• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos14 Stats

Symantec, Please Explain

I would like to hear from Symantec why they chose to remove the local ID Safe.

In Beta testing Tim_Lopez posted this  -

All,

 

The plan at this point is to have the local vault be removed from the product and have the online vault be the only option. 

 

If you would like to voice your concern about this, please do so in this thread and let us know why you disagree with this decision. We value your feedback so please give us detailed feedback as to why you prefer local vaults if this change is undesired on your part. 

Cheers,
Tim Lopez
Norton Forums Administrator
Symantec Corporation http://community.norton.com/t5/Norton-360-2013-Norton-Internet/What-happened-to-ID-Safe-local-vault/m-p/774634/highlight/true#M2755 We were told that Symantec "valued' our feedback.  It was and is obvious that the majority of people are in favour of keeping the local ID Safe. Please return it permanently in the 2013 and above products,  or at the very least,  please explain why this decision was made. I would also like to hear Symantec's take on the controversial "Share" button and why we can't disable it. Eagerly waiting a reply, Thank you.Dave
A little bit of knowledge is... well a little bit of knowledge.

Replies

Kudos1 Stats

Re: Symantec, Please Explain

Can I suggest that those who are having problems logging in to their online vault please start your own thread.  That was not the purpose of this thread.

Thank you.


Dave

A little bit of knowledge is... well a little bit of knowledge.
Kudos1 Stats

Re: Symantec, Please Explain


WLP wrote:

Is there ANY plans to re-add local identity safe in 2013 (native install not over the top)?


Symantec keep saying the local vault will be supported for those who already use it if you upgrade from the 2012 version,  but will not be available with a fresh installation.

Dave

A little bit of knowledge is... well a little bit of knowledge.
Kudos1 Stats

Re: Symantec, Please Explain

I also would like my local Vault returned to me.

I upgraded from Internet Security 2012 to 2013 and my local vault access went away.  I have no need to share passwords across different PCs so my local access is what I want returned to me.  I know Norton says it is safe, but it's out of my hands.

And with local access, since no one ever uses my home PC but me, I could choose an easy password and not one that the online vault forces to follow by including certain characters.

Based upon what I've read, now I'm almost sorry that I upgraded to the 2013 version and the solution is to employ a different application that enables local password storage.

Kudos1 Stats

Re: Symantec, Please Explain



Krusty13 wrote:

Can I suggest that those who are having problems logging in to their online vault please start your own thread.  That was not the purpose of this thread.

Thank you.


Dave


Hi Dave,

I would like to track these issues and would prefer this stay in a common thread. It will be impossible for me to track if everyone is starting a different thread.

Given the common theme show of not being able to log into the online vault, for now I have to suspect they are all the same issue.

However I certainly understand your point about straying off topic. In that light I started another thread to track users who are not able to log into their online vault.

http://community.norton.com/t5/Norton-Toolbar-Norton-Identity/All-Users-Please-post-here-if-you-are-NOT-able-to-log-into-your/m-p/830872#U830872

For anyone using either 2013 only or a mix of 2013 and 2012 on different computers AND are unable to log into their online vault, please post your information in the above referenced thread.

Thanks much

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos4 Stats

Re: Symantec, Please Explain

I've got a nice compromise for the Symantec guys:

The Symantec guys obviously want people to move to the online version.  The reason that they removed local was " found during our initial product research that ordinary users were confused by the local vs. online distinction. They were consciously selecting the local option, but didn’t understand why they couldn’t access their vault data from Symantec's mobile applications."

http://community.norton.com/t5/Norton-Toolbar-Norton-Identity/Symantec-Please-Explain/m-p/825942/highlight/true#M4553

Therefore, I suggest that the ONLINE vault be made the default vault created for new installs while retaining the capability to create local vaults for those who choses.  In other words, when a user first create a vault, offer the online vault first but add an option that says "create local vault."  Just like the Windows 8 set up screen, allow the user to create a local vault rather than an online one.  Nag the user the "advantages" of the online vault if he click the offline one. He would have to click create anyways or something like that to create a local vault.

It's kinda annoying for those that want local vault but it's a win win.

When in doubt, uninstall / reinstall :smileywink:Windows 7 SP1 (64 bit), Norton Internet Security 2013, Internet Explorer 10, SpywareBlaster
Kudos0

Re: Symantec, Please Explain

I too want a Local ID Safe - simple!

Can I suggest a vote?

Too democratic?

Kudos9 Stats

Re: Symantec, Please Explain


dconn wrote:

 

[...]  

    • Security of the Online Vault

We understand your concerns about storing your vault data in the cloud.  Let me explain how we do this securely and hopefully alleviate those concerns.

 

All of your vault data is encrypted using a secure algorithm (SHA256) on your local machine using your vault password, before it is sent to Symantec servers.  Symantec does not have access to your unencrypted vault data or to your vault password which is used to decrypt it.  In addition, both your Norton Account password and your vault password are required to download your encrypted vault. If somehow the Identity Safe online vault was compromised all that hackers would get would be an encrypted blob that is of no value to them

 

The Norton team strives to provide you with the best security and the best functionality.  We take your data security and privacy very seriously.  We hope you will all come to like the convenience of our cloud storage.


[...]

 

  • Is Local Vault now considered Bad? Why can't we keep both the Online and Local Vault?

There's nothing bad about the local vault. Instead of continuing to split development and testing in both local and online vaults, we believe it is in the best interests of our users to invest all of our energy in to the online vault as that offers the best immediate, long term value and security.

 

[...]

 

Hopefully this helps clarify things. Are there any other aspects of the Online Vault that  we can provide more clarity on? For those of you who are upset or concerned about the online vault we want to know why. We want this to be a constructive conversation, and better understand your concerns. Any feedback you have about it is appreciated. Thanks for your help!

 

Dermot


 


Alejandrita wrote:

[...]

 

Local vs. Online Vaults

We believe that online-only vaults enrich and simplify the overall user experience. We found during our initial product research that ordinary users were confused by the local vs. online distinction. They were consciously selecting the local option, but didn’t understand why they couldn’t access their vault data from Symantec's mobile applications. With online vaults data is available even while offline. Early adopters of the online vault have expressed appreciation for the added convenience and are quite happy with the overall experience. This has solved the important task of making users data available anytime, anywhere. 

 

We understand your concerns, but wouldn’t be asking that you join us in adopting this change if we didn’t think it was the most secure way to store and synchronize your data across computers and applications. I'm sorry for those of you who aren’t yet ready to make this change. We will continue to support local vaults for existing users but not for new ones.

 

We value your thoughtful and continuous input because it keeps us on our toes and makes us re-think and challenge our designs and plans.  Many thanks from all of us and please keep the feedback coming!


Hi dconn and Alejandrita

At the beginning of September 2012, Symantec was made aware that the level of security that controls access to the online Identity Safe vault was grossly inadequate and that as a consequence, all Norton online vault users would be left susceptible to attack.

Original post here:

http://community.norton.com/t5/Norton-360-2013-Norton-Internet/What-happened-to-ID-Safe-local-vault/m-p/794504/highlight/true#M3467

...and reproduced below:


Tim_Lopez wrote:

All,

The plan at this point is to have the local vault be removed from the product and have the online vault be the only option.

If you would like to voice your concern about this, please do so in this thread and let us know why you disagree with this decision. We value your feedback so please give us detailed feedback as to why you prefer local vaults if this change is undesired on your part.


From the Norton Identity Safe Frequently Asked Questions page:

"Why do I need two passwords to login to my vault?

Rather than simply relying on your Norton Account credentials to provide access to all your private data, we felt that it was prudent to enforce a separate strong password for online vaults to minimize the chance that your data could ever be breached by would-be thieves."

While a password only system may be appropriate for a locally stored vault, this level of security is simply not enough for an online vault, especially given the high value of the user credentials and other sensitive information that the online Identity Safe vault is protecting. At the very least, the online vault needs to have a mandatory two factor authentication process. Yes, mandatory, not optional; users who choose to use the online vault must use the following process each and every time that they login to their online vault:

  1. Login to Norton Account;
  2. Login to Identity Safe vault;
  3. Enter the verification code to complete the login process.

For example, take a look at the Google Account login process here:

http://googleblog.blogspot.com.au/2011/02/advanced-sign-in-security-for-your.html#!/2011/02/advance...

"When you enter this code after correctly submitting your password we'll have a pretty good idea that the person signing in is actually you. It's an extra step, but it's one that significantly improves the security of your Google Account because it requires the powerful combination of both something you know—your username and password—and something that only you should have—your phone. A hacker would need access to both of these factors to gain access to your account."

For those who may think that this system would be an inconvenience, then ponder on this. If your online vault gets breached, your login data will immediately be exported to a plain text CSV file for ‘processing’, along with your cards and notes. You know that sinking feeling you get when you accidentally misplace your credit card and the relief that comes when you find it? Well, multiply that sinking feeling by the number of logins you have stored in your online vault and know that the relief won’t be coming any time soon...

If Norton forces its millions of customers to use the online vault in its current form, then one thing is certain. Cybercriminals will be targeting these Norton users to steal their Norton login credentials. After all, why would they bother laying siege to the castle when they can simply walk in through the front door? Be prepared for an onslaught of Trojan.FakeNortonLogin arriving on users PCs through all the usual attack channels, including email:

http://community.websense.com/blogs/securitylabs/archive/2012/08/28/malicious-e-mails-posing-as-ant...

The online vault is simply not ready for prime time, so for now, the local vault must remain a feature of the Norton 2013 products.


Given the above, I'd like to know why you keep insisting that the online Identity Safe vault is the best choice for Norton users when clearly it is not.

The local Identity Safe vault offers two factor authentication straight out of the box; the 'something that only you should have' component is the local vault itself. The online vault needs to match the local vault's level of security or better it if it is to be considered as a suitable replacement to the local vault. Unfortunately, the Norton online vault's access security level currently fails to meet this requirement and consequently places online vault users at risk.

Please review the above and advise as a matter of urgency. At no stage should user convenience considerations outweigh the security aspects of the Norton Identity Safe feature.

Kudos2 Stats

Re: Symantec, Please Explain

bravo
well said
thank you
Kudos2 Stats

Re: Symantec, Please Explain

Elsewhere, great post!  It will be interesting to see how they replied to that, (if they do).

Kudos0

Re: Symantec, Please Explain

Hi elsewhere,

While I too would like to see two-factor authentication, I am a bit unclear on how you are suggesting hackers could access someone's data in the online vault.  As explained in the following post, the data is encrypted on your local machine, using your password, before it is stored online.  Without your password, which Norton does not have, the data cannot be unencrypted - hence, the requirement for a strong password.

http://community.norton.com/t5/Norton-Toolbar-Norton-Identity/Symantec-Please-Explain/m-p/828834/highlight/true#M4722

Kudos2 Stats

Re: Symantec, Please Explain

Two factor security …

Imagine a home safe containing all your important information and valuables…

Which would you consider more secure –

1) Placing the safe into an exterior wall in such a manner that its access door and lock are publicly

     exposed (24 hours/day - 365 days/year) on the exterior of your residence – or,

2) Placing the safe entirely within the confines of your residence?

Now add the caveat that the safe has known defects – the lock often fails to function properly.

Kind Regards,

John

Kudos1 Stats

Re: Symantec, Please Explain


avjohnnie wrote:

Which would you consider more secure –

1) Placing the safe into an exterior wall in such a manner that its access door and lock are publicly

     exposed (24 hours/day - 365 days/year) on the exterior of your residence – or,

2) Placing the safe entirely within the confines of your residence?


It's not the location that matters - it's the difficulty of gaining entry, and most importantly, whether the contents would be in a usable state.  If it required trillions of centuries to brute force the lock, which a good 20-random-character password would ensure, it wouldn't really matter where you put the safe  If a user chose a weak password, assuming an interior location for the safe provided an adequate level of protection, I would argue that the seemingly more secure inside location would only be providing a false sense of security, and the contents of the safe would actually be at greater risk in the event of a break-in.

I actually favor retention of the local vault, myself, but there really isn't much nowadays that isn't online, from your retirement plan to your medical records - you name it, if you have an account number, it's online even if you never access it yourself.  Considering that most of our checking and credit accounts are accessible with a magnetic stripe and a PIN, from any of the millions of ATMs and POS terminals anywhere in the world, most of our safes are actually already on the exterior wall. 

Kudos1 Stats

Re: Symantec, Please Explain

I suppose we'll have to agree to disagree on this one SOJ...  

Hopefully Symantec will never have a security breech.  Though I do wonder where the responsibility will lie if they do.  I know if my bank's ATM or my bankcard is compromised that my bank will make good on it. I'm guaranteed this in writing by my bank.

Kind Regards,

John

Kudos5 Stats

Re: Symantec, Please Explain

Thanks for using our product Elswhere.

Thanks for the 2 factor authentication post. We're working on something similar for a future release. We want Online Vault to be the best, and we're very grateful for these enhancement suggestions.

 

- dconn

 

Kudos0

Re: Symantec, Please Explain


avjohnnie wrote:

I suppose we'll have to agree to disagree on this one SOJ...  

Hopefully Symantec will never have a security breech.  Though I do wonder where the responsibility will lie if they do.  I know if my bank's ATM or my bankcard is compromised that my bank will make good on it. I'm guaranteed this in writing by my bank.

Kind Regards,

John


Hi John,

True but first there would have to be an actual financial loss which can be attributed to the breach of their server.

As I'm sure you know I also am a strong advocate for retaining the local vault and I pushed and pushed hard to try and convince Symantec to do this.

That said, at the same time even if a breach did occur and some thief got a hold of your ID Safe data file they would then have to brute force their way through your password to actually gain access to your sensitive information. This is why Symantec enforces a certain level of password complexity before one is able to store their ID Safe vault online.

Even at this I would argue that for best protection one should go even beyond this. What I mean is that though Symantec enforces things like upper & lower case + punctuation some people do simple replacements that could ultimately be much easier to guess than it should be. An example would be using things like a "!" to replace the number 1 and so forth.

I always recommend using a true random password generator and then you are assured that simple character replacements like this are not going to lower the security of your password.

Best wishes.

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos4 Stats

Re: Symantec, Please Explain

Not a solution. We want the local vault back.

Kudos1 Stats

Re: Symantec, Please Explain

winapps, I couldn't agree more. When Symantec honours what the majority of it's customers seem to want, then I'll stay with them. I've used the product for over ten years, and if they don't re-introduce the Local option, I'm gone elsewhere. Symantec, it's your loss.....You're not the only security product around....

Windows 10 Home X 64 Norton Security Premium Current
Kudos7 Stats

Re: Symantec, Please Explain

Hi Dermot,

Surely Symantec can see that the local version of ID Safe is still the preferred version.  The Online Vault may well work as advertised, but it appears many users have found they can not use it.  A quick look through the NIS/NAV board, the N360 board and the Norton Toolbar board will show that in practice the Online vault is  still a work in progress.

If and when Symantec get it right,  then perhaps you can consider the Online Vault the only option.  Until then you simply must continue to support the Local Vault.

Thanks,

Dave

A little bit of knowledge is... well a little bit of knowledge.
Kudos1 Stats

Re: Symantec, Please Explain


dconn wrote:

Hi All,

[...]

Are there any other aspects of the Online Vault that  we can provide more clarity on? For those of you who are upset or concerned about the online vault we want to know why. We want this to be a constructive conversation, and better understand your concerns. Any feedback you have about it is appreciated. Thanks for your help!

Dermot



I just do not want to store my login info in the cloud. I want the Local vault back.

The upgrading from the 2012 version to 2013 (2014, 2015, .........) is not a good solution / is not enough. The local vault should be supported with clean install too.

Kudos1 Stats

Re: Symantec, Please Explain

I agree with the above point of view, I do not like or trust the online vault, people will feel more confident and in control with A local vault. After all you are asking people to send sensitive information to god knows where, You might know and trust it, but I sure don't. Please listen to the customer. We don't like the online vault!

Kudos4 Stats

Re: Symantec, Please Explain

Hi Allen,

As I’ve stated numerous times since first learning of Symantec’s intent to eventually force all ID Safe users onto their cloud, I've felt that there remains two primary issues yet to be addressed – 1) trust, and 2) usability.

Trust is a hard sell under the best of circumstances and Symantec’s behavior on this is not doing much to garner that trust.  If anything it’s damaging it further.  The point has been raised and conceded to that the “lock” is not good enough and will be addressed at some future date.  That concession alone should be enough to signal that using the present offering is best avoided.  Taking the defensive and waffling over responsibility if an issue of breech were to arise is also a red-flag warning which further damages the trust relationship.

Usability covers a lot of territory.  It’s been suggested that the user should be required to commit to memory a 20 character randomly generated master password which they must be capable of accurately regurgitating whenever they need to use their ID Safe.  This to me does not meet the fundamental criteria of usability.  Furthermore, correct and proper functionality is an implied subset of usability.  Even if the user can successfully manage the 20-character-mind-trick, the present implementation fails to guarantee that they will be granted correct and proper functionality of the online ID Safe product.  Over the course of more than a year Symantec has been unable to demonstrate the ability to provide a proper functioning online vault experience.  Why should the user be expected to trust that this condition will improve any time soon?

Kind Regards,

John

Kudos2 Stats

Re: Symantec, Please Explain

Hi John,

As I said I 10000% agree with wanting to have a local vault option. And as I mentioned I lobbied hard with Symantec to retain the local vault option, so we have no disagreement on this. That was not the point of my earlier post however.

The gist of my earlier post was simply to mention that a truly randomly generated password is by definition the most secure, whether it be an online ID Safe vault or anything else which is protected by a password.

I'll let you in on a little secret. I am a software engineer and have been a computer expert for well over 20 years now and it probably goes without saying that I know how to practice safe computing / safe online activities. In my 20+ years I have only been hit with TWO pieces of malware, just proving that no one is 100% immune to this. The last time this happened was somewhat over a year ago and it changed my whole approach with regards to what I view as a secure password!

I made the one time mistake of enabling remote desktop support on my home computer because I was in process of selling my home and needed to access my home computer from work to deal with time sensitive documents from my realtor. I failed to follow my normal practices this one time and therefore did not realize that MS defaults to supporting remote desktop without encryption. This caused my home computer to be breached and I ended up with a nasty virus.

Needless to say after I got this infection cleaned up I proceeded to update ALL of my passwords but it also made me wake up and realize that my passwords really were not strong enough to protect against the real world threats of today! From that point on I started using randomly generated passwords for all online logins which contains anything even remotely sensitive.

And I can tell you from personal experience it IS possible to use randomly generated passwords without having to actually remember them. I actually use a different randomly generated password for EACH login.

The gist of my approach works like this. I maintain a master password list on a highly encrypted local vault (not ID Safe but just an encrypted vault via a 3rd party program). This locally encrypted vault is also protected by a randomly generated password which I cannot possibly remember. In the event that something happens and ID Safe becomes unusable for a time, I can fall back to this Master password list.

For these two key passwords I have a file stored on a physically secure portable drive which is on my person at all times, and/or in another undisclosed physically secure environment. This contains the ID safe password and my locally encrypted vault password. I use that to copy/paste my password in for ID Safe and for my locally encrypted vault.

I've been doing this for over a year now and it works well. Is it an inconvenience? Sure it is, but it is well worth it to me to know that I have the absolute strongest passwords around and that even if someone were to for example somehow get a hold of my local encrypted vault file, they would NOT be able to break into it even in a thousand + years!

I should stress that absolutely NONE of what I have said about this should even remotely be construed to mean that anyone should be forced to store their ID Safe vault online. I am adamantly against this being forced on users and Symantec knows my feelings on this in no uncertain terms!

All the best,

Allen

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos1 Stats

Re: Symantec, Please Explain

Hi Allen,

It seems that we are essentially on the same page regarding this.  I believe that it is imperative that the “powers that be” at Symantec reexamine their position on the matter and reinstate local vault creation capability into their 2013 (and beyond) product lineup as soon as possible.  It seems rather obvious that their continued resistance on this matter is beginning to erode their company image and credibility.

And FWIW, I’ve been at this “computer gig” a while myself - a programmer since 1973 and a Computer Science / Systems Engineer since 1977, whose particular forte is machine-level language programming and real-time process control solutions.  My first personal computer was an IMSAI 8080 which I built from a kit.  It ran a ROM based operating environment and an inline assembler interface of my own creation.  I still have it – It still functions…  Worked with Digital Research and their manufacturing clients (on referral) who required custom written CBIOS interfaces for DR’s CP/M OS, later for MP/M, and eventually the other DR follow-ons.  I’ve worked with Microsoft since they were located in Albuquerque and only offered language solutions – that was a while before they teamed up with IBM over the original PC and subsequently acquired Seattle DOS from Seattle Computer Products.  Gary K. really missed the boat on that settlement…

Kind Regards,

John

Kudos2 Stats

Re: Symantec, Please Explain


SendOfJive wrote:

Hi elsewhere,

While I too would like to see two-factor authentication, I am a bit unclear on how you are suggesting hackers could access someone's data in the online vault.  As explained in the following post, the data is encrypted on your local machine, using your password, before it is stored online.  Without your password, which Norton does not have, the data cannot be unencrypted - hence, the requirement for a strong password.

http://community.norton.com/t5/Norton-Toolbar-Norton-Identity/Symantec-Please-Explain/m-p/828834/highlight/true#M4722


Hi SendOfJive

Attackers will focus on collecting the Norton Account and online Vault login information directly from the Norton online vault users themselves.

To illustrate the issue:

As a local vault user, I could post the following login information into my next post:

  • My Norton Account email address;
  • My Norton Account password;
  • My Vault password

With those details published, the worst thing that’s going to happen to me is that my Norton Account has been compromised. My vault information is safe because the vault password is useless to anybody else because they don’t have access to my vault.

Could an online vault user post the same Norton Account/vault login information above and achieve the same outcome? No, they couldn't because their online vault would be compromised as well.

With that in mind, exploiting this flaw is relatively straight forward. The online Identity Safe sign in page is located here. The phishing variant of this page could potentially look like this:

The ‘Trojan.FakeNortonLogin’ malware that I mentioned earlier could potentially look like this:

This is the reason why two-factor authentication should be mandatory when accessing the online vault. Users who choose to use the online vault in its current form should take extra care when logging into their online vault to ensure that the online vault login interface they are using is actually from Norton. Getting caught off guard here when logging on will prove to be a very costly mistake...

Kudos0

Re: Symantec, Please Explain


avjohnnie wrote:

The point has been raised and conceded to that the “lock” is not good enough and will be addressed at some future date.  That concession alone should be enough to signal that using the present offering is best avoided. 


What did I miss?  What did they say?

Kudos0

Re: Symantec, Please Explain


SendOfJive wrote:

avjohnnie wrote:

The point has been raised and conceded to that the “lock” is not good enough and will be addressed at some future date.  That concession alone should be enough to signal that using the present offering is best avoided. 


What did I miss?  What did they say?


Hi SOJ,

http://community.norton.com/t5/Norton-Toolbar-Norton-Identity/Symantec-Please-Explain/m-p/833520#M5015

Kind Regards,

John

Kudos1 Stats

Re: Symantec, Please Explain

Hi avjohnnie,

 

That post states, in its entirety:

Thanks for using our product Elswhere.

Thanks for the 2 factor authentication post. We're working on something similar for a future release. We want Online Vault to be the best, and we're very grateful for these enhancement suggestions.

 

Where's the mea culpa?  Where is it conceded that the "lock" isn't "good enough?"  An enhancement is the addition of a supplemental feature, not a repair of some defect.  I would point out that LastPass, a similar product using an online vault, has many standard and optional enhancements, and more are added all the time - none of these point to any inherent weakness in the core safeguards that are used to protect users' data.  Likewise, the post by dconn simply states that Symantec continues to look for ways to improve the online vault (as, I assume it does all of its products).  The post concerns ways to make the product better, which is not the same thing at all as fixing something that is broken.  It is not even talking about what you seem to be talking about.  I think we all agree that the online vault has some issues at the moment, but I don't believe that Symantec has said that  the online vault is insecure in any way.

Kudos0

Re: Symantec, Please Explain


SendOfJive wrote:

Hi avjohnnie,

 

That post states, in its entirety:

Thanks for using our product Elswhere.

Thanks for the 2 factor authentication post. We're working on something similar for a future release. We want Online Vault to be the best, and we're very grateful for these enhancement suggestions.

 

Where's the mea culpa?  Where is it conceded that the "lock" isn't "good enough?"  An enhancement is the addition of a supplemental feature, not a repair of some defect.  I would point out that LastPass, a similar product using an online vault, has many standard and optional enhancements, and more are added all the time - none of these point to any inherent weakness in the core safeguards that are used to protect users' data.  Likewise, the post by dconn simply states that Symantec continues to look for ways to improve the online vault (as, I assume it does all of its products).  The post concerns ways to make the product better, which is not the same thing at all as fixing something that is broken.  It is not even talking about what you seem to be talking about.  I think we all agree that the online vault has some issues at the moment, but I don't believe that Symantec has said that  the online vault is insecure in any way.


Once again we'll just have to agree to disagree SOJ...  

Kind Regards,

John

Kudos3 Stats

Re: Symantec, Please Explain

Just found this thread and I too want an option to use a vault on my machine.  Today is a good example, have been trying to log on to my on line vault for about 4 hours and all I can get is a time out and to check my internet connection.  Well, my connection is fine but, am afraid that the stupid storm may have put the server or router or modem where my vault is stored out of commission.

Have also posted several comments on these boards for a solution and Symantec has not responded to any cries for help.  The option is needed and sooner rather than later especially with the problems today.

Thnks,

dave

Kudos1 Stats

Re: Symantec, Please Explain

This is a VERY poor decision on Symantec's part.

Please put an option in ID Safe for Online or Local DB, or at least some logic - if it can't access ID Safe On-line, then revert to the locally sotred ID Safe DB. 

When Symantec moved the ID DB to Online, it really has me screwed!  My employer requires a wireless password and it is stored in ID safe.  I can't get on the wireless because I can't access ID Safe because you now have to be ON LINE!!!  A catch 22 for sure.

CHANGE IT BACK SYMANTEC!!!

Kudos0

Re: Symantec, Please Explain

Posted the following on another thread about losing the ability to log in to my vault.  All of these issues including the below are proof positive that Norton does not have their arms around using a cloud and a cloud only to store and deploy our passwords. 

Well,  think I have a work around but, not a solution.  Decided to try opening another account with a different e-mail address I have access to and lo and behold, logged on to that different e-mail account and was able to log into my vault with the identical password I used with my original account and my vault is working fine and all I had to do was to import my saved logins and I'm good to go.

Thought I'd see about my original acccount so logged out and logged in with my original e-mail address and tried to open my vault and the same old problem, timed out and check my connection.  Appears to me my program is working correctly with just a new account via a new e-mail.  There is something that is obviously corrupting my login with my old account or the Symantec Router is not acception my account with the old e-mail address but, is accepting the new e-mail address.

Hope this work around gives the Symantec techs something to work with to fix whatever is corrupting many logins.

Thanks,

rallydave at pobox dot com

Kudos3 Stats

Re: Symantec, Please Explain


yank wrote:
Norton Security Suite was updated to version 20.2.0.19 over night (probably today your time) although it had been up dated to 20.1.0.24 about a week or so ago.  Yes, NSS (both versions we are talking about) has the Local Vault & ONLY  the Local Vault.  This is because there is no Norton Account associated with the Comcast version - the license is controlled by Comcast (you remain a customer you have it - you leave, you lose it).   You have no Norton Account - you have no Online Vault.     Simple as that.

While I can certainly understand Yank's point about not having a Norton Account,  If the Local version of Identity Safe is still offered to Comcast customers who use NSS,  shouldn't the paying customers who use Norton Products also be offered the Local ID safe?

I would be quite happy to sacrifice the online version to maintain the local version.

A little bit of knowledge is... well a little bit of knowledge.
Kudos2 Stats

Re: Symantec, Please Explain


Krusty13 wrote:

yank wrote:
Norton Security Suite was updated to version 20.2.0.19 over night (probably today your time) although it had been up dated to 20.1.0.24 about a week or so ago.  Yes, NSS (both versions we are talking about) has the Local Vault & ONLY  the Local Vault.  This is because there is no Norton Account associated with the Comcast version - the license is controlled by Comcast (you remain a customer you have it - you leave, you lose it).   You have no Norton Account - you have no Online Vault.     Simple as that.

While I can certainly understand Yank's point about not having a Norton Account,  If the Local version of Identity Safe is still offered to Comcast customers who use NSS,  shouldn't the paying customers who use Norton Products also be offered the Local ID safe?

I would be quite happy to sacrifice the online version to maintain the local version.


I think just about everyone would be happy if we just had the local vault or at least a lot happier than just having the online vault! I wonder how Norton will explain this away?

Kudos1 Stats

Re: Symantec, Please Explain

Hi Krusty!


Krusty13 wrote:

yank wrote:
Norton Security Suite was updated to version 20.2.0.19 over night (probably today your time) although it had been up dated to 20.1.0.24 about a week or so ago.  Yes, NSS (both versions we are talking about) has the Local Vault & ONLY  the Local Vault.  This is because there is no Norton Account associated with the Comcast version - the license is controlled by Comcast (you remain a customer you have it - you leave, you lose it).   You have no Norton Account - you have no Online Vault.     Simple as that.

While I can certainly understand Yank's point about not having a Norton Account,  If the Local version of Identity Safe is still offered to Comcast customers who use NSS,  shouldn't the paying customers who use Norton Products also be offered the Local ID safe?

I would be quite happy to sacrifice the online version to maintain the local version.


I wonder who the "official support agency" is on NSS, Symantec or (in this case) Comcast?  I remember one of the SymEmp responses to an earlier "why for" inquiry on the subject cited easier product support due to customer confusions regarding correct vault type selection depending on intended purpose.  Perhaps they've decided that it must be one or the other, but never both because of this confusion issue...

Well, if I had my druthers, I'd happily go with the local only vault as well...

Kind Regards,

John

Kudos0

Re: Symantec, Please Explain


avjohnnie wrote:

Hi Krusty!


Krusty13 wrote:

yank wrote:
Norton Security Suite was updated to version 20.2.0.19 over night (probably today your time) although it had been up dated to 20.1.0.24 about a week or so ago.  Yes, NSS (both versions we are talking about) has the Local Vault & ONLY  the Local Vault.  This is because there is no Norton Account associated with the Comcast version - the license is controlled by Comcast (you remain a customer you have it - you leave, you lose it).   You have no Norton Account - you have no Online Vault.     Simple as that.

While I can certainly understand Yank's point about not having a Norton Account,  If the Local version of Identity Safe is still offered to Comcast customers who use NSS,  shouldn't the paying customers who use Norton Products also be offered the Local ID safe?

I would be quite happy to sacrifice the online version to maintain the local version.


I wonder who the "official support agency" is on NSS, Symantec or (in this case) Comcast?  I remember one of the SymEmp responses to an earlier "why for" inquiry on the subject cited easier product support due to customer confusions regarding correct vault type selection depending on intended purpose.  Perhaps they've decided that it must be one or the other, but never both because of this confusion issue...

Well, if I had my druthers, I'd happily go with the local only vault as well...

Kind Regards,

John


Hi John,

That's probably a question for Yank.  Comcast do have there own support forum site (http://forums.comcast.com/t5/Security-and-Anti-Virus/bd-p/13),  but many customers come here for help.

I just hope Symantec reconsider and give their customers what we want. 

Cheers,

Dave

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Symantec, Please Explain

Has this issue been resolved yet? I have been off the forum for awhile now and came back to read about the ID safe issue.

Cheers Mo Windows 7 64 bit, NIS2013
Kudos0

Re: Symantec, Please Explain

Hi Mo,

Welcome back!

I think Symantec wishes it was...  They have said that if you upgrade from the 2012 version with a local ID Safe you can keep the local version,  but with a new installation the online vault is the only option.

Cheers,

Dave

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Symantec, Please Explain

Hi, mo!!  Good to see you again.  Let's see...the kids are all grown up now, and..............

Kudos0

Re: Symantec, Please Explain


SendOfJive wrote:

Hi, mo!!  Good to see you again.  Let's see...the kids are all grown up now, and..............


Hi Mo. Likewise, good to have you back!

Windows 7 Ultimate SP 1, 64 bit, 32 GB * NIS Vers. 21.6.0.32* Ghost 15 * IE 9, Firefox, Safari. Test laptop with W7 Home Premium 64 bit * NIS Vers. 21.6.0.32
Kudos1 Stats

Re: Symantec, Please Explain

@ Send,yep the kids certainly have grown up and one has even left the nest!

Now for the big issue...I was saddened by what Symantec has done, not shocked, as I find that is the way major companies tend to play the game nowadays... Now they tell you what you want and need (and market it to you in that package).,thankfully I am still on 2012 and have avoided the forced change ( if I have understood the issue correctly)

So If I have grasped the current situation correctly ( I only managed to read upto page 8 and the last 2 pages of this very interesting thread)

If I just choose "renew" when my current subscription runs out and enter the key I will keep NIS 2012 and not be forced into any headaches with this new online ID safe?.....You have to forgive me its been awhile since I have run through the upgrade /update/renew scenario!.

Is there the ability NOT to use the ID safe at all?...if Symantec can not resolve the issue. I refuse to use something I did not ask for or do not need.. i.e. Cloud technology with my logins as the potential hostage.

Cheers Mo Windows 7 64 bit, NIS2013
Kudos1 Stats

Re: Symantec, Please Explain

Hi mo,

NIS 2013 will not install automatically without your consent.  Even so, while the upgrade will not happen unless you initiate the installation yourself, you may want to turn off Automatic Download of New Version in the Norton Settings Computer > Update tab, to prevent the downloading of the new version, which would then prompt you to install it (you can still say "no," of course).  But yes, you can continue to renew NIS 2012 and stay with that version indefinitely.  You can also re-activate NIS 2012 with a different 2012 or earlier Product Key, but not with a 2013 Key - so if you buy a new copy of NIS for the Key, make sure it is not the 2013 version.

Secondly, should you decide to upgrade to NIS 2013, installing directly over the top of NIS 2012 will preserve the local vault, but doing a clean install (uninstall 2012, install 2013) will cause you to lose the local vault.

Lastly, you do not have to use Identity Safe.  And, if you want to use a different standalone password manager instead, you certainly can do that too.

Kudos1 Stats

Re: Symantec, Please Explain

Thanks,

I doubt very much I would be able to get a NIS2012 key locally ....trapped  into something I don't want and given no choice in the matter other than choosing to not use that function in the new NIS2013.I certainly hope there will be no more of this forced acceptance of unwanted changes in the NIS future, as then I will have the headache of finding  new security software.

Thanks for the heads up about the Automatic download of new version off switch.

Cheers Mo Windows 7 64 bit, NIS2013
Kudos1 Stats

Re: Symantec, Please Explain

Mo,

Customer Support were able to give one user a NIS12 Product Key after purchasing NISv20.  Live Chat is often the quickest.  You can reach them at http://www.norton.com/chat

Tony Weiss has said they are working on a fix.

http://community.norton.com/t5/Norton-Internet-Security-Norton/NIS-2013-keys-will-not-work-on-NIS-2012-installations/m-p/821716/highlight/true#M219945

I hope this helps.

Dave

A little bit of knowledge is... well a little bit of knowledge.
Kudos1 Stats

Re: Symantec, Please Explain

Hi Dave,

That gives me some hope in this matter......I hope the fix comes faster than Nortons response to this issue....15 pages and it looks like there will be no change to the forced cloud use, and allow us to just use the ID vault  in house.  ,

I guess there are the work arounds....pen and paper = Password manager

Cheers Mo Windows 7 64 bit, NIS2013
Kudos2 Stats

Re: Symantec, Please Explain


dconn wrote:

Hi All,

Now that we have clarified our plans to make the Share feature configurable there seems to be a few remaining key issues that folks feel strongly about. Let me try to clarify our thinking.

    • Is Local Vault now considered Bad? Why can't we keep both the Online and Local Vault?

There's nothing bad about the local vault. Instead of continuing to split development and testing in both local and online vaults, we believe it is in the best interests of our users to invest all of our energy in to the online vault as that offers the best immediate, long term value and security.

Hopefully this helps clarify things. Are there any other aspects of the Online Vault that  we can provide more clarity on? For those of you who are upset or concerned about the online vault we want to know why. We want this to be a constructive conversation, and better understand your concerns. Any feedback you have about it is appreciated. Thanks for your help!

Dermot



Hi Dermot,

Now I'm a bit confused. As Yank & Krusty13 wrote here: http://community.norton.com/t5/Norton-Toolbar-Norton-Identity/Please-make-Norton-toolbar-2013-1-0-32-compatible-with-Firefox/m-p/836330/highlight/true#M5209

and here:

http://community.norton.com/t5/Norton-Toolbar-Norton-Identity/Symantec-Please-Explain/m-p/836350/highlight/true#M5210

the local vault is available for the Comcast users.

And you say: "Instead of continuing to split development and testing in both local and online vaults, we believe it is in the best interests of our users to invest all of our energy in to the online vault as that offers the best immediate, long term value and security."

But I think if the local vault is still being developed for the comcast users (I completely understand this since there's no Norton Account for the Comcast users) why don't you develop the local vault for the NIS/NAV/N360 products too?

Thanks.

Kudos1 Stats

Re: Symantec, Please Explain

Mo,

A couple of , I hope, clarifications:

SoJ correctly said:

<< You can also re-activate NIS 2012 with a different 2012 or earlier Product Key, but not with a 2013 Key - >>

but when he said << so if you buy a new copy of NIS for the Key, make sure it is not the 2013 version. >> that certainly makes it easier but if you do have no choice and have to buy a copy of 2013 / V20 you can get in touch with Norton OnLine Support and they will issue you with a Key that will work with 2012 (and later).

Here's my boilerplate just to jog your memory:

To contact customer support Click on this link https://www.norton.com/chat  and work on from there.

And note that there are three "semiautomatic" ways that Norton can update your 2012 to 2013 -- if you go to the Update Center for a download, if you use the Download button on your MyNortonAccount and finally if you use the Norton Remove and Reinstall Tool (NRnRT).

PS -- I see some of this covered in later messages ....

Hugh
Kudos2 Stats

Re: Symantec, Please Explain

If we wanted a cloud based system that is totally out of our hands, we could just use lastpass which works just as well and doesn't need to be logged in to everytime the computer is rebooted.

Tim

Kudos3 Stats

Re: Symantec, Please Explain

Sorry, I started reading this thread, but don't have time to read it all, so perhaps this has already been discussed: (I hate when people say that, and now I'm doing it, sorry, sorry, sorry!)

I had NIS 2012 installed. I did not do a clean install of NIS 2012, but I did take advantage of the free upgrade to NIS 2013, yet I have the new features: loss of access to the local vault, "share," and "Ask" as the safe each engine. I can''t say I like any of those new features, but I especially do not like the loss of the local vault. I do not like the new two-step procedures to open the vault.

Oh, to top things off, when I logged on to my Norton Forum account to make this post, Identity Safe didn't fill-in the logon or password as it did previously. If Identity Safe won't even work with Norton's forum, where else will it fail to work?

Kudos4 Stats

Re: Symantec, Please Explain

Oh I wish I'd seen this thread before upgrading from NIS 2012 to Norton 360! I don't have strong preference for any IS vendor/ package, I went for the 2013 release as I found NIS 2012 functional and generally pretty painless in comparison with some of its peers.

Moving Identify Safe to the cloud without prompting or advising during the upgrade has meant that what was previously a useful and functional feature is now a compromised, flawed and useless feature for me. Given the otherwise fairly minor differences in IS vendor performance for my use, this is pretty much a deal breaker for me with Norton - I'll be going elsewhere as soon as the opportunity presents itself.

Norton - not all of us want to live in the cloud all the time or share everything between our devices, especially without being given a choice!

Kudos2 Stats

Re: Symantec, Please Explain

yes!!!!!!!!

thank you overthinker!

Norton - not all of us want to live in the cloud all the time or share everything between our devices, especially without being given a choice!

This thread is closed from further comment. Please visit the forum to start a new thread.