Notion has quickly become a favorite for taking notes, task management, and collaboration. But does it offer the gold standard of security – end-to-end encryption? In this article, let’s find out.
How Notion Stores Your Data?
Notion uses a cloud server from AWS based in the US West, Oregon to run its app and software. It is a virtual private network that cannot be accessed via a normal public internet.
According to Notion’s security page, the data is encrypted at rest and in transit but it is not end-to-end encryption. What this basically means is that your data is encrypted when it is stored on Notion’s servers as well as when it is being sent between users’ browsers and the Notion servers.
Going into the specifics, they use AES-256 to encrypt data at rest and TLS 1.2 or greater when it is in transit.
According to a Notion employee, they do not use end-to-end encryption as it will make it difficult to implement some features like real-time sync and workspace full-text search.
However, Notion performs quarterly independent security audits with the help of well-known security audit firms. They are ISO 27001 certified and have passed the SOC 2 Type 2 audit performed by a independent third-party auditor. This certifies that Notion security policies and controls meet the highest industry standards.
Is Lack of End-to-end Encryption Concerning?
Lack of end-to-end encryption means it is risky for users to store sensitive or confidential data on Notion, such as personal information, financial data, or business secrets.
In the event of a data breach, the attackers could access and steal the unencrypted data. It is also important to note that Notion employees are also able to access information after receiving explicit consent from a user. On the plus side, Notion has a system in place to keep a log of all instances when a user’s data is accessed, which they review on a regular basis.
Will You Be Notified About a Data Breach at Notion?
Notion monitors and performs security audits on a regular basis. In the event of a security breach, they are committed to promptly notifying users directly within the app, as well as via email.
How Can You Secure Your Notion Workspace?
2FA, or two-factor authentication, is a feature that adds an extra layer of protection to your Notion account. It is not the same as having e2e encryption but lets you prevent unauthorized access to your account and your workspaces, even if someone knows your password.
To enable 2FA for your account, follow the below steps:
- Go to Settings & Members in your sidebar and click on My Account.
- Under the Account Security section toggle the 2-step verification option.
- Notion will ask you to enter your password. Enter your password and click on Continue.
- Choose whether you want to receive a verification code via an authenticator app or a text message. You can also add multiple methods for backup.
- Follow the instructions on the screen to scan the QR code or enter your phone number. You will need to enter a one-time code from the app or the text message to complete the setup.
That’s it! Now, every time you log in to Notion, you will need to enter your password and a verification code from one of your methods.
Notion will also give you backup codes which you need to store in a safe place. You will need them if you lose your phone or verification device.