Author Topic: Hide 'When URL contains' username  (Read 12590 times)

nervous bankuser

  • Guest
Hide 'When URL contains' username
« on: February 19, 2006, 12:29:36 PM »
I suggest you allow a toggled option to have the 'When URL contains' field hidden (or asterisked) after a username is entered, otherwise any bypasser/screenshot trojan could obtain it during configuration or the login process.

Many financial websites unfortunately also leave the username revealed. I don't suppose it is possible for PasswordMaker to somehow copy the username in hidden fashion into the username field on such a website?

Incidentally, in order to produce a memorizable but random username I enter a memorized word as username, then copy the resulting password back into the PasswordMaker username slot. Some day you might want to automate that feature.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Hide 'When URL contains' username
« Reply #1 on: February 19, 2006, 03:29:45 PM »
And then I see you already found the FR forum... ;)

Ok, added the second request as: 'Mask Username When Populating Username/Password fields'

Added the last request as 'Generate random username automatically from entered username'

But for the first request I need some clarification...

Which specific field on which specific window are you talking about?
« Last Edit: February 19, 2006, 03:53:04 PM by tanstaafl »

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide 'When URL contains' username
« Reply #2 on: February 19, 2006, 11:58:45 PM »
Quote
Mask Username When Populating Username/Password fields'
Won't this be covered by don't auto-populate username if MPW not entered correctly and Encrypt PasswordMaker.rdf?

You essentially won't be able to look at any of the settings after passwordmaker.rdf is encrypted (unless you enter the MPW correctly).

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Hide 'When URL contains' username
« Reply #3 on: February 20, 2006, 12:55:00 AM »
Quote
Quote
Mask Username When Populating Username/Password fields'
Won't this be covered by don't auto-populate username if MPW not entered correctly and Encrypt PasswordMaker.rdf?

You essentially won't be able to look at any of the settings after passwordmaker.rdf is encrypted (unless you enter the MPW correctly).
Hmmm... good points, and points which raise a question that I had a while back but fogot to voice...

How, exactly, is this gonna work? How is PWM gonna know if the MPW is correct or not? I think we discussed storing the MPW - or more likely its hash? - in the RDF file? If so, then for this to work properly for me, the MPW hash will have to be stored for each account, because I use more than one MPW.

Wait - did we discuss having a separate password, solely for encryoting the rdf file?

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide 'When URL contains' username
« Reply #4 on: February 20, 2006, 01:34:26 AM »
We'll either have to store a the hash of a MPW for each account, or the hash of a separate password. I don't think it really matters now; we can work out the details when I start working on the enhancement (I'll post about it then)... but for now I think we agree nervous banker-guy's request is already covered?

PasswordMaker Forums

Hide 'When URL contains' username
« Reply #4 on: February 20, 2006, 01:34:26 AM »