Swiftwater 1 Posted May 13, 2021 Share Posted May 13, 2021 Two Factor Authentication: I don't know if there's a feature already that allows a two-factory authentication on Evernote. I think it would be a great feature to integrate Yubico's Yubikey as a security feature for either account sign-on for new devices or notebooks with sensitive information. If you don't know what the Yubikey is, its typically used as a security key (much like many employees get with corporate companies) for logging into popular applications. Many people invested in cryptocurrency typically use this hardware based authentication product to secure their logins for hot and cold wallets. I'll leave some information regarding the product and company below. I think it would make a great feature for Evernote, especially for companies and individuals with highly sensitive information on their Evernote accounts. Yubico: https://www.yubico.com/ The company’s core invention, the YubiKey, is a small USB and NFC security key securing access to any number of IT systems and online services. To protect secrets on servers, we also created the YubiHSM, the world’s smallest hardware security module. For easy integration with any IT system, we offer developers open source servers, support and hosted validation services. Yubikey The Yubikey 5 series is there most popular product. It eliminates account takeovers by providing strong phishing defense using multi-protocol capabilities that can secure legacy and modern systems. The series provides a range of authentication choices including strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. https://www.yubico.com/products/ Intergration https://www.yubico.com/support/download/ Yubico is opensource, so it shouldn't be a problem integrating to Evernote. Let me know your thoughts on a hardware authentication tool or two-factor authentication in general for Evernote. 1 Link to comment
Level 5* gazumped 11,666 Posted May 14, 2021 Level 5* Share Posted May 14, 2021 22 hours ago, Swiftwater said: Let me know your thoughts on a hardware authentication tool or two-factor authentication in general for Evernote. Hi. Try this. Set up two-step verification Link to comment
awood 0 Posted May 25, 2021 Share Posted May 25, 2021 It seems strange that you do not need to give up your phone number for a free or paid account, but you do have to give it up for MFA, unless you have a paid account. Prople should absolutely pay for playform features....but not features used to secure your platform and our data. Link to comment
Level 5 PinkElephant 8,114 Posted May 26, 2021 Level 5 Share Posted May 26, 2021 Should - should not - … Fact is there is 2FA (which is not available for every note taking app), and it is advisable to active it. Maybe EN will enable more one day. Currently it is by phone / message for Basic, plus by an authenticator (any, not only Google) for the paid accounts. The reasoning for the phone number for BASIC accounts is that it provides EN with an indirect personal ID - which is not necessary for the subscribers. Link to comment
Level 5* gazumped 11,666 Posted August 26, 2021 Level 5* Share Posted August 26, 2021 This isn't a votable thread, so "+1" doesn't really help here - I'd suggest someone posts this suggestion in a Feature Request forum and puts a link to that new thread back here, so anyone who's interested can vote it up. Link to comment
x0x0 0 Posted July 13, 2022 Share Posted July 13, 2022 +10 for YubikKey, and especially for Yubikey Bio (FIDO2 / WebAuth) because: When logging into e.g. the web app, the user has to write a code from the 2FA authenticator app (when it's enabled). This method is slow and introduces human errors such as writing the wrong code, or missing the timing of the authenticator app code, since these codes change regulary. I would love to have the option to be able to add hardware-based tokens such as a YubiKey Bio token, instead of having to use authenticator codes. By using a hardware token users will save a lot of time, get better login experience in addition to increasing their security. YubiKey Bio series supports FIDO2/WebAuthn, U2F and one can read more on their home page about this. To support FIDO2, fidoalliance.org writes the following:"For developers with existing web pages or applications that are looking to implement FIDO2, there are two changes that you will have to make to your application: 1) modifying the login and registration pages of your website or mobile application to use the FIDO protocols; and 2) setup a FIDO server to authenticate any FIDO registration or authentication requests. Get a high-level overview of the steps to take for both of those changes here." Best regards Link to comment
Level 5 PinkElephant 8,114 Posted July 13, 2022 Level 5 Share Posted July 13, 2022 We will see what happens in the field of authentication. If the current initiative of Google and Apple works out (which depends on it being OKed by antitrust authorities), the time of dedicated hardware keys may be over before it ever really began. This stuff is from my observation still pretty nerdy. Link to comment
x0x0 0 Posted September 29, 2022 Share Posted September 29, 2022 Any news regarding FIDO2 / WebAuth? Link to comment
Level 5 PinkElephant 8,114 Posted September 29, 2022 Level 5 Share Posted September 29, 2022 No. Link to comment
Evernote Expert agsteele 2,950 Posted September 29, 2022 Evernote Expert Share Posted September 29, 2022 And I suspect it isn't even on the agenda... Link to comment
Level 5 PinkElephant 8,114 Posted September 29, 2022 Level 5 Share Posted September 29, 2022 I doubt it will ever show on the backlog. These keys are for nerds, and they will never make it to the normal users. The „big 4“ are currently working on an initiative to replace passwords and 2FA by something based on (probably) biometrics, saved in a Secure Enclave on device. This will make it in the end. Link to comment
ESin 1 Posted December 27, 2022 Share Posted December 27, 2022 I don't think FIDO2 Key are "just for nerds". It just comes down to the security requirement needed by individual user, be it due to compliance, financial, certain high risk occupation, or personal reason. All mainstream browser now supports FIDO2 Key, and modern mobile device can already can already act as FIDO2 Key (with biometric). As for the future of "passwordless", it is being implemented by FIDO and WebAuth. +1 for FIDO support. Link to comment
Level 5* gazumped 11,666 Posted December 27, 2022 Level 5* Share Posted December 27, 2022 9 minutes ago, ESin said: +1 for FIDO support. There are Feature Request forums where this sort of thing can be voted on - so far (AFAIK) no-one's even bothered to start a thread to add support for this feature. Evernote will be aware of the request, but anything not already in development is probably going to be in limbo until the merger/ takeover/ partnership with Bending Spoons is resolved next year... Don't expect results anytime soon. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now