User Cannot Login Using KeePassXC Because F-Secure Uses An Alias for https://my.f-secure.com/login

Karibu
Karibu Posts: 42 Contributor
edited January 27 in General Discussion

This is a ridiculous issue and it is caused wholly by F-Secure.

In this instance I am discussing the problems created by F-Secure that affect ALL password managers that I have tried. In this specific report I am using KeePassXC, but what is reported is true of ALL password managers.

F-Secure uses an alias for https://my.f-secure.com , which is really connected to https://accounts-emea.f-secure.com .

This causes all sorts of problems for password managers - Bitwarden, Keeper, KeePassXC - because the real login URL is https://accounts-emea.f-secure.com , and not https://my.f-secure.com . So the password manager is configured to detect for https://my.f-secure.com , but the webpage is actually https://accounts-emea.f-secure.com . This means the password manager cannot detect the proper URL.

Plus the page is buggy. Reference the image below trying to use KeePassXC to log into a F-Secure account. Take special note of the red notification that the webpage generates itself when trying to use the KeePassXC password manager. Notice that the KeePassXC element is grey in color because it cannot detect a login for https://my.f-secure.com because it is really an alias for https://accounts-emea.f-secure.com .

Stop using an alias URL for the F-Secure account. Stop using a single database for both the primary account AND community logins !! The F-Secure account needs its own dedicated webpage and user credential database !!

These nagging usability issues are really making me regret choosing F-Secure. Logins are basic stuff and if a user has a hassle because F-Secure has some wonky webpage & backend configuration, then that user is better off using a different product. These ongoing problems with these F-Secure URLs and logins has been reported numerous times and yet F-Secure is doing nothing about it.

So what should consumers do? Migrate to one of F-Secure's competitors where they don't have these hassles? Consumers are only going to wait a short amount of time before they dump F-Secure and move elsewhere. F-Secure support is not responsive. It is terribly slow, if they respond at all. That's not acceptable and is not going to retain subscribers.


Comments

  • Firmy
    Firmy Posts: 1,905 Community Manager

    Hello @Karibu

    Thank you for sharing your feedback.

    We genuinely value your input, as it assists us in enhancing our services to provide better protection for our users.

    To better understand the issue you've encountered, could you please clarify the source of the URL https://my.f-secure.com for logging into My F-Secure? Did you access it through the app's login or via a Google search? Typically, attempting to reach https://my.f-secure.com will automatically redirect to https://my.f-secure.com/login. Could you try updating the URL in your password manager to the latter and verify if it resolves the issue?

    Additionally, regarding the URL https://accounts-emea.f-secure.com/, did you come across this while attempting to log in to the F-Secure Community page? If so, it's important to note that the URL for logging into the F-Secure Community page differs from that of My F-Secure, as it operates on a distinct platform. Therefore, it's advisable to save separate entries for My F-Secure and F-Secure Community.

    Should you need further assistance, please don't hesitate to reach out. We are here to help.

    Thank you, and have a great day.

    Firmy
    Community Manager | F-Secure Community
    πŸ” Strengthening digital security through knowledge and collaboration
    🌐 Explore our User Guides | Knowledge Base for self-help resources
    πŸ’» Empower yourself with Cybersecurity Insights and protect what matters
    πŸ“’ Help Shape Our New Homepage! Share your input in our design survey.

  • Karibu
    Karibu Posts: 42 Contributor
    edited January 29

    "could you please clarify the source of the URLΒ https://my.f-secure.comΒ for logging into My F-Secure?"

    It is a typo. It should be https://my.f-secure.com/login .

    "Additionally, regarding the URLΒ https://accounts-emea.f-secure.com/, did you come across this while attempting to log in to the F-Secure Community page?"

    Look carefully at the image that I supplied in my original post. The answer to your question is clear and self-explanatory.

    Do you not see the URL in the image below in the navigation bar?

    It clearly shows the login attempt at https://my.f-secure.com .

    The red box is not the password manager. It is the F-Secure webpage throwing an error.

    "Β If so, it's important to note that the URL for logging into the F-Secure Community page differs from that of My F-Secure, as it operates on a distinct platform."

    No. It does not. https://my.f-secure.com uses cross-origin iframes or SSO via https://accounts-emea-f-secure.com . That is why this issue is happening. It is not a password manager configuration problem. The problem is not the user. The problem is they way that F-Secure has configured the login backends.

    This problem affects ALL password managers because it is the websites causing this issue.

  • Firmy
    Firmy Posts: 1,905 Community Manager

    Hello @Karibu

    Thank you for providing us with this detailed explanation and information.

    Our team is currently investigating this matter thoroughly. We appreciate your patience, and once we have more information, we will promptly update you on the progress.

    If you have any further questions or concerns, please feel free to let us know.

    Thank you, and we wish you a great day.

    Firmy
    Community Manager | F-Secure Community
    πŸ” Strengthening digital security through knowledge and collaboration
    🌐 Explore our User Guides | Knowledge Base for self-help resources
    πŸ’» Empower yourself with Cybersecurity Insights and protect what matters
    πŸ“’ Help Shape Our New Homepage! Share your input in our design survey.

  • Firmy
    Firmy Posts: 1,905 Community Manager

    Hello @Karibu

    Thank you for your patience as we investigated the issue further.

    Upon consultation with our backend team, we've determined that the problem you're experiencing is a known limitation with KeePassXC. You can find more details about this issue in the following link: GitHub Issue #1238.

    To address the issue, we recommend adding the URL "http://accounts-emea.f-secure.com/" to your entry. This should enable the auto-type functionality to work as expected.

    We hope this solution resolves the issue for you. If you have any further questions or concerns, please don't hesitate to reach out.

    Thank you for your understanding, and have a great day.

    Firmy
    Community Manager | F-Secure Community
    πŸ” Strengthening digital security through knowledge and collaboration
    🌐 Explore our User Guides | Knowledge Base for self-help resources
    πŸ’» Empower yourself with Cybersecurity Insights and protect what matters
    πŸ“’ Help Shape Our New Homepage! Share your input in our design survey.

  • [Deleted User]
    [Deleted User] Posts: 0
    edited February 28

    Hi @Karibu

    It sounds like @Firmy and the engineers found a workaround for you. The issue you had may have just been with those password managers? Since I use Brave, I also use 1Password and have had no problems logging into both sites with Brave or Chrome. Again, it's just an FYI, as there truly was an issue you were experiencing as you showed.

    Kind regards

Feedback on New Design