09-29-2011 08:50 PM - edited 09-29-2011 09:15 PM
I tried to reply to an earlier thread but it appears closed. Since new Privacy and Anti Fraud Laws have been implemented, more commercial sites are using what appears to be Java front ends in their login modules. About a month ago I reported a site where ID Safe did not fill in my credentials nor does it ask me to save them.
Since that call, now over half of my online bill paying sites have implemented similar front ends and I am encountering the same problems. I called Support and they verified the issue and that it *is* Norton's problem. However I have no answer as to if and when they plan to update ID Safe to function in these sites.
Anyone who would like to try just to verify my problem, go to either of these sites, go to "Sign In" and try. You will need a real account to actually login but you can verify the function of ID Safe by just making up fake credentials.
I would be interested in seeing anyone else's results and most importantly, a reply from someone at Symantec who is in the know (Engineers please)
09-30-2011 06:44 AM
I appreciate your prompt response. It's refreshing to see that in today's outsourced support world.
Please be aware that this issue is far more global than these two sites - it's an app design element for PCI compliance I believe. .
You'd be well served to involve the Privacy or Info Sec group. They will know exactly what solutions are being programmed into financial web apps for PCI compliance.
If I'm not mistaken Cloud Computing (SaaS, IaaS, PaaS) is another angle, making these front ends available to mobile devices.
10-07-2011 05:45 PM
Thanks for reporting this issue.
We are tracking this issue with a bug."
11-22-2011 07:58 AM
I have been, I think, extraordinarily patient. When I was a tech support pro and a moderator at an (one of the most heavily used and popular) Security Forums - a two + month silence on a commitment to help was unacceptable.
We gave ourselves a period of DAYS to provide a response - even if it was a negative response.
The good reps from Symantec have opened a bug on this issue and that was the last I heard.
How about an update? How about some sort of success/failure report? How about some corporate stance on the issue?
Sheesh - I'm not asking to rewrite the app - just some professional, programming, eyes into the problem. It's clearly a Symantec issue and becoming more and more clear that there is no intent to address it.
I am finding more sites that have changed their front end so there *must* be something going on in compliance and there *must* be something that can be done to make Identity Safe work properly.
11-30-2011 10:55 AM
We appreciate your feedback and your feedback has not gone unnoticed.
a) “myaccount.xcelenergy.com” is a flash based login site which we currently do not support. We don’t support Flash based login however as sites switch to HTML 5 and hopefully away from flash then this should become less of an issue
b) In regards to “q.myaccount.centurylink.com” then I’m pleased to announce that this issue has been fixed. We are still unsure about when the next update will be pushed out to customers but to it should be in the first quarter of 2012.
12-08-2011 09:07 AM
Thank you Jens,
It's greatly appreciated to hear the results and to be made aware of the limitations of the Identity Safe module.
I also appreciate response from Symantec on the issues.
Best to you and Happy Holidays.
12-26-2011 04:40 PM
FWIW,RE: the hope that vendors will begin migrating to HTML 5;
More and more sites do not function with the ID Safe module. This is more than a "blame the web designers for programming withsomething Symantec does not support."
I am approaching the point where the module is largely useless for the most important purposes.
If I'm not mistaken the total has risen to 8 sites that do not respond to ID Safe.
12-26-2011 05:57 PM
Jens did say it should be released during the first quarter of 2012.
This is likely going to be part of a major update which means there is more testing impact, etc.
As mentioned, hopefully Flash based logins will become less common as HTML 5 starts being rolled out.