Search the Community
Showing results for tags 'authentication'.
Found 13 results
-
I noticed that it doesn't seem possible to remove the primary phone number while two-step verification is enabled. Unfortunately, that weakens the security of two-step verification, even when using an authenticator app. This Wired article provides a great overview of the weakness of SMS-based two-step verification and its vulnerability to "sim swap" type attacks: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/ I'd love to see the ability to remove phone numbers as an override for authenticator-based two-step verification. I'd also love to see Evernote adopt the U2F protocol for improved two-factor security: https://www.yubico.com/solutions/fido-u2f/
- 5 replies
-
- 1
-
-
- two step verification
- two step login
- (and 5 more)
-
I just realized my automation scripts haven't been working for a while, then I saw that not only have my dev tokens been revoked, but the whole system is disabled: https://www.evernote.com/api/DeveloperToken.action What's the timeline for bringing dev tokens back? Also, can someone recommend a quick solution to generate an oauth token? This is purely a personal project, so I don't want to implement a front-end just to get a token. Thanks!
-
This week, i started getting security alerts upon opening my desktop version of the app this page requires a secure connection which includes server authentication. the certificate issuer for this site is untrusted or unknown. do you wish to proceed? i uninstalled and reinstalled the app. It wont even let me log it now, what is the deal with this rando error
-
First time I tried to set up two-factor authentication, on the final step the screen displayed like this - the overlay window was super tiny. I couldn't click or see anything. Reloaded the page to fix, but then the whole process was cancelled and I had to re-enable two-factor authentication. Second time it displayed ok. Screenshot attached. Note sure if this would be browser related or evernote problem. Firefox 51.0.1. Just sharing in case anyone runs into a similar issue.
-
I love Evernote, I own a Nexus 5x and each time google apps or to unlock phone require authentication I can instead of type a pin/passcode/password use my fingerprint scanner. 2 Steps authentication should be able to use the fingerprint scanner too. I hope this become a feature in the future. -
This feature was probably requested already. If so, please add this to the tally. To prevent ad-trackers and other attempts to invade my privacy, I am one who frequently deletes my web history on Safari. Unfortunately, this action also appears to eliminate the web clipper authentication cookie/token, requiring me to re-authenticate nearly every time I go to use Evernote Web Clipper. With two-factor authentication enabled (which requires an additional data entry step) this quickly becomes very tiresome! The most valued feature you could add is integration with the desktop client authentication state (including second factor), versus maintaining state in the browser. Next to web clipper on my Safari toolbar, I have the 1Password extension. This Safari component is smart enough to know the authentication state of the desktop application, and does not prompt me for a password unless application preference setting thresholds for password state have been exceeded. If Evernote Web Clipper behaved similarly, that would be a very welcome feature indeed!
-
- 1
-
-
- clipper
- authentication
- (and 1 more)
-
Hello friends, I am working on integrating Evernote with our webapp which is Spring-MVC based. The main purpose I have is the user can sync data between Evernote and our webapp. Now, to achieve this, I must connect and authenticate with Evernote. To achieve this, I am unable to find any Java based samples. I only found https://github.com/evernote/evernote-sdk-java/blob/master/sample/oauth/src/main/webapp/index.jsp , which is a JSP file. I don't even understand why the developers today are putting Java code inside JSP. It's not even recommended. I don't want to use that approach and whenever I look for some OAuth code, I can only find only portions of code posted by other users like https://discussion.evernote.com/topic/32566-oauth-and-java-some-help-needed/ Is there anyone out there who has some useful code with Java, and suitable for Spring environment where I can call methods in Controller and authenticate, and after redirect I can process data. These are the tokens I have, developer token, NoteStore URL, Consumer Key, Consumer Secret. Here is my code till now : Controller :@Controllerpublic class EverNoteController extends MasterController{ @RequestMapping(value = "/tryevernote") public String tryEverNote() throws Exception { this.localEvernoteService.tryEverNote(); return "redirect:/dashboard"; }}Service Layer :@Service@Transactionalpublic class LocalEvernoteServiceImpl implements LocalEvernoteService { private UserStoreClient userStore; private NoteStoreClient noteStore; private String newNoteGuid; @Override public void tryEverNote() throws Exception{ EvernoteAuth evernoteAuth = new EvernoteAuth(EvernoteService.SANDBOX, AUTH_TOKEN); ClientFactory factory = new ClientFactory(evernoteAuth); userStore = factory.createUserStoreClient(); boolean versionOk = userStore.checkVersion("Evernote EDAMDemo (Java)", com.evernote.edam.userstore.Constants.EDAM_VERSION_MAJOR, com.evernote.edam.userstore.Constants.EDAM_VERSION_MINOR); if (!versionOk) { System.err.println("Incompatible Evernote client protocol version"); System.exit(1); } // Set up the NoteStore client noteStore = factory.createNoteStoreClient(); System.out.println("Listing notes:"); // First, get a list of all notebooks List<Notebook> notebooks = noteStore.listNotebooks(); for (Notebook notebook : notebooks) { System.out.println("Notebook: " + notebook.getName()); // Next, search for the first 100 notes in this notebook, ordering // by creation date NoteFilter filter = new NoteFilter(); filter.setNotebookGuid(notebook.getGuid()); filter.setOrder(NoteSortOrder.CREATED.getValue()); filter.setAscending(true); NoteList noteList = noteStore.findNotes(filter, 0, 100); List<Note> notes = noteList.getNotes(); for (Note note : notes) { System.out.println(" * " + note.getTitle()); } } System.out.println(); } @Override public void checkOutEverNote() throws Exception { }}Any help would be appreciated. -
Hello I have another user account. and I Enabled two step authentication before this. so Now when i want access to that , I need to Code from my Google Authenticator in my phone. . . . . Problem is right here::: I removed that app before this. and so now when I want Recive SMS Code via Mobile number, I can't Recive any sms or code from EVERNOTE on my mobile phone. So what can I do?? I have important Info on my another account . Please help me -
Dear support, Im having problem trying to enable 2step authentication using code generated by my android google authenticator app. In Evernote website i started the 2step enable process > received email with code > used email code OK In next step I received SMS with code which worked also. Finally I scanned QR code with android google authenticator app, but all codes generated by android app when filled in Evernote 2step website page returns message> "Your code doesn't match what we're expecting." FYI> Im using Google Authenticator android app for other things with no problems. Can someone please suggest me what can I do to sort this problem ? I really would like to enable 2step feature. I'm also a Premium evernote user. Here it is the screenshot of the error I got when I put in evernote website the code generated by android google authenticator: Thank you, Zen -
I've completed the steps in the iOS Quick-start guide, but when I try to run it with the Xcode simulator I receive this error: 2013-08-22 09:58:48.097 zInspector[7964:c07] Session host: sandbox.evernote.com 2013-08-22 09:58:48.100 zInspector[7964:c07] Session key: ********** 2013-08-22 09:58:48.101 zInspector[7964:c07] Session secret: ******************** 2013-08-22 09:58:48.692 zInspector[7964:c07] Received error HTTP response code: 401 2013-08-22 09:58:48.693 zInspector[7964:c07] <html> <head> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=9,chrome=1" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="Shortcut Icon" href="/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="/redesign/global/css/reset.css" /> <link rel="stylesheet" href="/redesign/global/css/fonts.css" media="all" /> <link rel="stylesheet" href="/redesign/global/css/header.css" /> <link rel="stylesheet" href="/redesign/global/css/layout.css" /> <title>Evernote Error</title> </head> <body> <div class="header"> <div class="logo-bar"> <a class="evernote-logo" href="https://sandbox.evernote.com/Home.action?/">Evernote</a> </div> </div> <div id="container-boundingbox" class="wrapper"> <div id="container" class="wrapper"> <div class="main"> <div class="page-header"> <h1> Oops, we encountered an error. </h1> </div> <div> <p> Sorry, we've encountered an unexpected error. </p> </div> <div class="clear"></div> </div> </div> <div class="shadow wrapper"> <img src="/redesign/global/img/desktop-shadow-full.png" /> </div> <div class="footer wrapper"> <a class="footer-entry" href="https://sandbox.evernote.com/Home.action?/tos/">Terms of Service</a> <a class="footer-entry" href="https://sandbox.evernote.com/Home.action?/privacy/">Privacy Policy</a> <span class="footer-entry last">Copyright 2013 Evernote Corporation. All rights reserved.</span> </div> </div> </body> </html> 2013-08-22 09:58:48.742 zInspector[7964:c07] Error authenticating with Evernote Cloud API: Error Domain=com.evernote.sdk Code=-3000 "The operation couldn’t be completed. (com.evernote.sdk error -3000.)" UserInfo=0x77a5880 {statusCode=401} 2013-08-22 09:58:48.742 zInspector[7964:c07] Session not authenticated2013-08-22 09:58:48.097 zInspector[7964:c07] Session host: sandbox.evernote.com 2013-08-22 09:58:48.100 zInspector[7964:c07] Session key: zabace 2013-08-22 09:58:48.101 zInspector[7964:c07] Session secret: 5b43b4b4293cff14 2013-08-22 09:58:48.692 zInspector[7964:c07] Received error HTTP response code: 401 2013-08-22 09:58:48.693 zInspector[7964:c07] <html> <head> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=9,chrome=1" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="Shortcut Icon" href="/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="/redesign/global/css/reset.css" /> <link rel="stylesheet" href="/redesign/global/css/fonts.css" media="all" /> <link rel="stylesheet" href="/redesign/global/css/header.css" /> <link rel="stylesheet" href="/redesign/global/css/layout.css" /> <title>Evernote Error</title> </head> <body> <div class="header"> <div class="logo-bar"> <a class="evernote-logo" href="https://sandbox.evernote.com/Home.action?/">Evernote</a> </div> </div> <div id="container-boundingbox" class="wrapper"> <div id="container" class="wrapper"> <div class="main"> <div class="page-header"> <h1> Oops, we encountered an error. </h1> </div> <div> <p> Sorry, we've encountered an unexpected error. </p> </div> <div class="clear"></div> </div> </div> <div class="shadow wrapper"> <img src="/redesign/global/img/desktop-shadow-full.png" /> </div> <div class="footer wrapper"> <a class="footer-entry" href="https://sandbox.evernote.com/Home.action?/tos/">Terms of Service</a> <a class="footer-entry" href="https://sandbox.evernote.com/Home.action?/privacy/">Privacy Policy</a> <span class="footer-entry last">Copyright 2013 Evernote Corporation. All rights reserved.</span> </div> </div> </body> </html> 2013-08-22 09:58:48.742 zInspector[7964:c07] Error authenticating with Evernote Cloud API: Error Domain=com.evernote.sdk Code=-3000 "The operation couldn’t be completed. (com.evernote.sdk error -3000.)" UserInfo=0x77a5880 {statusCode=401} 2013-08-22 09:58:48.742 zInspector[7964:c07] Session not authenticated Can anyone tell me what I'm doing wrong? Is this just because I'm running the application on the iOS simulator? Thanks -
Hello, I was reading an article regarding Evernote and Android encryption and decided to do some digging to understand how credentials are stored in the Chrome Web Clipper. I opened up the .js files in the Chrome extension directory to explore the code. It seems that the credentials are being stored in the same "flawed" manner as Android - using the XOR scheme. Better yet, the key is posted in the very same file for anyone to see. My question is this: what happens if some malicious website breaks into the local storage of my browser and steals my saved credentials. Given the data available in the .js files, it seems the hacker could easily obtain my password. Does Evernote plan on addressing this credential storing scheme in the near future? Referenced Article: http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/
-
Hello, I was reading an article regarding Evernote and Android encryption and decided to do some digging to understand how credentials are stored in the Chrome Web Clipper. I opened up the .js files in the Chrome extension directory to explore the code. It seems that the credentials are being stored in the same "flawed" manner as Android - using the XOR scheme. Better yet, the key is posted in the very same file for anyone to see. My question is this: what happens if some malicious website breaks into the local storage of my browser and steals my saved credentials. Given the data available in the .js files, it seems the hacker could easily obtain my password. Does Evernote plan on addressing this credential storing scheme in the near future? Referenced Article: http://arstechnica.com/security/2013/03/critics-substandard-crypto-needlessly-puts-evernote-accounts-at-risk/
-
Hey everyone, So, it is mentioned in the HelloEDAM project, as well as the readme and random parts of the interwebz. However, I haven't seen a concrete example of how to cache an AuthenticationResult. Can someone please give me an example of such? I would really appreciate it, thank you in advance! [i feel like the answer has been staring me in the face this whole time. I really hope that is not the case >__>] /** * Setup the EvernoteSession used to access the Evernote API. */ private void setupSession() { ApplicationInfo info = new ApplicationInfo(CONSUMER_KEY, CONSUMER_SECRET, EVERNOTE_HOST, APP_NAME, APP_VERSION); // TODO Retreived the cached Evernote AuthenticationResult if it exists // if (hasCachedEvernoteCredentials) { // AuthenticationResult result = new AuthenticationResult(authToken, noteStoreUrl, webApiUrlPrefix, userId); // session = new EvernoteSession(info, result, getTempDir()); // } else { session = new EvernoteSession(info, getTempDir()); // } updateUi(); }
