Author Topic: help with Master Password changing  (Read 17289 times)

Offline popmonkey

  • Jr. Member
  • **
  • Posts: 11
help with Master Password changing
« on: November 02, 2005, 12:30:15 AM »
If this has already been discussed, my apologies.  i looked through the request list and the search for this forum is disabled.

what i would like to see is a feature that helps when the master password has to be changed due to compromise or for paranoid reasons.

example of how i would see this working:
 . you click on a button that says: "convert to new Master Password"
 . this automatically marks all the custom accounts in, say, red
 . allow password maker to have an "old Master Password" and "new Master Password" entered
 . go to a website, pick "populate with old Master Password"
 . go to password change page, "populate with new Master Password"
 . have PM ask "was password change successful?"
 . if true, marks the custom entry green
 . if false, doesn't do anything

this would allow you to remember which accounts haven't been change yet and give you the ability to use two different master passwords during the transition period and picking which master password you wish to use depending on whether you're logging in or entering a new password.

it could be simplified by letting you flag the custom accounts for whatever reason and to have the option of 2 or more master passwords.  the user could then take advantage of this to make all the necessary changes.

you could also add an option to store the old master password and give the user a warning saying: "you realize you just logged in using the old master password, time to change password to the new master"

if i think of a more elegant solution i will post again.

NOTE: i've done this before (no, i wasn't paranoid, i realized i accidentally compromised my master), by hand, but it was really time consuming, had to constantly type in the master password depending on what state i was in and keep a record of what custom accounts have been changed in a spreadsheet.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
help with Master Password changing
« Reply #1 on: November 02, 2005, 03:53:49 AM »
Welcome, popmonkey.

Quote
If this has already been discussed, my apologies. i looked through the request list and the search for this forum is disabled.
No worries. This isn't one of those forums where we grind you into mush and feed you to hungry, feral dogs if you "repost". The search engine problem will be resolved in the next few weeks when the forums are hosted internally.

Anyway, your feature has been requested before -- both here and sort of hinted at again  here. I successfully ignored it until now :)

The issue you and ajw ("Al") raise is clearly an important one, especially as people begin to use PasswordMaker over the course of years, rather than months, so I will ignore it no longer.

Somehow I'm reminded of a quote from History of the World: Part I, "I give you the 15 [moses accidentally drops and breaks one of the three tablets he's holding], no 10, 10 commandments!". One... no two... two passwords to rule them all! :crazy:

Quote
example of how i would see this working:
. you click on a button that says: "convert to new Master Password"
. this automatically marks all the custom accounts in, say, red
. allow password maker to have an "old Master Password" and "new Master Password" entered
. go to a website, pick "populate with old Master Password"
. go to password change page, "populate with new Master Password"
. have PM ask "was password change successful?"
. if true, marks the custom entry green
. if false, doesn't do anything
I like this implementation very much, except for one point: "have PM ask "was password change successful?" I think this will have to be done manually. I'm not sure how PasswordMaker can automatically sense when to prompt you for this. I'll think about it more, but that's my initial feeling. Otherwise, I think your implementation idea only needs these additions/changes:
  • "if true, marks the custom entry green" => I think it should reset the entry back to black, like it originally appeared
  • When there are no more red accounts, PasswordMaker allows you to press the "convert to new Master Password"  again. It's greyed out until then.
Is there any reason you'd want more than 2 master passwords at the same time?

Offline popmonkey

  • Jr. Member
  • **
  • Posts: 11
help with Master Password changing
« Reply #2 on: November 02, 2005, 06:30:48 AM »
Quote
Anyway, your feature has been requested before -- both here and sort of hinted at again  here. I successfully ignored it until now :)

The issue you and ajw ("Al") raise is clearly an important one, especially as people begin to use PasswordMaker over the course of years, rather than months, so I will ignore it no longer.

Excellent!

Quote
Somehow I'm reminded of a quote from History of the World: Part I, "I give you the 15 [moses accidentally drops and breaks one of the three tablets he's holding], no 10, 10 commandments!". One... no two... two passwords to rule them all! :crazy:

that was a great film.  "the inquisition, lets begin, the inquisition, look out sin" etc.

Quote
Quote
example of how i would see this working:
. you click on a button that says: "convert to new Master Password"
. this automatically marks all the custom accounts in, say, red
. allow password maker to have an "old Master Password" and "new Master Password" entered
. go to a website, pick "populate with old Master Password"
. go to password change page, "populate with new Master Password"
. have PM ask "was password change successful?"
. if true, marks the custom entry green
. if false, doesn't do anything
I like this implementation very much, except for one point: "have PM ask "was password change successful?" I think this will have to be done manually. I'm not sure how PasswordMaker can automatically sense when to prompt you for this. I'll think about it more, but that's my initial feeling. Otherwise, I think your implementation idea only needs these additions/changes:
  • "if true, marks the custom entry green" => I think it should reset the entry back to black, like it originally appeared
  • When there are no more red accounts, PasswordMaker allows you to press the "convert to new Master Password"  again. It's greyed out until then.

that sounds fine.  the idea about PM "asking" if the password change was successful was not stated well by me.  i kind of see it as a context menu feature.  you right click, pick new password, or pick new password + complete password change which returns the account color to normal in one click.

Quote
Is there any reason you'd want more than 2 master passwords at the same time?

well, my second idea was to make the whole thing much more generic, i.e. have two systems: one to flag accounts for action, and let the use set and clear the flags, sort of like how you do "follow up" flags in many mail programs.

the second piece would be the ability to have, in memory, or on disk, multiple passwords.  1, 2, 16, let the user decide.  most people would just need 1, and 2 during an mp change.  however, you never know what kind of clever stuff users will come up with.  so the second solution is less wizardy, but much more open ended and therefore useful for things you may not have even considered yet.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
help with Master Password changing
« Reply #3 on: November 02, 2005, 12:46:33 PM »
Quote
the second piece would be the ability to have, in memory, or on disk, multiple passwords. 1, 2, 16, let the user decide. most people would just need 1, and 2 during an mp change. however, you never know what kind of clever stuff users will come up with. so the second solution is less wizardy, but much more open ended and therefore useful for things you may not have even considered yet.
Yes, that's why I asked. Clearly someone, someday will want >2 master passwords.

Quote
well, my second idea was to make the whole thing much more generic, i.e. have two systems: one to flag accounts for action, and let the use set and clear the flags, sort of like how you do "follow up" flags in many mail programs.
Are the flags just for any use the user wants? The user can apply the flag/remove it whenever? If so, how can each account be shown to which master password it belongs? Should each master password be assigned a number?

I'm hoping ajw will add his opinions here, too.

-Eric

Offline ajw

  • Jr. Member
  • **
  • Posts: 81
help with Master Password changing
« Reply #4 on: November 02, 2005, 06:10:11 PM »
Quote
I'm hoping ajw will add his opinions here, too.
You got it!  (if there's nothing else I have, it's opinions!  and I do remember the old quote about everyone having opinions and...  :)


About multiple master passwords
Think about the case of someone having hundreds of accounts - many of which may never be used again - or maybe they will...
There's no way any user is going to go hit all the sites just so they can change the master password - that's just too time-consuming.
Worse, imagine this poor guy is sloppy and keeps compromising their master password (or just keeps wanting to change it...)

Two MPW won't be enough - you're forcing them to update all the old sites before they can change the MPW again..  Three, or 10, or 50 might not be enough!  Managing that many MPWs sounds very messy to me.

Instead of remembering multiple MPWs, I'd suggest the scheme from ability to change master password without loss:
    PM would iterate through all the accounts, generate the password with the old MPW, and store it as a pre-determined password (in the soon-to-be-added (?) "static password" field), so that password isn't lost - after all, that's the one the web site is set to use.

    It would mark a flag indicating that this account needs to be changed to the new MPW-generated password. (The next time the account is used, and the old password entered at the web site, a popup could alert the user to change to the new password)
    [/li][/list](note:  this is the same as some of us currently do:  set the prefix field to the desired password, and set the password length for that password)

    This way, any old accounts retain their last-used password, and the master password can be changed immediately.  And may be changed multiple times - the old accounts will still keep their 'fixed' password, any newer accounts (with passwords generated using the new MPW will be set to their now-'fixed' password, and the MPW can be changed.  And this can be done over and over without losing any in-use passwords.)

    The accounts should be tagged to indicate they're using an old password (and should be updated to use the new MPW) - the red/green idea.  (although I agree with Eric - it should be red/black)

    And, I might add, this stays as "One Password to Rule Them All" :)

    If you wait until all accounts are no longer red (every account has been updated) before switching to the new MPW, some users (like me) will *never* switch because there's just too many old accounts to update.

    Quote
    Quote
    Somehow I'm reminded of a quote from History of the World: Part I, "I give you the 15 [moses accidentally drops and breaks one of the three tablets he's holding], no 10, 10 commandments!". One... no two... two passwords to rule them all!
    that was a great film. "the inquisition, lets begin, the inquisition, look out sin" etc.
    Oh, indeed!  Other than Spaceballs (which just came out years too late) I can't think of a Mel Brooks movie I haven't loved!  Saw Blazing Saddles recently - every bit as funny as I remembered it to be!

    Quote
    Quote
    well, my second idea was to make the whole thing much more generic, i.e. have two systems: one to flag accounts for action, and let the use set and clear the flags, sort of like how you do "follow up" flags in many mail programs.
    Are the flags just for any use the user wants? The user can apply the flag/remove it whenever? If so, how can each account be shown to which master password it belongs? Should each master password be assigned a number?
    There should be a flag to make the account show up "red" - which should be able to be reset by the user - they may not *care* that it's using an old MPW (or 'fixed' password in my scheme).  I'd say these should be resettable on a per-account, per-group, or global basis.  (or possibly by selecting accounts and resetting the flag on those)

    The other flag I see would be one to display a popup "this site should change to the new master password" - again, resettable on the same basis.  Any such popup should be able to remain "on top" without interfering in any use of the browser or PM.  I'd suggest it have buttons like "fill in old password field" and "fill in new password field(s)"  to make it convenient to change passwords at the site.   Probably other buttons like "remind me next time" "don't remind me again" etc.

    Keeping it on-top is a good reminder to change passwords (I really *will* forget by the time I log in! :)  and if it's kept displayed it absolutely must not interfere with other use - they have to be able to navigate to the "change password" page!


    - Al -

    Offline popmonkey

    • Jr. Member
    • **
    • Posts: 11
    help with Master Password changing
    « Reply #5 on: November 02, 2005, 09:24:05 PM »
    mostly, i like ajw's solution, but it only works with custom accounts.  if you use the default settings for some sites (i do) i'd still like to have a temporary way to have 2 passwords: old and new (which would also enable a new item in the context message, "fill in using old mp")

    an yeah, as far as the flags, i was thinking just let the user decide how to use them.  it's just like marking something as important in email.  people use those flags for many things.

    that's the generic, power user solution.  the passwordmaker wizard solution is to hold the user's hand as much as possible...

    Offline ajw

    • Jr. Member
    • **
    • Posts: 81
    help with Master Password changing
    « Reply #6 on: November 02, 2005, 09:41:39 PM »
    Quote
    mostly, i like ajw's solution, but it only works with custom accounts. if you use the default settings for some sites (i do) i'd still like to have a temporary way to have 2 passwords: old and new (which would also enable a new item in the context message, "fill in using old mp")
    Good point!  I always create custom accounts, so I didn't think of that...

    I can see ways that just keeping the MPW isn't sufficient (change the character set or hash method for example) - I wonder if the ability to maintain past "default" settings would be good - they might or might not keep the MPW with them; if you're changing something else, no need to keep the MPW with the "old default" account...

    This seems messy, but I don't see anything better off the top of my head.

    How do you tell PM to use an "old default" account?  Wouldn't want something popping up at *every* site - that'd be obnoxious.

    - Al -

    Offline Tyrantmizar

    • Sr. Member
    • ****
    • Posts: 307
    help with Master Password changing
    « Reply #7 on: November 10, 2005, 12:34:07 AM »
    So.. what's the verdit?
    Tyrantmizar
    - <a href="http://tyrantmizar.blogsome.com/">Check out my blog</a> (shameless plug :P)
    - Lord of the Feature Requests / Enhancements Forum - BWAHAHAHAHA!!!!
    - Lord of the other one, the [url=http://forums.passwordmaker.o

    Offline tanstaafl

    • God Member
    • ******
    • Posts: 1363
    help with Master Password changing
    « Reply #8 on: January 11, 2007, 05:55:46 PM »
    Quote from: Tyrantmizar
    So.. what's the verdit?
    Guilty, I say! Off with his head!

    PasswordMaker Forums

    help with Master Password changing
    « Reply #8 on: January 11, 2007, 05:55:46 PM »