How is it possible some F secure vault passwords do not correspond between devices and have changed?

Hi there,

the above has happened with some of my passwords in F secure password vault (I have a video of this kind of unacceptable anomaly if you'd like to see it), despite being logged in with the same username across two devices. I've recently had several problems with the password manager; namely some of the passwords have somehow changed to their original entry. How do I know this? Because I kept a backup of those same passwords which did / do work when not in the F secure password manager longer than a few days. My feeling or suspicion is it has somehow been meddled with, though this ought to be impossible (right?). This is totally unacceptable and not to mention extremely worrying. I tried telling a tech support guy who kind of laughed it off (was he really tech support?). This used to be a very secure reliable vault but now seems fraught with problems. Let me know your thoughts and suggestions etc. Thank you v much,

Kind regards,

Trevor

Accepted Answer

  • Ukko
    Ukko Posts: 3,603 Superuser
    Answer ✓

    Hello,

    Sorry for my reply. I am also only an F-Secure user.

    Just sounds a bit of unclear.

    How do I know this? Because I kept a backup of those same passwords which did / do work when not in the F secure password manager longer than a few days.

    I think F-Secure ID Protection has 'Passwords History' feature too. What I mean is that any change should be recorded (unless deleted by the user) in the history list. It is described there: Accessing your old passwords | Total | Latest | F-Secure User Guides

    Can you check if 'entries' with activity there? If so, you can see which was older (stored) passwords in Vault and when it is changed to current.

    namely some of the passwords have somehow changed to their original entry. 

    Or did you mean (if to re-phrase) - some entries are reverted back to its original state? Or just changed from its original view to some 'random' one?

    If 'first', then maybe it is possible to explain this by returning to some of the old locally saved good storages (for example, a previous F-Secure solution or after reinstalling the program without deleting the storage with passwords) by some failure.

    // as such, since your topic in F-Secure ID Protection area and mentions of "F-Secure TOTAL's Password Vault" - did you upgrade from F-Secure IDP to in-app F-Secure Total's Password Vault? If yes, then mentioned scenario is a bit of more likely.

    I took another video of the same problem today re the same entry above and it's quite clear: the password is different on the Windows 10 (ie apart from the username, the password and notes are missing) than the mobile devices (same entry)- how is this even possible?

    It sounds different, but there is currently one known trouble around: F-secure total password manager has bug, lost passwords for many accounts, version 19.2, on win11 — F-Secure Community (mostly affected systems were Windows 11).

    But I think maybe your situation is related to somehow 'broken' sync-information between devices. Some devices are synced to each other and the rest is not. Or somehow synced between difference setups.

    But I'm already a little confused by the events.

    I just checked devices and the password referenced is missing or has not been updated AT ALL on the Windows 10 machine (Lenovo);

    Can you try to re-sync it?

    Alternatively (or even better) - to change master password on one device and CHECK which devices will request it? So, those devices are synced then between each others.

    when trying to access mail - as said the password for that service failed after a day when it was entered into the F secure password vault (a day after it actually did work, but the same password did not work the following day on the same device <windows 10>, I had to retrieve a backup of that password to get it working again. This happened twice. So how is this possible?

    Could you re-phrase it? I mean, I think I understand the situation. But I could also interpret what is written differently. At the same time, in any case, it is really difficult to explain this behavior with anything reasonable enough (in comparison to the rest of topic). Except if something was overlooked.

    What is going on? How to resolve this? 

    Since there are already so many unclear and obscure things in the problem. It would probably be easiest to try reinstalling the solutions. For example, try following this course of action:

    However, the important point is to understand if only one device in trouble. This "Windows 10" which is unsynced to others. Because if the trouble only with one device (where all the 'strange situations' happened) - then, it is better to understand why is that. And, for example, to use reinstallation only with this one.

    Thanks!

    siramicFirmy

Answers

  • siramic
    siramic Posts: 65 Active Engager
    edited February 12

    Hi Trevor,

    See if any information in this link helps, Stored pass­words and other personal data in the Vault.

    https://www.f-secure.com/en/legal/privacy/consumer/id-protection

    Cheers,

    siramic

  • Trevor7787
    Trevor7787 Posts: 4 Observer

    Hi Siramic,

    Thanks for posting and the link. I read it but unfortunately it does not help at all. I just checked devices and the password referenced is missing or has not been updated AT ALL on the Windows 10 machine (Lenovo); so it seems to have synced on two devices but not the laptop )(Windows 10). Other issues I had on the Windows 10 include what seem to be some kind of breach (how else to explain it?) when trying to access mail - as said the password for that service failed after a day when it was entered into the F secure password vault (a day after it actually did work, but the same password did not work the following day on the same device <windows 10>, I had to retrieve a backup of that password to get it working again. This happened twice. So how is this possible? It means the password on the vault for that entry on windows 10 either became corrupted or got changed, and it was only by using a backup i could get it to work. How is it possible? On another matter: I have two licenses for a mac mini yet none of them are syncing currently to what should be the correct password vault- this is getting terribly confusing and it's not working properly. I'm not sure what to do about it. One of your tech guys did a screenshare session the other week and he seemed unable to get it to work either. Any developments on this? It's tiring to have makes these calls so often (not just F secure but other issues too, ie involving a non-F-secure VPN being disconnected in the night by some third party) and again, F secure vault used to work fine, but now is not working properly on Windows 10 or the mac mini. This used to be a very reliable vault / password manager. What is going on? How to resolve this? I share this information bc it is exasperating, confusing, tiring, worrying, and the problem has not been resolved. I took another video of the same problem today re the same entry above and it's quite clear: the password is different on the Windows 10 (ie apart from the username, the password and notes are missing) than the mobile devices (same entry)- how is this even possible?

    Ukko
  • siramic
    siramic Posts: 65 Active Engager
    edited February 15

    Hi again, Trevor,

    I agree my link was useless, compared to what you posted above. I guess it was just a feeble attempt to assure you that on F-Secure's server side, it sound like things should be secure, regarding things being encrypted.

    I'm running F-Secure Total on 5 PC's 3 Windows 10 PCs and 2 Windows 11 PCs, with the Password Vault functioning and syncing normally. Again, that is very different than the ID Protection package with the included vault, so I don't know what to say. It sounds like you've done everything you can and are kinda at your wits end. I hope someone else here can help you, or have an idea for you.

    Kind regards.

    Ukko
  • Trevor7787
    Trevor7787 Posts: 4 Observer

    Hi Ukko,

    Thank you for the post. I did not know about the password history feature (BTW I tried looking for this and cannot find it- where can i see the history of password changes? It would be useful to check this). The problems began when I switched from the ID protection single-app to this all-in-one Total app.

    Okay, to help clarify some of the problems, let me explain. I setup a password (say, for example "ABC") in the password manager (but, bc I've had problems with F-secure password manager, made a backup of this password "ABC" on a separate device). Now, using the F-secure password manager on Day 1 (for example), I use password "ABC" to log into to my email from ServiceProvider P. This worked fine on Day1. on Day 2 I tried to log back into my email / ServiceProviderP using the same password "ABC" that was entered into the F secure password manager stored on the Windows 10 machine (Lenovo). It did not work, not recognised, wrong. I then used my backup password stored on the other device to setup a new entry in F-secure password manager, but calling this, for example "ABC2". It synced to the windows 10 F secure password manager. I then use "ABC2" to sign into my email from ServiceProviderP on the windows 10 machine and this worked fine. Now, the next day (or whenever it was, it happened a few times), the same thing happened. So, password "ABC2" did not work for the email of ServiceProviderP and i had to again get the backup in order to sign in. Then of course i changed the passwords and 2FA and so on of the email of ServiceProviderP. Now this password is actually stored on a separate device- i am having trust issues with: 1/iphone and 2/F-secure password manager on windows 10 (and, as it goes, windows 10 in general / Lenovo). That's basically it. There is a real problem. Also, my wife has had similar problems - I recommended F secure some time ago and she complained (actually today) that two passwords stored in F secure no longer work. So this is really quite serious.

    I appreciate the honesty that there has been a bug- these things, whilst they shouldn't happen- unfortunately can happen, and we are in a world riddled with cyber crime, hacking and so on, so we all have to take extra precautions. The problem i've had with my iphone - and i know this is nothing related to F secure- is that the same ServiceProviderP i refer to above (their service, VPN as it goes) at times got automatically bumped off / logged out, without my touching it, so i'm really not sure if i can use the iphone and ServiceProviderP. The password for ServiceProviderP came from the F-Secure password manager, pasted into the app. I'm not sure sure what I can trust- i phone, f secure, windows 10, any of them, The passwords (on the iphone) seem to get pulled quite regularly from the phone's apps, sometimes i can't log into them. But as I said, this is not a F secure problem, but an iphone issue.

    Re syncing, yes I'll do that, and have changed the master passphrase a few times now (though not recently). My workaround now is either not to have certain passwords in the password manager or try to somehow make unclear the password names, assuming a hacker is constantly attacking the windows 10 machine (which seems to be the case, i don't know how to explain VPNS logging themselves out and removing themselves from the dock- it just can't happen without someone doing it).

    Thank you for the remedial suggestions. I'll think about them. I don't like the idea of exporting passwords / creating copies of the vault - doesn't this open more doors for hackers? I am now creating my own backups which so far seems to work. I also really don't like the idea of again having to uninstall and reinstall the F secure Total app (i think i have been through this process a few times with the technical support guys). On the mac mini he could not properly delete some file so as to re-enable the new app on the new OS (no matter, I'm no longer using this OS anyway and downgraded it and probably will never buy another mac computer again, for other reasons). Point is i think i went through a similar process with a F-secure tech support guy on the windows 10, can't recall now, and this all-in-one Total app is frankly having too many problems for me to keep going through these processes. But I may do it. Will think about it. I have a workaround which seems to work, and that is the main thing. The uninstall-reinstall-re-import process is painful and annoying and I'm sick of spending hours on the phone to various technical support guys to fix so many problems (not just F secure).

    Re syncing, somewhere along the line the ID protection app stopped working properly. Now the culprit seems to be Windows 10, but the problem is strange, for example, the getting- logged-out-of-ServiceProviderP-services app on the iphone without touching it. How does anyone explain that? Did someone pull the passwords out of the phone? So i have to go through another convoluted process just to put the password on there? I've done that a few times. Well now I'm not using that app / ServiceProvider P on the iphone, period.

    Sorry for such a long post. My wife said today she will no longer use F secure vault. I'll think about the uninstall-reinstall-process. Thank you very much again for taking the time to write the post and respond- I will lookout for the password-change-history feature (I can't find it on the Total app at all, where is it?). I'll try re-syncing and see if Password B (another issue) syncs between iphone and other device. The problem here is that Password B (on the windows 10 machine) only has the username and yet on the iphone has all the details (username, password, and notes), so windows 10 is not working properly at all, and even when certain passwords are on there, they do not last long). BTW my wife has a macbook pro and the F-secure passwords there (two of them for sure) no longer work / were compromised / a bug / whatever.

    Thank you again. Hope this additional information helps. Pls feel free to ask more questions.

    Have a nice day!

    Kind regards,

    Trevor

    Ukko
  • Trevor7787
    Trevor7787 Posts: 4 Observer

    Hi Siramic,

    No worries- thanks for posting!

    siramicUkko
  • Ukko
    Ukko Posts: 3,603 Superuser

    @Trevor7787, Hello!

    Sorry for the slight delay in my response.

    Also, my reply is a bit too huge too. I will put TWO PARTS of it... sorry

    FIRST PART of my reponse:

     I did not know about the password history feature (BTW I tried looking for this and cannot find it- where can i see the history of password changes? It would be useful to check this). 

    I tried to put the URL in the previous reply too. There is Online Guide/Help: Accessing your old passwords | Total | Latest | F-Secure User Guides ( it is clickable); Described product is F-Secure TOTAL (Windows); And with Android platform (as an example): Accessing your old passwords | Total | Latest | F-Secure User Guides

    Sounds that iOS also has it: Accessing your old passwords | Total | Latest | F-Secure User Guides

    I tried with my Windows installation by opening application; then opening Password Vault (unlock); then choosing an entry/password from the list; then if this entry has any 'history' - it will be visible near "Edit button" as 'Password history'; inside will be with list of 'previous' passwords (timestamp and possibility to look at actual password).

    If no passwords changes (or it is cleared) - then no "Password history" (kind of button) will be visible.

    ...

    So this is really quite serious.

    Thanks very much for your such a detailed clarification of the situation. It has become a bit easier to understand the order of events; and perhaps try to imagine what went wrong.

    Based on the steps described, I'll try to reformulate. And to take as some kind of “start point”, let's say the original and first password was "ABC2" (for an email account; valid and an active). The password was changed to "ABC" in the service and then immediately saved in F-Secure's Password Vault as an entry for the service with the password "ABC". Everything was fine on the first day. The next day, trying to log into the email service with the stored password “ABC” it ​​didn’t work. For some reason the "service" accepted and expected that the correct password should be the original "ABC2" (as if like nothing changed the day before). This is already quite strange. And especially since it turned out to be repeated again and again.

    However, at this step. If the original password was "ABC" (as you mentioned to save it as a backup and it was not clear which backup you decided to use after the first day then): the only thing I could think of is that the password contains some kind of character or symbol or is somehow ERRORALLY stored inside the Password Vault's, which makes a difference when trying to use the password from the Password Vault to log into the service. And, let's say, the "same" password - but saved somewhere else as a backup (let's say, as a .txt-file where any encoded characters dropped or 'recoded'). Or the service itself has problems with some interpretation of the password (does not accept the password from Password Vault (with intended view) but accepts the "same" password from the text file).

    If synced is involved - then - another way is 'corruption' while syncing between the device (where an entry is created) and the device (where an entry then tried). With the same reason like if 'certain' character or symbol or size or something wrongly decoded/encoded. I am not sure if it is possible, actually. Because I tried very often and diligently to “test” such a problem. And, in general, I didn’t succeed (since everything functioned as expected). And also you did mention "ABC2" (in the first day of trouble) synced normally; though if this gathered "ABC_from_backup" and re-named to "ABC2" saved properly then - this does not ruin the possible scenario described above with some kind of “problematic” inclusion of character / symbol / invisible_addition_of_something when stored in Password Vault directly.

    So, password "ABC2" did not work for the email of ServiceProviderP and i had to again get the backup in order to sign in

    But I puzzled there. Which password then worked at this step? the Backup was still "original" (so to speak, that one which is just renamed ABC to ABC2) or it was 'second' backup (created after 'creating' ABC2)?

    (which seems to be the case, i don't know how to explain VPNS logging themselves out and removing themselves from the dock- it just can't happen without someone doing it).

    Not really using iOS or apps with similar functionality, but could this be some kind of “auto-update” of the app? And although this is not very “good design” - but then it would be more expected log out and disappearances from the dock (?). However, I quite often saw discussions about apps disappearing in MacOS and iOS docks. So, this could be due to some known problem with the operating system (system updates), or some optimization settings used, or even third-party optimization applications or battery savers. For comparison with Android - let's say "unexpected" killing process, clearing app's cache and so on.

    As such logout with iOS apps also quite often discussed. I mean, as a general situation.

    Thank you for the remedial suggestions. I'll think about them. I don't like the idea of exporting passwords / creating copies of the vault - doesn't this open more doors for hackers? 

    Well, not really.

    Unless you are under 'current and ongoing' incident. And if “someone” controls “remote access” and can take advantage of the moment when passwords are easily accessible in the period between export and import back (which was my suggestion). But, first of all, to take full advantage they would still need to “manage” the system (open a file, move the mouse cursor or something like that) - and this would be noticeable to you. It could be that some "specialist" would use the command line expertly instead - but if that were the case, then they (he) could already cause quite a lot of trouble. So.. it's unlikely, perhaps.

    My suggestion to export Password Vault's content (and, so, temporarily save this file as a “copy” in filesystem) was so that you could then import it back after cleaning a bit and reinstalling the F-Secure application (instead of re-syncing from a problematic storage, for example). And to start syncing with other devices from scratch (from this 'freshly' created storage).

    After which the “exported” file could be deleted. However, the exported file is .fsk (text-file in a .json-type format) - it is a plain text. That's unsecure to store it like this. But you can create an encrypted archive (.zip, .rar, .7z) with strong password (where .fsk file will be inside). So, it is even possible to store it in system relatively safe.

    ... to be continued in the second part of reply.

    siramicFirmy
  • Ukko
    Ukko Posts: 3,603 Superuser

    ...

    SECOND PART of my response:

    The uninstall-reinstall-re-import process is painful and annoying and I'm sick of spending hours on the phone to various technical support guys to fix so many problems (not just F secure).

    True, I can understand it. Reasonable too.

    Just (if done very correctly) this would remove almost all possible logical reasons for the described problem with passwords. And if the trouble still reproducible, then there will be options - some unexpected bug (F-Secure side); some unexpected bug (on the side of the service, which either accepts or fails to recognize the password), or something else. All will require a closer investigation.

    But I will not insist on uninstallation-cleaning-reinstallation-importing process as such.

    Maybe it will be possible to understand situation without extra steps and to find a proper solution to the reason of it just by thinking and small checks.

    The problem here is that Password B (on the windows 10 machine) only has the username and yet on the iphone has all the details (username, password, and notes), so windows 10 is not working properly at all, and even when certain passwords are on there, they do not last long).

    This sounds very similar to the topic I mentioned in my first comment. But where Windows 11 is an 'exclusive' point to receive such a trouble (as I remember). Bug is that if an entry has a specific 'note' section - then some impact can be with Windows device (but I may mislead it; better to look at mentioned topic in my first ever comment).

    However, it also can be an indication of 'broken' sync-state between devices. By that, I mean - they are no longer syncing. OR syncing with another device (which still 'retained' old view and keep reverting it back). So, the entries are equal and were synced at the time, for example, but not now.

    Also, I think it is not possible to sync storages between F-Secure ID Protection and F-Secure TOTAL's Password Vault. Just in case if there were attempts to do so.

    BTW my wife has a macbook pro and the F-secure passwords there (two of them for sure) no longer work / were compromised / a bug / whatever.

    Need more information. Such as.. to find if there any correlation between trouble passwords or a certain routine when all goes wrong.

    The problems began when I switched from the ID protection single-app to this all-in-one Total app.

    I think after switching from F-Secure ID Protection to F-Secure TOTAL's app - the old F-Secure IDP storage (with passwords) somewhere / somehow is still stored and maybe kick-in unexpectedly.

    But again, I think the support agents should have checked this and that and tried all possible options.

    Anyway, thanks for your patience in responding to me and for providing the information. I hope that we will be able to get some solutions as a result. Including your wife’s situation. I would suggest that you think about something based on this comment and let me know if maybe something has already changed.

    Meantime, I will try to re-read your comment and think again if I can improve anyhow my suggestions. And sorry for my English!

    siramicFirmy
Pricing & Product Info