New F-Secure password vault poor example of password management
Hello,
In Windows 10 and 11 ID-protection worked somewhat well but this new software have limitations, for example.
If you have Browser account sync on and switch to new computer/new profile, your addon doesn't accept new validation code for extension to be actived for it has been synced based on other device information I'm quessing, instead you must uninstall extension and reinstall it for it will activate.
I would think when vault is opened and you fill in credentials to website login or update credentials there, browser extension would offer adding or modifying them to vault, but no…
It doesn't ask would I like to update my present credentials when changed password within login page or fill in username for existing password which has been saved to F-Secure already for that specific website.
There fore half of the features from extension aren't available.
Why is this extension so limited?
Accepted Answer
-
Hello,
Sorry for my comment. I am only an F-Secure user.
I would think when vault is opened and you fill in credentials to website login or update credentials there, browser extension would offer adding or modifying them to vault, but no…
This would be a cool feature, but I think it would be hard to implement (since you changed the password on the website or modified credentials via service routine; and most likely the extension hardly knew about it due to some security/privacy restrictions. It cannot literally completely control and interpret the user's actions on website, I think).
Probably a side option would be to extend the Password Vault browser extension to the point that if a stored entry for that domain is detected and the password change form is used (especially if it is marked as such on the website in the HTML code), then add the ability to generate a password directly by clicking on Password Vault logo in the form and accordingly save the changed state. In the understanding that if at this moment you are editing some saved entry (for example, an email password). Then you can select it, and then select the potential option "generate a new password and save". Thus, the password will be changed on the website through a form using automatic password generation through the extension.
It doesn't ask would I like to update my present credentials when changed password within login page or fill in username for existing password which has been saved to F-Secure already for that specific website.
probably because extension/application doesn't know that the password has been changed. But, if I understand your idea correctly, then the extension could try, in some potential improvements, to "control" unsuccessful login attempts using saved credentials. And in the case of such events, offer to change the saved data in the application like "it seems you changed your password or other information, do you want to update the information in Password Vault?".
Some other things that I remember seem to work as expected. for example, offer to save the newly entered credentials in Password Vault and so on. I mean without any differences between F-Secure ID Protection and F-Secure Total's Password Vault.
If you have Browser account sync on and switch to new computer/new profile, your addon doesn't accept new validation code for extension to be actived for it has been synced based on other device information I'm quessing, instead you must uninstall extension and reinstall it for it will activate.
sounds indeed as a limitation.
Answers
-
Hello,
Just wanted to say that my comment was marked as an answer, which is probably not entirely fair. Unless the concerns raised have been resolved somewhere within the official support channel.
I was also recently re-reading the documentation, articles and Help regarding F-Secure ID Protection / F-Secure Total's Password Vault and I seemed to come across mentions that the described things should already be implemented and working (such as asking for a password change / replace after changing it in the service, the next time you log in; or kind of). So, either F-Secure Password Vault has really lost some features, or they still exist - but for some reason they are not used in the user experience (maybe there is somehow a way to notify about sites where this does not happen; via F-Secure SAS if they are still accepted them).
still I am not sure about the point which I tried to describe as "a limitation indeed"; and 'proposed' feature ideas are also seems okay to me (I would most likely use such a design with pleasure; using a browser extension to generate a password directly in the input form with autosaving inside the application/vault; same as it done via UI, but kind of more 'smooth' and a way to expect two-in-one action).
Thanks!