emnz 0 Posted April 8, 2009 Share Posted April 8, 2009 The Evernote login screen (in the Desktop App) should obligate a user to introduce both: username AND password in order to open their notebooks (not just username). Link to comment
bpm32 2 Posted April 8, 2009 Share Posted April 8, 2009 Good luck getting anywhere with this, but I am glad to see others asking for it. I made a similar post a couple of days ago, and I believe others have suggested this as well. Their best suggestions: put the database in a vault like TrueCrypt (I have to believe overkill in many cases) or use a passworded screensaver. EN 2.2 did have a password requirement. I haven't seen them talk about why it was removed in EN3.Brian Link to comment
SaraS 5 Posted April 9, 2009 Share Posted April 9, 2009 I'm pretty sure I read the reasoning behind this somewhere on here. It was something along the lines of -- even in EN 2, the database wasn't encrypted. The pw protection just prevented you from opening up the client, but someone rooting around on your drive could still find the unencrypted db and get into your notes that way. So having a password on the client was MISLEADING, as it implied a level of protection that was not really there. And users who DID want things to be truly protected would get very upset when they discovered that they weren't really getting the protection they thought they were getting.Anyway, I'm pretty sure that is what I read somewhere here, but of course I can't find it now. So, take this as just a guess as to the reasoning behind this. Personally, I've found the password screensaver solution to be the best in environments where I need to worry about this, because there is a lot more on my computer than JUST EN that I'd rather others not look at (plus, prankster-type co-workers in my office have been known to do silly things like send company-wide goofy emails from someone else's computer). Link to comment
bpm32 2 Posted April 9, 2009 Share Posted April 9, 2009 You're right - the passworded screensaver works well, assuming one has the rights to access the screensaver. In my workplace, this is locked out.@SaraS - I think you're right about the EN2 db. Now that you mention it, I do seem to recall that same discussion about the EN2 database being directly accessible as well.This leads me to a question: from the company's programming standpoint, does a database HAVE to be encrypted to password protect it? I still maintain, and I think many would agree, if I want it encrypted I can either encrypt individual notes OR stick it in Ft. Knox (TrueCrypt). A basic level of protection within the program seems like an obvious feature. Don't get me wrong - I LOVE EN - I have since the day I installed version 2. It just seems like this is something that any program of this nature would offer.Brian Link to comment
ruudhein 29 Posted April 10, 2009 Share Posted April 10, 2009 I for one am strongly against such a PW feature.I like the idea very much that w/o my EN user info, EN desktop can still function. If that weren't the case I would never ever use the program. Link to comment
SamHasler 0 Posted April 10, 2009 Share Posted April 10, 2009 the passworded screensaver works well, assuming one has the rights to access the screensaver. In my workplace, this is locked out.On WinXP & Vista pressing Win+L will lock your computer. Link to comment
emnz 0 Posted April 17, 2009 Author Share Posted April 17, 2009 The pw protection just prevented you from opening up the client, but someone rooting around on your drive could still find the unencrypted db and get into your notes that way.yeah... you're right... so both features must be implemented IMHO: db file encryption and username+password authorization.The program should be as secure as it can on its own. It can't depend on third part software or enabling OS passwords Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.