Is Autofill code gets 'invalid' still unsolved
Accepted Answer
-
Hello @martink
Thank you for your next post.
In the case of the problem you are experiencing, please check first of all that you have the latest versions of your web browsers.
Then uninstall and reinstall the extension from F-Secure for the respective browsers.
If the problem still remains, then follow the steps below.
If the Firefox is up to date, you can try reinstalling the Password Manager by F-Secure extension:
- Open Firefox
- Click on the Menu in the upper right corner
- Scroll down to Add-ons and Themes
- Click on the three dots next to the Password Manager by F-Secure
- Select Remove
- Open F-Secure ID Protection
- Go to Settings
- Select Autofill and click on install Add-on for Firefox to add the extension again
If the steps above don't help, check if you have the Sync and save data function enabled in Firefox. If yes, follow the steps to disable the function for add-ons:
- Open Firefox and log in to your Firefox account
- Go to Settings and select Sync from the menu of the left-hand side
- Click on Change and untick the box Add-ons in the Choose What To Sync window
In case that the steps above don't solve the issue, proceed clear all the browser history and cookies. If clearing the browser history and cookies didn't help, you can attempt to refresh the Firefox browser as described here.
Note: Refreshing Firefox browser will remove your extension data and preferences. You may need to add the extensions back after refreshing.
Let me know how the situation is.
Best regards.
Pawel
Making every digital moment secure, for everyone
Answers
-
Hello again
Some more details.
I use portable versions of Firefox and Chrome and normal Brave.in F-S TP
This is how Password vault sees them
The Chrome extension is asumably from Brave.
I do not get the invalid error from portable Firefox and that works. Fine
On another PC I have total and Firefox portable. Both are updated to the latest version.
on that PC I get the invalid code message.
Neither of these PC's is synced for any of the browsers. I do clean the browser cookies, history and cache every now and then.
Brave and portable Chrome are not supported.
However, I do not understand it. to me it appears that it is the extension which does the validation of the code and if the window for it opens why does it matter how the software is installed. Either the extension does recognize the correct code or it doesnot and then it is a bug.
Secondly the software F-S TP or Safe produces the code and that might have bearing which version it is, but once everything is updated it should be the correct code. If not it is a bug again.
Then it would simple to give the correct code. Can you please do that?
-
I
I agree. This is a bug. I spent the better part of my morning debugging their extension. I can see communication to the native F-secure just fine. But F-Secure is sending back that the code we are trying to validate as invalid because (and i'm assuming the inner operations) that it's not on their criteria list of browsers as the product name. IE: Chrome, Firefox, Edge, Safari, etc.
This is completely pointless. I know you guys are trying to keep this as user-friendly as possible but you are crossing into "so friendly it's worthless" territory.
For ALL the Chrome and Firefox browser variations that are not in your existing list of white listed browsers. You should prompt the user from F-Secure saying a browser extension in product "XYZ is trying to authorize, do you give permission?" This is basically for everyone who would actually need to paste this code.
This BUG is frustrating. I can see the plugin is working just fine in my browsers. It's just F-Secure is refusing to validate it. If you want it more secure make it so the process generates a new key for every browser and at any point we can unauthorize the key blocking that browser from the extension.
I'm evaluating F-secure and it hits EVERY mark perfectly for what I want. But the whole thing fails because of something so silly as incompatible password manager that EVERYTHING works fine in, but they chose to make it not work unless it's on their very short list of supported browsers. I can appreciate what you thought you were accomplishing with the procedure, but it's totally wrong.
Please make this security authorization procedure a design flaw and bug it. It's such a great product, I don't want to have to find something else because of something so ridiculously silly.
-
FYI: I was debugging the extension in Opera GX "LVL6 (core: 112.0.5197.115)" under Windows 11.
I even tried injecting a token into local storage, and the health check function literally says "Health fail for legacy mode, removing authorization." and deletes it.
Absolutely no issues in communication from extension to F-Secure application. From what i've seen it's F-Secure refusing to validate the token being sent to it. There is absolutely no point to having a API token we can paste if there is now way to extend the allowed list.