Jump to content

Is this message from Evernote “legit”


Go to solution Solved by PinkElephant,

Recommended Posts

When I open my Evernote app,  I receive the message “Action required! SMS-based two-factor authentication is being phased out.  Please update your authentication method now.  OPEN SECURITY SETTINGS.

 

Screenshot 2023-08-03 at 10.34.36 AM.png

  • Like 1
Link to comment

I am a huge believer in 2FA.  But even so, is the data stored by Evernote in the cloud actually encrypted?  I would hate to think the 2FA is great, but if they are not encrypting our data then that is a big no-no security wise.

Link to comment
  • Evernote Expert
11 minutes ago, Lissismore said:

I have SMS two-factor turned on, and I saw this message. So I clicked on the link and the only option is Google Authenticator. Is that true?

Select Google Authenticator but actually choose whichever equivalent you prefer. Authy, as @PinkElephant uses, or Microsoft Authenticator or whatever. For Android I found seven options in the Google Play Store.

Link to comment

As an aside, am I missing something about most implementations of 2FA?  What if I lose my phone?  (I did, and as far as I could figure out, there is no quick way to get to many apps anymore.  Only a few offer a non-mobile device recovery that works quickly.  Otherwise, you have to go through the support desk of each app, website, etc...  Is there a way to consistently avoid that?

  • Like 2
Link to comment
  • Evernote Expert

In the past signing up for 2FA generated a set of emergency codes for just the situation you describe. I think it is possible to generate a new set of codes in the online settings/profile. Keep them separate to your phone...

  • Like 2
Link to comment

So I am clear, even thought the 2FA setting mentions only Google Authenticator, I can use my Last Pass Authenticator to turn this on? I won't get locked out of my account because I am not using Google Authenticator?

Link to comment
On 8/4/2023 at 10:12 AM, Grant837 said:

As an aside, am I missing something about most implementations of 2FA?  What if I lose my phone?  (I did, and as far as I could figure out, there is no quick way to get to many apps anymore.  Only a few offer a non-mobile device recovery that works quickly.  Otherwise, you have to go through the support desk of each app, website, etc...  Is there a way to consistently avoid that?

Couldn't agree more about the problem - or at least my understanding of it.  And you don't need to lose your phone to face it: what about if you upgrade your phone?  It's not as though you have a desktop/laptop/tablet solution with Google Authenticator.  Then again, I may be missing something too.

Link to comment
  • Level 5

You can use a number of Authenticator that are available on multiple devices. You need to check - you need one that produces the same code on each device. Authy for example does, 1Password does it either. Both are available for the Apple Watch as well, just as an example that the device can be a wearable as well.

The emergency codes are thought for a situation when you can‘t access any device - or forgot to establish the code generator on several devices, and are now locked out.

  • Like 1
Link to comment

 

It's possible to setup Google Authenticator on multiple devices as well - I have.  You can find posts on how to do this by searching the web.  It takes a little patience, though, to unearth them.

  • Like 1
Link to comment
  • 2 weeks later...

Hello all,

Does anybody have a the retirement date when Evernote will stop supporting SMS two-factor authentication?  I need a the exact date and NOT time frame as one of my end users is asking me.  The idea my end user wants to use SMS two-factor authentication all the way to the retirement date before he is forced to install Google Authenticator for two-step verification.  Thanks and looking forward to your response.  

Thanks,

Joey

Improving two-factor authentication for your Evernote account

Dear user,

Ensuring the utmost security for your Evernote account is our top priority. To further strengthen the platform against cyber threats, we’re making an important update to our two-factor authentication method.

In the near future, we’ll stop supporting SMS two-factor authentication. Therefore, we kindly ask that you go to your Security settings page and follow the instructions to set up the Google Authenticator, or an equivalent TOTP authenticator app of your choice.

For more detailed guidance on the setup process, check out our comprehensive Help and Learning article on the topic. If you have any further questions or need assistance, don't hesitate to reach out to our Support team.

Your security matters to us, and we appreciate your cooperation in making this necessary change to better protect your Evernote account. Thank you for being part of our secure community.

Best regards,

- The Evernote team

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...