Chat support available. Click the chat icon on the bottom right corner to start chatting with us right away!

Soporte mSecure

6.1 has arrived!

Mike,


Finally see that 6.1 is available on iOS! (thats not meant to be read as a snide comment, more that I'm excited for it!)


Will have a proper play with it later. But initial comments:


1) Love the 'Whats New' section, very helpful. I was wondering if it would be better to have a persistent splash screen upon opening up the app of the new features until such point the user manually dismisses / disables the splash screen? At the moment it feels like its in the depths of the settings menu and people may miss it.

2) The link to the upcoming roadmap from the 'Whats New' section is broken - page not found

3) Biggest feature I've been waiting for is the password history, wohoo! I love it. Couple of points on it though. Firstly, I can't seem to 'copy / paste' each individual passwords in the password history. Secondly, is there a way to edit the password history? e.g. to delete certain entries or to set some housekeeping on it so it removes anything after 5 different password changes to keep things tidy, or do they just permanently store the password history forever in read only mode?


Thanks!

@Mike, I owe you an apology. So it turns out the web credentials created by MSecure are limited to the current logged on user. I created a totally new account and it prompted for the QR code. I think during setting up of the user account I used previously I must have briefly logged into my MSecure account in order to gain access to certain passwords. That sounds quite likely actually.


The only thing left which is a slight surprise is that MSecure does not delete those credentials even if the MSecure app  is removed from that user account. Can't pretend this is a massive deal but I would have thought MSecure should delete all user data, including their EAK if they uninstall the app? 

 

It's no problem at all @Jon! It's actually great when customers ask the questions about security, because it forces me to have to think through everything the app does. I was not aware of all of the details of how the Web Credentials worked, so I had to look into things further. I knew at some level the Web Credentials would be accessible in other accounts, but it turns out it will only be in Admin profiles. I'm guessing what you created was not an Admin profile, so that would be why you're getting asked for the QR code/EAK.


Now the next thing you're asking about is an interesting point. That one is something I can ask about, but I don't think this is possible, and here's why. When an app is uninstalled, it doesn't get an "before-uninstall" notification, which is what would be needed in order to clean up data it is responsible for. So in the case of deleting the app, all of the private information is stored in the app-specific files like the database and other folders that get removed when the app is uninstalled. However, the Web Credentials are not stored in this location, and Windows doesn't allow you to register the Web Credentials so that when the app is uninstalled, they get removed. I'll ask the developer about this, but I'm nearly certain this will not be possible.

@Mike, the other Windows account, which had access to my EAK, also didn't have admin permissions. It had my credentials in it's own store, so I definitely logged into my MSecure account on that Windows account when setting it up. I haven't tested to see if a new admin account will have access to my EAK. I will try that in the next few days. I doubt that MSecure would be able to access my EAK by default. From what I've read, though, it seems trivial for any elevated account to access those credentials as plain text! Definitely more of an MS issue than yours but it does make storing user credentials in that store less than ideal from the users perspective! I certainly wouldn't want to use it for anything sensitive on a PC I didn't own and control. It basically seems to give any administrator access to the EAK of MSecure users that log onto MSecure at work, for example. Something to think about maybe? And, yes, I had wondered if MSecure would be given a chance to clean up Web Credentials when it's uninstalled. It seems "not good" that MS allows even modern apps, like MSecure, to store things outside of their own restricted environment. I'm sure if I spent a bit of time I could think of ways this could be abused! But that all comes with having a long legacy I guess! Both of the above, I guess, could be reasons to move the EAK in time, if that were possible. But, I won't claim this is something that will affect me personally! I'll leave that for you and your team to consider! Thanks once again for taking the time to talk this through. It's been really interesting.

@Mike, sorry for the delay, I didn't have time to play around with it yesterday.


Referring back to my password history syncing issue between devices, I've had another go at it today and it seems to be working again. Originally when I was making changes on my Windows app, it looked like it was clearing the password history. I'm not sure if I paid enough attention to the details when I initially did it, so I may be inaccurate with what I was reporting. Like I said, I had another go tonight and the password history sync across iOS and Windows apps are working as expected. I'm wondering if it was a timing issue when I initially played with it, in that I was flicking between devices too quickly and it didn't allow the sync to work properly. This time I gave it a few more seconds in between switching devices and it seems to have worked. I'll keep an eye on it, but this doesn't seem to be a problem for me now. Hopefully a false alert.


One other thing I noticed was that whenever I go into the Windows app and a password has been changed, I get the notification at the bottom of e.g. 384 changes. 1 item(s) sent. I'm not sure why its indicating that 384 changes were made when only 1 password was updated. This happens on both my Win 10 and Win 11 laptops. The app is working perfectly fine, but curious as to why it would indicate 384 changes were made when only 1 field was changed / updated.

@Ai With regards to the password history feature, that issue you were dealing with where the history wasn't syncing correctly, was fixed in the new version we published last Thursday I think it was - version 6.1.348.0. The issue was definitely a bug, we were just able to get it fixed pretty quickly this time =)


For the other issue, I don't know why it's showing there are 384 changes, as that shouldn't be happening. We have run into this in the past, and I think it has something to do with those changes getting cached somehow in memory. Real quick, does this happen every time you open mSecure now and a sync takes place?

@Mike, yes, its happening every time it does a sync on the MS app. Even when there are no updates it is showing '385 changes' on initial sync after opening up the app. Its a minor thing, nothing functionally wrong, but I'm assuming it shouldn't be happening.

@Ai Ok, I'm not sure why this happening, but it definitely should not be. What I'm going to have you do is simply try reinstalling mSecure on your PC. This is not something that should need to be done, but I want to see if that takes care of the issue, at least temporarily. If it comes back in the future, I will then get our developer involved to see if he can figure out what's causing the problem. I'm hopeful, though, that the reinstall will simply fix it moving forward, because I haven't heard this reported for a very long by any other customers.

@Mike, just uninstalled and reinstalled and unfortunately the same thing happening.

@Ai Ok, I talked to our developer about this, and he says he needs to get logging from your device to figure out what's causing the issue where the sync changes are always being displayed. To get logging, please follow these instructions:


  1. Open mSecure and go to the Settings
  2. Click "General" in the left column
  3. If the "Logging Settings" toggle is turned on, turn it off and wait for about 10 seconds
  4. Turn on the "Logging Settings" toggle
  5. Close mSecure and wait for a few seconds
  6. Open mSecure and let the sync complete so that you see the message reporting the changes
  7. Go back to the "General" Settings and click "Save log file"
  8. Save the file anywhere on your computer
  9. Email the log file to [email protected], or attach the file here in your next post
  10. After I have the log file, I'll get it over to our developer for analysis

@Mike, log file sent to your support e-mail as advised

Thank you @Ai. I just responded to the email you sent. We can keep our correspondence for this particular issue via email from here on out, since I may need to get more logging from you.


Iniciar sesión o Registrarse para publicar un comentario