Mozilla Update

[Romeo]

Eric and Tyrant, how about the comptition, whatever they call their little no good gizmo ?  Should they be added to this comparison also ?

[Tyrantmizar]

Eric and Tyrant, how about the comptition, whatever they call their little no good gizmo ? Should they be added to this comparison also ?

um.. wha?  

Anyway, I do need help on one main thing:  what should the topics of comparison be?  Should I take the strong points of each extension and see how they stack up to the others? (in which case, that would be a big list of "yes" for PM and lots of "no" for the others)  Or should I try to simplify it into a few select topics?  If so, please give me some ideas!

edit:what hash does Firefox use to protect your passwords?

[trephin]

Home Page Suggestion:

Using one password over and over when you need a password is not very secure.  PasswordMaker can make using that one password secure.

PasswordMaker creates very strong passwords derived from one single password of your creation.  This allows you to use one Master password that you can remember while using different and difficult (nearly impossible) to crack passwords for your different usernames.  
___

Optional section:

An online version is available to provide the passwords when you are not at your computer.

(personally, i think this can be addressed later in the help section)

___

Skip the explanation of how it works, why you should use it, existing solutions etc.

Allow a link for the explanation of how it works but dont put that on the front page.

Taking a "...For Dummies" approach. I think it needs to be stated that you have to manually change your existing passwords to the ones PM provides someplace before the help file or early in the help file.

[trephin]

Anyway, I do need help on one main thing:  what should the topics of comparison be?  Should I take the strong points of each extension and see how they stack up to the others? (in which case, that would be a big list of "yes" for PM and lots of "no" for the others)  Or should I try to simplify it into a few select topics?  If so, please give me some ideas!

I'd take some key selling points and then compare the products....

available algorithms

supported browsers

number of ways to modify hashed password

how long it has been in existence or offered community wide

context menu/keyboard/menu use (?) - do they all integrate with the browser smoothly?  do any of them require weird keyboard shortcuts?  etc

other modification/options/scalability - ie, i can remove it's visible presence from the toolbar.

the last two catergories are not quite the selling points as the the first three.

[Tyrantmizar]

Anyway, I do need help on one main thing:  what should the topics of comparison be?  Should I take the strong points of each extension and see how they stack up to the others? (in which case, that would be a big list of "yes" for PM and lots of "no" for the others)  Or should I try to simplify it into a few select topics?  If so, please give me some ideas!

I'd take some key selling points and then compare the products....

available algorithms

supported browsers

number of ways to modify hashed password

how long it has been in existence or offered community wide

context menu/keyboard/menu use (?) - do they all integrate with the browser smoothly?  do any of them require weird keyboard shortcuts?  etc

other modification/options/scalability - ie, i can remove it's visible presence from the toolbar.

the last two catergories are not quite the selling points as the the first three.

Excellent.  I shall use all of these, except the 4th one (I've striked that one out).  I don't really think that how well known it is should be a factor.  But the rest of them are excellent selling points.

Perhaps, we should create this table, and also make a list of all the features that PasswordMaker has that the others don't.  

Lastly, I ask again.  Eric or Romeo, would MS Excel work for you?

[Eric H. Jung]

Trephin: Thanks very much on the website input. Let's see what tanstaafly comes up with and we'll combine your ideas. But you're right -- the home page should be short and sweet.

Tyrantmizar: if you don't know HTML, then Excel is fine. If you do know HTML, then just place it in a <table/> tag. That would save us a little work. btw, quixin works on the website, too, it's not just me and romeo.

I think one more feature request to compare is: do they support multiple accounts? I've noticed a number of these "hasher" programs that can produce only one password per URL!

Other programs to add to the comparison list: KeyPass--a lot of people tend to mention this--RoboForm (there's a FF plugin I tried a few weeks back).

edit:what hash does Firefox use to protect your passwords?

Like KeyPass and RoboForm, FF doesn't hash passwords. It uses two-way (symmetric) encryption. That's why you are able to choose any passwords you like with these products (Hashing is not encryption). Take a look at this and this. The documents are dated, but the underlying technology is still the same. An important point to note is all these products store the master password on your hard drive (including FF Password Manager). FWIW, I think FF uses AES encryption but I don't know which bit length--128 or 256. Let me know if you'd like me to ask around to find out.

[Tyrantmizar]

I've noticed a number of these "hasher" programs that can produce only one password per URL!

I haven't noticed any that support accounts.

I'll look into KeyPass and Roboform.  That might take a while though.
I decided not to review Magic Password Generator.  I can't get it to work consistently.

btw, quixin works on the website, too, it's not just me and romeo.

oops  :whistle: sry.

[Tyrantmizar]

Its been a long day. :sleep: I'll add KeyPass and Roboform tomorrow (maybe Monday).  

For now, here is a base to work off of.  

I would do it in HTML, but I suck at tables.  Never understood them.

[Guest]

Excellent.  I shall use all of these, except the 4th one (I've striked that one out).  I don't really think that how well known it is should be a factor.  But the rest of them are excellent selling points.

 

I agree that it shouldn't, but I think the one point I was trying to consider is that as an open source program that has been in existence for a little while, as a nonprogrammer, you would think that if anything suspicious was involved, it would be brought to light by someone by now and the fact that there is active development with an active community.  I do agree that it's not really a selling point but I think it is still a positive even if not well defined.

In regards to the draft, I would include the product version/number  next to the product name instead of a separate row.

Also, I would think we should be more formal and less colloquial

more as a guideline than specific instance, but instead of highlighting a competitor's negative, we highlight PM's positive

ie, instead of firefox password mgr saving password to disk, we say, "PM generates passwords on the fly without leaving passwords on disk"

last, i'm not knowledge in cryptography, and the issue of practicality comes into play, but is "uncrackable" an absolute certainty?  i mention this more for being precise in language than a practical exercise

[trephin]

oops... didnt log in...

anyway, just wanted to add that while i thought the power point comment was on the mark, for public release, i think it serves to only bring PM down.... not that you should remove the line, but again, less colloquial, more formal

[quixin]

Tyrant,  I'll convert the excel spreadsheet over to HTML as soon as its complete.

[Eric H. Jung]

Excellent.  I shall use all of these, except the 4th one (I've striked that one out).  I don't really think that how well known it is should be a factor.  But the rest of them are excellent selling points.

 

I agree that it shouldn't, but I think the one point I was trying to consider is that as an open source program that has been in existence for a little while, as a nonprogrammer, you would think that if anything suspicious was involved, it would be brought to light by someone by now and the fact that there is active development with an active community.  I do agree that it's not really a selling point but I think it is still a positive even if not well defined.

In regards to the draft, I would include the product version/number  next to the product name instead of a separate row.

Also, I would think we should be more formal and less colloquial

more as a guideline than specific instance, but instead of highlighting a competitor's negative, we highlight PM's positive

ie, instead of firefox password mgr saving password to disk, we say, "PM generates passwords on the fly without leaving passwords on disk"

last, i'm not knowledge in cryptography, and the issue of practicality comes into play, but is "uncrackable" an absolute certainty?  i mention this more for being precise in language than a practical exercise

I agree that it shouldn't, but I think the one point I was trying to consider is that as an open source program that has been in existence for a little while, as a nonprogrammer, you would think that if anything suspicious was involved, it would be brought to light by someone by now and the fact that there is active development with an active community.  I do agree that it's not really a selling point but I think it is still a positive even if not well defined.

I most definitely agree with this, but I don't think people without a lot of open-source exposure really care. FWIW, at my "day job" I very carefully compare all open-source libraries before I make use of them and weight the factors you describe above heavily. Activity, popularity, and community are extremely important: you might choose the best product (or library, as is the case for developers like me) for your needs, but if no one else is using it, you're going to find yourself in trouble down somewhere down the line.

Perhaps one measure of this might be number of downloads on UMO? Note also that PasswordMaker is listed on download.com, which also has a download count, but I don't update releases on there frequently...

[Romeo]

All of these point about the popularity / open source code are very valid.  No offense, before I started using / falling in love with PM, I poked around in the forums for quite a while and tried to find all the information I could to assure that this program was cosher and not going to steal my passwords.  So, I do agree that this point should be included.  May be not in the current form, but I am sure that we could find an effective way to make this point say what we need it to say.

edit:

number of downloads on UMO

Would that include the downloads from this site ?  Do we even have an accurate count for downloads from this site ?

[Eric H. Jung]

Would that include the downloads from this site ? Do we even have an accurate count for downloads from this site ?

Yes, I have that info if we want to include it.

[tanstaafl]

How about the number of registered users in this forum? Or the number of daily posts (registered users vs unregistered)?

I agree that many people don't care about the FLOSS aspect, but, many do, and these shouldn't be ignored. We should simply state that PM is licensed under the LGPL - people who know and understand about FLOSS licenses will immediately understand the significance - others can click on the (hyperlinked) words to go to a page describing the license and its advantages - some of those people who you might think don't *care*, simply may not *know*, and might be willing to learn, so we should give them that opportunity.