Brandon Arnold 2 Posted March 29, 2021 Share Posted March 29, 2021 Many forums do not like it when you bump an old post, but here is an old post that is still as true today as it was 3 years ago. Repro steps: Browse to evernote.com as a logged-out user with 2FA Fill in your credentials and check the "Remember this browser for 30 days" box Enter your 2FA code and check the "Remember this browser for 30 days" box again. Close your browser and go back to evernote.com Expected Behavior: Either (a) the browser should be logged in and go directly to notes, or (b) the browser is logged out but does not require 2FA. Actual Behavior: The browser is logged out requiring steps 1-3 again. Link to comment
Level 5* gazumped 12,070 Posted March 29, 2021 Level 5* Share Posted March 29, 2021 Hi. You're correct in one respect - we don't like it. But it isn't 'as true today' because the version of the web app that you're currently using is only about 6 months old. Plus I think I have seen an Evernote comment that it's truly bad security to allow your device instant access to your database without a security check. (I could be wrong.) To get an Evernote perspective on this - contact Support https://help.evernote.com/hc/requests/new (which we're not.) Link to comment
Brandon Arnold 2 Posted April 22, 2021 Author Share Posted April 22, 2021 @gazumped Evernote on desktop web has had the same login bug for years, which is a very good indicator to me that whatever they upgraded 6 months ago, their login action was not included in the update. And it is not "truly bad security" for your web browser to keep its session. Credentials: I'm an engineer maintaining one of the most used Oauth login products on the web today (Facebook Login), and have implemented many web login solutions in my day. Link to comment
Level 5 PinkElephant 8,819 Posted April 22, 2021 Level 5 Share Posted April 22, 2021 Works for me, on Safari (Mac & iOS) and Firefox (Mac). The browser takes me right to the start page, within a time frame of multiple days after one login using the „remember me...“ checkbox - 2FA is enabled. Have not plotted whether it is exactly 30 days. No experience with Chrome. Not working „remember“ could be rooted in the security / privacy settings, or plugins. Yet tried support on this ? Link to comment
Level 5* gazumped 12,070 Posted April 22, 2021 Level 5* Share Posted April 22, 2021 14 hours ago, Brandon Arnold said: And it is not "truly bad security" for your web browser to keep its session. I have, as they say, no opinion on this - I was quoting (I thought) Evernote - but I could've been wrong. It's still true that most people are now using a completely re-tooled version of the website, so if the issue remains, it could be by design. Just sayin'. 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now