator on your phone? I don’t know. My advice is to set up Google Authenticator on your phone.  How?

Setting Up Google Authenticator for Evernote:

Step 1: ON YOUR COMPUTER Go to Google’s Authenticator install page and read the step-by-step for installing Google Authenticator on your phone (Android, iOS, Blackberry).

Install_Google_Authenticator_-_Accounts_Help

Step 2: ON YOUR COMPUTER Log into Evernote via web browser, go to account settings, security summary …

Step 3: Click on Google Authenticator and you will see this dialog box:

Security_Summary

then click on the appropriate operating system for your phone. Here is what I see when I click on Android:

Security_Summary2Now, take a picture of the QR code (*Note* This QR Code will not work for you, each QR code is specific to one Evernote account). And your Evernote 2nd factor authentication key will be added to your Google Authenticator account. 

THERE!…

OK, I *think* I’ve got all the confusions to setting up 2 factor authentication in Evernote, covered. If not, email me (bill@basicip.com) and let me know what I missed!

bill meade

 

 

 

 

 

Evernote Two Factor Authentication: Think (again) like an Evernote programmer!! Part 1

Photo Library - 16569Source: Bill Meade taken in Boise ID

Introduction:

The efficiency/security tradeoff has changed! Well for me at least. Until now I’ve deliberately risked using Evernote as my reference filing system, knowing that if someone guessed my password I would be hosed. The “Evernote deal” seemed to be capturing the value of increased efficiency now, at the price of possibly getting hacked later.

This “Everyone has been hacked. Now what?” attitude is calculated. Our IT infrastructure is what it is. I may be hacked and not know it. As long as I can use Evernote to keep track of my stuff, do I really care? If I start obsessing about my net-connected infrastructure too much, the profit of using computers will quickly become a loss. I mean it is pretty clear why all my computers have been so slow all these years: the NSA! Hacking! Botnetting!

Locks were invented to keep honest people honest. Determined criminals find ways in.

So I’m excited to start trying out Evernote’s two-factor authentication: A padlock for Evernote.

What is it?

Two factor authentication is one step up in security, from using username+password protection. In two factor authentication your password is used same as normal (the username+password is factor 1 of 2) and then a second special password is used in addition (the special password is factor 2 of 2).

The idea is that while a criminal can easily guess your username from defaults (Unix “admin” or Windows “Administrator” or your email address), and then either steal or “break” your password. A criminal will need to go to a whole new level of effort in order to get your phone. What makes stealing the phone essential is that the special password changes every few seconds on the phone. But I am digressing into the next question about 2 factor authentication: How does it work?

How does it work?

The special password generated on your smart phone is dynamic. It changes every  60 seconds. To find your dynamic password, you use the Google Authenticator app on a smart phone.  Here is what Google authenticator looks like on my smart phone:

BlogGraphics02_pptx

So when you need to authenticate into Evernote, you start Google Authenticator, and then you see your password of the current moment. Here is what I see on my Google Authenticator:

Android

The red arrows point to countdown timers showing you how much longer the 6 digit passwords will work to authenticate you into Evernote/Google.

So, because the passwords are constantly changing, a casual criminal will have to obtain your phone, and then break into it (you do have your cell phone password protected don’t you :-) to log into your account.

QUESTION: Do I have to authenticate every time that I start Evernote on my computer?
ANSWER: No

We now come to the how does it work … hands and knees perspective.  In a wonderful BYTE magazine article in 1989 Peter C. Olsen articulated a theory of how to hire programmers: send them to Africa and tell them to hunt elephants, and then watch the algorithm they use.

Olsen_1989_Hunting_an_Elephant

*Note* that assembly language programmers execute the basic algorithm … on their hands and knees. So in the rest of this article I’m going to emulate an assembly language programmer in trying to go slow, be very careful, to take each step one at a time.

What were we taking about?  Oh yes, authentication. You will have to authenticate to Evernote when:

  • Case 1: Logging into Evernote from the web. Here is the log-in screen you’ll see using evernote web:
    Menubar_and_Enter_CodeNote that you can check the box and not have to re-authenticate for a month on the computers you use to access Evernote web. But, if you log into Evernote from friends computers, you will have to have your phone available from now on.
  • Case 2: Setting up Evernote on a computer for the first time (duh). Here is what the dialogs look like on a Mac:First, the normal dialog asking for factor 1 (Username+Password)
    Blank_Skitch_Document_2Next, a pop up dialog asking for the factor 2 (from Google Authenticator on my phone):
    Edit_Post_‹_RestartGTD_—_WordPress_and_AndroidNote that the new dialog asking for the number gives you a hit with a phone icon with Google Authenticator’s thumbnail graphic. You type your 6 digit number in here and then you enter Evernote as usual.
  • Case 3: After you log out of your Evernote account on your computer. *Note* I had never logged out of my Evernote account before playing with Evernote two factor authentication. So this will likely be no big deal. After enabling two-factor authentication I tried to trick Evernote into annoying me by asking for authentication. I quit Evernote, restarted, re-booted, etc. and Evernote did not ask me to authenticate. *Note* two factor authentication is smart but not paranoid.
  • Case 4: After you log out of Evernote on your spouse’s computer. *Note* anything that can go wrong will. If you turn on two factor authentication and share your evernote account with someone, you will have to authenticate for them on their computer, or they will be locked out of Evernote at the most inconvenient time. Plan on it.

This is all the cases I can see where Evernote users will have to authenticate. Note, if I have missed a case, email bill@basicip.com and let me know, I’ll add your case to this list.

What is the strategy?

2013 was the year of security on the internet. We are all red queens now, our security skills and infrastructure are going to have to run, in order to keep us in a place where computers remain profitable to use. The strategy of introducing two factor authentication is a step in the direction towards keeping computing profitable for its users. rqueen01

Will computing ever be secure? Probably not. There are too many evil geniuses. In a way the deal of using computers will always be a bet on the value of using technology today, against the eventuality of being hacked. Should this deter us from using two factor authentication? No. We are stupid not to use very slick, very simple tools that at the least, will shift bad hackers to softer targets.

What are the objections?

Objection: “I will have to authenticate every time I use Evernote!”

The reality is no. You will have to authenticate to Evernote every time you change the computing environment where you are using Evernote.

  • When you get a new computer.
  • When you log in to Evernote from a coffee shop or a friend’s computer.
  • Or when you give another person access to your Evernote data store.
  • Or when it has been 30 days since you last authenticated via the web.

*Note* I personally think that Evernote’s marketing communications on this two factor authentication objection, are confusing. If I were Evernote I would have said:

  • “Evernote’s 2 factor authentication works just like Google’s 2 factor authentication.”
  • The average user will authenticate about once a month during the first year they use 2 factor authentication.

Signalling that people can re-use what they learned getting Google authentication working, and that we are all marching into a common, reasonable, computer security future.

Objection: “Evernote two factor authentication is too hard for a normal person to set up!”

Probably false. Two factor authentication is a new use model for end users to learn. But, it is not if we end users will need to learn to set up two factor authentication. It is a when.

My next blog post will be a step-by-step on setting up Evernote two factor authentication on Macintoshes with Android phones (A totally recessive combination I admit!). Take a peek at that next week and see what you think. I’m a marketer, I set up 2 factor authentication. As any enginerd will tell you “If a marketeer can set it up, any user can!”

Objection: Anyone who steals my phone will have access to my Evernote account.

True … if you do not have your phone password set. :-) But, this is true even without two-factor authentication today! If your phone is wide open, and you have logged into evernote before you lose the phone, whoever has your phone has access to everything in Evernote.

Personally, I find Evernote on my Android to be about .6 of the way to a 1.0 that is compelling to use. My short term security plan with Evernote is to take Evernote off my phone.

Then, if someone steals my phone, they will have access to my special password (authentication factor 2), but will still have to guess/break my Username+Password. My theory is that when I notice my phone is gone (God’s way of telling you to get a new Android phone! :-) I’ll log into Evernote on my computer, change the password, and then log into my remote wipe on Android and zap the phone. Safe! Or at least, safe enough.

See you then!

bill meade