MoritzU 0 Posted March 14, 2021 Share Posted March 14, 2021 Hello, during the last few months, I have received multiple emails from the Evernote support stating that someone logged into my account outside from my home country. The emails were legit, coming from "account.evernote.com". After each email, I've quickly changed my password and - after the first one - activated 2FA. However, sadly to no avail. Even though 2FA is activated on my account and I am using a randomly generated password, I've still gotten emails regarding foreign logins - the latest came this morning. How is this possible? What can I do? To me this looks like either an Evernote bug or a major oversight in their security. Thank you and best regards Edit: I was not using any VPN to connect to Evernote, so this is not the issue. Link to comment
Level 5* gazumped 11,713 Posted March 15, 2021 Level 5* Share Posted March 15, 2021 Hi. As you already use 2FA I'd be surprised if there was an issue here. I had some 'odd' accesses logged to my account from India at one stage, though the IP address quoted as the source was clearly mine. The only information Evernote can capture is the IP origin of any login, and IP addresses are sometimes hard to pin to a geographic location. I'd suggest you report the matter via Twitter and leave Evernote to work out why the false positives are happening. https://twitter.com/evernotehelps Link to comment
Level 5 PinkElephant 8,198 Posted March 16, 2021 Level 5 Share Posted March 16, 2021 You can check if there was really somebody inside of your account by looking up the access history. You find it in your account settings. If there was nobody inside of your account, the emails probably just tell that somebody tried to enter. Trying means somebody knows your account name (maybe from another internet breach) and is now trying to brute force your password. Another strategy is called "spraying", where numerous accounts are tried at the same time. EN may note this attempt to force access to your account, and sends you an alert. To stop somebody rattling your accounts doors, you would need help by support to change your login credentials. Link to comment
330smg 0 Posted March 18, 2021 Share Posted March 18, 2021 I have this also, makes me uncomfortable with Evernote security. Honestly my password is strong and I received no notification in text to approve a login. Where is an Evernote employee to answer why this happens STILL! Link to comment
Level 5* gazumped 11,713 Posted March 19, 2021 Level 5* Share Posted March 19, 2021 On 3/18/2021 at 2:22 PM, 330smg said: I have this also, makes me uncomfortable with Evernote security. Honestly my password is strong and I received no notification in text to approve a login. Where is an Evernote employee to answer why this happens STILL! This isn't Evernote Support and employees don't (usually) deal with individual questions. We're a (mostly) user-supported forum. And the answers to your query are in the two posts immediately above yours. If you have any other questions, we'll try to help... Link to comment
Level 5 PinkElephant 8,198 Posted March 20, 2021 Level 5 Share Posted March 20, 2021 Check in the account information, access history if there really was an unknown access, or if somebody is only trying to enter without succeeding. Link to comment
MoritzU 0 Posted March 20, 2021 Author Share Posted March 20, 2021 At least for me, the access history does not list a login for the last week. However, Evernote's email really should not state "There was a new login to your Evernote account and we want to make sure it was you." if it was just a login attempt! Back in December, before 2FA and password change, there has been the exact same email. This one is shown in the access history. Link to comment
Level 5 PinkElephant 8,198 Posted March 22, 2021 Level 5 Share Posted March 22, 2021 Most likely the wording of the mail is misleading. Not good, but better than the other way round. Congrats to your account security, many others are not using all measures possible. 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now