PasswordMaker Forums
Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Feature Requests / Enhancements => Topic started by: ajw on October 28, 2005, 06:36:43 PM
-
Since I use PM as a password/confidential-info manager (instead of just a password *maker*) I have information that doesn't have a URL.
There's now a popup message if you try to create an account that has an empty "Use this URL" field.
This interferes with using PM this way - can we make this more intelligent or something? Perhaps the warning, but not *require* the field? Or only require it when there's something in the "When URL contains" field - if they're both empty, no warning.
Not sure what's best...
- Al -
-
"Hey "AL,""
Just create one of your own because that has an influence on the calculated password. Added security!!
Example: HTTP:///wwww.Al's_own.home
-
I've just been putting an 'x' in it - these are entries that are confidential information; they don't have passwords at all. (so the URL is irrelevant - the generated password isn't used for this entry)
It just irks me to put something unneccessary in the field...
- Al -
-
Hi everyone,
There's now a popup message if you try to create an account that has an empty "Use this URL" field.
Yes, this was very recently added due to this thread (http://forums.passwordmaker.org/index.php?showtopic=448#entry782101):
I've got several accounts set up with the same user name, and nothing in the "use this URL" - they all get the same password. (although it happens I had them set for different lengths; that's why I didn't notice it at first)
Hm, I should have made Use This URL a required field. I'll do that now, unless anyone objects...
I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...
-Eric
-
I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...
When I first noticed that this is now required, I didn't quite see a reason for it, either. It doesn't help protect against phishers. It does, however make the password more complex, because, as far as I know, it gets hashed into the generated password. The only one that could protecting from phishers would be if the when URL contains were required.
But it is there, now and I don't see anything wrong with that.
-
I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...
I agree with anything that helps in that respect, but if there's no URL in the first place (meaning "When URL Contains" and "Use this URL" are *both* empty, then the password will never be used for a web site. In that case, *requiring* a URL isn't necessary. (that account would/could never match a URL in the browser, right?)
Requiring the user put in a false URL just makes it more obnoxious when an account is for something *other* than a web site. (like frequent flier numbers or such)
I admit, I do use PM differently from the rest of you - *I* like to think I'm a visionary and just leading you all, but it's also possible I'm just an idiot... :)
In fact, I'd like to be able to disable the automatic generation of passwords (the use of the default account) - my preference is to *require* a custom account for any URL to create a password - I imagine that's *radically* different from everyone else! (I'll post that as a separate feature request, btw)
- Al -