Today, 10/27, I received an email from Evernote (specifically from “mta-70-5-168.account.evernote.com.sparkpostmail.com ([22.214.171.124]:43077)”), saying “We noticed a new login to Evernote and wanted to make sure it was you.” Or I guess I should say that I received ANOTHER email about this sort of problem. The previous one was on 10/18. Today’s gatecrasher was an Evernote for Android user at IP address: 126.96.36.199 in Lodzkie, Poland. The previous one was another Evernote for Android user or, I suppose, the same Android user who travels a lot. That one was from IP address: 188.8.131.52 in Ha Noi, Vietnam. Here’s the problem. When the first one occurred, I was indeed using a password that I had used on a couple of other accounts, so I took it seriously. I couldn’t find any modifications to any of my Evernote content, but I nevertheless changed my password to a 10-character password that was randomly generated by my password vault, using uppercase, lowercase, numeric, and special characters. I am CERTAIN that this password is not used on any of my other accounts. (I suspect there’s a chance that it’s never been used before by anyone, at any time, on any account, in the life of the Internet.) Then, since I had apparently already been breached once, I decided that 2-factor authentication was worth the inconvenience. So, I added that option to my Evernote account. All is well… until today, when I get a message that someone in Viet-freaking-Nam has LOGGED IN to my account on a device that I am CERTAIN is not from one of my approved devices, meaning that they had to actually provide the correct credentials, including the 2-factor challenge/response. Something smells more than a little funny. I’ve checked the access history for my account, and it shows no login from either device or IP address, on those dates or as far back as the end of July. So, since Evernote has made it… well, challenging, to reach out to a support desk (don’t I feel like a chump for getting a paid subscription?), I thought I would reach out to you, the “community” who provide crowdsourced and – I assume unpaid – support on behalf of Evernote. You are digital saints for doing this. So, does anyone have any insight into what’s happening? Is the wording in the Evernote email alerts misleading about whether other people have actually pierced security on my account and gotten completely logged in, with full access to my account? Does this just mean that someone tried, but didn’t REALLY have the password? Does Evernote 2FA not work? If others have accessed my account, why do they not show up on my account’s access history? If they haven't, why am I getting these messages? ANY help/guidance/answers/suggestions would be welcome.