Search
Close this search box.

Security Notice: If you can’t log into Workflowy right now, or you are getting lots of login emails, this is why …

By

Jesse Patel

March 20, 2021

Update: Mobile and desktop are fixed, but they require two phases of recaptcha (clicking the images of traffic lights to tell the computer you aren’t a bot). This is really annoying, and we’re working on reducing that to one.

The situation

For the past week, someone has been executing a credential stuffing attack against the Workflowy servers. This means that they got a huge list of emails and passwords from somewhere (hacks of other sites), and they’re checking whether those same email/password combos will give them access to any Workflowy accounts.

We’ve been working to address the issue, but yesterday they escalated the attack and we had to turn off login from our mobile and desktop apps in order to prevent people getting spammed further and the attacker having the opportunity to log in.

What we are doing

We are currently implementing the protections needed to re-enable signup/login from our desktop and mobile applications, and stop the login spam.

We will keep you updated. We will post updates here, on twitter, and on our status page.

What you should do

  1. If you use a password to log into Workflowy, and you use that same password on other sites, you should change it here.
  2. If the email account you use for Workflowy has a password that you use with other sites, you should change your email password as well.

Thank you for your patience and our apologies for the inconvenience.

0 0 votes
Article Rating
Subscribe
Notify of
guest

4 Comments
Inline Feedbacks
View all comments
trackback
workflowy login - loginen.com
2 years ago

[…] Security Notice: If you can’t log into Workflowy right now … […]

0
Reply
Radford
Radford
3 years ago

I’ve been a user of WorkFlowy for over a decade and I’ve always been happy with the product itself. That said, two-factor authentication would mitigate these kinds of attacks and it’s pretty silly to not support it in 2021. It’s been on your radar for a while now:

https://workflowy.zendesk.com/hc/en-us/community/posts/360039767392-Two-factor-authentication

“Although not guaranteed… we may certainly look into this in the new year… once we’ve got some major features released that we’re currently working on!”

Maybe it’s time to prioritize security as a major feature?

0
Reply
Courage! I can’t imagine how hard your task is at this point.
Courage! I can’t imagine how hard your task is at this point.
3 years ago

Courage! I can’t imagine how hard your task is at this point.

0
Reply
Jim Hogan
Jim Hogan
3 years ago

Thank you for the heads up, Jesse.

0
Reply

Subscribe to the newsletter

We'll email you all our latest posts.

Read more

Overwhelmed?

Workflowy replaces your notebooks, stickies and bloated apps with a simple, smooth digital notebook that makes it easy to get organized and be productive.

Signup

Product

Pricing

Teams

Learn

Workflowy

Support

Company

About us

LinkedIn

Privacy

Social

Twitter

Slack group

Reddit

YouTube

Resources

Templates

Students

Bullet Journal

List Maker

Online Notepad

Popular guides

Para method

Build a second brain

Getting things done

Time blocking

Bullet journaling

MOSCOW method