Jump to content

ArjenC

Level 3
  • Posts

    121
  • Joined

  • Last visited

  • Days Won

    5

ArjenC last won the day on April 30

ArjenC had the most liked content!

About ArjenC

  • Birthday 11/28/1974

Recent Profile Visitors

212 profile views

ArjenC's Achievements

122

Reputation

2

Community Answers

  1. @PinkElephant Just a few remarks (seems my red ink is out ...). Solution: Use Pink instead Even "strong" passwords can be reused - and no service aimed at normal users enforces 2FA. Many users don't want the hazzle, and some even have technical problem with it Reuse of passwords is a real pain in the .. and not easily fixed for sure. A self-respecting service should urge their customers to use 2FA if they have it available as a extra layer. Login with username-password is out-dated to put it mildly.. and with the Evernote statement While we don’t require you to set a complex password, our password strength meter will encourage you to choose a strong one. I'm serious doubt the security decisions made on user-level, not server side... I don't have all the specs of their infra and mitigation tools. Enforced 2FA is maybe (but only maybe, as many pentests prove) enforced in professions that handle security issues day by day. Not true, more and more companies see the urge to enforce extra layers of security. Mostly after a (big) breach or hack... Evernote could be one of the few companies that implements stronger policies before a clusterfail... About the problem of trip wires that produce a too high percentage of false alerts I have written above. Just one example: One person wants to watch the geo-blocked new hot Netflix stuff - the other is not aware the home network is currently on VPN, and opens EN. Call from EN: We blocked your account, somebody from < .... > tried to access it. I bet these calls would be much (!) more frequent than real attempts at hacking into an account. As long as one part of the industry resorts to geoblocking, another part of the same industry can't (reliably) use location as an indicator. If you have 90% false alerts, any feature is dead that relies on it. Did not say that account needs to be blocked directly/permanently, alert can be sent to the mobile app or registered email with unlock option without any support from Evernote...as an example (not the best though, but simple one for free). If user knows Geo location / IP is different than normal behavior he/she can acknowledge and go on... About trust: If you don't trust EN to do "enough" for security, you doubt that they take security serious. And as you said, normally you avoid these services. At least I do (this is why I am with EN). Evernote has some stronger features in place, 2FA - strong psw policy, Geo/ip alerting etc... but customer must search for the options, why not enforce or urge or inform customers better. Let them know about the security risk.. customers store their whole life in Evernote, all passwords, taxes, bank account, creditcards and personal id's... Identity theft is a big issue, Evernote is a really big database and once breached..... Sure if one user is compromised the impact for all users is minimal, but why not helping in creating awareness? Evernote needs the restore trust, failed multiple times the last years with V10 and subscriptions. Hope Security isn't the next clusterfail...
  2. Should be remove when full uninstall is performed. But i could be possible it isn't deleted, cannot think of a practical use but have seen a lot of strange un- deployments
  3. @PinkElephant From all cases I have seen here, or that were reported elsewhere, there is a single reason why accounts are breached: Standard UserID plus reused or plain simple passwords, plus no 2FA enabled. Solution that could be taken by Evernote: Enforce 2FA, strong password policy, Breach control So one layer of security broken, another broken as well, or too weak, and the third possible layer not even implement. But sure, always telling EN needs to do this, EN needs to do that. No, it is IMHO the users responsibility to use the measures available. I'm not telling Evernote anything, just point out some facts. And yes user has responsibilities sure, but with Miljons of users the Evernote company should / could gear up and help users with the world wide security issues. I pointed to a single issue: That the geolocation in access history is sometimes off. That is hardly a reason to question security in general. And I concluded that is should raise red flags when a account is switching between different Geo's often. In 2021 is should be standard to at least alert the user about strange login behavior. But if you think it is not secure, draw the consequences: Take your stuff and move on. Frustrations? Why this negative reaction? If someone points out that Evernote has some issues or negative point why should he or she leave? Why can't someone write some critics about this product? Because security in the end is a question of trust - and you obviously don’t trust EN. No login-security has nothing to do with trust, don't know why you think login-security is trust related. If you don't trust a company, don't sign up in the fist-place. This can’t be healed, and I couldn’t care less. Trust can be restored, if someone takes the efforts. And you are wrong about the last statement.... you care, you care the most (i think) of all the forum users.
  4. @gazumped don't think that the sources are appreciated on this forum, sorry for the blunt statement btw... I whish it was different. But I don't think I'm reviling something new, data is collected when accounts are breached... this is for all applications the case. My point was, maybe to aggressive/negative for some, that security for Evernote is not on current standards... And with millions of users this is an issue. And yes a lot of issues are self-inflicted and cause by users themselves, but Evernote can gear up the security...
  5. Open CMD as an administrator and try: sfc /scannow This validates core window files.
  6. Switching IP's this frequently (geo based) should trigger an event for the users. Alert them about strange login behavior and let user acknowledge the attempt, if 2FA is enabled asked new verification. This could be a start to get security beter... Security within the Evernote apps/web isn't the best and needs a big improvement. There is a lot of user data collected from compromised Evernote accounts (several reasons why the accounts are breached). Evernote needs to improve and update the login policies and step into the year 2021, 2FA isn't enough it's just an extra layer and people think it's ok to store sensitive data in a note... but is isn't save enough, and they know but has no priority at this moment.
  7. Only issues with Evernote? Or other applications as well?
  8. 100% true, this is the only argument for EN... but really the only one.... when the competitors catches up with this I'm afraid Evernote won't make it another year
  9. Yep, let's build a car... oops square wheels are very bumpy on the road... let make an update in a couple of weeks.... try triangles
  10. O don't U worry about me, I've moved on... But just curious why you are so positive about this poor performance from the company EV...I really don't know anyone who has anything positive about this crappy software. So I was just wondering why..
  11. @PinkElephantU R defending EV's testing capabilities... it is a poor show, after all these months of defective updates... If this poor quality was done by hospital employees or airliners.... How can you still be positive and find excuses (or at least try to) for this company.... When you pay this much money for a service it should be on level after months and months of buggy updates.... and no upgrades. Sorry but when is enough enough?
  12. Only via 3rd party services. Evernote doesn't deliver older APK files for your Android device. So beware of this not official solution, you could get in to trouble when installing not official apps delivered by official companies..
  13. Option 3: True so true, and normally I don't early adept (work in IT myself and learned one or two things). But the quality of Evernote and track record they had, 100% trust from me to the company... I didn't even blink, saw the vids of Ian Small, all positive and happy about the new future proof version... Learnd my leasson... Option 4: After updating the @$#%@#%$ began, lost data, corruption on server level, repairs by devs resulting in more data loss. Luckily I had backuped my notes before update and manually recovered 100+ notes. In my contact with support it was stated not to downgrade, due to my issues with the upgrade... on DB level it was a mess... so i didn't... After months, was already using other applications (without frustration), i install the legacy version. It worked like before, but again DB corruption. So this is what I learned.... the release was, for some users, a mega f%%&ckup.... My trust level went from 100% to 0%, in a couple of days. There was no plan or backup for customers with issues, no way out of the mess... it was trial and error... and that for the price of € 7,-/month... not even a simple: Sorry... Nope data was gone, own risk... received some terms of use and legal stuff saying that Evernote wasn;t accountable jada jada jada.. Sure... real customer relationship. Hope for all positive customers they don't experience this kind issues. That's when you experience the real company etos... But I'm realistic, it could be a one time event... just a edge case with a probability of 0.1%. It happened to me, but the lack of support and communication, that is the real deal-breaker... that's why I left and us other solutions, not the fact the version 10 is broken, nope the way they handled it...
  14. True... from a productivity perspective the V10 implementation of tags is....@#$%@$#%@ (filtered): Example TAG: STACK NOTEBOOKS - STACK CONTACTS - STACK KEYWORDS You want to find all note from person A, in Notebook A B and C, with the Keyword Z In Legacy it is a matter of; - CLICK person A tag within the STACK - crtl+click the notebook tags A B C - ctrl+click tag keyword Z. 5 Mouse clicks.. and have the notes If i want to search within these notes (select from all) a can refine my search easily In V10: You need (not possible to multi select tags) to type: tag:"Person A" tag:"Notebook A" tag:"Notebook B" tag:"Notebook C" tag:"Keyword z" Don't make a mistake in naming, else you need to reset your filters and start over again. With these note a can limited refine my search by opening the filter menu. For me this is unproductive as @$#%@#$% (filtered). So yes you can get same results but to cost (time) are huge and not workable for me. Cannot imagine that somebody that uses tags as organizational and productivity purposes is happy with the v10 implementation of the tag feature...
  15. @PinkElephant 1) True, offensive to others is a no go 2) Positive or Negative perspective is based on own experiences, there is no right or wrong. They are both true and live side by side. Both sides can only give their own opinion/advice, it is up to the receiving party to do something with that advice. In a topic called Hate the New Evernote the posts will be negative that's for sure, negative about the app and possible the company. But should not be negative towards others on this forum
×
×
  • Create New...