Author Topic: Unsecure Passwords?  (Read 7343 times)

0 Members and 1 Guest are viewing this topic.

Offline Amarand Agasi

  • I'm just this guy, you know?
  • Jr. Member
  • **
  • Posts: 42
  • Computers/photography/psychology/writing/haiku!
    • Flickr Site
Unsecure Passwords?
« on: August 05, 2016, 01:32:22 PM »
I own a multi-year, multi-PC license of Avast Premiere.

Over the past few months, I've been receiving the following pop-up:

"We've found unsecure passwords on your PC"

As I have my passwords AES-256 encrypted in a commercial password manager, I'd like to find out where these "unsecure passwords" are, so I can move them into the manager, and secure delete them.

Avast Passwords will probably never be my password manager of choice, although I can see where it would be great for other people.

So:

1) Is there a way to locate the "unsecure passwords" on my computer without paying for Avast Passwords?  (Does Avast Passwords even show me where these passwords are located so I can choose what to do with them?)  I personally think that there should be a password scanner included in the Avast Premiere package, so we can manage this serious security threat in our own way.  I don't know if this is a false positive, or if there's a password or 100 sitting in a backup, unencrypted flat-file somewhere buried 10 layers deep in a removable hard drive.  If someone uses the proposed free scanner, then maybe the scanner could show you where the passwords are, and then try to up-sell you on the manager?

2) I thought we'd gotten to the point where the marketing pop-ups were disabled?  I had the "Show popup offers for other Avast products" disabled (and I remember I did this because we had a nice thread before where I was directed to do so), but it's now re-checked itself.  Is that a bug or a feature?

3) Is the pop-up saying "We've found..." actually finding passwords, or is it just a marketing pop-up that is assuming -everyone- has unsecure passwords on their system, and hasn't done any actual scanning? What triggers this?  Is there a log of what it found somewhere?

Thanks!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Unsecure Passwords?
« Reply #1 on: August 05, 2016, 02:57:22 PM »
1]
Some places to check :
Browser(s), modem, router
Perhaps even a (old) file where password are stored.

2]
They are only disabled if you did do it in the settings.

3]
Yes they are really found.
I do not know how avast is checking exactly, so it can be a false detection.
But that is something for avast to answer/have a look at.

Offline Amarand Agasi

  • I'm just this guy, you know?
  • Jr. Member
  • **
  • Posts: 42
  • Computers/photography/psychology/writing/haiku!
    • Flickr Site
Re: Unsecure Passwords?
« Reply #2 on: August 05, 2016, 03:13:18 PM »
1]
Some places to check :
Browser(s), modem, router
Perhaps even a (old) file where password are stored.

Right.  But how does one "check for passwords" on all of these areas? :)  I'm a fairly technical guy, most people aren't.

2]
They are only disabled if you did do it in the settings.

I've had to uncheck that particular setting after every update. Is it intentionally checking itself, or is that a bug?

3]
Yes they are really found.
I do not know how avast is checking exactly, so it can be a false detection.
But that is something for avast to answer/have a look at.

Right.  So it would be nice to know where it's checking, so I can go do a manual find.

After I posted this, I realized that Passwords may be included in my Premier subscription (perhaps as a trial?), so I set a master password, installed one of the browser extensions, and it finally told me that I had a dozen or so passwords "in my browser."  Yup, not that secure, so I should probably clear those out.  But if it's finding passwords elsewhere, I'd like to know.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Unsecure Passwords?
« Reply #3 on: August 05, 2016, 03:34:27 PM »
https://www.avast.com/compare-antivirus

Nice of avast not telling us the name of the free version has changed and that avast passwords is now included in all versions >:(

If you remove the password module, avast should not mention weak passwords anymore.

Offline Amarand Agasi

  • I'm just this guy, you know?
  • Jr. Member
  • **
  • Posts: 42
  • Computers/photography/psychology/writing/haiku!
    • Flickr Site
Re: Unsecure Passwords?
« Reply #4 on: August 05, 2016, 03:42:03 PM »
https://www.avast.com/compare-antivirus

Nice of avast not telling us the name of the free version has changed and that avast passwords is now included in all versions >:(

Yeah, and it's a little confusing, because if I click "Store" the Passwords product is listed as something I can buy for $9.99 (on sale from $19.99) but yet...maybe it's included in my Premier?  Why charge $9.99/$19.99 if it's included in the free version (per the chart you showed me)?  Does Premier have the full Passwords product included as a part of the subscription, does it just include a trial period, or is it a watered-down version, and you have to pay for the full version? None of that is clear.

If you remove the password module, avast should not mention weak passwords anymore.

Great idea, thank you!  I'd like to see the ability to "scan for passwords" as a part of the comprehensive Smart Scan, without having to employ the Passwords module/utility. I think having unsecure passwords on your system is a Bad Idea, so warning people is good.  But I don't think the One Size Fits All of the Passwords utility is always going to be the best idea for everyone.  Breaking out the security/audit aspect of it (scanning for passwords and reporting where they are so you can take care of them) separate from the marketing aspect (selling a separate product called Passwords that appears to cost $9.99...is that per year?) would be nice/useful.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Unsecure Passwords?
« Reply #5 on: August 05, 2016, 04:10:21 PM »
It is indeed confusing for the (below) average user in my opinion.
It is included now in all versions (as it seems from that comparison page).
But people can also buy it as a standalone tool.
No clue why someone would pay if it is included in the free (now essentials) version of avast though ::)

Guess the new avast slogan is "We can't make it easier, but we can make it more confusing"

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Unsecure Passwords?
« Reply #6 on: August 05, 2016, 05:23:21 PM »
From the FAQ :

Quote
Passwords is available with all editions of Avast Antivirus 2016, including Avast Free Antivirus. Several basic features are available. For additional features, you can upgrade to the premium version.

https://www.avast.com/faq.php?article=AVKB254#idt_060

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

Offline Amarand Agasi

  • I'm just this guy, you know?
  • Jr. Member
  • **
  • Posts: 42
  • Computers/photography/psychology/writing/haiku!
    • Flickr Site
Re: Unsecure Passwords?
« Reply #7 on: August 05, 2016, 05:44:26 PM »
From the FAQ :

Quote
Passwords is available with all editions of Avast Antivirus 2016, including Avast Free Antivirus. Several basic features are available. For additional features, you can upgrade to the premium version.

https://www.avast.com/faq.php?article=AVKB254#idt_060

Cool, so...what I'm seeing is, the "basic" edition of Passwords is included in -all- versions of Avast, however, the Premium version is not included in -any- version of Avast without paying the additional fee. Is that correct?

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Unsecure Passwords?
« Reply #8 on: August 05, 2016, 06:59:25 PM »
Yes, that is how I understand it as well.

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )