Jump to content

(Archived) Feature Request: obligate users to introduce user AND pass


Recommended Posts

Posted

The Evernote login screen (in the Desktop App) should obligate a user to introduce both: username AND password in order to open their notebooks (not just username).

Posted

Good luck getting anywhere with this, but I am glad to see others asking for it. I made a similar post a couple of days ago, and I believe others have suggested this as well. Their best suggestions: put the database in a vault like TrueCrypt (I have to believe overkill in many cases) or use a passworded screensaver.

EN 2.2 did have a password requirement. I haven't seen them talk about why it was removed in EN3.

Brian

Posted

I'm pretty sure I read the reasoning behind this somewhere on here. It was something along the lines of -- even in EN 2, the database wasn't encrypted. The pw protection just prevented you from opening up the client, but someone rooting around on your drive could still find the unencrypted db and get into your notes that way. So having a password on the client was MISLEADING, as it implied a level of protection that was not really there. And users who DID want things to be truly protected would get very upset when they discovered that they weren't really getting the protection they thought they were getting.

Anyway, I'm pretty sure that is what I read somewhere here, but of course I can't find it now. So, take this as just a guess as to the reasoning behind this. Personally, I've found the password screensaver solution to be the best in environments where I need to worry about this, because there is a lot more on my computer than JUST EN that I'd rather others not look at (plus, prankster-type co-workers in my office have been known to do silly things like send company-wide goofy emails from someone else's computer).

Posted

You're right - the passworded screensaver works well, assuming one has the rights to access the screensaver. In my workplace, this is locked out.

@SaraS - I think you're right about the EN2 db. Now that you mention it, I do seem to recall that same discussion about the EN2 database being directly accessible as well.

This leads me to a question: from the company's programming standpoint, does a database HAVE to be encrypted to password protect it? I still maintain, and I think many would agree, if I want it encrypted I can either encrypt individual notes OR stick it in Ft. Knox (TrueCrypt). A basic level of protection within the program seems like an obvious feature. Don't get me wrong - I LOVE EN - I have since the day I installed version 2. It just seems like this is something that any program of this nature would offer.

Brian

Posted

I for one am strongly against such a PW feature.

I like the idea very much that w/o my EN user info, EN desktop can still function. If that weren't the case I would never ever use the program.

Posted
the passworded screensaver works well, assuming one has the rights to access the screensaver. In my workplace, this is locked out.

On WinXP & Vista pressing Win+L will lock your computer.

Posted
The pw protection just prevented you from opening up the client, but someone rooting around on your drive could still find the unencrypted db and get into your notes that way.

yeah... you're right... so both features must be implemented IMHO: db file encryption and username+password authorization.

The program should be as secure as it can on its own. It can't depend on third part software or enabling OS passwords

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...