remove *required* Use this URL message

[ajw]

Since I use PM as a password/confidential-info manager (instead of just a password *maker*) I have information that doesn't have a URL.

There's now a popup message if you try to create an account that has an empty "Use this URL" field.

This interferes with using PM this way - can we make this more intelligent or something?  Perhaps the warning, but not *require* the field?   Or only require it when there's something in the "When URL contains" field - if they're both empty, no warning.
Not sure what's best...

- Al -

[LkOnKbd]

"Hey "AL,""

Just create one of your own because that has an influence on the calculated password.  Added security!!

Example: HTTP:///wwww.Al's_own.home

[ajw]

I've just been putting an 'x' in it - these are entries that are confidential information; they don't have passwords at all.  (so the URL is irrelevant - the generated password isn't used for this entry)

It just irks me to put something unneccessary in the field...

- Al -

[Eric H. Jung]

Hi everyone,

There's now a popup message if you try to create an account that has an empty "Use this URL" field.

Yes, this was very recently added due to this thread:

I've got several accounts set up with the same user name, and nothing in the "use this URL" - they all get the same password. (although it happens I had them set for different lengths; that's why I didn't notice it at first)

Hm, I should have made Use This URL a required field. I'll do that now, unless anyone objects...

I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...

-Eric

[Romeo]

Code:

I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...

When I first noticed that this is now required, I didn't quite see a reason for it, either.  It doesn't help protect against phishers.  It does, however make the password more complex, because, as far as I know, it gets hashed into the generated password.  The only one that could protecting from phishers would be if the when URL contains were required.

But it is there, now and I don't see anything wrong with that.

[ajw]

I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...

I agree with anything that helps in that respect, but if there's no URL in the first place (meaning "When URL Contains" and "Use this URL" are *both* empty, then the password will never be used for a web site.  In that case, *requiring* a URL isn't necessary.  (that account would/could never match a URL in the browser, right?)

Requiring the user put in a false URL just makes it more obnoxious when an account is for something *other* than a web site.  (like frequent flier numbers or such)

I admit, I do use PM differently from the rest of you - *I* like to think I'm a visionary and just leading you all, but it's also possible I'm just an idiot...  :)

In fact, I'd like to be able to disable the automatic generation of passwords (the use of the default account) - my preference is to *require* a custom account for any URL to create a password - I imagine that's *radically* different from everyone else!   (I'll post that as a separate feature request, btw)

- Al -