I just upgraded my desktop to mSecure 5 -- and I'm not sure that I shouldn't ask for my money back.
I won't make a big deal of the interface, which is an exercise in wasting screen real estate and bad design. (It's fairly common these days.)
But here's what really bugs me.
1. Encrypted account key. The message says, "Save this email in a secure location where you can access it on all your devices". If I don't have access to it, I could be locked out. Brilliant!
My primary use of mSecure is to keep my information, well, secure. If someone manages to access my phone, they still can't get at my confidential info, because it's stored in mSecure. But to keep mSecure both secure and accessible to me, I now have to keep secure this email. I can't keep it secure within mSecure -- so, having paid for mSecure, I now need to find (and pay, on each of my devices!) for another app, as secure as mSecure, to keep this email! So why on Earth pay for mSecure in the first place?!
2. Account password. Each backup is encrypted with the current password. So, each time I change my mSecure password -- which, as security experts recommend, should be done on a regular basis -- I have to keep the old passwords somewhere, or I shan't have access to my backups if something goes wrong or my device is stolen. Obviously, I can't keep them in mSecure, so, once again, I need another secure app to secure mSecure!
3. Minor point: Go to Help, choose "mSecure User's Guide" and I get... what? A PDF or HTML user guide to mSecure? No! I'm sent to the "Knowledge Base" on the mSecure support site.
So... please tell me I'm wrong and it was a good idea to spend money on mSecure!
Thank you for contacting us. You have some confusion about the Account Key in your email. You don't have to pay for something to keep it safe, which would be very strange for us to force on our customers. The data stored in the account key is encrypted with your password. Anyone who gained access to that key would have to know your master password in order for it to be useful.
Why is it that you can't keep old passwords that have used in mSecure? I don't know how that would help, but you can do it, and the passwords would be secure. Also, if you are going to be changing your passwords regularly, you have to know the most recent one and have a backup of your data using that password in order to restore that data. The problem you trying to describe here is not unique to mSecure unless I'm misunderstanding you somehow.
There is no guide for mSecure 5 at this time, but we have many articles on our support site to help with learning the functionality.
If you would like a refund, please let me know, and I can help with that Ras.
Thanks for the reply, Mike.
> You have some confusion about the Account Key in your email
That may very well be, as I don't have a user guide to explain in a systematic and methodical fashion how mSecure 5 works.
> The data stored in the account key is encrypted with your password
The message says, "Save this email in a secure location". For me, the secure location is mSecure -- that's why I paid money for it. Whether the account key is encrypted or not makes no difference. The only thing that stands between my confidential data and an attacker who gains access to my device is my account password. If "this email" is stored on my device, the attacker will find it and use it, so the account key adds absolutely nothing to the security provided by my account password. It is merely an annoyance and complication to me, your customer. The only way for the account key (encrypted or not) to provide an additional level of security is if the email containing it is saved encrypted with a password different from my account password. For obvious reasons, this cannot be mSecure, so I have to get a second secure app to keep this important email in.
> Why is it that you can't keep old passwords that have used in mSecure?
Because if the mSecure database is lost -- due to device failure or theft -- I lose access to older backups. The only way to maintain access to older backups under such circumstances is to save the password each time in a different app, which is then synced over all my devices.
(Keep in mind that I need to do business without assured Internet access, as I have explained in my other thread.)
Your master password has always been what stands between your your confidential data and an attacker in all versions of mSecure. I'm not sure if you have used previous versions of mSecure, but if you have, there is no difference with the account key being sent to you via email. In the old version of mSecure, if an attacker had your device, they would just need to try to enter your password into the app. Now in mSecure 5, they also have an account key that is of no use if they don't have your master password. They would still need to enter your password into mSecure in order to get your data.
Also, the account key adds a tremendous amount of security to your data if you are using one of our cloud syncing systems, and this is primarily the reason why it exists. You don't use one of those, but we are not going to make two completely different encryption processes for the app. We can't know for sure if someone is or isn't going to use cloud syncing at some point or another, so one system takes care of both types of syncing. If your data is stored on the cloud, the account key that is encrypted with your password is much, much stronger than any master password a normal user would created, and that's what's used to protect the data in the cloud. Again, I understand you don't use the cloud, but that's why it exists and is beneficial.
You are correct about what you say in losing databases, but that's the way it always is when the only place your passwords are stored is in your memory. One of the primary reasons mSecure is as secure as it is is because your master password is not stored anywhere else other than in your memory. We don't have it, and the app doesn't store it anywhere. It can only be entered by through the memory of the user who owns the account. That is something we don't expect to change in future versions of the app, so if you are needing to have access to passwords in the way you are describing, mSecure might not be the best app for your needs.
> I'm not sure if you have used previous versions of mSecure
Yes, I have, and I was very happy with it. It was superior to v5 in every respect of importance to me. I had it on my phone, tablet, desktop, laptop. When I travelled I synced whichever devices I had with me without worrying about being locked out because I didn't have an Internet connection or didn't have the "main computer" with me or didn't have some super-duper account key saved in a "secure location".
(Suddenly being unable to use it after updating the iOS software was a very nasty surprise.)
It was also superior in interface. I could change type on both desktop and iOS devices; on the desktop, for windows of exactly the same size, it displayed 35 records plus a handy, customizable toolbar -- while v5 can only display 14 records and no toolbar (but the big icons are really lovely, aren't they!).
I could go on, but what would be the point? I paid for mSecure 5 because I hoped to continue my work with minimal disruption. Nobody pays me for the time spent on making new software work, and every minute spent, e.g., on figuring out a "secure location" for the account key, is a minute I don't have to spend with my family. Honestly, if I had been starting from scratch, I probably would not have considered mSecure 5 at all.
Would you like a refund Ras?