On March 2, 2013, the digital note taking system Evernote was hacked. Evernote has forced new passwords and have released new updates to Windows, Windows phone and iOS of their client software.
Given what is known about their security set-up, e.g. Evernote encryption and Evernote forum discussion, of selecting strong passwords, adding pincode for opening notebooks on mobile devices, what else should be done as an end user to add security?
Whenever a service you use gets hacked and the result is a leak of authentication credentials, there are some precautions you can take to minize your risk.
First of all, change the service's password, even if you had a long and complex one. This will make it impossible for the attackers to get your current credentials.
Make sure you never use the same password for two different applications. I know, same old suggestion, but this is exactly the case where it makes a difference!
You have to consider that Evernote uses an e-mail address as username (too), hence creating a higher risk if you use the same password for other services that require a unique e-mail (e.g. Facebook).
Finally, I'd suggest the use of a password manager in order to generate safe passwords and to use them without having to rely on simple schemas (e.g. Evernote1!) or on post-it notes.
They salted and hashed their passwords, which means that you should be reasonably safe.
Hashing is turning a string of text (in this case, the password) into a hash, so that when it is compromised, the perpetrator would have to crack it in order to gain access to the plaintext passwords. In this case, longer and more complex passwords are better.
Salting is adding a bunch of characters to the end of your original password, to make cracking the hashes harder to crack.
Just don't use the same password everywhere and choose a password that is secure (non-dictionary words, numbers, upper cases and lower cases, symbols etc.)
