• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Password Manager Security

Two chat folks thought I needed to be signed into my Norton Account to access Password Manager.  I implemented two-factor auth on my account.  After a reboot, I signed out from my local copy.  Without signing in, I access Password Manager from Chrome.  I entered my vault password, and was able to log in.  It allowed me to export my vault, which showed up in a browser window.  Seems DANGEROUS to me to allow access to the Password Manager vault without first signing into my Norton Account to take advantage of the two-factor authentication.  If a key logging tool gets my password and email, I'm toast.  Is this really how the product is designed to work?

Replies

Kudos0

Re: Password Manager Security

Using the Chrome NPM extension, if you just close the vault and or close your browser, you get signed out of the vault, but not your Norton Account. You can see this the next time you click on the NPM icon with the vault closed. You will see your email address listed at the bottom. To get signed out of that, you click on Sign Out.  Yes. This is how it was designed.

If you look around the forums, you would see that you are in a minority in wanting to be signed out of your Norton Account each time. Here is one example.   https://community.norton.com/en/forums/vault-prompts-you-log-your-accoun...

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Password Manager Security

I did later wonder if I was indeed signed out of the online Norton Account.  So I guess not, and this explains why I could access the Password Manager.  I have a few other security questions.  Is it possible to talk to some Norton security person apart from this public forum?  Norton chat wasn't helpful.

Kudos0

Re: Password Manager Security

Norton is not likely to divulge anything on the internal workings of one of their products. What kind of question do you have? We may be able to work something out for you by PM.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Password Manager Security

OK.  Two things:  1) When I asked about two-factor authentication to chat, two agents couldn't help, and then I came across the Mobile Unlock feature.  It seems to be the answer.  2) I'm very concerned that my vault information is displayed to me in a browser window when I perform an export. I would suggest that the information should be better protected than being accessible through credential validation.  Also, does this mean that Norton has an unencrypted copy?

Kudos0

Re: Password Manager Security

1) When I asked about two-factor authentication to chat, two agents couldn't help, and then I came across the Mobile Unlock feature.  It seems to be the answer.

The VIP Access app 2FA is not a Norton product, so it is not surprising that the Norton chat agents could not answer your questions. You would need to go to Symantec Support or forums for help with that.    https://www.symantec.com/connect/

2) I'm very concerned that my vault information is displayed to me in a browser window when I perform an export. I would suggest that the information should be better protected than being accessible through credential validation.  Also, does this mean that Norton has an unencrypted copy?

There is no unencrypted vault for your passwords. The vault contents are only available to the owner of the vault after logging into their Norton Account and Vault. So as you are using the VIP Access you have to first enter your Norton Account email, then password, then VIP access code, then Vault password to get to the information. So in effect a 4FA. Then the page with the contents displayed is a secure page...httpS . So only you can see the results. What other protection other than credential validation would you suggest for a product mainly aimed at home users?

An even more secure way may be to open your Norton Security product and double click on Online Safety pillar. Then click on Password Manger and sign into your vault. On the screen that comes up, click on the gear icon at the bottom to bring up the NPM settings. Click on the Import/Export tab and you can export your vault contents in .CSV format so you could enter it into a spreadsheet program to view/print.

Things happen. Export/Backup your Norton Password Manager data.