Search the Community
Showing results for tags 'authentication'.
Found 10 results
-
I noticed that it doesn't seem possible to remove the primary phone number while two-step verification is enabled. Unfortunately, that weakens the security of two-step verification, even when using an authenticator app. This Wired article provides a great overview of the weakness of SMS-based two-step verification and its vulnerability to "sim swap" type attacks: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/ I'd love to see the ability to remove phone numbers as an override for authenticator-based two-step verification. I'd also love to see Evernote adopt the U2F protocol for improved two-factor security: https://www.yubico.com/solutions/fido-u2f/
- 5 replies
-
- 1
-
-
- two step verification
- two step login
- (and 5 more)
-
I just realized my automation scripts haven't been working for a while, then I saw that not only have my dev tokens been revoked, but the whole system is disabled: https://www.evernote.com/api/DeveloperToken.action What's the timeline for bringing dev tokens back? Also, can someone recommend a quick solution to generate an oauth token? This is purely a personal project, so I don't want to implement a front-end just to get a token. Thanks!
-
This week, i started getting security alerts upon opening my desktop version of the app this page requires a secure connection which includes server authentication. the certificate issuer for this site is untrusted or unknown. do you wish to proceed? i uninstalled and reinstalled the app. It wont even let me log it now, what is the deal with this rando error
-
Tiny overlay window when configuring two step verification
eboat posted a topic in Web Client Issues
First time I tried to set up two-factor authentication, on the final step the screen displayed like this - the overlay window was super tiny. I couldn't click or see anything. Reloaded the page to fix, but then the whole process was cancelled and I had to re-enable two-factor authentication. Second time it displayed ok. Screenshot attached. Note sure if this would be browser related or evernote problem. Firefox 51.0.1. Just sharing in case anyone runs into a similar issue. -
I love Evernote, I own a Nexus 5x and each time google apps or to unlock phone require authentication I can instead of type a pin/passcode/password use my fingerprint scanner. 2 Steps authentication should be able to use the fingerprint scanner too. I hope this become a feature in the future. -
safari Authentication State Integration & Persistence
Scifitechguy posted an idea in Web Clipper Requests
This feature was probably requested already. If so, please add this to the tally. To prevent ad-trackers and other attempts to invade my privacy, I am one who frequently deletes my web history on Safari. Unfortunately, this action also appears to eliminate the web clipper authentication cookie/token, requiring me to re-authenticate nearly every time I go to use Evernote Web Clipper. With two-factor authentication enabled (which requires an additional data entry step) this quickly becomes very tiresome! The most valued feature you could add is integration with the desktop client authentication state (including second factor), versus maintaining state in the browser. Next to web clipper on my Safari toolbar, I have the 1Password extension. This Safari component is smart enough to know the authentication state of the desktop application, and does not prompt me for a password unless application preference setting thresholds for password state have been exceeded. If Evernote Web Clipper behaved similarly, that would be a very welcome feature indeed!-
- 1
-
-
- clipper
- authentication
- (and 1 more)
-
Hello friends, I am working on integrating Evernote with our webapp which is Spring-MVC based. The main purpose I have is the user can sync data between Evernote and our webapp. Now, to achieve this, I must connect and authenticate with Evernote. To achieve this, I am unable to find any Java based samples. I only found https://github.com/evernote/evernote-sdk-java/blob/master/sample/oauth/src/main/webapp/index.jsp , which is a JSP file. I don't even understand why the developers today are putting Java code inside JSP. It's not even recommended. I don't want to use that approach and whenever I look for some OAuth code, I can only find only portions of code posted by other users like https://discussion.evernote.com/topic/32566-oauth-and-java-some-help-needed/ Is there anyone out there who has some useful code with Java, and suitable for Spring environment where I can call methods in Controller and authenticate, and after redirect I can process data. These are the tokens I have, developer token, NoteStore URL, Consumer Key, Consumer Secret. Here is my code till now : Controller :@Controllerpublic class EverNoteController extends MasterController{ @RequestMapping(value = "/tryevernote") public String tryEverNote() throws Exception { this.localEvernoteService.tryEverNote(); return "redirect:/dashboard"; }}Service Layer :@Service@Transactionalpublic class LocalEvernoteServiceImpl implements LocalEvernoteService { private UserStoreClient userStore; private NoteStoreClient noteStore; private String newNoteGuid; @Override public void tryEverNote() throws Exception{ EvernoteAuth evernoteAuth = new EvernoteAuth(EvernoteService.SANDBOX, AUTH_TOKEN); ClientFactory factory = new ClientFactory(evernoteAuth); userStore = factory.createUserStoreClient(); boolean versionOk = userStore.checkVersion("Evernote EDAMDemo (Java)", com.evernote.edam.userstore.Constants.EDAM_VERSION_MAJOR, com.evernote.edam.userstore.Constants.EDAM_VERSION_MINOR); if (!versionOk) { System.err.println("Incompatible Evernote client protocol version"); System.exit(1); } // Set up the NoteStore client noteStore = factory.createNoteStoreClient(); System.out.println("Listing notes:"); // First, get a list of all notebooks List<Notebook> notebooks = noteStore.listNotebooks(); for (Notebook notebook : notebooks) { System.out.println("Notebook: " + notebook.getName()); // Next, search for the first 100 notes in this notebook, ordering // by creation date NoteFilter filter = new NoteFilter(); filter.setNotebookGuid(notebook.getGuid()); filter.setOrder(NoteSortOrder.CREATED.getValue()); filter.setAscending(true); NoteList noteList = noteStore.findNotes(filter, 0, 100); List<Note> notes = noteList.getNotes(); for (Note note : notes) { System.out.println(" * " + note.getTitle()); } } System.out.println(); } @Override public void checkOutEverNote() throws Exception { }}Any help would be appreciated. -
Dear support, Im having problem trying to enable 2step authentication using code generated by my android google authenticator app. In Evernote website i started the 2step enable process > received email with code > used email code OK In next step I received SMS with code which worked also. Finally I scanned QR code with android google authenticator app, but all codes generated by android app when filled in Evernote 2step website page returns message> "Your code doesn't match what we're expecting." FYI> Im using Google Authenticator android app for other things with no problems. Can someone please suggest me what can I do to sort this problem ? I really would like to enable 2step feature. I'm also a Premium evernote user. Here it is the screenshot of the error I got when I put in evernote website the code generated by android google authenticator: Thank you, Zen -
Hello, I was reading an article regarding Evernote and Android encryption and decided to do some digging to understand how credentials are stored in the Chrome Web Clipper. I opened up the .js files in the Chrome extension directory to explore the code. It seems that the credentials are being stored in the same "flawed" manner as Android - using the XOR scheme. Better yet, the key is posted in the very same file for anyone to see. My question is this: what happens if some malicious website breaks into the local storage of my browser and steals my saved credentials. Given the data available in the .js files, it seems the hacker could easily obtain my password. Does Evernote plan on addressing this credential storing scheme in the near future? Referenced Article: http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/
-
Hello, I was reading an article regarding Evernote and Android encryption and decided to do some digging to understand how credentials are stored in the Chrome Web Clipper. I opened up the .js files in the Chrome extension directory to explore the code. It seems that the credentials are being stored in the same "flawed" manner as Android - using the XOR scheme. Better yet, the key is posted in the very same file for anyone to see. My question is this: what happens if some malicious website breaks into the local storage of my browser and steals my saved credentials. Given the data available in the .js files, it seems the hacker could easily obtain my password. Does Evernote plan on addressing this credential storing scheme in the near future? Referenced Article: http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/
