Bug Report: New Password Overwritten by Old

I just reset my password for an account using Key on my Android phone this morning. This afternoon, I sat down at my computer and opened Key to get that new password. It was not there; just the old password.

 

But I knew what to do: hit the "Sync now" button, of course. Still nothing. I opened Key on my phone, and the new password was there. I hit "Sync now" on the computer again and the old password remained. Then, when I checked my phone to manually copy it from there, the old password had replaced my new password!

 

Looks like I'll be resetting my account password again today.

 

Is there not some kind of timestamp on passwords to prevent this from happening? If there isn't, this behavior is a data integrity weakness, as well as a bug.

Ukko

Comments

  • UkkoUkko Posts: 2,995 Superuser

    Hello,

     

    I'm not a F-Secure staff.

     

    Just interesting (just because -> I do not able to re-check this situation with my own experience on current time):

     

    -- did you try to repeat it with any other entries (or with fresh entry at all)? Like as "create entry with password" -> synced between devices. Then "re-change" password under Android and synced between devices (for getting fresh password under desktop).

     

    Just as re-check about "does there indeed something work wrongly".

    Because... sounds as too much useless design (for 'proper' work).

     

    I able to think - that maybe with your tries (when there was troubles with sync-process) there opened entry under desktop Key and save it (like re-save it); And based on this action -> it marked as "fresh" changes;

    Or some other potential meanings.

     

    Thanks. 

  • Finn5Finn5 Posts: 2

    I believe you are correct that my attempts at synchronisation somehow caused it to believe it was a new password. I checked the password history, and the "new password" I created is now there as having been created today, but no record of the original creation of my old password exists.

    Ukko
  • UkkoUkko Posts: 2,995 Superuser

    @Finn5 wrote:

    I believe you are correct that my attempts at synchronisation somehow caused it to believe it was a new password. I checked the password history, and the "new password" I created is now there as having been created today, but no record of the original creation of my old password exists.


    Sorry for my reply (else one time).

    I do not able to check with my own experience - so it will be only suggestion.

     

    Except meanings that there is "certain trouble based on something": what if there "sync"-process do not count the "password history" (?!);

     

    With points like:

    - you changed password under Android-device (and previous password placed there under password history; if Android platform support it);

    - synced devices... and Desktop-device just got the fresh password (but not fresh 'password history');

     

    If not (and after "sync" devices where password-change comes from sync-process -> there should be changes for password history) ---> most likely there quite useful to investigate such situation; Since there can be something else (related to this);

     

    But if yes (and sync-process do not sync password history with certain view) ---> probably F-Secure Key also able to re-check this situation (as "does there all OK or not");

     

    Sorry for my reply. I decided to place it - because there "weekends comes" and maybe can be delay with normal official response from F-Secure Teams/Staff;

     

    Thanks!

  • LakshLaksh Posts: 4,432 Community Manager

    Hi Finn5,

     

    Just to confirm, may I know what is the version of KEY installed on both the devices? Have you tried to sync again on both the devices and does the issue replicate again?

This discussion has been closed.