Popup requesting Evernote password is not clearly coming from Evernote

I keep seeing an occasional popup dialog box that asks for my Evernote password in order to sync, but the dialog does not identify itself as coming from Evernote. For all I know, some malware wants to trick me into giving it my Evernote password! I have three issues with this:

1) Why does your application, which is running on my home computer, EVER need to ask for my password after the one-time installation? (I also have problems with Windows telling me certain functions are only available to my network administrator--which makes no sense on a home machine, and I suspect the two issues may be related. I don't trust Microsoft's malicious adware, so I block unwanted "features" that cause Windows to assume my machine is in a corporate environment. I can usually work around those "ask your network administrator" problems, but they are a constant annoyance. Ironically, Evernote is the ONLY reason I haven't migrated permanently to Linux. I often boot my computer to Linux because of its much better security, and just use Evernote's web interface, but I haven't found a way to scan documents into Evernote as seamlessly in Linux as it is in Windows.)

2) If you MUST ask for a password, PLEASE make it clear it is Evernote asking for the password! Your dialog looks suspicious. I usually hit "cancel," and then go to Evernote and click on "sync." Then, when it asks for my password again (why?) I know it is OK to enter it.

3) Every time you ask unnecessarily for my password, you jeopardize my security, because I must look up my password, copy it to the clipboard, where any malware that might be running on my machine can access it, and paste it into your form (because I cannot remember a password that is long enough to be secure, and because I have a short-term memory problem due to a brain injury that makes copying a password visually and retyping it impossible for me--I often have to call someone to come and enter my password for me, which sort of defeats the whole purpose of having a password!).

If you really do need to regularly verify my identity, couldn't you let me use my YubiKey for that? 

In my installation the Evernote password is only required for the initial login.  There is no password request for syncing.

Can you provide more details on this request?

Since you have a paid account, you might want to contact Evernote support at https://www.evernote.com/SupportLogin.action

For password management, there are services to simplify the process.  I'm currently using BitWarden; LastPass and 1Password are well known services.

5 hours ago, dwlloyd said:

I keep seeing an occasional popup dialog box that asks for my Evernote password in order to sync, but the dialog does not identify itself as coming from Evernote.

Do you have any other apps attached to EN?

We recently revoked a batch of user's apps due to a recent security incident. All users that were affected should have received an email last week regarding this. 

When a Windows OS device is revoked, either from our end or from https://www.evernote.com/Devices.action, an in-app prompt will display asking for your password.

 It looks like this:

I agree. We can do better to identify that this popup is from us. I've passed this feedback to our development team for further review.

If you prefer not to enter your password in this window, please follow these steps:

  1. Select Cancel to dismiss the prompt
  2. Select File > Sign Out
  3. Sign back in

You may have to dismiss the prompt a few times before you can get to File > Sign out. 



  2 years later...

I am getting this pop up asking for my password for sync again .   Before, once I logged in, I can sync / auto synced.  Now they keep asking for password 

