Why are my passwords being stored on mSecure servers without my permission or authorization?
mSecure 3.5 was so EASY. mSecure 5.5 is HARD.
Please tell me where I went wrong.
I install mSecure 5.5 on my Mac Pro. During the installation I carefully chose synchronizing with Wi-Fi ONLY. Later in preferences, I verified that it also showed to sync with Wi-Fi.
It is my intention to transfer the database from my main computer (Mac Pro) to my MacBook manually using a USB stick.
I go to the Mac app store on the MacBook Pro and install mSecure 5.5. At the beginning of the installation I'm instructed to move a window over a QR Code. And poof, all of my passwords are magically there even though they existed nowhere on that computer yet.
I am not allowed to store passwords off-site. What must I do so I can move my passwords between two computers manually, and synchronize to iPhone on local Wi-Fi only?
Thank you for contacting us. Are your Mac Pro and MacBook Pro in the same WiFi network? When you set up WiFi syncing in mSecure 5 on a Mac for the first time, mSecure 5 sets that device as your Main Computer by default. If on the same WiFi network, after signing in to mSecure 5 on your MacBook Pro, mSecure 5 on that computer checked to see if it could communicate with your Main Computer (The Mac Pro) and did so. This sync took place locally and automatically. mSecure 5 on your MacBook Pro (the client), searched for and found mSecure 5 on your Mac Pro (the server) and initiated a sync as soon as you were done authenticating your mSecure account on that device.
If you'd like to disable auto-sync in mSecure 5 on the client device, please disable the "Sync Automatically" in mSecure 5 on the computer being used as the client.
Side note: doesn't this make mSecure 5 even easier? :-P
I do appreciate your efforts, no one can accuse mSeven Software of poor communications.
As a test, I un-plugged the Cat6 cable where it connects to the ONT (Optical Network Terminal). This is the point where our Internet service first enters the building.
All elements were connected to the router, Wi-Fi was going and working.
“Sync via Wifi” selected on both computers.
There is no ”Sync Automatically" on the Mac Pro, “Main computer" is checked. There are no options below this area.
"Sync Status” on the Mac Pro only shows itself and the Wi-Fi network it is connected to. It does not show any other computers.
Over on the MacBook, “Main computer" is not checked. "Sync Automatically" is checked. Unlike the Mac Pro, the MacBook has a "Sync automatically" option. This is checked. Below this area under "Sync Status” it shows the two computers with green icons between them indicating they are connected.
When I attempt to synchronize the data using the MacBook, File > Sync, it does NOTHING. No indications of any kind are presented and the databases do not sync.
I tried this 9 different ways, including quitting and restarting mSecure 5.5 on each computer several times.
Then, making no changes whatsoever to mSecure 5.5, I plugged the Cat6 Cable back into the ONT. Once mSecure 5.5 was connected to the outside world the databases synchronized perfectly.
In every way, mSecure 5.5 acts like our passwords are being stored off site. Which is exactly what we are trying NOT TO DO.
Requiring an outside connection gives people no confidence that they are synchronizing data locally.
The Main computer or server cannot imitate a sync. Because of that, the main computer will not have an option to enable or disable the auto-sync. You can see from my screenshot that the option is there without the "Main Computer' toggle being enabled.
The syncing in mSecure is set by default to be triggered automatically, and a manual sync can be initiated only on a "client" device. On your main computer you will not be able to perform a manual sync. Your main computer is what is known as a "server", which is the computer with which the "client" devices initiate communication. In the mSecure sync settings on your main computer, you will see a checkbox called "Main Computer", which is just a more approachable way of saying it's a "server," as many people don't know this type of technical lingo. A "server" just sits on the network and waits for the clients to connect with it. In the case of mSecure, the clients communicate with the server to TELL it a sync is necessary if the client knows it has changes to sync over to the server, and it also ASKS the server if there are changes to sync in to the client. The server will never tell the client anything. Again, it's just sitting as the server waiting to be interacted with by one of the client devices.
This is the reason why there is no manual sync functionality in mSecure on your main computer. It's the server, so it cannot tell the client anything, and the sync option in the menu at the top of the screen will always be grayed out. All syncing is initiated from the client, not the other way around.
Can you try creating a new test record to test out syncing instead? Clicking the sync option without any changes can result in mSecure 5 not syncing because no changes are detected.
mSecure 5 does require an outside connection to sign in and authenticate to mSecure 5, set up WiFi syncing initially, and to update account settings. If your network settings changed, perhaps the WiFi syncing feature was not functioning. Once you enabled the outside connection again, mSecure 5 updated your WiFi connection settings for your account, and syncing was able to happen again.
If you'd like, you can run this test again. However, you'd have to enable WiFi syncing, set up a "Main Computer" and then block internet access somehow. If you switch network adapters or edit them in any way, please make sure that mSecure 5 on your computer is still showing the correct IP Addresses for your devices and their connections. If unplugging the ethernet cable changes the Main Computer's IP Address or the network it is using, you will not be able to sync via WiFi until you have internet connection and mSecure can update your account with the new connection settings.
Note: only our mSecure Cloud sync option stores encrypted account records in our system. If you had mSecure Cloud enabled, selecting any other option will permanently remove your information from our system.
>> The Main computer or server cannot imitate a sync. Because of that, the main computer will not have an option to enable or disable the auto-sync. You can see from my screenshot that the option is there without the "Main Computer' toggle being enabled. <<
The above makes sense. But just to be certain, I do check "Main Computer" on my Mac Pro?
>> The syncing in mSecure ........ Again, it's just sitting as the server waiting to be interacted with by one of the client devices. <<
I think I understand this.
>> All syncing is initiated from the client, not the other way around. <<
This is what I was doing. I would add a new record on the main computer (Mac Pro) and then go to the MacBook and try to sync.
>> Can you try creating a new test record to test out syncing instead? Clicking the sync option without any changes can result in mSecure 5 not syncing because no changes are detected. <<
In my testing, I always created a new test record. It did NOT sync, unless my network was connected to the outside world.
>> If your network settings changed, perhaps the WiFi syncing feature was not functioning. <<
After disconnecting from the outside world, I tested the Wi-Fi by sending messages between my Mac Pro and iPhone. Also, I have some Wi-Fi cameras that I could access without difficulty. Additionally, on mSecure 5.5, the MacBook Pro (client) appeared to show that it was connected to the Mac Pro (Server). In Preferences, Sync, at the bottom it shows two green icons if connected. (I would prefer words, not icons for clarity.)
I've verified the IP addresses of both computers. They remain unchanged whether connected to the outside world or not.
>> and then block internet access somehow <<
I un-plugged the Cat6 cable where it connects to the ONT (Optical Network Terminal). This is the point where our Internet service first enters the building.
>> If your network settings changed, perhaps the WiFi syncing feature was not functioning. Once you enabled the outside connection again, mSecure 5 updated your WiFi connection settings for your account, and syncing was able to happen again. <<
All I did was unplug the connection to the ONT. It would NOT sync. I plug the cable back in, and it WILL sync. I changed nothing, and I did nothing other than disconnecting from the outside world.
Interestingly, with the outside world disconnected, the client computer (MacBook Pro) shows that it is connected to the server computer (Mac Pro). When I turn off Wi-Fi on the MacBook Pro it shows no connection (as we would expect). I turn the Wi-Fi back on, mSecure 5.5 shows me connected to the Mac Pro again. You would think that if mSecure 5.5 is showing me connected that it would synchronize. But it does not.
Most dramatically of all, with the outside world disconnected, I launched (the always reliable, rock-solid, better looking) mSecure 3.5, and synchronized my iPhone with it using Wi-Fi with absolutely no fuss.
Yes, you need to have a "Main computer" selected. Otherwise, you will not have a computer set up as the sync server. Before continuing, let me state that mSecure 3 uses Bonjour to update the IP Address and communicate between your devices. This was done because there was no account in the past. No accounts meant that the app was completely isolated to begin with and would need to update its settings using either manual input or some available computer service. That service was Apple's Bonjour Print Services.
mSecure 5 no longer uses Bonjour. Instead, we save the local IP Address to your account settings (Local IP Addresses are not sensitive or unique). We did this to make syncing easier for most customers. It is the reason that your information was synced across your devices via WiFi right away. However, because we are relying on using your Account settings, an internet connection is needed to keep the "Main computer" and general account information updated.
Only our mSecure Cloud syncs or stores encrypted information on our servers. The way our syncing works, we don't just pass all the data from one device to another during every sync. Instead, the sync option you select stores the data in that service and is used as the server for all other devices. For example, when using our mSecure Cloud, your information is encrypted by your device and stored in our servers. Your initial sync would send all the encrypted data to us. When one of your devices signs in to your account, it asks our server for the encrypted information and the information is sent encrypted to your device. When a sync takes place, your device sends the single record updated information to our server in an encrypted form. Other devices will periodically check with the server to see if there are any changes. If the devices detect any changes, the devices will specifically request to get only the new information or modify the existing information according to the changes detected (delete something that was deleted on a different device for example).
Syncing works this way whether you are using our mSecure Cloud, Dropbox, iCloud, or Wi-Fi syncing. The main difference is where the information is stored. With mSecure Cloud, the encrypted information is stored with us, Dropbox with Dropbox, and iCloud with Apple. With WiFi syncing, the information is stored in the "Main Computer" you select, and all other devices communicate with the Main Computer or WiFi server to get the information they need.
All that said, after testing WiFi syncing on our own network with no internet connection, I do see that syncing is not working. Again, this isn't because mSecure 5's WiFi syncing is sending the information to be stored with us or passing any of your record's information to us or being stored with us. That is not the case at all. However, some account settings are being needed and are causing WiFi syncing issues when not connected to the internet. I will be documenting these issues to see what can be done. Hopefully, we can keep the necessary information fully local, or bypass it in the future to allow WiFi syncing to take place when no internet connection is available.
What happens in the case of adding another device, like a iOS device? Will WiFi Sync local backup work with the iOS device enabled to store and synchronies the changes made on the iOS device? Is the communication path between iOS and MacOS secure? Please elaborate.
I'm not sure I understand your question here. WiFi syncing, like all other sync methods, syncs encrypted data back and forth between devices. WiFi syncing requires one computer to be set up as the "Main computer" and mSecure 5 on any other device (on as many devices) should be able to sync via WiFi using that main computer or sync server afterwards. The requirements would be to be using mSecure 5 on each device, be signed in to the same mSecure account, and be on the same local network.
The security is all on you when using WiFi syncing. Communication with our servers is done via TLS/SSL. However, WiFi syncing uses your local network IP Addresses to communicate. This would be done by connecting via a TCP connection on your local network IP Addresses (192.x.x.x, 172.x.x.x, 10.x.x.x, etc.) using ports 4070-4080. That said, just like all our other sync methods, your information would be sent back and forth in an encypted format, and the encryption key would still be your account key which only you have access to. You can learn more about our security model here: https://m7software.freshdesk.com/support/solutions/articles/36000064305-msecure-s-security-model