Not what you are looking for? Ask the experts!
Serious Security Flaw in ID Safe
I just saw that Norton Identity Safe has a serious security flaw. Here is the scenario:
When I boot up my computer in the morning, I open my vault via my vault password. So far so good.
However, I have all financial sites additionally secured (bank sites, credit card sites etc.) to where the logins do not autofill but where ID Safe requests that the vault password is re-entered in order to fill the respective fields.
Now I just realized that this extra security step is completely useless: As long as the vault is generally open, there is no need to re-enter the vault password to obtain the login information.
Yes - it is requested alright, but entering the vault passpword at this point can be simply and easily circumvented by just clicking on the "Vault Is Open" icon in the Norton toolbar. Then one just has to enter the website's name in the "Search Your Logins" field and voila - the login information comes up - completely unsecured. All someone would have to do is to click on the "View Login" symbol, then either copy the information or just diplay the password by clicking on the eye symbol. As long as the vault is open, this supposed extra security is worth nothing.
I am actually shocked - and frustrated with myself that it took me so long to notice that. I am sure - given that this is Norton and not some small business! - they could program ID Safe to where it does not allow acess to an open vault in cases where the re-entering of the vault password is requested for certain "vault-password secured" sites.