verando 4 Posted May 8, 2023 Share Posted May 8, 2023 Hi. I have a question related to login with Gmail. So I created my EN account using the "Login with Gmail" option. I noticed that after my account was created, I can also try logging in using the regular email option, putting in my Gmail address. Of course, since I used "Login with Gmail" I don't have a password. My question is: is there somehow a password that was created that I don't know about (that could be brute-forced?) What I would have liked is that EN should say "There is no account for the username or email you entered." if I logged in, but I guess on the back end my account has been associated to the email address associated with the Gmail account I used. This scenario reminded me of one EN user on reddit who complained that he/she got hacked even if they used login with Gmail account option. I thought one way that user got hacked is if they inadvertently supplied a password when they logged in using actual gmail email address, then forgot about it, then they got brute-forced. But that's just my guess. P.S. - since I was paranoid about this, I just enabled 2FA to add an extra layer of login security. Link to comment
Evernote Expert Solution agsteele 3,059 Posted May 8, 2023 Evernote Expert Solution Share Posted May 8, 2023 Adding the 2FA stuff was absolutely the correct thing to do regardless of your concern. It is sometime since I operated Evernote using Google login. My recollection was that to switch to regular Email login I had to generate a password via the list password process. But I may be incorrect since it was many years back and I now have a forgettery rather than a memory. I don't generally use Google SSO login on any service so would commend the standard login myself and use a password cache program such as KeePassXC, 1password, NordPass etc. 1 Link to comment
Level 5* gazumped 12,057 Posted May 8, 2023 Level 5* Share Posted May 8, 2023 Just to note that you can add (or change) a password - details here: https://help.evernote.com/hc/en-us/articles/230436427 1 Link to comment
verando 4 Posted May 8, 2023 Author Share Posted May 8, 2023 Thanks for your replies agsteele and gazumped ! Generally when I sign up for web services I use Google SSO for convenience (and thinking it was the safe option since I don't have to create/remember easy passwords). Only recently it got me thinking about the mentioned brute-force scenario. But each site implements it differently, so to be on the safe side I'll just follow the general recommendation to turn on 2FA / use a good password manager. 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now