Authentication is broken, web app unusable
-
Been using simplenotes for several years, since recently using web app is impossible. no – literally I cannot use it, cant login.
When I try to login with a password (https://app.simplenote.com/login-with-password/) – I get inundated with recaptcha every single time. Then I enter password – I can tell from developer console that it seems to log me in and I even see UI for a split second – but then a call to websockets return “0:auth:{“msg”: “Token invalid”, “code”: 401}” and webapp then calls to /logout and logs me out.
Meanwhile – UI shows absolutely nothing. No feedback as to what just happened and why.
b. When trying to login with email code (https://app.simplenote.com/login/) – 9 out of 10 attempts don’t send code to my gmail. I managed to receive code once – but it must have been from one of the already imvalidated attempts an simplenote didnt recognize it.
Tried from most recent firefox, chrome – with or without adblocker. cant login.
So after couple of weeks trying to access my notes on the web – im officially giving up.
-
-
Hi. Sorry to hear you’re having a problem. To deal with the captchas, you need to “allow cross-platform tracking”, or turn off “enhanced tracking protection”. The terminology may vary, but that’s the problem. I’ve read that in Firefox, you can change the setting for Simplenote only.
Not sure about the gmail problem, but their spam filtering is pretty aggressive, so those codes may have landed in spam.
-
Hi. Sorry to hear you’re having a problem
no worries. what am I gonna do – ask for money back?
To deal with the captchas, you need to “allow cross-platform tracking”, or turn off “enhanced tracking protection”. The terminology may vary, but that’s the problem. I’ve read that in Firefox, you can change the setting for Simplenote only.
Not sure about the gmail problem,
I think what you are saying is that captcha not knowing who I am – is a problem.
See, the reason captcha doesn’t work for me is because I like google like I like my mushrooms – eating shit and being in the dark.
Your solutions seems to be that I should open up and be a subject to industrial surveillance like a sheep. Nah I don’t think I will.
The real problem here – simplenote likely has a problem with fraud login attempts and implemented implemented recaptcha as some stop gap solution. it’s not a solution. I’m not a bot but site is unusable to me.
To really solve this:
a) add 2fa support, I would rather enter that once and it works instead of entering recaptcha 10 times and it still doesn’t work.
b) allow ip whitelists. don’t show captcha to those on whitelisted ips.
c) dynamic subdomains for each user. basically wildcard dns assigned at registration and wildcard ssl. Password is not even being processed if subdomain doesnt match user assigned there (too long to explain further, but its a novel solution)
but their spam filtering is pretty aggressive, so those codes may have landed in spam.
I can assure you – that’s a first place I checked.
Simplenote Support Forums 