PasswordMaker Forums
Miscellaneous => Other => Topic started by: Romeo on August 02, 2005, 08:34:46 PM
-
Eric,
I just realized that the Default Account has a text box for a username and a counter. I am wondering why those are there. Do we really need them on the Default Account interface ? IMHO, this might actually confuse a potential new user, unnecessarily. Granted, they make the password a little harder to crack, but we already have so many other options, such as the hash, the l33t, etc. to make the PW difficult to crack.
Romeo
-
Sigh. Those fields were originally there, then I removed them for the very reasons you describe. Then Tyrantmizar asked for them back (here (http://forums.passwordmaker.org/index.php?showtopic=108)).
If it's all the same to you, I'd rather not change it again.
-Eric
edit: I like your avatar! Looks like Arnold S. as Terminator on a motorcycle :)
-
Eric,
Actually the avatar is from easy rider. Don't ask me who that is, though. Even though I've seen the movie, I wouldn' be able to tell you. It's too long ago.
As for the username and counter fields. I must have missed that exchange. But if you think that we ought to keep them, it doesn't make a difference to me.
It'll be hard to explain in the help manual, though. But I'll manage. B)
Romeo
-
I don't think we should keep them. I was helping out Tyrantmizar :)
-
How about this? What if we name those fields something else in Defaults? Like "Extra Field1" and "Extra Field2" or something equally meaningless (albeit not as confusing as username and conter)...I'm open to ideas.
Would that make documentating it easier?
-
Eric,
I am racking my brain trying to explain those two boxes. I know that you want to keep them for compatibility reasons. I also see how they were probably part of the evolution process, but I really do not see any reason for keeping them.
Would it be very difficult to have two dialogs and a button for a legacy version of this dialog ? That way, users, who are new, can just keep the default of this dialog, but users who did start using PM early on and who decided to put a username or a counter into these boxes will have a chance to hit the button, or something like that.
Or even better yet, users who used these two boxes for the username or counter have those values in the RDF file, right ? If PM sees that those values are there, put a button on the dialog to open yet another dialog to delete, or modify those values. If it doesn't see those values, do not put that legacy button on there.
How does that sound for a solution?
Romeo :rolleyes:
-
Or even better yet, users who used these two boxes for the username or counter have those values in the RDF file, right ? If PM sees that those values are there, put a button on the dialog to open yet another dialog to delete, or modify those values. If it doesn't see those values, do not put that legacy button on there.
That's a good idea. Let's sleep on it a few days; there's no hurry. In the meantime, I think you should just ignore documenting them in the Help files...i.e., pretend they don't exist for Defaults.
-
If you guys want to change it back, that is fine with me. If you recall (http://forums.passwordmaker.org/index.php?showtopic=108), I was merely asking why it was disabled. If you guys think it would make PasswordMaker more user-friendly by removing those field for defaults, be my guest.
-
Let's sleep on it a few days
Eric, that sounds like a weener.
Romeo
-
If you recall, I was merely asking why it was disabled.
Yeah Eric, why did you put it back in, eh ? :blink:
-
Heh. I'm married to a licensed, doctorate-level psychologist. She has me reading between the lines all the time :) So I read between-the-lines of Tyrantmizar's post too much, thinking his question was really a request to put it back. Was it not so, Mr. Tyrant?
It's no hassle to disable it again, or name them something else, or whatever... this is kids' stuff. Bring on the hard work :)
-
On a serious note... Tyrantmizar, does it make sense to you to have a username defined for Defaults? If so, please explain. I only disabled it because I thought it would confuse people.
-
Theoretically, having the username and counter options do have a point. If someone knew your master password and knew that you were using PasswordMaker, then they would be confronted with several variables that they would need to determine in order to create your passwords for various sites. The username and counter is simply another one of those variables.
As for the relative security of the cracking the password, well... the password algorithms are already virtually impossible to unravel. If someone had your final password, and somehow figured out how to crack the algorithm(say, several years in the future when these algorithms become outdated) then they would first have to determine if someone used a username, counter, prefix, or suffix, and, if they did use one, what it was, and what level l33t, or not... yeah.. lots of stuff.
Removing the username and counter would make it theoretically less secure, but these passwords are top of the line, so the difference would be incredibly marginal. You won't loose much by removing them. Go ahead.
By the way, nice forum logo. ;)
-
Thanks to quixin for the new logo!!!
-
Actually, I really *like* having the ability to set a default username in the Defaults, and here's why...
I (almost) always use the same username for all of my online accounts. With a username specified in 'Defaults', I don't have to set up an actual 'account' in PM to take advantage of the auto-populate functionality when I go to a site that doesn't require anything 'special' - I simply enter the default username in the 'Defaults', and when I go to a site that isn't set up as an actual Account in PM, it just works.
If you remove this, then I'd theoretically have to create an actual Account for every site that I wanted to be able to automatically log into. That would be much *less* convenient.
My vote is to leave it in (please?)
Charles
-
I agree with Charles. To me, username under default settings just means the username that you usually use. In some cases where that user name is not available I would have to obviously create an account with that specific username. What part of that field did you guys find confusing? Wouldn't it be more confusing for the Default account settings entries to no match that of the account specific entries?
-
Sounds good. Let's leave it. Romeo, I think tanstaafl and quixin did a good job of documenting the fields:
username under default settings just means the username that you usually us
I (almost) always use the same username for all of my online accounts
By the way, taanstafl, you wrote:
With a username specified in 'Defaults', I don't have to set up an actual 'account' in PM to take advantage of the auto-populate functionality
But that's not true. You can use auto-populate password fields without having specified a username. Username is optional and just scrambles the generated password more.
-
By the way, taanstafl, you wrote:
With a username specified in 'Defaults', I don't have to set up an actual 'account' in PM to take advantage of the auto-populate functionality
But that's not true. You can use auto-populate password fields without having specified a username. Username is optional and just scrambles the generated password more.
Correct, I just wasn't specific enough...
1. I *want* to have my username added to the mix when generating the password, and
2. Once you get the auto-populate working for the username (and maybe other optional fields?), it will auto-populate it (them) too, as a bonus.
Without this field in the Defaults - unless I'm missing something really obvious - the username could never get auto-populated, unless a specific Account was pre-defined in PM.
-
Without this field in the Defaults - unless I'm missing something really obvious - the username could never get auto-populated, unless a specific Account was pre-defined in PM.
You have very high expectations of auto-populate! :D
I feel like i'm breaking bad news to you. There is no way for PasswordMaker to know which field in a webform is the username field without being "trained" (i.e., told in advance). I could write heuristics to try to determine it (e.g., search the <form> for a field with the word "user" or "name" and auto-populate that field), but ultimately the heuristics won't work 100% of the time.
The only way to reliably populate the username field -- or any field for that matter besides a password field -- is to tell PasswordMaker the name of the field you want to populate. The reason password fields are different is because they are marked in HTML with the password attribute. There is no equivalent attribute to mark username fields or other "special" fields.
If you'd like me to build the heuristics I describe above, I can do that for 0.8.1... it wouldn't be too difficult. But you should set your expectations that occasionally the wrong field would get populated with your username. I suppose for these sites you could setup specific accounts if you visit them often.
-
Without this field in the Defaults - unless I'm missing something really obvious - the username could never get auto-populated, unless a specific Account was pre-defined in PM.
You have very high expectations of auto-populate! biggrin.gif
I feel like i'm breaking bad news to you. There is no way for PasswordMaker to know which field in a webform is the username field without being "trained" (i.e., told in advance). I could write heuristics to try to determine it (e.g., search the <form> for a field with the word "user" or "name" and auto-populate that field), but ultimately the heuristics won't work 100% of the time.
<snip>
If you'd like me to build the heuristics I describe above, I can do that for 0.8.1... it wouldn't be too difficult. But you should set your expectations that occasionally the wrong field would get populated with your username. I suppose for these sites you could setup specific accounts if you visit them often.
Thanks for the explanation - and yes, I guess I was 'assuming' that there was some standard way of designating a username field.
I like your suggestion of heuristics, and if it isn't difficult, would love to see it added at some point in the future. Maybe you could even have the heuristics 'learn' when the User corrects a wrong guess by PM? For example, if PM makes a mistake, the User could hit a special key combo, and PM prompts for the correct field, then after the User clicks the correct field, PM fills it in then updates its heuristics? Understand, I know less than nothing about this subject, which I'm sure is pretty obvious - maybe I'm getting a little crazy here... ;)
That said, how hard would it be to allow an option to middle-click (or something) in the username field and have PM auto-pop the Default username in whatever field you click in?
Anyway, I'd still like the Username in the Defaults if for no other reason than it would be inherited by new accounts when creating them.
-
Eric,
I don't know what your "licensed, doctorate-level psychologist" wife would say, but I think the problem with you is you are trying to make everyone happy. But you can't. I'm not happy for example. I want PasswordMaker to get my breakfast ready in the mornings. You could rename it to PBM, PasswordandBreakfastMaker. Can you make it into 0.8?
-
Boy, I should've just left that can of worms alone, eh ? But I think that I now have a pretty good way of splaining that there username field, after reading with much interest all this back and forth.
Eric, to make a long story short, just leave the username fields where it is. But. what about the counter field ?
Romeo
-
The counter field will be moved next to the eggs/pancakes/croissant/waffles drop-down.