I'm a long time mSecure user. I recently upgraded to mSecure 5 because mSecure stopped working. While I understand that software isn't supportable forever, I did have a moment of panic but I was able to successfully upgrade to mSecure 5 and it is working on my phone.
However, I received a "QR Code" via email indicating this was an additional level of security in order to access my mSecure account.
I'm very concerned about this. Sending this QR code via email doesn't seem to be a very secure way to communicate something so important.
The instructions tell me to save this someplace safe. Exactlly where should I store this important information now that you've passed it to me via email? Where am I suppose to save an email that has allows access to an app that has all my password information? This email is now forever available to hackers because you've sent it via the Web.
I'm surprised and now have lost confidence in mSecure as a safe place to store my critical password information.
Thank you for contacting us. The QR code you received does not have any details in it that make your data less secure. The key contained in the code, and key in the text of the email, is encrypted with your password. So, like in previous versions of mSecure, your data is always secured behind your master password. However, since the data is now protected with a very long and secure account key, when it's stored in the cloud, your data is incredibly safe, much more so than any memorable password you would ever use as a master password for the app.
In short, your local data is always as safe as you master password, like it has always been with mSecure. If you choose to store your data in the cloud, however, your data is much, much safer than it would have been in previous versions.