I get in Safety Dashboard a "security problem" for one of the passwords on a site I use. This site only allows passwords consisting maximum 5 digits.
I get a notification that the used password of 5 digits is a weak password. I agree it's not a very secure password IF it's the only password to get acces to this site. But this site uses a 2 factor authenthication!
To get acces to that specific site you have to:
- First enter your e-mailadres (as user of the site) and a code ("password") of 5 digits.
- Then, when both are correct, you get by sms a second security code that you also have to enter on your pc.
- And only when this second code is correct, then you get acces to the site.
So you still need a second code which you only can recieve by sms on the cellphone you registered when you made your account.
Even when someone would know my first code of 5 digits and my e-mailadres, he or she still can't get acces to the site, because they can't get het second code.
I will receive this code on my cellphone. When I'm not trying to log in, I know at that time someone tried to get acces. So I can and will change my first code.
I think a 2 step verification is as safe as a long and strong single password.
I would like to have the possibility in Norton Password Manager to "register" the use of a 2 step verification system, when used on certain sites. So that even short (first) passwords or codes are no longer indicated as a "security problem" in the Safety Dashboard when a 2 factor authentication is used.
I understand that with the 2FA for a site, that it is a very secure method of access. What the dashboard is reporting is that a 5 character password is in no way a secure password in this day and age.
I think what you might want to suggest is that a user is able to have the dashboard ignore specific warnings. Whether it is for a site with 2FA or not.
As I already explained: to get acces to that specific site you have to:
- first enter your e-mailadres (as user of the site) and a code ("password") of 5 digits
- then, when both are correct, you get by sms a second security code that you also have to enter on your pc.
- and only when this second code is correct, then you get acces to the site.
So you still need a second code which you only can recieve by sms on the cellphone you registered when you made your account.
Even when someone would know my first code of 5 digits and my e-mailadres, he or she still can't get acces to the site, because they can't get het second code.
I will receive this code on my cellphone. When I'm not trying to log in, I know at that time someone tried to get acces. So I can and will change my first code.
I'm only asking the possibility in Norton Password Manager to "register" the use of a 2 step verification system, when used on certain sites.
I think a 2 step verification is as safe as a long and strong single password.
And therefore I find it annoying getting a warning for a so called "weak" password of 5 digits, when it's a part of a 2 step verification system.
A site only allowing a 5 digit password sounds odd. Not very secure. Can you share that site with us so we can test?
If in fact that is the case, I'm not sure Norton Password Manager would ever consider that a secure password. You may just have to ignore the warnings for that site, and accept the lowered score as your 'normal'.
When I open my safe in Password Manager there's an orange textbox saying there's a problem that needs to be solved.
The message for this so called problem is that the used password (5 digits, created by Password Manager!) is a weak password (40%).
Indeed this "weak" password is only the first step of a 2 factor authentication!
The second step is to enter a code I get by sms.
Only after entering both codes I can get acces to the site.
I'm sure that a 2 factor authentication is as safe as a long strong single password.
It's a bit annoying to see this orange textbox for a so called problem, when in fact there is no problem at all!
And this "problem" also effects my safety dashboard score.
So I would like to see the possibility in Password Manager to indicate the use of a 2 factor authentication, so that even short (first) passwords or codes are no longer indicated as a problem (when using 2 factor authentication).
I would tend to agree with you and would also suggest if you have quite a few passwords like I do, that there was a means of pulling out a pdf file or something where we could systematically go through our passwords and update them... I know it means that the printed copy is 'unsafe' until updated, but it would be quicker to have a paper list than having to scroll down the site and jump back and forth between website and dashboard...
