Search the Community
Showing results for tags 'two factor'.
Found 3 results
I use two factor authentication and use a Google Authenticator device. I just logged into the website on a new browser instance and when it asked me for my 2FA code, before I could get my app launched on my phone, Evernote texted me my code. I just checked my account security and Text is not checked, but the app is. Why would Evernote text me this? I had not failed to authenticate, nor had I asked it to use a backup method, which for me would be my backup codes I have saved, not text. Seems to be a security issue with Evernote's servers. @Rich Tener
Problems with Two-step authentication: I want to use Google authenticator only, but I receive SMS every time (I've selected Google Authenticator) In Evernote desktop (windows) I must input verification code every time I log in. It's annoying. At least we should have some time delay (30 days, half a year, 1 year ...)
I noticed that it doesn't seem possible to remove the primary phone number while two-step verification is enabled. Unfortunately, that weakens the security of two-step verification, even when using an authenticator app. This Wired article provides a great overview of the weakness of SMS-based two-step verification and its vulnerability to "sim swap" type attacks: https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/ I'd love to see the ability to remove phone numbers as an override for authenticator-based two-step verification. I'd also love to see Evernote adopt the U2F protocol for improved two-factor security: https://www.yubico.com/solutions/fido-u2f/