Invite other devices without credentials? Realy?
Hi,
I am using a 10 place version for my family. I am in the process of installing the software on all the devices. I noticed something that I find very unpleasant.
In my app, Bitdefender recommends me, at the bottom of the dashboard, that I still have X seats free and can generate a link to invite other devices.
I created such a link earlier and sent it to my father. On his notebook I was able to install Bitdefender without entering any access data... How can this be?
In this way my son, my father, my mother can simply create a link and provide other people with a license, who do not have the access data. This makes no sense to me???
Is there anything I can do about it? Support says sometimes the link is such that you don't need credentials and sometimes you do.... What kind of statement is that?
Some ideas?
Thank you.
Comments
-
Hi @Gnarf
Let's see if this helps. Since you are the subscription holder and have the Central account, you can invite others to use a seat from that subscription (send a link). Since it's been generated from your Central account from your email address and password, they could not provide a link to others. They would have to know your email address and Central password in order to have that ability.
You are now the custodian of their account, in which they wouldn't even need to create a Central account unless they were to purchase an add-on that is outside of your package plan, that would then be up to them to maintain that add-on subscription renewal.
I hope this helped,
Scott
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
2 -
Hi @Scott, thanks for your reply. I don't really understand how this will help me with my problem. Or I don't understand it correctly.
My problem is that any computer where I have installed Bitdefender Antivirus Plus (children, mother, father, uncle, aunt) can simply create a link and invite others to use my license.
I realize that I have to enter my account in Bitdefender on the devices of my children, parents, etc.... But that from the software then these user data / login data / account data simply go to the invited user is very unpleasant.
Of course he can not see them or the password but he can simply use the user space without me giving my OK to do so. I find this very insecure for a security software.
Do you understand what I mean?
Thank you for your suggestion!
Greetings
Gnarf
0 -
@Gnarf , I thought to contact Support on your behalf to confirm what I was thinking, since I have no personal experience in sharing with family members, friends etc.
A: Hello :) As a Bitdefender subscription holder, if I invite someone else to a slot on my subscription, like a family member, what is to stop them from sharing that link from the bottom of the Dashboard, Install Total Security on another device, with a friend who I may not want to have that seat?
March 19, 2023, 9:06 am - George N. : Hello Scott. How may I help you?
March 19, 2023, 9:06 am - George N. : Hi Scott. That link can only be used on a single device.
March 19, 2023, 9:07 am - Scott : So if they try sending that link from their Dashboard, it won't work
March 19, 2023, 9:08 am - George N. : If your family member has access to your Central account they can send a download link in this case. But he will need your email and the account's password to do that.
March 19, 2023, 9:10 am - Scott : Thank you George, so if someone I gave that link to installed Bitdefender on their PC, they cannot invite someone with that link provided at the bottom of the dashboard. If they do send that link to someone, what would happen, that it just wouldn't work?
March 19, 2023, 9:12 am - George N. : Yes, the link wouldn't be valid anymore. It can only be used on that single particular machine, Scott.
March 19, 2023, 9:12 am - Scott : Thank you George, I appreciate it :)
My thought, and maybe yours, is that it would be nice if that option were disabled on an installed device, as to not cause confusion?
Kind regards,
Scott
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
2 -
Hey Scott, thanks for your effort.
What I'm wondering about is that people who have access to the account (mail and password) can send links. That has but everyone on whose computer the software is installed. You need mail address and password to use the license on the device. So to be able to use the software at all. And on this basis, everyone can invite people via the link in the dashboard. Even if you can only activate one PC per invitation link. That's still one too many. ;)
But anyway, I'll test it tomorrow. I send from my aunt's computer, there I never logged into the browser in Central, but only in the software. From here I send my uncle times ne invitation and see if I have to enter the password.
I will post the result here.
Thanks
Gnarf
0 -
You could also try Chat and put it in your own words, and see what they have to say.
Click the Purchase and manage subscriptions box.
:)
Scott
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
1 -
I had already written to them. They have forwarded the topic. Thanks anyway. :)
But just tested it again. I sent a link from my notebook to another device and bang, it was easy to install without having to enter anything. This is really totally stupid solved. So everyone / every device can invite others and they dont need the credentials! Example: I install Bitdefender on the Notebook of my father, not via the link, and he never see the password because i enter it during the installation. But he can now invite people who then automatically get a license without entering the mail oder passwort... Because its part of the link. This is really badly done. And the invitation is not even hidden and users are literally forced to invite people on the dashboard.
You should be able to disable this form of invitation. It is a security software and its so careless with credentials. Why are there 10 seat versions? You can't assume that all users are trustworthy with their data or some functions. Especially children or grandparents who don't mean any harm but just click on it... A short kick to invite a new user. And this, where none of these people have ever seen the password.
But let's see what the experts say.
But thanks for your help.
Have a nice day.
1 -
I tried it again and had one person I invited (my dad who didn't have to enter any credentials) invite another person (my uncle). My uncle did not have to enter any access data either.
This means that everyone can invite others, who can install the software without having to enter the access data. Crazy.
Where can feature requests be made? It would be good if you could only invite other users (including account data) from the Central Website. And not from the clients that have not yet seen the password. Or that you could disable the invitation from the clients in the Central. Because not every person you trust in principle is also trustworthy with hard and software. Which is certainly often not a bad intention!
That's what I wanted to get rid of. :)
0 -
That can be done here:
@Alexandru_BD do you have any insights and thoughts on this?
All Bitdefender Home Product User Guides:https://www.bitdefender.com/consumer/support/user-guides/
1 -
Hello @Gnarf,
I'll jump in here and see if I can shed some light on the matter.
First and foremost I want to thank @Scott for his initiative and help!
Why are there 10 seat versions? - Well, the subscriptions with multiple slots available for protection were designed to be used in the same household and are generally intended for users who have several devices that require protection, from computers to tablets and mobiles with different operating systems. Of course, in this category we include the Family Pack as well, that can cover up to 15 devices.
In regards to the concerns you have raised, the link used to install protection on other devices installs the antivirus directly, without the need to enter the credentials only on devices located in the same household or that have the same geoip. In the event the download link is sent to another, more distant location, it will be necessary for the user to log in with account holder credentials. Without the account credentials, the link will be useless if resent by your relatives to anyone else.
The download link does not provide access to the Central account, which means that all users that have their devices covered by the subscription will not be able to generate links themselves using Central, because they don't have access to the management console of the subscription.
The subscription owner should be the only user that has access to the Central account (given the credentials were not shared and should not be shared with anyone) and can also remove devices that seem suspicious or that should not benefit from protection.
So as you can see, this is not a case of carelessness when it comes to credentials, because the account was designed in a way that gives the owner complete control over their subscription and all covered devices with various security layers in place to prevent unauthorized access.
I hope this provides more clarity and peace of mind.
Regards
Premium Security & Bitdefender Endpoint Security Tools user
2 -
Hey @Alexandru_BD
Thank you for your time and detailed explanation.
This explains why I was able to install the software for my family (living right next door to each other) without entering any credentials.
So now I understand the principle. That's better than I feared. So there with the GeoIP. Whereby the areas are not necessarily small. But also for another reason I think it is not very nice.
Because even if I use it only in the family, with my son, for example, he can invite any of his friends when they do homework with him (same GeoID area). Or he secures devices of which I as a father do not want it at all. Of course, this is a special situation, but since I have been working in software development for many years, I see exactly such possibilities as critical weak points.
That you can monitor the connected computers in Central is good, but you don't look at it every day.
I just find it problematic to be able to release a software license just like that. Surely easier to handle but I think my point of view can be understood well. I'm just new at Bitdefender and I notice professionally possibly things that do not bother others but represent a potential weakness for me. Especially with a security software. ;)
However. It is not a reason not to use Bitdefender. It is a great software and also the support and the community show here impressively that they try very hard to help. 👍️
So, many thanks for your help @Alexandru_BD and @Scott !
Have a nice day.
2 -
Also a great response from the extended support team who contacted me by mail.
Quote: "First of all, I would like to inform you that we completely understand your position and that your suggestion will be escalated as a feature request, since adding an extra layer of security in order to prevent other users from sharing the installation link without their consent or by mistake to other users would prove as a great addition for our products."
Good interaction with users!
Thanks to all. Topic done. :)
2
