Default Override

[deepwtr]

Alright... I'm sure there is something I am missing but I've read the instructions, the FAQ, searched the forums and done a number of tests with PasswordMaker and I cannot get around this issue.

First off I'm running the latest version, 1.6, in Firefox 1.5.0.7.  I've had PasswordMaker as one of my addons for over 6 months now and finally decided I needed to go through my mountain of logins and make them more secure.

My usernames and passwords requirements are all over the place so I planned to make a separate account for each login.  I set  the Defaults to use a simple 8 character MD5 hash using only letters and numbers since I didn't intend to use the Defaults anyway.  I decided on my master password which consists of upper/lowercase letters and numbers.

I created a new Group and then created a new Account for a website I knew I could change the password for if I ran into trouble.  I set it up to use the domain.com and specified using leet before the password, MD5, 10 characters, only letters and numbers (since this website had an issue with some special characters) and then changed the password on the website to use the one in PasswordMaker and it did not work so I tried a slightly easier password and it still did not work.

So I figured it might be the website so I tried google.com since I have an account based off of it for e-mail, calendar, etc.  I ran through the same steps and it still wasn't working so I decided to force the password to use a prefix that matched the current password and limit the length to match the prefix and that didn't work either.

At this point I figured that the addon had been corrupted or had issues from previous updates so I uninstalled the addon and re-downloaded it from Mozilla's addon section.  I then tried it again setting up a new group and account and ran into the same problem... the password was invalid.  

After that I went to the Global Settings and turned on the feature "Show all passwords on web pages as clear text" and that is when I found out that it was pulling the password generated by the default and not by the group account.  I played around with it some more and even went as far as to force the Advanced Auto-Populate tab to fill in the password field with the correct password to no avail.

As I understand it any account should automatically override the default settings but it seems to be the other way around.  The default settings are overriding any and all accounts I try to setup.

If anyone could shed some light on this situation I would appreciate it.

Deepwtr

[Miquel 'Fire' Burns]

What does it show on the URLs tab for the account?
With Google for example, a wildcard (like it was before 1.6) to use is *google.com*
If you want to use regex, I like a setup like this (Yea, I know, it's really only been out one day and I got a preference already, I'm that nuts): https?://([^/]\.)?google\.com/.*

[tanstaafl]

After that I went to the Global Settings and turned on the feature "Show all passwords on web pages as clear text" and that is when I found out that it was pulling the password generated by the default and not by the group account.

This is definitely related to the major new way that PM determines the URL to use...

On the URL's tab (advanced settings), you need to make sure that the Pattern you have set to match actually results in a match.

To learn the power of this new functionality, I highly recommend that you read and study the 'Pattern Help' page:

http://passwordmaker.org/help/patterns.html

This should answer your question.

It is a major change, but one that was sorely needed, and provides dramatically improved security and flexibility (no more duplicate accounts for some accounts that can have different login URLs. It also dramatically increases security, because now you can make the rule 'When URL STARTS WITH and contains...

[deepwtr]

Miquel,

I did play around with using wildcards but was still having the same problems.  I guess I'm gonna have to dust of my knowledge of regular expressions and put it to good use... haha  

Tanstaafl,

I understand and appreciate the need for the change so I'll play around with it until I get it working to my satisfaction.  If I have any issues I'll let ya'll know.

Thanks again,
Deepwtr

[Eric H. Jung]

Hi Deepwtr,

There's no need to learn regular expressions. Most people (especially if you're just starting with custom accounts) should be able to get by with wildcards instead of regular expressions. RegExps are there for the power users (like miquel )

You can determine which account was "matched" on a site by hovering over the PasswordMaker ring in the statusbar. There's no need to check "Show all passwords on web pages as clear text". Also, you can quickly tell if the Default account was used or a custom account based on the orientation of the ring (angled or vertical). No need to hover to see the tooltip unless you want more detailed info.

So, what happens when you create a custom account and specify a wildcard pattern of "*google.com*"? There's no reason that shouldn't match http://mail.google.com et. al.

-Eric

[deepwtr]

Hey Eric,

I tried adding a pattern just using wildcards again and it worked this time.  I must have messed something up the first time I did it.  Not that I don't want to use regular expressions I just don't have a need for them at the moment so wildcards work fine for me.

And thank you for the added info... that's good to know.  I appreciate the help.

Thanks,
Deepwtr