<div dir="ltr">Accept that Evernote did it by "first in wins". I didn't appreciate that my machines that had previously been validated before the breach were kicked out AND they sent me to the website to login (with presumably the information that had been stolen) and create a new password. If there truly is a cat & mouse game going on with user's security, it stands to reason that you should favor trusting the person who already has a local copy of the data rather than trusting the first person to sign in on a website.<div>
<br></div><div style>If you think about it, services like Evernote, Amazon, Gmail, Paypal, (anyone whose app you have on your phone) etc. already have adequate 2 factor authentication (for most of their users) that could be used in a post-breach situation. They just have to have prepared in advance to be able to use it. It's not 100% in that there will be many users who find themselves in a "no client-side app+data that could be used as a security bootstrap" situation. But, that would make the attack pool so small that it would make these huge companies not even worth targeting.</div>
<div style><br></div><div style>Hey, I'm onto something here. I need to write a paper!</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Mar 4, 2013 at 4:34 PM, Matt Hessel <span dir="ltr"><<a href="mailto:matt.hessel@gmail.com" target="_blank">matt.hessel@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">It's hard to be unaware, with the mass notification emails from them, and my devices getting locked out.</p>
<p dir="ltr">It's nice to see a proper response to a security threat by an organization these days. :)<br>
</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Mar 4, 2013 9:37 AM, "Ron Frazier (ALE)" <<a href="mailto:atllinuxenthinfo@techstarship.com" target="_blank">atllinuxenthinfo@techstarship.com</a>> wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all,<br>
<br>
I first saw the link to this article on the dc404 mailing list. If you're an evernote user, you need to know about this.<br>
<br>
<a href="http://www.theverge.com/2013/3/2/4056704/evernote-password-reset" target="_blank">http://www.theverge.com/2013/3/2/4056704/evernote-password-reset</a><br>
<br>
Sincerely,<br>
<br>
Ron<br>
<br>
<br>
--<br>
<br>
Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.<br>
Please excuse my potential brevity if I'm typing on the touch screen.<br>
<br>
(PS - If you email me and don't get a quick response, you might want to<br>
call on the phone. I get about 300 emails per day from alternate energy<br>
mailing lists and such. I don't always see new email messages very quickly.)<br>
<br>
Ron Frazier<br>
<a href="tel:770-205-9422" value="+17702059422" target="_blank">770-205-9422</a> (O) Leave a message.<br>
linuxdude AT <a href="http://techstarship.com" target="_blank">techstarship.com</a><br>
<br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div>
</div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>.!# RichardBronosky #!.
</div>