Chat support available. Click the chat icon on the bottom right corner to start chatting with us right away!

Support mSecure

mSecure access by company Administrators on work PC

Could somebody with Admin privileges in my organisation open the windows version of mSecure and access all of my passwords etc. 


I get prompted for a fingerprint (or Password) to access the windows version but I could see this being bypassed by a system admin. 

Hi Calvin,

Thank you for contacting us. For Windows Hello, I believe a user with Admin privileges would be able to get access to mSecure based on how the feature works. I'm not entirely sure about this, because I don't manage any PCs either in our company or personally, but I believe there is a master PIN that an admin would be able to use in order to unlock any app making use of the Windows Hello feature on the device regardless of whether you are using facial recognition, fingerprint recognition, pattern recognition or a simply PIN. To be clear, this has nothing to do with mSecure but how Windows has implemented the "Hello" feature.


If you are running mSecure on a managed PC in a work environment, I would suggest turning the Windows Hello unlock feature off in mSecure's Settings. That way, the only method for unlocking the mSecure app would be entering your account password after opening the app.

Thanks Mike - Maybe it would be worth putting explanatory text on this risk under the "Use Windows Hello to secure your data" section in the Security Settings area in the Windows app.

From a user’s perspective, with a basic understanding of the system, I recognize that mSecure on Windows is a UWP app. According to Microsoft, these apps “declare which device resources and data they access - the user must authorize that access.” Therefore, I believe that an Admin would not have access to the user’s data. The Admin would need to know the user’s Windows Hello PIN to log into the user’s account and potentially access the passwords by unlocking mSecure with Windows Hello. An Admin's PIN would be ineffective.


BitWarden implements a similar UWP app which could be set to be unlocked using Windows Hello. In BitWarden's case I was able to run it as Admin, but when I do that, the username and master password are both missing. So again, without knowing the User's PIN, it is not possible to access the passwords.

Thank you for adding to this thread @JSeow! That would make sense that a profile's PIN would not be able to be overwritten by an Admin's in apps like mSecure, but I was not entirely sure, so I didn't want to err on the side that could cause something that's not secure. I'm still not entirely sure about this, because I don't know if my question is worded correct, but it appears that an Admin to a computer is NOT able to unlock lesser privileged user's apps when using Windows Hello. From what I can tell, only the user's PIN will unlock the app. It looks like an Admin can force a Windows Hello reset on the device, but that would simply cause mSecure to require your account password instead of the "Hello" PIN.

However, be aware of a potential risk to your passwords if you export them to a CSV file on your device. An admin can access all folders, including user-specific ones, which could compromise your stored information.


Connexion ou Inscription pour poster un commentaire