PasswordMaker Forums
Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Feature Requests / Enhancements => Topic started by: nicerobot on June 24, 2007, 08:56:42 PM
-
There needs to be a way to create an account for which the URL used "to calculate the generated password" is defaulted to the current site. Even better, there should be an option to use a string from the matched pattern(s) for calculating the password. For example, I could create my own "default accounts" by specifying a regex as "(f/ht)tp://([^.]+)?(\w+[.]\w+)[:/]" and the set the URL to use for calculating the password to $3.
-
I don't follow you...
Can you elaborate a bit? What exactly is it you are trying to accomplish?
-
Most simply, I'm trying to create an account that acts similar to the default account. That is, one that uses the current URL as the URL for calculating the generated password. Currently, there seems to be no account other than the default that can use the current URL for generating the password. All the accounts I create have to use a fixed string for the string used for generating the password.
To see what I mean, edit an account and click on the URLs tab. The top input box is the issue. It should allow me to specify elements from the matched patterns I specified for that account (the patterns which are also specified on the URLs tab).
For example, I have lots of accounts where the only difference is the URL. It'd be much easier to manage if I could have just one account that could generate the password for them all. This is basically what the default account is for but I need different "default settings" for different situations. For example, some passwords are longer, some exclude certain characters, use different algorithms, ...
Basically, one way to look at what I'm asking for, is the ability to collapse accounts into a single account and specify a bunch of patterns for each of the hosts and the matched host is used for generating the password. Note: I'm really asking for something far more general but that's one way to understand what I want.
e.g. One account might be where the sites allow 20 character passwords
The URL to use for generating password: $2 (note: this refers to the second RE grouping of the matched patterns below, like how perl handles RE matches)
Patterns:
^[^:]//([^.]+[.])?(yahoo[.]com)[:/].*
^[^:]//([^.]+[.])?(google[.]com)[:/].*
^[^:]//([^.]+[.])?(flickr[.]com)[:/].*
^[^:]//([^.]+[.])?(myspace[.]com)[:/].*
^[^:]//([^.]+[.])?(claimid[.]com)[:/].*
then another account for sites that limit passwords to 8 characters and only letters and numbers:
The URL to use for generating password: $2
Patterns:
^[^:]//([^.]+[.])?(aninsecuresite[.]com)[:/].*
^[^:]//([^.]+[.])?(nothingimportant[.]com)[:/].*
^[^:]//([^.]+[.])?(constantlycracked[.]com)[:/].*
^[^:]//([^.]+[.])?(brokendaily[.]com)[:/].*
^[^:]//([^.]+[.])?(microsoft[.]com)[:/].*
One additional feature might be to generalize this into how the default account works in this respect, that is, on the URLs tab, the "URL Components" check boxes. Though, these user-defined accounts must still support pattern matching unlike the default account. In fact, it would be really nice if the patterns were even generalized into the URL components. Notice how my patterns always follow the same format. The patterns should be broken into input boxes for [protocol][subdomain][domain][TLD][port][path][query] so that passwordmaker and ensure secure patterns for any element not specified.
-
PasswordMaker is complex enough for new users, not sure if adding this is a good idea. But there may be a way to put something like this in (I'm not counting on it, it's up to Eric really)
-
I agree that passwordmaker is fairly complex for new users. I don't think REs are a new-user feature. Regardless, I actually think part of this request is a simplification of the regular expression and pattern matching components, actually making it easier for new users to understand and become familiar with. For example, if all I care about is the the domain name for a pattern, I just type it into the domain field and all the rest of the RE can be supplied by passwordmaker. As for allowing the matched patterns to be used in the URL for password generation, again, an advanced feature that is easily hidden from new users. In fact, there's no end-user complexity being added, and in fact, simplicity combined with feature enhancements for anyone already familiar with REs.
-
Hi nicerobot,
Ok, I think I understand what you are asking for now.
First, have you seen this discussion (http://forums.passwordmaker.org/index.php/topic,1231.msg1279932.html#msg1279932) about a new Security Mode for PWM (which finally resulted in this FR (http://forums.passwordmaker.org/index.php/topic,1385.0.html))? My final suggestion - which is still awaiting feedback from both Adam and Eric - doesn't provide exactly what you are asking for, but it easily could (assuming I understand what you are asking for), by adding an additional optional field in the part described in #2.
But... the bottom line is, I just don't see any advantage to having a single account serve the purpose of multiple accounts - in fact it kind of defeats the purpose of multiple accounts.
Looked at another way, your suggestion only provides a more complicated way of serving the same purpose as multiple accounts. In other words, what is the difference between multiple complex regex statements for different domains under a single account, and simply having a separate account for each domain?
Unless I'm simply misunderstanding the request...
-
Looking at this further... tell me if I'm right - what you are asking for could be accomplished by making a slight modification to item #3 in the above referenced new Security Mode...
...
3. Relabel the 'Use the following URL...' field to 'Use the following value/string...', and make it one of two radio selection choices:
x) 'Use the following value/string...'
-) 'Use the Calculated URL...
with x) being the default, and a notice above the 'Calculated URL/optional-path-string' list when this is changed, notifying the user that changing this selection will result in a different password being generated for each 'Calculated URL/optional-path-string'.
I'm still unsure of any real added value...
-
Yes, I think you're correct. That post almost fully covers part of the concept I'm requesting.
As for combining accounts, I think of it as just another, logical way to organize passwords. Not better or worse. Equal but different.
I use PWM in two different modes:
- As an account manager. I use specific accounts when I want to store username and other information about the site. This mode of usage isn't impacted by this feature request. I will still manage accounts using the current model.
- As a pure password generator. In this mode, the attributes for password generation are the only attributes of the account being used. In other words, the _only_ settings that matter are the characters, length, algorithm, ... In this mode, combing URLs more clearly, logically groups sites as requiring the same password model instead of having to manage each as an individual account.
For example, my accounts list contains dozens of accounts in which I use the description field to indicate the password model I use for the site. I currently have 5 models: simple/8, simple/12, strong/8, strong/12, strong/20. I have no desire to manage a full account when I really just want to only add a site to a specific model.
I know you have to have run into the same problem as me. The default account does not work on many, many sites. These stupid site limitations for only using letters and numbers and some randomly chosen length limitation drive me a little crazy. Hence, my 5 models, which, so far, cover every site I've encountered.
-
Looking at this further... tell me if I'm right - what you are asking for could be accomplished by making a slight modification to item #3 in the above referenced new Security Mode...
...
3. Relabel the 'Use the following URL...' field to 'Use the following value/string...', and make it one of two radio selection choices:
x) 'Use the following value/string...'
-) 'Use the Calculated URL...
with x) being the default, and a notice above the 'Calculated URL/optional-path-string' list when this is changed, notifying the user that changing this selection will result in a different password being generated for each 'Calculated URL/optional-path-string'.
I'm still unsure of any real added value...
I think your original explanation of 'Use the following value/string...' will suffice. It's just that I don't want the 'value/string' limited to a single URL component. I don't really care how it's specified (certainly more friendly than my "$2", "$3" example). But, I'd like the 'value/string' to be as complex as I choose. For example, maybe I want "[host][port]" (this happens often because of admin pages for webhosting products like cpanel) but for the same host, I may also want one for just "[host]/blog" and another "[protocol][host]" (think ftp accounts) and yet another "[host]/db" or even "[host][¶m3]" where "¶m3" is the query parameter value for the param3. In other words, I'd want the generated passwords to be different for several different uses even though they're all accessing the same host. So they'd require different 'value/strings' for calculation.
-
Dang it - lost the reply I was working on...
Ok, as far as I can tell, you can already easily accomplish what you want...
1. Create a Group for each desired model
2. Copy each Account into the appropriate Group (moving accounts around is problematic right now)
3. Whenever you want to add a new Account to one of your Model Groups, just Copy an existing Account and edit the URL pattern appropriately.
Its a question of six to one, half dozen to another. I see no difference between managing these as actual Accounts, or as URL patterns.
What do you think?
-
I think your original explanation of 'Use the following value/string...' will suffice. It's just that I don't want the 'value/string' limited to a single URL component.
Currently, the URL components are not account specific - making these account specific is a part of the new Security Mode FR (that I haven't actually added to the FR list yet, since I'm still waiting on feedback from Adm and Eric).
There is currently no individual FR to make the URL components Account specific, although I think it is a part of at least one FR, if not others.
I don't really care how it's specified (certainly more friendly than my "$2", "$3" example). But, I'd like the 'value/string' to be as complex as I choose. For example, maybe I want "[host][port]" (this happens often because of admin pages for webhosting products like cpanel) but for the same host, I may also want one for just "[host]/blog" and another "[protocol][host]" (think ftp accounts) and yet another "[host]/db" or even "[host][¶m3]" where "¶m3" is the query parameter value for the param3. In other words, I'd want the generated passwords to be different for several different uses even though they're all accessing the same host. So they'd require different 'value/strings' for calculation.
So, in essence, all you are really asking for is to make the URL Components Account Specific, which, when combined with using Groups per my previous post, would appear to give you the exact control you are looking for, though not precisely in the manner which you originally requested (it still uses accounts, instead of URL patterns on an account).
If I got that right, I'll be happy to add this to the FR with a vote from you...
-
Dang it - lost the reply I was working on...
Ok, as far as I can tell, you can already easily accomplish what you want...
1. Create a Group for each desired model
2. Copy each Account into the appropriate Group (moving accounts around is problematic right now)
3. Whenever you want to add a new Account to one of your Model Groups, just Copy an existing Account and edit the URL pattern appropriately.
Its a question of six to one, half dozen to another. I see no difference between managing these as actual Accounts, or as URL patterns.
What do you think?
You approach is similar to what I already do but it would break my current grouping strategy, which is part of what I want to avoid. Maybe using tags for grouping would alleviate that issue by giving me more flexibility but that'd be another feature request.
Your strategy doesn't change the fact that every account I create in this manner requires that I update:
- The name
- The URL to use for generating the password
- The RE pattern
I'd much prefer to just add a new pattern (actually, generally just a new host) to an existing account (password model) since, in these cases, I don't care about the name of the account and I always have specific elements of the URL that I use for generating the password. It's just a tremendous amount more duplication than I prefer (being a developer, I prefer as much automation as possible, cuz I'm very lazy). Especially considering it requires three dialogs to get through all the information and editing an RE each time.
-
You approach is similar to what I already do but it would break my current grouping strategy, which is part of what I want to avoid. Maybe using tags for grouping would alleviate that issue by giving me more flexibility but that'd be another feature request.
And actually, there are already two different FRs dealing with this, Custom Group Functionality (http://forums.passwordmaker.org/index.php/topic,246) and View by Group/Account (http://forums.passwordmaker.org/index.php/topic,196)... wanna cast a vote?
Your strategy doesn't change the fact that every account I create in this manner requires that I update:
- The name
- The URL to use for generating the password
- The RE pattern
I'd much prefer to just add a new pattern (actually, generally just a new host) to an existing account (password model) since, in these cases, I don't care about the name of the account and I always have specific elements of the URL that I use for generating the password. It's just a tremendous amount more duplication than I prefer (being a developer, I prefer as much automation as possible, cuz I'm very lazy). Especially considering it requires three dialogs to get through all the information and editing an RE each time.
True enough... and now I see more clearly the value. Also, fyi, it's not that I'm trying to force you into doing it any certain way, I just want to clarify precisely what your need is, to see if it can be filled without adding any new features.
On that note - would you agree that the new Security Mode I am suggesting - since it requires making 'URL Components' account specific - combined with the new option suggested above (to make the 'Use the following value/string' a radio choice with the alternative being 'Use the Calculated URL') would provide exactly what you are asking for, albeit in a slightly different way from your original request? If so, then I'll add that option as a separate FR, and bug Adam and Eric for their feedback on the New Security Mode FR so I can get it finalized/posted too...
-
there is already a FR in place for this (http://forums.passwordmaker.org/index.php/topic,246) (although it doesn't specifically call them Tags, which is actually a better word for it) - wanna cast a vote for it?
Yea, that's sounds good. I'll vote for that.
True enough... and now I see more clearly the value. Also, fyi, it's not that I'm trying to force you into doing it any certain way, I just want to clarify precisely what your need is, to see if it can be filled without adding any new features.
I understand. These can become complicated discussions. It's important to clarify.
On that note - would you agree that the new Security Mode I am suggesting - since it requires making 'URL Components' account specific - combined with the new option suggested above (to make the 'Use the following value/string' a radio choice with the alternative being 'Use the Calculated URL') would provide exactly what you are asking for, albeit in a slightly different way from your original request? If so, then I'll add that option as a separate FR, and bug Adam and Eric for their feedback on the New Security Mode FR so I can get it finalized/posted too...
Yea, I think that would come close to fulfilling a large part of my request.
-
there is already a FR in place for this (http://forums.passwordmaker.org/index.php/topic,246) (although it doesn't specifically call them Tags, which is actually a better word for it) - wanna cast a vote for it?
Yea, that's sounds good. I'll vote for that.
I edited my post after you replied, - there are actually two FR's - may want to check them both...
On that note - would you agree that the new Security Mode I am suggesting - since it requires making 'URL Components' account specific - combined with the new option suggested above (to make the 'Use the following value/string' a radio choice with the alternative being 'Use the Calculated URL') would provide exactly what you are asking for, albeit in a slightly different way from your original request? If so, then I'll add that option as a separate FR, and bug Adam and Eric for their feedback on the New Security Mode FR so I can get it finalized/posted too...
Yea, I think that would come close to fulfilling a large part of my request.
Ok - but mind if I was why you say it would only come *close* - it seems to me it fulfills all of it, just, as I said, a bit differently than you had originally asked for...
-
I edited my post after you replied, - there are actually two FR's - may want to check them both...
I like both. Really, any improvement to grouping and viewing will be nice.
Ok - but mind if I was why you say it would only come *close* - it seems to me it fulfills all of it, just, as I said, a bit differently than you had originally asked for...
"close" only because it's still not clear to me that your request allows for as much versatility with respect to the value (generated from the url) used in generating the password. In other words, it seems more fixed than I was requesting.
-
Ok - but mind if I was why you say it would only come *close* - it seems to me it fulfills all of it, just, as I said, a bit differently than you had originally asked for...
"close" only because it's still not clear to me that your request allows for as much versatility with respect to the value (generated from the url) used in generating the password. In other words, it seems more fixed than I was requesting.
Fair enough - it is more fixed, since it will only use the 'Calculated URL', and this would not be in an editable form.
That said - do you have any really convincing argument as to why having this value be in an editable form would provide any *real* added value? Flexibility for flexibility's sake is not necessarily a 'good thing' - and in fact can create more room for user error/confusion, which I think this would do. As long as it provides the ability to have a unique value for each domain/pattern/entry, it provides the functionality you want (different password for each URL), with no added room for user error.
Ultimately, though, you could make a FR for this to be added to the 'Advanced Security Mode' (which will be the current 'URL Pattern' manager) as an editable field, but I don't know if Eric will be interested in implementing it or not.
-
That said - do you have any really convincing argument as to why having this value be in an editable form would provide any *real* added value? Flexibility for flexibility's sake is not necessarily a 'good thing' - and in fact can create more room for user error/confusion, which I think this would do. As long as it provides the ability to have a unique value for each domain/pattern/entry, it provides the functionality you want (different password for each URL), with no added room for user error.
Ultimately, though, you could make a FR for this to be added to the 'Advanced Security Mode' (which will be the current 'URL Pattern' manager) as an editable field, but I don't know if Eric will be interested in implementing it or not.
I think my examples above showed how the flexibility would be important, at least for me. One ofmy main issues revolves around managing 10+ websites, each has different services: blogs, databases, wikis, admin consoles, ssh, ftp, secure directories, .... So, for example, I would like to create patterns to match the specific parts of the URLs for each of these services and use different components to ensure the passwords don't strictly rely on the same string, and hence produce the same password, for each service. As it stands, I have dozens of accounts, one for each service, with lots and lots of duplication and minor changes to REs and URLs used for password generation.
One example of a benefit to combining many accounts under a single password model is if I chose to change something about these passwords, for example, change the length, I can duplicate one account, make the change and have both accounts available for logging in using the old account, then using the new account for changing the password. As it stands, I generally have at least three, sometimes as many as five or six, PWM accounts to duplicate per "account" if I need to change something about the passwords. So really, I want as few PWM accounts as possible when I'm dealing with accounts in which I only care about the password model. Versatility in the value used to generate passwords is important for this.
-
I think my examples above showed how the flexibility would be important, at least for me. One of my main issues revolves around managing 10+ websites, each has different services: blogs, databases, wikis, admin consoles, ssh, ftp, secure directories, .... So, for example, I would like to create patterns to match the specific parts of the URLs for each of these services and use different components to ensure the passwords don't strictly rely on the same string, and hence produce the same password, for each service.
<snip>
Ok, I see how this would be valuable, especially the way you are using it (and in fact, I might end up taking advantage of this functionality if it were implemented), and this requirement would be fulfilled by the FR I suggested for the 'Advanced Security Mode' that would result from my proposed change to the current/default Security Mode - but, maybe even better - hmmm... I'm thinking out loud here, so bear that in mind... how about:
1. Implement the FR (made by yours truly) to provide for Separate 'URL Components' for 'When URL Contains' and 'Use This URL' fields (http://forums.passwordmaker.org/index.php?topic=873)
2. Allow the use of regex for the 'Use the following value/string...' field,
3. Redesign the 'Advanced Security Mode' - something like this quick and dirty example (http://bayimg.com/MacKFAAbb) - to provide an interface for the new functionality. A comment field could be provided that would show up as a tooltip for as detailed a description of each pattern as desired.
OR, at a minimum...
The simplest/easiest thing to do would be to create an option to use the 'Calculated URL' as the 'Use the following URL...' value for calculating the password - this would at least allow for different password for the different URL patterns...
-
See http://forums.passwordmaker.org/index.php/topic,1413.new.html
Pattern-based Use the following text to calculate the generated password field