Logging into and out of F-Secure account - Security Problem..?

Hi, I've been using F-Secure for a number of years now and have always found it to be one of the best AV's out there.

 

I recently bought a new PC and logged into my F-Secure account to be able to download the software. It logged me into my account, but then straight away wanted me to log in again even though my name and account details were showing at the top of the screen. I entered my details once again and it went into the screen where it shows all of my devices (just like it used to).

 

The major problem is when I came to log out of the account, it logged out on the main screen but still showed up with my name and account details! No matter how many times I clicked on 'Log Out', it wouldn't. This wasn't too much of a problem security wise for me as I was at home on my own PC, but if I'd logged into my F-Secure account on a public PC, there's no way of actually logging back out!

 

At first I thought it might be the cache on my PC that was corrupt somehow, so I tried it on my work PC and exactly the same thing happened.

 

My Fiancee also has her own F-Secure account and I logged into hers on yet another PC, exactly the same thing happened!

 

There is obviously a major problem with your website/login screen that needs fixing quickly as it definitely poses a security risk to your customers.

 

Many thanks in advance,

Phil.

Comments

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    I'm also only F-Secure user (their home solutions).

     

    Maybe it is good to know more information about configuration/setting (yes, it is clear that you tried different hardware and places; but some points else maybe good to know).

    -> did you try with different OS/platform?

    -> did you try with different browsers?

    and which ones it was?

     

    Also, what is URL for F-Secure Account? my.f-secure.com (or mysafe.f-secure.com)?

    With my experience -> I do able to log out (and receive 'login'-page as with first visit). I, usually, tried with InPrivate (or so) modes.

     

    Thanks!

  • TheRaven
    TheRaven Posts: 9 Observer

    Hi Ukko,

     

    One PC had Windows 7 running using the Chrome browser,

    My New PC is running Windows 10 using the Edge Browser with the same results, but I've also tried using the Chrome browser on this one too with again exactly the same results.

     

    The URL is https://my.f-secure.com/login on all of the PC's I've used to log in.

     

    The F-Secure site has always worked perfectly well, but for the past week or so this problem has been happening.

     

    Thanks,

    Phil.

  • TheRaven
    TheRaven Posts: 9 Observer

    Just to confirm, when I click 'Logout' from my account, the screen actually acts like I've logged out (as in asking me to login again) but on the top, it still says my name, how many licenses I have left and how long the current license has to run.

     

    I'm in the UK if that's of any use for your tech people to know.

     

    Other than this slight website glitch that's been happening for a week, I absolutely love F-Secure products!

     

    Thanks,

    Phil.

  • Simon
    Simon Posts: 2,667 Superuser

    On the screen where my name and devices are displayed, there is a 'three line' menu at the top left.  If I click that, my name is displayed with the option to Log out in red underneath.  Clicking that does seem to log me out fully.  

  • TheRaven
    TheRaven Posts: 9 Observer

    Hi Simon,

     

    On mine, it says log out in red on the right hand side with the Virgin Media logo above that. I get F-Secure Safe at a discounted rate through a Virgin Media promotion in the UK but its all done through the F-Secure site.

     

    When I log into my account, my name, licenses and time remaining show up but it asks me to log in again.

     

    I've also just tried it on my tablet using Chrome, and through Safari on my iPhone so it is definitely something to do with the website. I also don't have the 3 lines in my account to log out with, maybe because it's through a Virgin Media part of F-Secures site.

     

    Thanks for your reply,

    Phil.

  • Simon
    Simon Posts: 2,667 Superuser

    Yeah, it sounds like possibly something to do with the Virgin Media link.  What happens if you just go straight to https://my.f-secure.com/login - can you bypass the VM link that way?

  • TheRaven
    TheRaven Posts: 9 Observer

    Hi Simon,

     

    that is is the link I always log into my account with, they just link the Virgin Media F-Secure Safe promotion to my account. There isn’t a separate login screen or anything, just the one on the F-Secure website.

     

    By the looks and sounds of things, it could be something to do with the accounts that are linked to the Virgin Media F-Secure accounts.

     

    Hopefully one of the F-Secure tech guys can sort it quickly now that it’s been reported. I’ve tried 3 different peoples accounts now through different browsers on different PC’s and they all do the same thing. These accounts are also through the Virgin Media/F-Secure promotion.

     

    Thanks again,

    Phil.

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

     

    Just as my own feedback:

    I do able to repeat noted trouble with my own experience too.

    Good if F-Secure Community Managers (or direct attention by F-Secure Teams) can redirect this to related people. If there will be delay - one option is to contact their official Support Channels (chat as example):
    https://www.f-secure.com/en/web/home_global/contact-support


    I tried next:

    -> registered Virgin Media/F-Secure account (not confirmed account);

    -> after login (my.f-secure.com) with credentials for noted account -- I met Portal-view where all information is available (name/subscription-time/other tabs and so on); But with place where expected 'devices' - another login-form frame;

    -> it is possible to add credentials there and will be visible 'devices'.

     

    So, all as with description:

    When I log into my account, my name, licenses and time remaining show up but it asks me to log in again.
    ...
     entered my details once again and it went into the screen where it shows all of my devices (just like it used to).
    it logged out on the main screen but still showed up with my name and account details

     

    For except -> that with 'log-out' - I able to receive only 'ask' for confirm mail-address (but I suspect that with confirmed mail-address -> it will be state as with your situation).

    I tried with Windows 10 / Internet Explorer 11. I did not try to understand why such situation is happened (sounds that 'redirect/autologin' from Virgin media side to F-Secure side).

     

    Thanks!

     

    //

     I also don't have the 3 lines in my account to log out with

    should be visible with mobile devices or with a browser window of small size (most likely).

     

  • TheRaven
    TheRaven Posts: 9 Observer

    Hi Ukko,

     

    Thank you you for your reply and for going to the trouble of confirming the problem, it’s much appreciated!

     

    Hopefully the Tech people will see this, but if not then I’ll contact them directly. 

     

    Thanks again,

    Phil.

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hello Phil,

     

    Thank you for bringing this to our notice. I have highlighted your post to our support team and they were able to reproduce the issue. We are looking into it further now.

  • TheRaven
    TheRaven Posts: 9 Observer

    Hi Laksh,

     

    That's brilliant, thank you very much. As usual, fantastic service!

     

    Best regards,

    Phil.

  • nanonyme
    nanonyme Posts: 145 Path Finder

    Hey,

    Until the problem is fixed, I'd suggest as workaround to only login to SAFE portal through browser in incognito mode from a public machine. This way your login session should be wiped when the browser is closed. All in all incognito on public/shared machines is a good idea

  • TheRaven
    TheRaven Posts: 9 Observer

    Are there any updates on this please, Laksh? The problem still remains..

     

    Thanks,

    Phil.

  • Laksh
    Laksh Posts: 4,224 Former F-Secure Employee

    Hi Phil,

     

    There is no new update on this as the investigation is still ongoing.

  • TheRaven
    TheRaven Posts: 9 Observer

    Thanks for the update, Laksh.

This discussion has been closed.
Pricing & Product Info