Jump to content
gbarry

Two Step Authentication thread

Recommended Posts

2 Step, Access History, and Authorized Applications went out with last night's service update, works on all the clients, and is available to Premium and Business users (with eventual Free user rollout).  You've been able to see access history for a while, and is available to all users.

 

The official post is here: http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/

  • Like 2

Share this post


Link to post

I'm disappointed that free accounts are not getting this basic security feature immediately as well.  'Eventual free user rollout' doesn't seem like it's coming very soon.  

Share this post


Link to post

I'm disappointed that free accounts are not getting this basic security feature immediately as well.  'Eventual free user rollout' doesn't seem like it's coming very soon.  

 

True. It would have been nice if they could do it all at once, but I think a gradual phasing in of the feature starting with a few thousand people is a lot better than throwing it out to 40 million people, because any hiccups are much less disruptive this way. Obviously, you could upgrade to Premium for a few months if you want to take advantage of the feature! This is (in my memory) one of the few times when Evernote has explicitly said a feature is headed for Free when they introduce it, so I think it is good to see the commitment there. 

  • Like 2

Share this post


Link to post

Appreciate the reply GM.  I would have not posted if a rollout schedule had been posted instead of the nebulous 'eventual' answer.   As for paying for this feature I don't see it as premium (unlike encrypted notebooks) since most everyone is providing 2fa functionality now. 

Share this post


Link to post

Appreciate the reply GM.  I would have not posted if a rollout schedule had been posted instead of the nebulous 'eventual' answer.   As for paying for this feature I don't see it as premium (unlike encrypted notebooks) since most everyone is providing 2fa functionality now. 

 

Good points. I wouldn't be surprised if they float a date (as they did with 2fa), so it doesn't hurt to ask for a general timeline. However, they might not be able to give it, because this is a kind of test phase, and they want to see how it goes. Assuming all goes well, it might be quite soon. 

 

Encrypted notebooks would be great, especially if it was a SpiderOak Zero-Knowledge thing, but I wouldn't hold my breath :)

Share this post


Link to post

Btw, the only "bug" we're seeing related to Two Step at the moment is where a button during setup, usually the last "Complete Setup" button, stops working.  This is because the security area of your settings actually has a timer set for it (should be 10 minutes), and if that timer runs out during set up, you'll need to restart the process. I *believe* the timer starts at initial login to your entire settings area, so if you haven't been prompted for your password at the security area, you're sitting on that timer and may run into an unresponsive button.

Share this post


Link to post

Awesome step, but I would rather have support for Google Authenticator. Would be awesomer.

  • Like 1

Share this post


Link to post

Awesome step, but I would rather have support for Google Authenticator. Would be awesomer.

 

It actually does support Google Authenticator. Works great. You need to set it up with SMS first, but afterwards you can hit the Settings button and switch it over to Google Authenticator.

Share this post


Link to post

I can't seem to set this up. I go to the security page where I have three choices of things to do. The last of which is to set up Two Step. The word "Enable" is in blue but unlike the other two choices, it does not operate like a link, no little hand or underline appears when I mouse over it. However, I can right click it. When I click on it, I am taken to this generic page: https://www.evernote.com/SecuritySettings.action.

 

The other two options result in pop ups. 

 

I am a premium user, on Windows Vista. 

Share this post


Link to post

I can't seem to set this up. I go to the security page where I have three choices of things to do. The last of which is to set up Two Step. The word "Enable" is in blue but unlike the other two choices, it does not operate like a link, no little hand or underline appears when I mouse over it. However, I can right click it. When I click on it, I am taken to this generic page: https://www.evernote.com/SecuritySettings.action.

 

The other two options result in pop ups. 

 

I am a premium user, on Windows Vista. 

 

I've seen this behavior and am checking into it, but the link should still work, even if the mouse over isn't registering it.  Can you left click the link regardless of it not reacting to your mouse over?

Share this post


Link to post

I can't get past Step 1. The SMS doesn't arrive. Tried three times, full signal on my phone. I'm on Orange in UK.

Share this post


Link to post
Guest mrossk

I tried 2 times from germany (E-Plus) to get the initial SMS. But both SMS has not arrived until now (1/2 hour later).

 

EDIT:

Now (45 Minutes later) 4 SMS arrived, all with different codes.

 

EDIT:

Now it works.

Share this post


Link to post

I tried 2 times from germany (E-Plus) to get the initial SMS. But both SMS has not arrived until now (1/2 hour later).

 

and mine JUST arrived nearly two hours later!

Share this post


Link to post
Guest mrossk

The Google Authenticator tells me:

 

With 2-step verification, whenever you sign in into your google account you will need:

1. Your password

2. A code that this app will generate for you

 

My Questions:

I want 2-step verification for Evernote only, but not for Google.

Can I need the Google Authenticator only for Evernote or is this only an addition to an already existing 2-step-auth. with Google?

EDIT: Yes, it is possible to use it with Evernote only.

Is the Evernote Login then bound to my Google Account? (I don't want to have any connections between Evernote and Google)

 

Authentication via SMS:

Is it OK for Evernote when I login 5 times a day to this forum and every time Evernote has to send me a SMS? (I think of the costs of SMS).

Share this post


Link to post

I'm seeing some problems with this, the SMS message can take too long to arrive and often, maybe as a result of the delay, is not accepted.

 

The forum and web logins have a tick-box to allow me to be remembered for 1 week, how does this work with the 30-day memory at the verification stage? It seems I'm barely remembered for more than a few hours on the forum anyway.

Share this post


Link to post

I can't seem to set this up. I go to the security page where I have three choices of things to do. The last of which is to set up Two Step. The word "Enable" is in blue but unlike the other two choices, it does not operate like a link, no little hand or underline appears when I mouse over it. However, I can right click it. When I click on it, I am taken to this generic page: https://www.evernote.com/SecuritySettings.action.

 

The other two options result in pop ups. 

 

I am a premium user, on Windows Vista. 

 

I've seen this behavior and am checking into it, but the link should still work, even if the mouse over isn't registering it.  Can you left click the link regardless of it not reacting to your mouse over?

Sorry, it took me some time to get back to you, but I did some real life. I checked again this morning and it is still doing the same thing. Yes, it does act as a link if I click on it, but it takes me to that generic page I put the link of in my post. As far as I can tell there is nothing to do on that page. 

 

Edited to add: I realized after hitting post that the generic screen I was seeing was the same url as the real security page I had started on. Let me post a picture of what the generic screen looks like. 

post-87997-0-42831400-1370170841_thumb.j

Share this post


Link to post

Finally!!!!  Way to go Evernote!

 

THANK YOU FOR ENABLING 2-STEP AUTHENTICATION!

 

Thank you also for enabling it with a phone number, backup phone number, backup codes and use of Google Authenticator.

 

For those who are upset that the free versions do not have this, come on board the Premium wagon. $45 is affordable to all!!!

 

Now, oh dear Evernote, let's get to the subject of better encryption of our data on your servers - in a manner similar to that utilized by DropBox.

 

However, right now, I am thanking you for what we have received!

 

:-)

 

As of this morning, I have been heling friends and relatives activate 2-step authentication on their Evernote accounts.

 

Major security improvement!

  • Like 1

Share this post


Link to post

 

My Questions:

 

Is the Evernote Login then bound to my Google Account? (I don't want to have any connections between Evernote and Google)

 

Authentication via SMS:

Is it OK for Evernote when I login 5 times a day to this forum and every time Evernote has to send me a SMS? (I think of the costs of SMS).

 

There is no tie into your Google Account(s) at all.  The Authenticator has Google in the name because they wrote it.  You can add and remove whatever sites to the Authenticator you want, that support it.  For example it's trivial to add Google Authenticator support to your own WordPress blog. And LastPass has Google Authenticator support.  There is no interaction with Google servers at all.

 

As for SMS, I would think EN has built the costs into their business model if they rolled out that as the default.  But you could switch to the Google Authenticator if you want to be thrifty.  The side benefit there is that it doesn't have to be a phone even.  It could be an ipod/ipad type device without a data connection.

 

It not as secure but you can even put it on a backup or spouses device as well (accomplished by having both Google Authenticators present and scan the QRCode image at the same time during setup).

 

In a sense it breaks my usual IT tenant of 1:1 tie-ing of credentials to people, but essentially my wife and I are one.

Share this post


Link to post
Guest mrossk

Thank you cwb. In the meantime I have read up on the google authenticator and that the key-generation is independent from google. Now I am already using it and it works very well. No SMS needed any more. Only for backup.

Share this post


Link to post

Thanks for adding this important feature. 

 

Ever since enabling this for my account I can no longer sign in to the Safari extension. I was expecting it to prompt me for the security code after entering my username and password, but it just says "invalid password".

 

The web clipper and chrome extension seem to work properly and prompt me for the security code.

 

Am I missing something or will the Safari extension need an update? 

 

Thanks

Share this post


Link to post

The current version (Build ID: 78f7d0f see "options") works fine, but perhaps your installed version needs an update.

Your options in preferred order would be to:

  1. Redownload and install the latest version
  2. generate an application password

Point being, both old and new clients can work with 2 factor, nothing's left out in the cold.  But it's certainly better to use the latest 2 factor aware versions.

Share this post


Link to post

The current version (Build ID: 78f7d0f see "options") works fine, but perhaps your installed version needs an update.

Your options in preferred order would be to:

  1. Redownload and install the latest version
  2. generate an application password

Point being, both old and new clients can work with 2 factor, nothing's left out in the cold.  But it's certainly better to use the latest 2 factor aware versions.

 

Thanks for the reply. I had version 5.9.12 which I was updated to by using the built-in Safari mechanism for updating extensions.

Doing that I assumed that I had the latest version, but 5.9.15 was the version available on the Evernote website.

Updating to 5.9.15 resolved the issue and now 2 factor auth works as expected.

 

Thanks

Share this post


Link to post

I've just noticed that the two-factor-authentification doesn't work with the mobile page http://www.evernote.com/mobile/Login.action.

 

When I enter my user name and password, I have access to my account without entering a two-factor code but I can't see any notes. Therefore, it's not a security problem as one accessing this page can't see my notes.

 

But it's indeed an error because you can't use the mobile page any more.

Share this post


Link to post

Is this for US-based Premium users? I'm in the UK, and a premium user, but for all I keep hearing about it, I don't have it.

 

Thanks,

William

 

It's definitely available in the UK.  Is there not an option to turn on Two Step in your Evernote Web security settings?

Share this post


Link to post

>> It's definitely available in the UK.  Is there not an option to turn on Two Step in your Evernote Web security settings?

 

That is so interesting: I realise now that I simply never go to evernote.com. Never. I use the Mac, iPhone and iPad apps and I just never even think to find a reason to go to the website version.

 

But I have now and you're right, there it is. Great, thank you so much.

 

Do you know, I swear I watched an Evernote video about two-step authentication and still I didn't learn that it was on the site version? I'll go set it up this moment.

 

Thanks again,

William

Share this post


Link to post

It's possible the video might not have fully outlined where to start--but yes, all of your security settings are available in your Evernote Web settings.  Glad you found them!  Full steps and process are here: http://evernote.com/evernote/guide/web/#8

Share this post


Link to post

This is a nice feature. Atleast the half of my login attempts where I actually receive the SMS. The others, not so much...

  • Like 1

Share this post


Link to post

This is a nice feature. Atleast the half of my login attempts where I actually receive the SMS. The others, not so much...

 

I found the SMS feature a bit unreliable. Try the Google Authenticator app instead, it's much more convenient, for a start it doesn't matter if you've got no mobile connection.

Share this post


Link to post

The authenticator does work well.

Just an FYI, there are a few other free and paid OTP apps which are interoperable.

One I've settled on is HDE OTP

Aesthetics aside, one thing I liked was the ability to add a pin, so that it's use is restricted.

mzl.rdsizmac.320x480-75.jpgmzl.ewofbvoz.320x480-75.jpg

Share this post


Link to post

This is a nice feature. At least the half of my login attempts where I actually receive the SMS. The others, not so much...

 

Same here. 

Share this post


Link to post

The authenticator does work well.

Just an FYI, there are a few other free and paid OTP apps which are interoperable.

One I've settled on is HDE OTP

Aesthetics aside, one thing I liked was the ability to add a pin, so that it's use is restricted.

 

Thank you for the recommendation.  This app does work with Evernote.  I'm relieved to have secure access to Evernote again with TFA.

Share this post


Link to post

 

I can't seem to set this up. I go to the security page where I have three choices of things to do. The last of which is to set up Two Step. The word "Enable" is in blue but unlike the other two choices, it does not operate like a link, no little hand or underline appears when I mouse over it. However, I can right click it. When I click on it, I am taken to this generic page: https://www.evernote.com/SecuritySettings.action.

 

The other two options result in pop ups. 

 

I am a premium user, on Windows Vista. 

 

I've seen this behavior and am checking into it, but the link should still work, even if the mouse over isn't registering it.  Can you left click the link regardless of it not reacting to your mouse over?

 

 

Had same issue in Google Chrome 30.0.1599.69. Tried 3 times, didn't try to right click. Worked just fine in Safari, though. 

Share this post


Link to post

I tried to setup the two step verification. When I input at "Enter your mobile phone number", it was rejected with message as "Enter a valid phone number that can receive SMS messages" and the setup was incomplete. I'm from Indonesia and using Indosat phone with SMS capable.  Shall the process work at any country/operator ?

Share this post


Link to post

A question: what happens when I change my phone number? 

 

I would definitely recommend resetting this prior to your phone number change, or using an app like Google Authenticator, which is independent of your phone number.

 

Additionally, we do provide the reset codes that should be generated and stored somewhere safely.

Share this post


Link to post

I would like to be able to use more than one device with the Google Authenticator (Android phone, iPod Touch). Apparently this is not possible... If it is please show me how!

Share this post


Link to post

Sure you can. When the QR code is presented program it into multiple authenticators.

I saved the setup QR code into an encrypted note in lastpass. So Ican setup a new authentication device if/as needed. This would generally be less secure except that I have Lastpass geographically restricted and second factor secured with a Yubikey.

Share this post


Link to post

Sure you can. When the QR code is presented program it into multiple authenticators.

I saved the setup QR code into an encrypted note in lastpass. So Ican setup a new authentication device if/as needed. This would generally be less secure except that I have Lastpass geographically restricted and second factor secured with a Yubikey.

Nice, but I have it set up already. Now I have to disable the two-step authentication first to do it all over again... Not user friendly...

Share this post


Link to post

It's not supposed to be... It exposes the weak link of software second factor. It can be cloned (at least at setup). So yes, a little pre-knowledge and effort is required because you're slipping off the designed path. It goes against the tenants of secure authentication to have duplicated authenticators. So you got it in 1. It's not supposed to be user friendly to do.

Share this post


Link to post

I'm having issues setting two-step authnetication up in the first place. I get my verification email just fine, but after inputting my phone number, I never get the text message with the confirmation code. I've confirmed numerous times that the number and country code in the dropdown menu are correct. I've even tried two browsers, Chrome and Firefox. Something wrong on Evernote's end?

 

Edit: Tried using Opera 12.16 and it finally worked.

Share this post


Link to post

I tried to enable 2-step authentication today. First try, I finished all the steps on that dialog by clicking "Continue" and doing all the necessary, but still saw "2-step authentication not enabled" once back to the Settings. Second try, it worked. Second try was done immediately after the first try.

 

So now the issue is, I always got two verification code in Google Authenticator. Could anybody from Evernote take a look at my account and fix it? I am assuming there is some "shadow" associated with my account during the 2-step authentication phase.

 

Thanks!

Share this post


Link to post

I tried to enable 2-step authentication today. First try, I finished all the steps on that dialog by clicking "Continue" and doing all the necessary, but still saw "2-step authentication not enabled" once back to the Settings. Second try, it worked. Second try was done immediately after the first try.

 

So now the issue is, I always got two verification code in Google Authenticator. Could anybody from Evernote take a look at my account and fix it? I am assuming there is some "shadow" associated with my account during the 2-step authentication phase.

 

Thanks!

 

This sounds quite similar to this issue: http://discussion.evernote.com/topic/44026-problem-with-two-step-verification-for-free-users/

 

I'll file a bug and get back to you.

Share this post


Link to post

I tried to enable 2-step authentication today. First try, I finished all the steps on that dialog by clicking "Continue" and doing all the necessary, but still saw "2-step authentication not enabled" once back to the Settings. Second try, it worked. Second try was done immediately after the first try.

 

So now the issue is, I always got two verification code in Google Authenticator. Could anybody from Evernote take a look at my account and fix it? I am assuming there is some "shadow" associated with my account during the 2-step authentication phase.

 

Thanks!

 

Bugs been filed and we're checking out.  Since you've successfully enabled Two Step,  you just need to delete one of them (the one that does not work) from your Authenticator application.

Share this post


Link to post

D'oh!  I've spent nearly an hour hunched over my desktop and my laptop, trying to figure out why none of the SMS' sent to me have worked; I get "The code you entered is not valid."

 

finally figured out what was going on; I had added Evernote to my Google Authenticator, and apparently that invalidates any of the codes I receive from SMS.

 

Couple of issues here:

- If signing in with SMS-sent codes is disabled by design when the user has turned on gAuth, then codes should no longer be sent to that user via SMS!

- Additionally, the language of the type-in-your-code prompt should be changed... if not personalized based upon the user's selected form of auth (SMS vs. gAuth), at least reminding the user to check for one or the other

 

Yeah, I'm absent-minded, clearly, but still... thanks in advance for considering these suggestions :)

Share this post


Link to post

D'oh!  I've spent nearly an hour hunched over my desktop and my laptop, trying to figure out why none of the SMS' sent to me have worked; I get "The code you entered is not valid."

 

finally figured out what was going on; I had added Evernote to my Google Authenticator, and apparently that invalidates any of the codes I receive from SMS.

 

Couple of issues here:

- If signing in with SMS-sent codes is disabled by design when the user has turned on gAuth, then codes should no longer be sent to that user via SMS!

- Additionally, the language of the type-in-your-code prompt should be changed... if not personalized based upon the user's selected form of auth (SMS vs. gAuth), at least reminding the user to check for one or the other

 

Yeah, I'm absent-minded, clearly, but still... thanks in advance for considering these suggestions :)

 

Some clarification--the option to activate Authenticator or SMS is either one or the other.  Are you activating an auth account outside of your Evernote security settings?

Share this post


Link to post

Good job Evertnoe ! this was long due. and great that you're using google authenticator

Next - extra access control to individual notes/notebooks ?

 

2 Step, Access History, and Authorized Applications went out with last night's service update, works on all the clients, and is available to Premium and Business users (with eventual Free user rollout).  You've been able to see access history for a while, and is available to all users.

 

The official post is here: http://blog.evernote.com/blog/2013/05/30/evernotes-three-new-security-features/

Share this post


Link to post

it's a long thread.. basically i just want to know if SMS authentication doesn't work (only with Evernote; it works with LastPass) how else can i enable two-factor authentication using Google Authenticator?

Share this post


Link to post

That's a little brief, no?

 

They both work.  When I used it, SMS wasn't as reliable.  Sometimes on Evernote's side, other times I know SMS is subject to delays from my carrier.  All in all, it seems like a lame system compared to the alternatives.

 

Google Authenticator mode works great with Evernote, so that's what I use.  Actually the protocol, I left Google's actual authenticator app for one of the many better alternatives - HDE OTP in my case.

 

Just turn it on in your Evernote account settings.  You're walked through setup.

Share this post


Link to post

Hello,

 

I hope someone can assist me. 

 

I used to have google authenticaiton working on my iphone.

 

I got a new iphone, reinstalled all apps (setup phone as new).

 

I loaded authy and google authenticatior.

 

I snapped the QR code in both.  And both show the exact same token number.

 

When I go to the evernote page to authenticate the code I get error message saying:

"Your code doesn't match what we're expecting."

 

Does anyone eles have this problem?

 

Apple iPhone 5

IOS 7.0.4

Google Authenticator (up to date)

Authy (new install - up to date)

 

-Adam

Share this post


Link to post

You're going to need to use one of your back up codes in this case.  Google auth and other authenticator services are going to generate locally for your initial set up, and that set up only.  The error you're running into is because it's expecting to authenticate using the original token set up, and not the new auth tokens you're now attempting to use.  This is expected behavior for two factor--similar to what you would see with an SMS text message to a single device.

Share this post


Link to post

I'm on an Android with free account. When I try to enable two-factor auth, and Google Authenticate throws this :

 

Your code doesn't match what we're expecting.

 

 

Share this post


Link to post

Ugh. I just discovered why the Evernote clipper bookmarklet stopped working on my iPad: it's because of two-step verification. Turning two-step on makes the bookmarklet appear to function (kind of), but the clip never makes it to Evernote.

 

The bookmarklet is from http://static.chrisbray.com/bookmarklets/#evernote - here it is:

javascript:(function(){EN_CLIP_HOST='http://www.evernote.com';try{var x=document.createElement('SCRIPT');x.type='text/javascript';x.src=EN_CLIP_HOST+'/public/bookmarkClipper.js?'+(new Date().getTime()/100000);document.getElementsByTagName('head')[0].appendChild(x);}catch(e){location.href=EN_CLIP_HOST+'/clip.action?url='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title);}})();

With two-step enabled, the bookmarklet does ask for the Evernote password, as before. It's dialog does display, but there are no choices in the Notebook pull-down menu. 

 

I realize that Evernote doesn't formally support this bookmarklet, but is there anything you can do at your end to make this work without forcing me to forego two-step verification?

 

Thanks,

-^-rdj-^-

  • Like 1

Share this post


Link to post

Ugh. I just discovered why the Evernote clipper bookmarklet stopped working on my iPad: it's because of two-step verification. Turning two-step on makes the bookmarklet appear to function (kind of), but the clip never makes it to Evernote.

 

The bookmarklet is from http://www.evernote.com;try%7Bvar%20x=document.createElement(SCRIPT');x.type='text/javascript';x.src=EN_CLIP_HOST+'/public/bookmarkClipper.js?'+(new%20Date().getTime()/100000);document.getElementsByTagName('head')%5B0%5D.appendChild(x);%7Dcatch(e)%7Blocation.href=EN_CLIP_HOST+'/clip.action?url='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title);%7D%7D)();

Is this the same?

I use the two step verification and it works well for me.

Share this post


Link to post

Hey aussiebob, I had difficulties trying the bookmark address that you posted, but that's not surprising as it went through several layers of URL encoding and decoding on this forum site.

 

Nevertheless, your post did encourage me to re-enable two-way verification in my Evernote account settings. Wonder upon wonders, my old clipper bookmarklet began working once again as it always had before!

 

My guess my timing was bad the first time I enabled two-way verification. Perhaps I hit a "bad spot" at the Evernote server end when I did this before, and that left me unbookmarklet-able. Whatever – I can clip once again from Safari on the iPad, so I'm really happy!

 

Obviously, I very much appreciate your post! Thank you!

 

-^-rdj-^-

 

 

...

javascript:(function()%7BEN_CLIP_HOST='');x.type='text/javascript';x.src=EN_CLIP_HOST+'/public/bookmarkClipper.js?'+(new%20Date().getTime()/100000);document.getElementsByTagName('head')%5B0%5D.appendChild(x);%7Dcatch(e)%7Blocation.href=EN_CLIP_HOST+'/clip.action?url='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title);%7D%7D)();



Is this the same?
I use the two step verification and it works well for me.

 

Share this post


Link to post

 

Hey aussiebob, I had difficulties trying the bookmark address that you posted, but that's not surprising as it went through several layers of URL encoding and decoding on this forum site.

 

Nevertheless, your post did encourage me to re-enable two-way verification in my Evernote account settings. Wonder upon wonders, my old clipper bookmarklet began working once again as it always had before!

 

My guess my timing was bad the first time I enabled two-way verification. Perhaps I hit a "bad spot" at the Evernote server end when I did this before, and that left me unbookmarklet-able. Whatever – I can clip once again from Safari on the iPad, so I'm really happy!

 

Obviously, I very much appreciate your post! Thank you!

 

-^-rdj-^-

 

 

...

javascript:(function()%7BEN_CLIP_HOST='');x.type='text/javascript';x.src=EN_CLIP_HOST+'/public/bookmarkClipper.js?'+(new%20Date().getTime()/100000);document.getElementsByTagName('head')%5B0%5D.appendChild(x);%7Dcatch(e)%7Blocation.href=EN_CLIP_HOST+'/clip.action?url='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title);%7D%7D)();

Is this the same?

I use the two step verification and it works well for me.

 

 

Awesome,thats great to hear :)

Share this post


Link to post

I've been trying to set up two step authentication (Android) and i can get as far as Enter a Backup Code, but when I hit Complete Setup, nothing happens - the Enter Backup Code window continues to display with the Security Summary Page in the background.  If i hit Complete Setup again, I get another pop-up saying "the following pages have become unresponsive" (it lists Security Summary and untitled, which I assume is the Enter Backup Code window) and it gives me the option to Wait or Kill the pages.  I've waited up to 30 minutes, but still nothing.  Tried several times with no luck.

 

1) Enable Two step auth in Security Summary

2) Verify email; enter code received

3) Entered mobile number; received text message with code

4) Entered code, received QR code

5) Scanned code with google authenticator

6) Entered code generated by google auth

7) Recieved list of backup codes

8) Entered one of the backup codes

9) Hit Complete Setup

10) ZILCH, NOTHING, NADA

Share this post


Link to post

Btw, the only "bug" we're seeing related to Two Step at the moment is where a button during setup, usually the last "Complete Setup" button, stops working.  This is because the security area of your settings actually has a timer set for it (should be 10 minutes), and if that timer runs out during set up, you'll need to restart the process. I *believe* the timer starts at initial login to your entire settings area, so if you haven't been prompted for your password at the security area, you're sitting on that timer and may run into an unresponsive button.

I saw this after I posted my issue with completing the setup with two step authentication.  It sounded exactly like the symptom I was having so I tried the setup again and timed myself.  It took me about 5 minutes to get to the Complete Setup button, but still the same thing - no response after hitting the button.  Any other suggestions?

Share this post


Link to post

 

Btw, the only "bug" we're seeing related to Two Step at the moment is where a button during setup, usually the last "Complete Setup" button, stops working.  This is because the security area of your settings actually has a timer set for it (should be 10 minutes), and if that timer runs out during set up, you'll need to restart the process. I *believe* the timer starts at initial login to your entire settings area, so if you haven't been prompted for your password at the security area, you're sitting on that timer and may run into an unresponsive button.

I saw this after I posted my issue with completing the setup with two step authentication.  It sounded exactly like the symptom I was having so I tried the setup again and timed myself.  It took me about 5 minutes to get to the Complete Setup button, but still the same thing - no response after hitting the button.  Any other suggestions?

 

PROBLEM SOLVED!  Switched to IE (was using Chrome) and was able to complete the setup.  It pays to persevere.

Share this post


Link to post

Sure you can. When the QR code is presented program it into multiple authenticators.

I saved the setup QR code into an encrypted note in lastpass. So Ican setup a new authentication device if/as needed. This would generally be less secure except that I have Lastpass geographically restricted and second factor secured with a Yubikey.

This is genius. I was wondering how to manage multiple/new iOS devices that need google authenticator set up on them. What prompted it was getting a new iPad and realizing that I could not regenerate the QR code necessary to make it work with Evernote. I saved the code image as well, keeping it in an encrypted location.  

Share this post


Link to post

Two-step authentication seems to break compatibility with my Sony PRS-T2 ebook reader. The device includes a built in Evernote client which worked fine. It's used for synchronizing data and to save links or text snippets.

Now I was trying to access Evernote for sending a link from within an ebook. I got a "account not setup" message. When I was trying to setup my account, I always get an "user name or password invalid" error. My login data is correct, I just verified with it the web interface.

 

So what's going on here? Does two-step authentication breaks old apps? From this thread I got the conclusion that old apps should still work.

Is there any workaround available?

Share this post


Link to post

Two-step authentication seems to break compatibility with my Sony PRS-T2 ebook reader. The device includes a built in Evernote client which worked fine. It's used for synchronizing data and to save links or text snippets.

Now I was trying to access Evernote for sending a link from within an ebook. I got a "account not setup" message. When I was trying to setup my account, I always get an "user name or password invalid" error. My login data is correct, I just verified with it the web interface.

 

So what's going on here? Does two-step authentication breaks old apps? From this thread I got the conclusion that old apps should still work.

Is there any workaround available?

It will break them if the app is not update to handle Evernote 2 factor security. Evernote generally gives 3rd party developers plenty of notice of changes ahead of time. It's up to the app developer to update their application to account for the change(s).  Have you placed a support request with Sony?

Share this post


Link to post

Thanks for your reply.

So it seems that I have either to accept that Evernote sync is broken or to switch off two-factor authentication.

Sony will not update their built in app and there's no Evernote app for Android 2.3 available.

Hm, I'm not sure what to do now. 

Share this post


Link to post

Here's a little follow-up from my earlier post. Things were good for a while once I discovered that I could get the clipper working again despite using two-factor authentication on iPhone and iPad by navigating to "www.evernote.com" and trying to log in there. It would ask for my second authentication factor (via Google Authenticator), I'd enter that sequence, and once my mobile browser had loaded its new cookies from evernote,com, the clipper would resume functioning properly using the Javascript "bookmarklet".

 

Since then, in their INFINITE WISDOM, Evernote has taken it upon themselves to modify their web site to detect that you're trying to connect from an iPad or iPhone and HELPFULLY inform you that they don't support using Evernote from these devices.

 

So, it won't let you log in.

 

So, you can't go through the second authentication factor.

 

So, you can't get your new cookies.

 

So, you can't get the Evernote clipper bookmarket to resume functioning.

 

WE DON'T NEED YOU TO PROVIDE US WITH ANYTHING NEW HERE, EVERNOTE, WE JUST NEED YOU TO STOP BEING SO MYOPIC AND STAY OUT OF THE WAY.

Share this post


Link to post

Two-step auth did not work for me.  After setup, my PC client won't log me in....

What os and browser are you using? What are the steps that you followed to enable 2 factor authentication?

2 factor authentication works so smoothly for me, it's hard for me to imagine people are having problems with it. But maybe I can give you some ideas to try to get it working .

Share this post


Link to post

Really glad that Evernote has two-factor.  I only recently discovered this so I am late to the game.  But one question:  It only allows identifying a computer for 30 days, implying I have to every 30 days re-enter an authentication code.  This seems odd to me.  If I am going to authorize a particular computer at all it seems I would either say don't remember the computer at all (such as using a public computer) or say that I want to remember it always (using my own computer).  All other sites I use that rely upon two-factor have this binary decision with a single check mark to remember the computer or not.  What would be the purpose for only remembering an owned computer for 30 days?  What would be the purpose of remembering a public computer for as much as 30 days?

 

I'm sure I'm missing other aspects of how this might be helpful but it is definitely not helpful in my case -- and is even annoying.  I want to be able to say "remember this computer" and be done with it because I use it all the time.  Or, I want to not remember it at all, and have to always enter the authentication code so I can be sure I'm not inadvertently leaving it mistakenly accessible for some while after I am no longer using the computer.

 

At minimum, please add an option in addition to the 30-day option to remember a computer indefinitely.

Share this post


Link to post

I have two step authentication working well, but just ran into a head scratcher... I had the authenticator setup on my phone and just replaced it with a new phone, how do I setup a new device? I found the genius idea of saving the QR code for future devices in an encrypted location... Wish I'd thought of that. Given that I didn't, how do I enable other devices?

Share this post


Link to post

I had trouble posting my reply. The all-wise forum software supposes that my message, which includes no attachment and no URLs, is suspected of containing spam. Really, this is too much. How could anyone present unwelcome commercial e-mail without any attachment or even one link to click? And what am I supposed to do in order that my message might look less like suspected spam? After my troubles with TFA my respect for Evernote is waning today. . . .

tfa.txt

Share this post


Link to post

Sure you can. When the QR code is presented program it into multiple authenticators.

I saved the setup QR code into an encrypted note in lastpass. So Ican setup a new authentication device if/as needed. This would generally be less secure except that I have Lastpass geographically restricted and second factor secured with a Yubikey.

 

Good! And it's not difficult to setup QR code.

Share this post


Link to post

How can I use two step auth, and not asking auth overtime clip to Evernote. 

 

It's really annoying to login every single time clip web to Evernote... 

Share this post


Link to post

That won't help. I use 2-factor authentication, and it's been asking me to log in (with my password though not demanding 2FA) each time.

Share this post


Link to post
On 12/07/2014 at 2:18 PM, Stepinsky said:

Two-step authentication seems to break compatibility with my Sony PRS-T2 ebook reader. The device includes a built in Evernote client which worked fine. It's used for synchronizing data and to save links or text snippets.

Now I was trying to access Evernote for sending a link from within an ebook. I got a "account not setup" message. When I was trying to setup my account, I always get an "user name or password invalid" error. My login data is correct, I just verified with it the web interface.

 

So what's going on here? Does two-step authentication breaks old apps? From this thread I got the conclusion that old apps should still work.

Is there any workaround available?

I know this is an old post but I just setup Evernote on my Sony PRS-T3 Reader.

Do as follows on the Evernote website:

  1. Activate 2FA
  2. Goto your Profile
  3. Security Summary
  4. Manage Settings
  5. Manage Application Passwords > New Application Password
  6. Enter an alias for your Sony Reader
  7. Click "Generate New Application Password"
  8. Make a note of that password!

On your Sony Reader:

  1. Evernote Setup
  2. Enter your user ID
  3. Enter the Application Password you generated earlier
  4. You're in!

Share this post


Link to post

Problems with Two-step authentication:

  • I want to use Google authenticator only, but I receive SMS every time (I've selected Google Authenticator)
  • In Evernote desktop (windows) I must input verification code every time I log in. It's annoying. At least we should have some time delay (30 days, half a year, 1 year ...)

 

Zajeta slika.JPG

Share this post


Link to post
3 hours ago, Mirtma65 said:

Problems with Two-step authentication:

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...