New F-Secure password vault poor example of password management

Fallen
Fallen Posts: 1 New Member
edited November 25 in Password Vault

Hello,
In Windows 10 and 11 ID-protection worked somewhat well but this new software have limitations, for example.
If you have Browser account sync on and switch to new computer/new profile, your addon doesn't accept new validation code for extension to be actived for it has been synced based on other device information I'm quessing, instead you must uninstall extension and reinstall it for it will activate.
I would think when vault is opened and you fill in credentials to website login or update credentials there, browser extension would offer adding or modifying them to vault, but no…

It doesn't ask would I like to update my present credentials when changed password within login page or fill in username for existing password which has been saved to F-Secure already for that specific website.
There fore half of the features from extension aren't available.

Why is this extension so limited?

Answers

  • Ukko
    Ukko Posts: 3,735 Superuser

    Hello,

    Sorry for my comment. I am only an F-Secure user.

    I would think when vault is opened and you fill in credentials to website login or update credentials there, browser extension would offer adding or modifying them to vault, but no…

    This would be a cool feature, but I think it would be hard to implement (since you changed the password on the website or modified credentials via service routine; and most likely the extension hardly knew about it due to some security/privacy restrictions. It cannot literally completely control and interpret the user's actions on website, I think).

    Probably a side option would be to extend the Password Vault browser extension to the point that if a stored entry for that domain is detected and the password change form is used (especially if it is marked as such on the website in the HTML code), then add the ability to generate a password directly by clicking on Password Vault logo in the form and accordingly save the changed state. In the understanding that if at this moment you are editing some saved entry (for example, an email password). Then you can select it, and then select the potential option "generate a new password and save". Thus, the password will be changed on the website through a form using automatic password generation through the extension.

    It doesn't ask would I like to update my present credentials when changed password within login page or fill in username for existing password which has been saved to F-Secure already for that specific website.

    probably because extension/application doesn't know that the password has been changed. But, if I understand your idea correctly, then the extension could try, in some potential improvements, to "control" unsuccessful login attempts using saved credentials. And in the case of such events, offer to change the saved data in the application like "it seems you changed your password or other information, do you want to update the information in Password Vault?".

    Some other things that I remember seem to work as expected. for example, offer to save the newly entered credentials in Password Vault and so on. I mean without any differences between F-Secure ID Protection and F-Secure Total's Password Vault.

    If you have Browser account sync on and switch to new computer/new profile, your addon doesn't accept new validation code for extension to be actived for it has been synced based on other device information I'm quessing, instead you must uninstall extension and reinstall it for it will activate.

    sounds indeed as a limitation.

Feedback on New Design