PasswordMaker Forums
Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Feature Requests / Enhancements => Topic started by: Romeo on September 06, 2005, 02:46:39 PM
-
Eric, it would be very nice to have a little textbox in which one can enter a number of days, which will prompt the user that it is time to change the password.
In other words, I enter 60 and after sixty days of continued use of the same password is up, it'll just pop up a friendly reminder telling the user that it would be a good idea to change the password. Of course, if the box is blank, it won't prompt the user.
This would be very useful for sites where the admin doesn't do so.
What do you think ?
-
I like the idea even if I personally wouldn't use it. Is that something you'd actually use or something you thought other people might like?
:cheers:
-
Yes, I would actually use it, because my bank doesn't prompt me to change my PW. And everyone knows that it is good practise to periodically change your password - at least I hope so.
-
I thought the counter field was for something like that??
-
I thought the counter field was for something like that??
Very true! Thanks for the reminder. So how about I add a button next to the counter labeled "Notification". Clicking this button opens a new dialog where you can turn on/off password change notification. Note that notification can only work if you enter a number in the counter field, so if you've used anything besides numbers, you'll get a friendly message telling you of the problem.
The Notification Dialog can also have a reset button which, when pressed, starts the countdown over.
Comments?
-
That sounds good, mostly.
So how about I add a button next to the counter labeled "Notification". Clicking this button opens a new dialog where you can turn on/off password change notification. Note that notification can only work if you enter a number in the counter field, so if you've used anything besides numbers, you'll get a friendly message telling you of the problem.
I don't really like this. Why wouldn't a number work? I would want it to only tell me when x number of days has passed. Also, I would suggest that you go either 2 ways with the countdown: - Have a fixed counter that countdown a number of days,
- Have it notify you when you haven't changed your password in a determined number of days. Note that you better make sure that it doesn't reset the counter unless the password is changed. I don't want it to start over every time I click "Settings."
-
Why wouldn't a number work?
I think you misread what I wrote. I wrote:
Note that notification can only work if you enter a number in the counter field, so if you've used anything besides numbers...
or do I misunderstand you?
1. Have a fixed counter that countdown a number of days,
2. Have it notify you when you haven't changed your password in a determined number of days. Note that you better make sure that it doesn't reset the counter unless the password is changed. I don't want it to start over every time I click "Settings."
Yep.
-
Why wouldn't a number work?
I think you misread what I wrote. I wrote:
Note that notification can only work if you enter a number in the counter field, so if you've used anything besides numbers...
or do I misunderstand you?
Why do you have to enter a number into the counter field? Why not a letter?
-
Currently, you can enter anything you like in the counter field. But if you want notifications of when the password should be changed, I'll need a number representing the number of days for which the password is good. If you enter letters, how would PasswordMaker know how many days that represents?
I'm not proposing the field be prevented from allowing letters; just that if you want password expiration notification that you must use numbers only (e.g., 60 for 60 days).
-
The counter field was added to act as a modifier correct? If a website forces me to change my password every however many days, The counter field gave me the ability to change my password while keeping all my other settings the same. If you make the counter field contain the time for PWMs countdown, it wont act as a modifier anymore because the next time I goto change my password I may want to use the same time duration as a reminder and a different modifier.
The countdown intraval should be entered in a different field and heres why IMO. If I have an account that forces me to change my password every 90 days, I may want to have PWM remind me in 89 days then I will add a 1 to the counter field to modify my password.
Am I wrong?
-
I am very sorry but I missed all this back and forth for some reason. But it is very interesting to see what kind of can of worms I have opened here. Quixin, you got that right. The counter acts as a modifier and the new field would be used for specifiyng the number of days for which the current password is good. In other words, when you enter 90 into the new field, PM would prompt you after 90 days that it is time to change the password, not the MPW but the PW for the web site. Then, once you increment the counter (ie. effectively change the password, it'll reset, start counting the days at 1.
At least, that is the original gist of the request.
-
However, I would want to change it every, say, 60 days. I don't want to have to increment it to get the counter to reset. I think that there should be a separate counter that doesn't modify anything for the notification. Otherwise I'll have to pick a completely different number each time I want to change my password to something completely new.
[edit: let me rephrase that:]
I would want it to change every 60 days. However, when 60 days are up, I also want to change what is in the counter so that the password is completely different. If I want it to remind me in 60 days again, I'm out of luck. I'd probably choose 59 or 61 days. I also don't really want the same two passwords to reappear, so I'm not going to ever choose 60 days again.
By simple mathematical logic, the time until the notification to reset the password will get continuously smaller or larger. It won't work like that. You can't make the counter field also the time until notification!
-
Tyrant, that is exactly what I am saying, I believe. The new field for number of reminder days is purely that. It tells PM to remind you when the number of days is up, but has absolutely nothing to do with the way the password looks.
For example, the number of days is 50 and the counter is blank. Then, after fifty days is up, you log into the website, log in, select to change PW. Here for the current PW, you would specify the password which is generated by PM with the blank counter field. Before you fill in the new password, you put a 1, or whatever character, into the counter field and populate the new PW field with the new PW, which has the one hashed into it. In order to confirm the new PW, you would put the same new PW in the box. Then, when you hit submit on the web site, you'll have a new PW. At the same time, you'll hit the reset timer button in PWM and the day count will start from the beginning.
Then, after 50 days are up, you'll go thru the same process except you would use 2, or whatever other character, in the counter field.
-
OK. I understand. You are all correct. It has to be a separate field on a separate dialog with options for resetting, enabling, disabling, etc.
Can we add it to the FRL?
-
The counter field was added to act as a modifier correct? If a website forces me to change my password every however many days, The counter field gave me the ability to change my password while keeping all my other settings the same. If you make the counter field contain the time for PWMs countdown, it wont act as a modifier anymore because the next time I goto change my password I may want to use the same time duration as a reminder and a different modifier.
The countdown intraval should be entered in a different field and heres why IMO. If I have an account that forces me to change my password every 90 days, I may want to have PWM remind me in 89 days then I will add a 1 to the counter field to modify my password.
Am I wrong?
"quixin",
Thank you for this explanation as I did not understand how this 'Counter' was used. Now I have a little understanding. As an untrained Ex-system administrator for a system no one wanted to use and I was the only one that dove in and managed to make it work for us and was completely responsible for operations, security, access, well the full ball of wax. I am very security minded and agree there should be a "HONKER" sound to remind you for a specific password that needs to be replaced, that will get a little complex and deep into operations because not all require the same length of time nor password length. You will not really want them all coming due the same day because you will get a little busy changing passwords. If you are a little like me, belong to approx. 9 different Forums alone, and not wanting to access any banking or cc usages until I feel a little more comfortable with this system. I feel sure thingys are headed in the correct direction for better security, I just need to learn enough to be able to take off my 'training wheels' so there is a little comfort in it for me.
Thank you for reading my long winded input, all it really says is I agree,
-
I like this new guy, LkonKbd :wub:
-
OK. I understand. You are all correct.
My thoughts exactly ;)
Could "Counter" be renamed (maybe "Modifier")? It sounds like it's for counting something, when really, given the explanation, it's not.
Or at least could the Help be made more clear on the field's purpose?
(I'll get around to registering some day perhaps, for now I'm liking the redish name)
-
"Eric",
Thank you, now your breaktime is over, get back to work.
"David",
You are so ver correct on the HELP issue, because; there is not really any HELP in there on this point and a few others.
You, Eric and Tyrantmizar, must understand that when you write the HELP for your Progy the users that will be using it are very DUMMYized when it comes to your progy. There will be some like myself that do not understand how some of the terms are used and put our own understanding in place of what you really mean. David's idea is a very good example of what I am getting at. You are very close to this program and know the little ins & outs and what is really meant, we do not. Unless you are very into programming and maybe even into security and the different methods of encrypting. I for one am not either one, just a very lost user in most cases. Would be very happy to assist in some of the ßeta testing, if only I knew what I was doing and understood more of what is really needed. Maybe some day "BAM" it will come to me and then this will all be done and gone, I will just be awakening to the needs.
Enough, Get back to work, BREAKTIME is over, (BAG!!)
-
Excuse me ALL,
I neglected to include this one point, A VERY LARGE THANK YOU, to each of you for creating this very important program.
And to all of the others, USERS, that are posting in here to assist in any way you can. You do not really understand the impact you have when you bring up some of the questions that are here and the enlightenment you are adding to the functionality of this software plus the awakening you are creating for those of us in the dark.
If I used (barf, cough, hack) 'html' this THANK YOU would be larger and a little brighter to accent it more so.
Keep up the GREAT work,
CU L8R,
-
Thanks David, I'll certainly do that in the upgrade version of the manual, or do you think I should fix it now?
P.S. It's done, take a look at it (http://passwordmaker.org/help/account-settings.xhtml).
-
Thanks David, I'll certainly do that in the upgrade version of the manual, or do you think I should fix it now?
"Romeo,"
I for one will thank you for this rapid response to this need.
One question though, this will effect the hashing or encrypting of that password, but; will it actually change the password as required by some sites? Usually when the password is changed there is the requirement that it be entered twice (2x) to insure the password is what the user is wanting and they know what it really is. PWM is even masking our passwords where we do not even see what it really is. Or is there a method of showing us what our passwords are, just incase there is a system crash and the only resolution is to reformat or reinstall of Windows and our copy of PWM and all of our passwords would be lost.
Excuse me for now I have not finished my reading of all of the HELPs or using PWM yet. So this is just a question that may have an answer in the HELP file and I just have not gotten there.
TIA,
-
Hi LkonKbd (a.k.a 'D'),
PWM is even masking our passwords where we do not even see what it really is. Or is there a method of showing us what our passwords are, just incase there is a system crash and the only resolution is to reformat or reinstall of Windows and our copy of PWM and all of our passwords would be lost.
Excuse me for now I have not finished my reading of all of the HELPs or using PWM yet. So this is just a question that may have an answer in the HELP file and I just have not gotten there.
Although there are many ways to populate password fields with PasswordMaker (right-click on the field->Populate With PasswordMaker, ALT`, etc...), if you want to see the generated passwords go to: Advanced Settings->Global Settings tab->uncheck Mask Generated Password.
Excuse me for now I have not finished my reading of all of the HELPs or using PWM yet. So this is just a question that may have an answer in the HELP file and I just have not gotten there.
Yes, I think this is covered in the Help Manual, but that's OK... we are here to help, too :)
-Eric
-
Thanks David, I'll certainly do that in the upgrade version of the manual, or do you think I should fix it now?
P.S. It's done, take a look at it (http://passwordmaker.org/help/account-settings.xhtml).
Looks great Romeo!
Wasn't sure about the doubled "character," but much easier to understand-thanks!!
"This is a place where you can put a character(s) character for sites"
Anybody got a comment on changing the field name ("Counter"-->something else)?
-
Hi David,
Anybody got a comment on changing the field name ("Counter"-->something else)?
Yes. I think this is an excellent suggestion and should be added to the Feature Request List (FRL). No one needs bother to vote for it because it takes 10 seconds to change.
Tyrantmizar: can you add it to the FRL?
I like the name "modifier" that you came up with. Does anyone have other naming suggetions?
-Eric
-
It is already added as "Set a prompt to change passwords"
-
Tyrantmizar, the name change is/should be a separate item, I think is what he's saying.
-
Excuse me for entering into this discussion, but; the suggestion by David and supported by Eric of "Modifier" is a great idea. That is what that field is for and will do.
That is my vote.
Do not missunderstand my critisizim of your wording of the HELP files, it is intended to help you understand from our point of view. Hopefully it will filter down to us and HELP us later.
Thank you,
CU L8R,
-
The Government recommends 180 days for their systems, with this system that could be set to 1.5 life times.
My vote for this one is #4,
-
Hi Romeo,
With your permission, I'd like to update your FR for the ability to schedule a prompt for a Password Change. This capability actually ties in with a couple of other FR's I'm working on, and so I'm trying to coordinate them all and consolidate them into some kind of organized, logical progression. I hope you don't mind. Basically, I'm just being a bit more specific, and suggesting a few pre-defined options, as well as the requested 'x days'.
This modified FR requires that the new Add New 'Current Account Password' (http://forums.passwordmaker.org/index.php?showtopic=858) field requested here (http://forums.passwordmaker.org/index.php?showtopic=858) be added and working (PWM uses this password ONLY if this field is NOT EMPTY).
Modified Feature Request:
Add the ability to schedule a prompt for a password change. For example, if your bank requires you to change passwords every month - or if you just WANT to change your password every so often, you can schedule a reminder/prompt on an individual Account basis.
Suggested pre-defined options:
a. Every x days.
b. Every DayName (weekly)
c. Every DayOfMonth (monthly)
d. Every DayOfMonth (quarterly, or every 3 months)
e. Every DayOfMonth (bi-yearly, or every 6 months)
f. Every DayOfMonth (yearly)
-
tanstaafl, that's not a problem at all. Actually, it's been so long since I requested this one that I didn't even remember it.
-
Sounds good, tanstaafl. I'll do what you suggest when it's implemented.