Blundered in and now need help

[sailinship]

Hello, thankyou for this tool. I found it in the suggested add on extension's list on Firefox's site. I DL'd it months ago but was scared to use it. I am only three years old as far as my computer use goes and I am learning, but it is slow.

I went ahead and jumped to a bunch of my lower security sites, selected change password, and then jumped around in the PWM changing the algorithm's and the character sets. I didn't create any accounts, just kept it on default and now it's not working.

I did read the whole only text, everything, but I did not understand, until I read here, that each site must be it's own account. That is correct right?

If that is so, what is the default account useful for.

And by the way,am  I correct in assuming that I now have to go back to all of those sites and complete the whole "Lost your password?" process because I cannot remember the settings for each site?

Also, for low level sites, like discussion boards, IMDB, etc. what would be the best default settings? In other words what is a good algorithm/character set to use?

Lastly, when I was trying to set new passwords, many sites did not allow me to. I just kept getting weird messages. Messages like incorrect password, even though my old password was correct and many more. What should I do when a site is not letting me set a password with PWM?

Thanks, Sailinship

[tanstaafl]

Hello, thankyou for this tool. I found it in the suggested add on extension's list on Firefox's site. I DL'd it months ago but was scared to use it. I am only three years old as far as my computer use goes and I am learning, but it is slow.

PWM does have a learning curve, but it is well worth it. The good news is, as long as you are willing to spend a few hours, you shouldn't have any trouble mastering it fairly quickly...

I went ahead and jumped to a bunch of my lower security sites, selected change password, and then jumped around in the PWM changing the algorithm's and the character sets. I didn't create any accounts, just kept it on default and now it's not working.

Wow - big mistake...

You probably already figured this out, but for the benefit of any new people reading this...

By using the Defaults, and changing them for each site, you put yourself into the predicament of having to be able to remember the changes you made for each site...

I did read the whole only text, everything, but I did not understand, until I read here, that each site must be it's own account. That is correct right?

Not at all...

Feel free to use the Defaults for any/all sites you want - but many people do use it only for non-critical sites.

Specific Accounts is best - but not necessary - for critical sites, like financial/banking sites, etc...

Creating a specific account for a site gives you a lot more flexibility - you can define a different character site (if that site doesn't allow certain characters that you normally use), change the settings (require more characters to make the password stronger, etc)...

If that is so, what is the default account useful for.

I use it for non-critical sites - website forums (like this one), etc...

And by the way, am  I correct in assuming that I now have to go back to all of those sites and complete the whole "Lost your password?" process because I cannot remember the settings for each site?

Pretty much, yes...

It is highly recommended to take it slowly until you get used to it...

Change one password at a time... log in/out a few times, etc... then change another one...

Think about what you're doing - I bet if you had done this, you'd have realized by the second account, when changing the settings, 'hey, I'll have to change the settings back when I go to the first account' - and may still have been able to remember the changes you had made...

Also, for low level sites, like discussion boards, IMDB, etc. what would be the best default settings? In other words what is a good algorithm/character set to use?

Heh - the defaults are fine - but changing them just makes it more secure, because now you have made them *your* defaults, as opposed to the generic, first time install defaults.

Lastly, when I was trying to set new passwords, many sites did not allow me to. I just kept getting weird messages. Messages like incorrect password, even though my old password was correct and many more. What should I do when a site is not letting me set a password with PWM?

Sounds like your original/current password was being entered by PWM... which means, of course, it would be wrong.

I generally do not use the coolkey when changing passwords - I open PWM, and click on the 'Copy Generated Password to Clipboard' button, then manually paste it where it goes (twice is usually required).

Thanks, Sailinship

You're welcome, and welcome to the world of Passwordmaker... it really is awesome (thanks again Eric)!

[sailinship]

Hey thanks for the quick reply and all of the useful info. But... I have some more questions.

1. Why, when using the default setting, are you able to change the algorithm (without making any other changes) and get a higher security rated password. Shouldn't it pick the most secure sight?

2. "I generally do not use the coolkey when changing passwords - I open PWM, and click on the 'Copy Generated Password to Clipboard' button, then manually paste it where it goes (twice is usually required)."

good info, but were is the clipboard? Where do I see the PW?

3. "Sounds like your original/current password was being entered by PWM" not so, I know it wasn't. Some sights just wouldn't let me use the PMW. What do I do then?

Thanks again.

[Miquel 'Fire' Burns]

Hey thanks for the quick reply and all of the useful info. But... I have some more questions.

1. Why, when using the default setting, are you able to change the algorithm (without making any other changes) and get a higher security rated password. Shouldn't it pick the most secure sight?

What's the best algorithm for a site, master password, character, etc. is different each time. And just because the password is highly rated by PWM doesn't mean it really is that secure however.

2. "I generally do not use the coolkey when changing passwords - I open PWM, and click on the 'Copy Generated Password to Clipboard' button, then manually paste it where it goes (twice is usually required)."

good info, but were is the clipboard? Where do I see the PW?

When you open it, the PW should be visible in the PWM window. Also, the clipboard is part of the OS (Windows most likely, or Mac).

3. "Sounds like your original/current password was being entered by PWM" not so, I know it wasn't. Some sights just wouldn't let me use the PMW. What do I do then?

Thanks again.

This goes the the advanced level of using accounts in PWM.

[tanstaafl]

1. Why, when using the default setting, are you able to change the algorithm (without making any other changes) and get a higher security rated password.

The Password strength indicator is really there just for a certain comfort level - it is an *indicator*, nothing more. As miquelfire said, just because the meter shows a very strong password doesn't *necessarily* mean that it is very secure, but it does give you a good idea. For instance, I have seen what I would consider to be very strong passwords show as very weak...

In general, a combination of more characters (the longer the password) and more *special* characters - ie, `~!@#$%^&*()-_=+[{]};:'",<.>/?\| - the more secure your password will be.

But, there is another facotr - if the site you are logging into doesn't use some kind of throttling mechanism to detect/prevent what is known as a 'dictionary attack' (a program that just tries every possible password, based on a dictionary, including the simple use of 'special character substitution', ie, $ for S, 1 for I, etc) - then that site is very insecure anyway.

Bottom line - for financial stuff, create specific accounts, and use the longest password they allow, and all of the special characters they allow. If you don't know, as their tech support. If they aren't cooperative, let your money do the talking (find another service provider).

2. "I generally do not use the coolkey when changing passwords - I open PWM, and click on the 'Copy Generated Password to Clipboard' button, then manually paste it where it goes (twice is usually required)."

good info, but were is the clipboard? Where do I see the PW?

The clipboard is part of the OS - it is basically invisible. When you 'Copy' something, it goes to the clipboard. So, copy it, then click inside the password field, then simply paste it (on Windows, it is 'Ctrl-V', on the Mac it is 'Cmd-V')...

3. "Sounds like your original/current password was being entered by PWM" not so, I know it wasn't. Some sights just wouldn't let me use the PMW. What do I do then?

Ok, then, it must not have liked one or more of the special/non-alpha-numeric characters that your new PWM password contained... the most problematic that I have encountered are the 'tick', 'tilde', both single and double quotes, the 'pipe' symbol, and both slashes, but some sites don't allow ANY.

Ultimately, if it is a critical site (bank, etc), you need to find out for sure what characters they don't allow - and if they *only* allow letters and numbers - then find another bank - they don't care about security.

Hth... Charles

[Eric H. Jung]

And just because the password is highly rated by PWM doesn't mean it really is that secure however.

Yeah, the current way PasswordMaker calculates the "security rating" of a password is pretty lame and very confusing. It should be revamped to be something MUCH simpler like what tanstaafl wrote (length + special chars). I tried to make it really complex and smart, but in the process I think I just ended up creating the opposite of that.