I tried to reply to an earlier thread but it appears closed. Since new Privacy and Anti Fraud Laws have been implemented, more commercial sites are using what appears to be Java front ends in their login modules. About a month ago I reported a site where ID Safe did not fill in my credentials nor does it ask me to save them.
Since that call, now over half of my online bill paying sites have implemented similar front ends and I am encountering the same problems. I called Support and they verified the issue and that it *is* Norton's problem. However I have no answer as to if and when they plan to update ID Safe to function in these sites.
Anyone who would like to try just to verify my problem, go to either of these sites, go to "Sign In" and try. You will need a real account to actually login but you can verify the function of ID Safe by just making up fake credentials.
I would be interested in seeing anyone else's results and most importantly, a reply from someone at Symantec who is in the know (Engineers please)
I appreciate your prompt response. It's refreshing to see that in today's outsourced support world.
Please be aware that this issue is far more global than these two sites - it's an app design element for PCI compliance I believe. .
You'd be well served to involve the Privacy or Info Sec group. They will know exactly what solutions are being programmed into financial web apps for PCI compliance.
If I'm not mistaken Cloud Computing (SaaS, IaaS, PaaS) is another angle, making these front ends available to mobile devices.
I have been, I think, extraordinarily patient. When I was a tech support pro and a moderator at an (one of the most heavily used and popular) Security Forums - a two + month silence on a commitment to help was unacceptable.
We gave ourselves a period of DAYS to provide a response - even if it was a negative response.
The good reps from Symantec have opened a bug on this issue and that was the last I heard.
How about an update? How about some sort of success/failure report? How about some corporate stance on the issue?
Sheesh - I'm not asking to rewrite the app - just some professional, programming, eyes into the problem. It's clearly a Symantec issue and becoming more and more clear that there is no intent to address it.
I am finding more sites that have changed their front end so there *must* be something going on in compliance and there *must* be something that can be done to make Identity Safe work properly.
We appreciate your feedback and your feedback has not gone unnoticed.
a) “myaccount.xcelenergy.com” is a flash based login site which we currently do not support. We don’t support Flash based login however as sites switch to HTML 5 and hopefully away from flash then this should become less of an issue
b) In regards to “q.myaccount.centurylink.com” then I’m pleased to announce that this issue has been fixed. We are still unsure about when the next update will be pushed out to customers but to it should be in the first quarter of 2012.
FWIW,RE: the hope that vendors will begin migrating to HTML 5;
More and more sites do not function with the ID Safe module. This is more than a "blame the web designers for programming withsomething Symantec does not support."
I am approaching the point where the module is largely useless for the most important purposes.
If I'm not mistaken the total has risen to 8 sites that do not respond to ID Safe.
I understand different formats could cause problems, what I don't understand is why sites that worked with NIS 2011 and still work with NIS 2011 won't work with NIS 2012.