Jump to content

"Remember this {device} for 30 days" and Two Step Verification


Vinz

Recommended Posts

Posted

When loging in using the web client, does checking "Remember this {device} for 30 days" temporarily or permanently disable two step verification on the Evernote account? 

  • Level 5*
Posted
20 hours ago, Vinz said:

When loging in using the web client, does checking "Remember this {device} for 30 days" temporarily or permanently disable two step verification on the Evernote account? 

Hi.  No one has complained about any issues - yet.

  • Level 5
Posted

In my case it does not always seem to remember, especially on Safari. I think this is due to the general security settings of Safari, that are pretty tight. So if on rare occasion I enter the web client twice, I have to go through 2FA. This can be disabled somehow in the Safari settings (tracking or somewhat, my Mac is still down).

No need to complain, better be safe than sorry.

Posted

following on this, 30 days goes by pretty fast these days. how about making it longer or at least giving the option to? thanks!

  • Level 5*
Posted
9 hours ago, clivend said:

following on this, 30 days goes by pretty fast these days. how about making it longer or at least giving the option to? thanks!

Kinda devalues the two-step protection to keep things connected regardless...

  • 4 weeks later...
Posted

 

On 10/8/2019 at 7:05 PM, gazumped said:

Kinda devalues the two-step protection to keep things connected regardless...

isn't it mostly about preventing unauthorized devices to connect? the android app never ask for login again, and my browser on my laptop should be no different

  • Level 5
Posted

The apps on a smart device are regarded as being protected by the devices safeguards. For this reason these devices are often used as a second factor. Generally they have a high level of trust. Most smart devices are build to be and used by only one person. If you delete the app and reinstall, you will be asked to run through 2FA (at least this is what happens on an iPhone).

A PC is regarded as comparatively open, a multiuser device. Because of that 2FA is handled much stricter there.

And no, IMHO it makes no sense to offer a lot of options on security. A good security concept has several layers of mutually supporting measures. It is very difficult to change parts of it without loosing control over the entire structure. For an outsider (= user) it is not easy to balance security vs. comfort properly. A little more comfort may result in a complete loss of security.

Personally I am quite happy about the level of security offered by EN when 2FA is activated. In the end it is not about the Security of EN, it is about safeguarding my own data.

  • 2 weeks later...
Posted
On 11/2/2019 at 10:29 PM, PinkElephant said:

A PC is regarded as comparatively open, a multiuser device. Because of that 2FA is handled much stricter there.

which is not really true since user accounts are separated. At the same time, a phone may not have a lock on.

I think that going up from 30 to 45/60 days of validity does not really harm anyone and can make the life of those who use evernote web a lot, a bit simpler

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...