Phantom login in spite of 2FA and multiple password changes

[MoritzU 0]

Hello,

during the last few months, I have received multiple emails from the Evernote support stating that someone logged into my account outside from my home country. The emails were legit, coming from "account.evernote.com". After each email, I've quickly changed my password and - after the first one - activated 2FA. However, sadly to no avail. Even though 2FA is activated on my account and I am using a randomly generated password, I've still gotten emails regarding foreign logins - the latest came this morning.

How is this possible? What can I do?

To me this looks like either an Evernote bug or a major oversight in their security.

Thank you and best regards

Edit: I was not using any VPN to connect to Evernote, so this is not the issue.

[gazumped 11,713]

Hi.  As you already use 2FA I'd be surprised if there was an issue here.  I had some 'odd' accesses logged to my account from India at one stage,  though the IP address quoted as the source was clearly mine.  The only information Evernote can capture is the IP origin of any login,  and IP addresses are sometimes hard to pin to a geographic location.  I'd suggest you report the matter via Twitter and leave Evernote to work out why the false positives are happening.

https://twitter.com/evernotehelps 

[PinkElephant 8,198]

You can check if there was really somebody inside of your account by looking up the access history. You find it in your account settings.

If there was nobody inside of your account, the emails probably just tell that somebody tried to enter. Trying means somebody knows your account name (maybe from another internet breach) and is now trying to brute force your password. Another strategy is called "spraying", where numerous accounts are tried at the same time. EN may note this attempt to force access to your account, and sends you an alert.

To stop somebody rattling your accounts doors, you would need help by support to change your login credentials.

[330smg 0]

I have this also, makes me uncomfortable with Evernote security.  Honestly my password is strong and I received no notification in text to approve a login.  Where is an Evernote employee to answer why this happens STILL! 

[gazumped 11,713]

On 3/18/2021 at 2:22 PM, 330smg said:

I have this also, makes me uncomfortable with Evernote security.  Honestly my password is strong and I received no notification in text to approve a login.  Where is an Evernote employee to answer why this happens STILL! 

This isn't Evernote Support and employees don't (usually) deal with individual questions. We're a (mostly) user-supported forum.  And the answers to your query are in the two posts immediately above yours. If you have any other questions,  we'll try to help...

[PinkElephant 8,198]

Check in the account information, access history if there really was an unknown access, or if somebody is only trying to enter without succeeding. 

[MoritzU 0]

At least for me, the access history does not list a login for the last week. However, Evernote's email really should not state "There was a new login to your Evernote account and we want to make sure it was you." if it was just a login attempt! Back in December, before 2FA and password change, there has been the exact same email. This one is shown in the access history.

[PinkElephant 8,198]

Most likely the wording of the mail is misleading. Not good, but better than the other way round.

Congrats to your account security, many others are not using all measures possible.