Jump to content
Vinz

"Remember this {device} for 30 days" and Two Step Verification

Recommended Posts

When loging in using the web client, does checking "Remember this {device} for 30 days" temporarily or permanently disable two step verification on the Evernote account? 

Share this post


Link to post
20 hours ago, Vinz said:

When loging in using the web client, does checking "Remember this {device} for 30 days" temporarily or permanently disable two step verification on the Evernote account? 

Hi.  No one has complained about any issues - yet.

Share this post


Link to post

In my case it does not always seem to remember, especially on Safari. I think this is due to the general security settings of Safari, that are pretty tight. So if on rare occasion I enter the web client twice, I have to go through 2FA. This can be disabled somehow in the Safari settings (tracking or somewhat, my Mac is still down).

No need to complain, better be safe than sorry.

Share this post


Link to post

following on this, 30 days goes by pretty fast these days. how about making it longer or at least giving the option to? thanks!

Share this post


Link to post
9 hours ago, clivend said:

following on this, 30 days goes by pretty fast these days. how about making it longer or at least giving the option to? thanks!

Kinda devalues the two-step protection to keep things connected regardless...

Share this post


Link to post

 

On 10/8/2019 at 7:05 PM, gazumped said:

Kinda devalues the two-step protection to keep things connected regardless...

isn't it mostly about preventing unauthorized devices to connect? the android app never ask for login again, and my browser on my laptop should be no different

Share this post


Link to post

The apps on a smart device are regarded as being protected by the devices safeguards. For this reason these devices are often used as a second factor. Generally they have a high level of trust. Most smart devices are build to be and used by only one person. If you delete the app and reinstall, you will be asked to run through 2FA (at least this is what happens on an iPhone).

A PC is regarded as comparatively open, a multiuser device. Because of that 2FA is handled much stricter there.

And no, IMHO it makes no sense to offer a lot of options on security. A good security concept has several layers of mutually supporting measures. It is very difficult to change parts of it without loosing control over the entire structure. For an outsider (= user) it is not easy to balance security vs. comfort properly. A little more comfort may result in a complete loss of security.

Personally I am quite happy about the level of security offered by EN when 2FA is activated. In the end it is not about the Security of EN, it is about safeguarding my own data.

Share this post


Link to post
On 11/2/2019 at 10:29 PM, PinkElephant said:

A PC is regarded as comparatively open, a multiuser device. Because of that 2FA is handled much stricter there.

which is not really true since user accounts are separated. At the same time, a phone may not have a lock on.

I think that going up from 30 to 45/60 days of validity does not really harm anyone and can make the life of those who use evernote web a lot, a bit simpler

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...