PasswordMaker Forums
Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Help and Support => Topic started by: vineyridge on February 09, 2009, 04:41:39 AM
-
I've read the wiki and the FAQs. I'm confused, really confused. Now I'm going to read them again with a pen and paper and see if I can make a plan and some sense of everything.
Over 60, ready to go on Social Security, and I don't understand your computerese. The Wiki is like Greek to me. I've been using computers for over 15 years, and this is the very first time I have been so completely baffled by a set of instructions.
I think I have a vague idea of how things are supposed to be set up, but the forms just don't make sense to me. It's going to take me a week to figure out how to start--or how to get the PasswordMaker to come up when I need it. Because I'm on dial-up, the video demonstrations take forever to load.
You guys need to work on making your help and new user information in PLAIN English, for English speakers. Put all the geekish jargon aside and work on a very simple one, two, three, with Definitions.
Sorry to be so crabby, but I'm old, it's late, and I AM crabby. Because I'm on dial-up, the video demonstrations take forever to load. ;D
-
I know the docs could use some work... a lot of work, in some places, but let me ask you a question...
How much did you pay for Passwordmaker?
If you need help, you need but to ask. If you see the value of PWM enough to work your way through the docs that you are having trouble understanding, we will welcome any meaningful and effective changes.
It is a wiki, after all...
-
I agree with tanstaafl. I always felt everything was written fairly clearly. While understanding the details of how and why PWM works the way it does can be somewhat difficult at first, using it is quite simple once you have broken that barrier.
A lot of work has went into the help portion of the website and I think some great work has been done in breaking down PWM's complexity for the everyday user.
While I think everyone here welcomes criticisms, more detail would be helpful. If your not understanding something in the documentation, post about it here. Which part of the help documents are you not understanding and what about that portion makes no sense?
-
Hi to everyone from London-England. :)
Please don't be offended guys, though unless I've missed something; I think the author of this thread might have a point?
PWM is potentially one of the most useful tools for the internet, however I wonder how many average users have given up trying to get to grips with it because of the apparent lack of a basic tutorial?
Having spent a good deal of time reading and searching both the Wiki and this forum, I have not been able to find a basic guide for setting up the master password. Is there one?
There was a mention of video tutorials in one thread, which I've been unable to find?
The only thing I've found which looks likely is at http://technononology.blogspot.com/2006/01/passwordmaker-quick-setup-guide.html (http://technononology.blogspot.com/2006/01/passwordmaker-quick-setup-guide.html)? Though this suggests using the advanced settings prior to registering the master password?
I'm usually pretty good with figuring out this sort of thing though I'm very unsure about this first step, and would rather get it right than mess it up at the outset. The remainder of the help and info is excellent.
Can anyone point me in the right direction please?
Hope to be using PWM very soon, and am grateful for the opportunity.
Many thanks,
Jon
-
Hi JonM,
We are certainly not offended by questions in any way! :)
First, as for 'setting up a Master Password', there is nothing really to set up, beyond simply deciding on what you are going to use. There is no 'registering' of the Master Password, so I'm not sure where you got that wording from. I think you are over-complicating it... ;)
To put it another way, the Master Password is just whatever you type into the 'Master Password:' text box in the 'Master Password Prompt' pop-up. The main thing to understand is that the MPW itself is used in calculating the resulting password, so when you 'create' a password for an account, and change the actual password for that account to this new password, you must always use the same MPW (and account settings) when logging into that site again.
If you choose to STORE it (done from the MPW prompt pop-up or the 'Options' dialog), then it will remember that Master Password until you quit Firefox (if you store it to memory) or until you change the 'Store Master Password' selection to 'Not at all'.
Personally, I use more than one Master Password (depending on the account type), and never store it at all. You could use a different MPW for every single account/login page if you wanted, but that would kind of defeat the purpose...
Hth, and feel free to come back for more... :)
-
Hi tanstaafl, and thank you for your help. 8)
So you just type your master password from the off; and that's it?
I have a few more queries for now if you would be so kind;
1. Concerning Global Settings; is there anything to prevent you from changing back and forth between having to type the MPW once, or twice?
2. For the option; I use more than one MPW, can you switch to this at a later time?
3. For shared logons where a predetermined username and password are given, is it possible to create a custom password to handle these (I share a number of such logons and would prefer to be able to auto complete these without typing in the form)?
4. Can PWM handle authentication windows such as for NukeSentinel™, I currently have the Firefox version of PWM installed (The Wiki suggests not if this is up to date) ?
Your advice would be very much appreciated please?
Best wishes,
Jon
(post updated) :)
-
Hi tanstaafl, and thank you for your help. 8)
My pleasure...
So you just type your master password from the off; and that's it?
Not sure what you mean by 'from the off'... ? If you mean from the MPW prompt window, then yes, thats what I mean...
1. Concerning Global Settings; is there anything to prevent you from changing back and forth between having to type the MPW once, or twice?
Only if you (or someone else) hire(s) someone to physically prevent you from changing the preference setting... ;)
2. For the option; I use more than one MPW, can you switch to this at a later time?
All that setting affects is the storing of the MPW hash... if it is disabled, then it only stores a single/Global MPW hash. If you enable it, it will store the MPW hash on a per account basis. Toggling it does NOT delete any of your stored MPW hashes, so yes, you can toggle this option any time you want.
3. For shared logons where a predetermined username and password are given, is it possible to create a custom password to handle these (I share a number of such logons and would prefer to be able to auto complete these without typing in the form)?
Yes, you would have to create a custom account, then add the username to the 'Extended' tab, then add the password field/value to the 'Advanced Auto-populate' tab. I don't have time right now, but I'll elaborate later if you can't figure it out...
4. Can PWM handle authentication windows such as for NukeSentinel™, I currently have the Firefox version of PWM installed (The Wiki suggests not if this is up to date) ?
If you mean 'Basic HTTP Auth' pop-ups, then no, it won't... otherwise, I don't know what a 'NukeSentinel' auth window is...
Hth...
-
I'll make one simple suggestion here. Based on a few of the questions in this thread, it seems to me there may be a small amount of confusion understanding how PWM actually works.
I think a small re-write of this page : http://passwordmaker.org/How_it_works could possibly help users experiencing similar problems. While I think this page is well written, I also think its a hair on the "advanced" side of things. If you were trying to explain how PWM works for a 3 year old, they may look somewhat dumbfounded.
This is not to suggest users with these problems are dumb, however they just may not be as familiar with some of the terms and ideas (hash algorithms in particular) introduced in this explanation.
Perhaps even easier, a new paragraph could be appended to the top or bottom of this section with a simply stated summary of what PWM maker is doing with your master password, url and settings.
A few new basic questions could be added to the FAQ as well.
Just a few thoughts after reading some of the responses here...
-
To tanstaafl, most helpful thank you once again. 8)
To quixin, all, I think a quick start guide would help many more uninitiated users to pick up with PWM more easily. Personally I'm pretty clear about how PWM manages and protects my information, it's the setting up and getting started that has been a little hazy.
As I've read a number of times thus far, it is fair to say you cannot expect to become competent without applying a degree of effort. Nevertheless I imagine that a lot of new users will be looking at this solution because they have a range of accounts they would like pull into one application, with as little delay as possible, and it is likely that at least one or two of these would warrant dedicated accounts. With this in mind I can see it being advantageous to provide a little more basic info, along with a walk-through for both a default task, and an advanced account set-up.
If you guys will put up with my queries for a few days, I'll have a go at putting something together from the novices perspective?
:)
-
JonM,
that would be great! Its kind of hard for me to write from the perspective of a new user since I've been using PWM for so long now. I agree something written TO new users BY a new user would be an excellent addition, and I would be happy to help you as much as possible by answering any questions you might have...
So, fire away!
-
A pm is on it's way to you tanstaafl, and I shall be back to you in this thread with some questions shortly...
Jon
-
Here we go...
1.) I set up the necessary group and added to this a dedicated account with specific settings. Following which I have attempted to change the password for the logon this was created for, using the FAQ for the purpose. Whether I enter the mpw in advance or am prompted to do so via the menu; Account for which the password is being generated, only the Defaults option is apparent. I have also tried variations of the URL including that for the individual page where the password is changed. In all cases the password generated is based on the the Defaults settings and not the dedicated account settings and/or the URL specified therein.
In view of the fact that I had previously deleted the passwordmaker.rdf file in order to reinstall the add-on, and may have not closed my browser at this time, I therefore repeated the same making sure the browser was indeed closed. Following which I set up the the group/account afresh, and repeated the above with the same outcomes.
How might this be resolved?
2.) What is the relevance of Master Password Hash > Status of > Stored/?otherwise?
3.) In Account-Specific Settings > concerning I33t, where can I find more info on applying these options?
4.) In Account-Specific Settings > Modifier, please clarify what information is added here (I'm pretty confused by the different threads I've read regarding this)?
5.) If you change the Account-Specific Settings for the Defaults, will this affect passwords which have already been generated for the same?
Gracias! :)
-
1.) I set up the necessary group and added to this a dedicated account with specific settings. Following which I have attempted to change the password for the logon this was created for, using the FAQ for the purpose. Whether I enter the mpw in advance or am prompted to do so via the menu; Account for which the password is being generated, only the Defaults option is apparent.
This is pretty much always because you have the URL pattern entered incorrectly...
Can you post the site URL, and what you have for the URL pattern?
The most common problem is not realizing that the pattern matching is based on an EXACT match...
Click the 'Pattern Help' (http://passwordmaker.org/Firefox/Mozilla/SeaMonkey/Flock/Netscape/Advanced#URLs_Tab) button (on the 'Account Settings' > URL tab), which takes you to the wiki page explaining how the patterns work in detail.
The most common error is forgetting to add the trailing '/*'...
2.) What is the relevance of Master Password Hash > Status of > Stored/otherwise ?
Is the wiki page entry (http://passwordmaker.org/Firefox/Mozilla/SeaMonkey/Flock/Netscape/Advanced#2._Master_Password_Hash) insufficient?
3.) In Account-Specific Settings > concerning I33t, where can I find more info on applying these options?
Hmmm, I don't see anything on that on the wiki...
I just did a major reorganization of the Advanced Usage (http://passwordmaker.org/Firefox/Mozilla/SeaMonkey/Flock/Netscape/Advanced) page to allow for finishing up this section, but it may be a few days before I can get to it...
4.) In Account-Specific Settings > Modifier, please clarify what information is added here (I'm pretty confused by the different threads I've read regarding this)?
The modifier is simply that... whatever you enter into this field will result in a different generated password... just like a different Master Password will result in a different generated password.[/quote]
Gracias! :)
De nada... ;)
-
A few additional comments to supplement tanstaafl's response.
1) The ring icon on the status bar is a helpful indicator. While parked on the URL you are trying to access, if the ring is horizontal and grey in color no account is recognized for that site. If it is colored gold and slanted @ 45 degrees an account has been identified for that site.
3) Simply put the leet settings is just another way to throw some randomness to your generated password. As well as add extra security of being yet another setting someone would need to know in order to reproduce your password.
4) The modifier was added as a feature request some time ago. Some sites require you to change your password periodically (banks for example). This way you can change your password without having to change the other settings to your account.
-
Good evening guys and thanks for your patience. 8)
Concerning #1, I can say with only mild embarrassment that you are quite correct tanstaafl! I completely grasped the opposite end of the stick here, yet by some fluke of a miracle in the past hour I've managed to crack it given the info from you guys and a little more reading! Although I thought initially PWM activated the login automatically, yet on testing the password further I've had to hit the login button manually - was this just my imagination?
Quixin your tip regarding the ring icon in the status bar was invaluable though since my success this now behaves differently. Is this dependant on cookies in any way at all (I'm going to follow on for a bit and see what happens before elaborating)?
Something is sinking in so I'll come back to #2 later on...
For #3 I think something needs to be conveyed which gives some basic insight into the three active options. Incidentally, when I added the before+after option, level 5, the password strength indicator dropped significantly. :o
#4 is beyond me as yet. Sounds like you guys are saying something different as seems the case in many of the threads.
Ah well, it's early doors still! :)
-
For #3 I think something needs to be conveyed which gives some basic insight into the three active options. Incidentally, when I added the before+after option, level 5, the password strength indicator dropped significantly.
I wouldn't put much stock into the strength indicator. It really only serves as a guide. There has been discussion about replacing it but other features and fixes garner greater priority. The leet setting is in general is just another way to add some randomness to the recipe. I think the idea from the start is that given so many options to choose different hash algorithms, leet settings etc. are to make your password that much more secure. One could possibly argue that its overkill.
#4 is beyond me as yet. Sounds like you guys are saying something different as seems the case in many of the threads.
tanstaafl is saying an entry into this field will result in a change to your generated password. Keep that in mind, your password is generated based on all these settings that you are choosing. If you take all these settings (master password, url, username, leet setting, modifier) and throw them in a blender, they come out the same way everytime. If one of these setting are not perfect. The password will not be generated correctly.
Picture this now. You create a new account for your bank website. You set your url, your username, the hash. You may even choose to use a leet setting and level. You have a brand new generated password that you submit to the banks registration page. Now 1 year passes by and your receive notification that your bank required you to change your password once per year for security purposes. Without the modifier you would have to either change your hash, or perhaps your leet setting. What if you prefer to use the same setting for every account you have though. You now have the option to simply put a 1 or an A or whatever in the modifier field giving you a new generated password as well as leaving all your account settings the same.
Hope this helps...
-
Thank you quixin, most helpful indeed. 8)
Concerning the Modifier, does whatever might be entered for this have to follow any particular sequence once you have started, or can you literally change it to anything, any time, to suite?
How do you go about updating your chosen logon when the time comes to implement the change? Would you login with the existing password, edit the modifier, and simply follow the same actions for changing an existing password?
Does the use of a modifier work equally well for Defaults in your opinion? Any pitfalls you can think of for beginners in this respect?
Much obliged,
Jon
-
Hi Jon,
Yes, it can be anything... a single character, a word, a phrase, a date (formatted however you want), etc...
The important thing to understand is that ANY change will change the generated password... for example, if you had a 'a' in this field, the generated passwrod would be one thing... if you then changed this to 'A', the generated password would be completely different.
-
Hi Jon,
Yes, it can be anything... a single character, a word, a phrase, a date (formatted however you want), etc...
The important thing to understand is that ANY change will change the generated password... for example, if you had a 'a' in this field, the generated passwrod would be one thing... if you then changed this to 'A', the generated password would be completely different.
Yes understood, so it will be how you implement the change which would determine whether or not you mess up a logon with this feature enabled. In which case is the assumption I have made above correct/on the right track?
The main difficulty as I see it for new users is URL patterns, myself included, especially for the purpose of migrating existing accounts to PWM. Whilst I have managed to make some progress, in so far as establishing PWM with a certain few logons/accounts, I'm pretty sure these are not very well designed. Or to put it another way, PWM has enabled me to generate passwords for some custom accounts (existing logons), yet as a whole there is some dysfunction with the arrangement, and therefore still some work to be done.
Is there any reason not to discuss individual logons/URLs on the open forum?
Cheers,
Jon
-
The main difficulty as I see it for new users is URL patterns, myself included, especially for the purpose of migrating existing accounts to PWM. Whilst I have managed to make some progress, in so far as establishing PWM with a certain few logons/accounts, I'm pretty sure these are not very well designed. Or to put it another way, PWM has enabled me to generate passwords for some custom accounts (existing logons), yet as a whole there is some dysfunction with the arrangement, and therefore still some work to be done.
You might be interested in some Feature Requests of mine that will substantially reduce the initial learning curve while increasing the basic security of PWM for custom Accounts at the same time...
In this post (http://forums.passwordmaker.org/index.php/topic,1385.msg1280493) I outline a change to the way Basic and Advanced Options work in general...
And in this post (http://forums.passwordmaker.org/index.php/topic,1359.msg1279932), I outline a change to the way the Advanced Settings work, specifically the way the 'Using Text' and URL Patterns are used to generate passwords.
It's a bit of a read, especially if you read the original threads that resulted in the FRs, but well worth it if yo are interested in making PWM easier to use...
-
Just to clarify the above comment - this relates to my own current lack of expertise tanstaafl.
That said, I was saying to myself earlier that I should have a more in-depth look at the FAs, and will endeavor to do this, as well as gladly pick up with those you have pointed out, just as soon as possible.
;D
-
Just to clarify the above comment - this relates to my own current lack of expertise tanstaafl.
No, it is a definite issue with new users... you aren't the only one who has had problems grasping the Advanced Options...
The FR's I referenced in my last message are meant to directly address this area of complexity.
-
I've read the wiki and the FAQs. I'm confused, really confused. Now I'm going to read them again with a pen and paper and see if I can make a plan and some sense of everything.
Over 60, ready to go on Social Security, and I don't understand your computerese. The Wiki is like Greek to me. I've been using computers for over 15 years, and this is the very first time I have been so completely baffled by a set of instructions.
I have to agree, I can't see any evidence that this has gone through usability testing. Having tried to introduce it in to business environments, I can say it's difficult to administer and difficult to train the users.
The user can't be presented with any choices, they should just enter their username on the web page. The administrator shouldn't have to set up a unique account for every logon page, but should be able to create sets of generic accounts.
-
Rdebay,
Real security will never be as simple as pressing a button.
While I agree that PWM has a lot of room for improvement, the fact is, it is very simple to use once you learn how to use it.
The learning curve is steep for advanced use, but for basic use it is pretty easy.
As for rolling it out in a business environment - you'd have to provide some training sessions, and follow-up support... but it shouldn't be that big a deal, unless you wanted to make its use mandatory, which I probably wouldn't do...
You can lead someone to instructions on how to be secure online, but you can't make them follow them.
-
I've read the wiki and the FAQs. I'm confused, really confused. Now I'm going to read them again with a pen and paper and see if I can make a plan and some sense of everything.
Over 60, ready to go on Social Security, and I don't understand your computerese. The Wiki is like Greek to me. I've been using computers for over 15 years, and this is the very first time I have been so completely baffled by a set of instructions.
I have to agree, I can't see any evidence that this has gone through usability testing. Having tried to introduce it in to business environments, I can say it's difficult to administer and difficult to train the users.
The user can't be presented with any choices, they should just enter their username on the web page. The administrator shouldn't have to set up a unique account for every logon page, but should be able to create sets of generic accounts.
I'd like to point out that Abine, a PasswordMaker offshoot, supports the kind of accounts you're talking about here and the other thread you started (http://forums.passwordmaker.org/index.php/topic,1655.0.html). At least, I think it does. I'm sure tanstaafl will tell me why it doesn't ;D