This morning I received an email from Evernote alerting me that someone in India had logged into my Evernote account. I had to do a double take because at first I assumed Evernote had BLOCKED the attempted login with the new device; but no, to my utter horror Evernote had ALLOWED the login, and it had been 20 minutes since the login and the time I saw the email. That 20 minutes of course gave the hacker plenty of time to access my sensitive notes and download them. I am shocked and angry Evernote allowed this hacker to login to my account without any challenge. Doesn’t Evernote care more about my data than allowing unrecognized devices from foreign countries to wall right in the door without a challenge?
As a rule Evernote should block login attempts from foreign countries—or at the very least always always require a passcode be entered if a new device is being used. This is not something that the end-user should have to manually set with two factor security; it should just be the default security protocol, just like banks and other financial institutions use: nee device? Enter passcode sent by text or email. Period end of story.
And yes, I changed password, revoked access, and enable two factor security after this burglary, but the point is I shouldn’t have had to! It should be automatic! How many Evernote users right now do not have two factory security enabled and are thus vulnerable to the same exact attack I was hit with? I bet you there are tens of thousands, and all of them are sitting ducks just like I was. My bank would never allow this to happen and Evernote shouldn’t either. I don’t even want to debate this with anyone.
This security update (mandating two factor any time a new device is used whether user has enabled or not) should be a TOP PRIORITY change that should go into the next release. If it isn’t I’m canceling my premium account.
-Long time Evernote user speaking on behalf of thousands of Evernote users who are right now vulnerable to attack and don’t even know it.
Idea
MJ17 39
This morning I received an email from Evernote alerting me that someone in India had logged into my Evernote account. I had to do a double take because at first I assumed Evernote had BLOCKED the attempted login with the new device; but no, to my utter horror Evernote had ALLOWED the login, and it had been 20 minutes since the login and the time I saw the email. That 20 minutes of course gave the hacker plenty of time to access my sensitive notes and download them. I am shocked and angry Evernote allowed this hacker to login to my account without any challenge. Doesn’t Evernote care more about my data than allowing unrecognized devices from foreign countries to wall right in the door without a challenge?
As a rule Evernote should block login attempts from foreign countries—or at the very least always always require a passcode be entered if a new device is being used. This is not something that the end-user should have to manually set with two factor security; it should just be the default security protocol, just like banks and other financial institutions use: nee device? Enter passcode sent by text or email. Period end of story.
And yes, I changed password, revoked access, and enable two factor security after this burglary, but the point is I shouldn’t have had to! It should be automatic! How many Evernote users right now do not have two factory security enabled and are thus vulnerable to the same exact attack I was hit with? I bet you there are tens of thousands, and all of them are sitting ducks just like I was. My bank would never allow this to happen and Evernote shouldn’t either. I don’t even want to debate this with anyone.
This security update (mandating two factor any time a new device is used whether user has enabled or not) should be a TOP PRIORITY change that should go into the next release. If it isn’t I’m canceling my premium account.
-Long time Evernote user speaking on behalf of thousands of Evernote users who are right now vulnerable to attack and don’t even know it.
Link to comment
1 reply to this idea
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now