Author Topic: Accounts and URL patterns question  (Read 10444 times)

MyCsPiTTa1

  • Guest
Accounts and URL patterns question
« on: July 29, 2007, 01:26:31 PM »
Hiya,

I have a couple of questions (and no doubt a few more later on!)

1) I have some logins that use a different username than my default. So I create a new account and change a) the username b) add a url pattern and c) maybe the character set. I've been making a separate account per site even though some of them use the same username. Can I just add multiple URL patterns (e.g. *www.mybank.com* and *www.ebay.com*) to one account if they both use the same username. I did try this once and it didn't seem to work as it used only one of the URLs to generate the passwords.

2) The default account just "senses" the correct URL when I'm on the page when making a new password but my specific accounts need me to additionally add those URL patterns - why is that?

3) On the topic of URL patterns... I sometimes never really know what the exact URL of the page is going to be (e.g. some pages use an https://, some an http://, some have no www, and some have extra stuff after the main URL e.g. www.ebay.com/user/browse/1234 <----- I'm just making that stuff up...). So when I want to add a pattern I end up having to put in something general like *ebay.com* to cover all bases. Doesn't that make it a bit insecure from sites (phishing sites?) with deliberately similar URLs?
My bank, for one example, is a hard one as the login page is a pop-up window with no address bar, which closes after login (though, in fact I've actually managed to get that one to work so it's not a prob).

This looks like a great extension and I'm slowly getting a few things sorted out but I don't know if I'm going about it the best way - a lot of what I've done is trial and error. I have to say it seems like the manual is more of a menu glossary than a step-by-step tutorial in how to use the program. Most of what I've learnt has been from the forums but it's meant I've had to go back and change a whole load of generated passwords more than once after doing them wrong the first time/s.
I know it's a lot of effort to write a good manual but it seems many people here on the forums are having the same problems with the very basics. Who knows, maybe I'll write one myself when I know enough about it...

Anyway thanks, I know I want to ask some stuff about the online/portable versions (so I can use it at work) but I'll leave that for another post.

OH ONE LAST THING I realise now when clicking submit. I registered on the forums 2 days ago and never received a confirmation email (I re-asked for one 3 times too). So now I can't even register again from the same computer :(

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Accounts and URL patterns question
« Reply #1 on: July 29, 2007, 03:56:34 PM »
1) I have some logins that use a different username than my default. So I create a new account and change a) the username b) add a url pattern and c) maybe the character set. I've been making a separate account per site even though some of them use the same username. Can I just add multiple URL patterns (e.g. *www.mybank.com* and *www.ebay.com*) to one account if they both use the same username. I did try this once and it didn't seem to work as it used only one of the URLs to generate the passwords.
Correct. Yes, you can do this, but as you noted, there is only one 'Use the following URL...' field, while you can have multiple URL patterns to match on. There is a one-to-one ratio of account to generated username/password.

Quote
2) The default account just "senses" the correct URL when I'm on the page when making a new password but my specific accounts need me to additionally add those URL patterns - why is that?
Good question...

First, to answer your question - PWM must have some way of knowing when an account is to be used, so you must tell it ahead of time.

But, this is definitely a source of new user confusion, and I have created a FR (Feature Request) to add a New 'Default' and 'Advanced' Security Modes model to simplify this aspect of PWM, with the current URL Pattern wildcards/regex pattern as the 'Advanced' mode... please feel free to go and vote for it (you have 5 votes, so be sure to read all of them and vote for any others that interest you.

Quote
3) On the topic of URL patterns... I sometimes never really know what the exact URL of the page is going to be (e.g. some pages use an https://, some an http://, some have no www, and some have extra stuff after the main URL e.g. www.ebay.com/user/browse/1234 <----- I'm just making that stuff up...). So when I want to add a pattern I end up having to put in something general like *ebay.com* to cover all bases. Doesn't that make it a bit insecure from sites (phishing sites?) with deliberately similar URLs?
Absolutely it does - again, read the FR I created for the new Security Modes - it will address this issue.

Until then, you will *have* to add all of the ones that may be used. Do *not* - *especially* for any accounts where money is involved - do *not* the wildcards you referenced above...

At a minimum, do *not* use a wildcard at the BEGINNING of a URL pattern - you want the FULL protocol+URL, ie:

http://www.example.com/*

The trailing slash-asterisk (/*) is important...

You can use regex expressions to account for some of the issues - like the http and https - but I don't recommend using them without a lot of reading and learning, as it is very easy to make a mistake.

Also, the 'Pattern Help' button will provide some assistance, but be careful - it does not warn sufficently about the dangers of phishing when using the wildcard patterns...

Quote
My bank, for one example, is a hard one as the login page is a pop-up window with no address bar, which closes after login (though, in fact I've actually managed to get that one to work so it's not a prob).
You mean a 'Basic HTTP Auth' pop-up? How did you get it to work? Or do you mean you just used PWM manually, manually entered the username and copied/pasted the password?

Quote
This looks like a great extension and I'm slowly getting a few things sorted out but I don't know if I'm going about it the best way - a lot of what I've done is trial and error. I have to say it seems like the manual is more of a menu glossary than a step-by-step tutorial in how to use the program.
PWM is one of the most important extensions - no - one of the most important tools in my toolkit, and honestly, I cannot imagine life on line without it. That said - yes, the manual is very dated, and we are working on a new wiki, but my time right now is very limited (I'm a volunteer here in the forumes, but not a developer). So, I understand your frustration and confusion...

Quote
Most of what I've learnt has been from the forums but it's meant I've had to go back and change a whole load of generated passwords more than once after doing them wrong the first time/s.
I know it's a lot of effort to write a good manual but it seems many people here on the forums are having the same problems with the very basics. Who knows, maybe I'll write one myself when I know enough about it...
Any help would be *greatly* appreciated... if you have any experience with wikis, I'm sure Eric wouldn't hesitate to set you up an account if you like...

Quote
OH ONE LAST THING I realise now when clicking submit. I registered on the forums 2 days ago and never received a confirmation email (I re-asked for one 3 times too). So now I can't even register again from the same computer :(
What username did you use? I can go in and fix it if you messed up on the email address or something...

Welcome to the world of PWM! Its the best thing since the internet! ;)

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Accounts and URL patterns question
« Reply #2 on: July 29, 2007, 03:58:05 PM »
I just looked, and don't see any new registrations since July 11th... are you sure?

MyCsPiTTa1

  • Guest
Re: Accounts and URL patterns question
« Reply #3 on: July 29, 2007, 09:44:05 PM »
Thanks for your help guys - I guess you've confirmed I;m doing things "mostly" the right way.

Regarding the wildcards, oops yes I made them pretty general. But I was just playing, trying to get something to work. I'll go back and find out more of the URL to make them more specific.
That's also how I got the bank one to work, though I did at least put the https://, but I need to have a play and see what the rest is (*changes it now...*). I changed the username  and the URL pattern and that was all. I'm not using autopopulate just yet - I'm using Coolkey, just so I can see what's going on a bit better while I'm learning.

My username for registration was MyCsPiTTa (with no "1"). It should be there as these posts wouldn't let me use that name as a guest posting. Also if I try to log in it says I need to confirm on my verification email.

Thanks again :)



Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Accounts and URL patterns question
« Reply #4 on: July 29, 2007, 09:48:59 PM »
Ahh... I had to go somewhere else to find the 'awaiting activation' members.

I just activated your account (so you should be able to log in now), and you should receive an email... if you don't receive an email, then either you typo'd the email when you entered it, or there is a problem with the activation email function. I get emails when new messages are posted, so it is working as far as that goes.

Let me know if you don't get the email this time.

Or - maybe it is going into your Junk/Spam folder on hotmail? I know they have been known to be a bit overly aggressive with their spam filtering...

Offline MyCsPiTTa

  • Normal Members
  • *
  • Posts: 2
Re: Accounts and URL patterns question
« Reply #5 on: July 30, 2007, 02:09:05 AM »
Cool, well I can log in now but still no confirmation email. Looking at my profile I haven't typo'd the email address, and it's not in the junk box. Maybe it's just a one-off. But no worries, at least I can log in now. Cheers.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Accounts and URL patterns question
« Reply #6 on: July 30, 2007, 03:26:18 PM »
Quote from: tanstaafl
Quote from: MyCsPiTTa
Most of what I've learnt has been from the forums but it's meant I've had to go back and change a whole load of generated passwords more than once after doing them wrong the first time/s. I know it's a lot of effort to write a good manual but it seems many people here on the forums are having the same problems with the very basics. Who knows, maybe I'll write one myself when I know enough about it...
Any help would be *greatly* appreciated... if you have any experience with wikis, I'm sure Eric wouldn't hesitate to set you up an account if you like...

Yes, we are working on http://wiki.passwordmaker.org. If you'd like to contribute to the manual there, please let me know and I'll create an account for you. ANY contribution would be most welcome!!

Offline MyCsPiTTa

  • Normal Members
  • *
  • Posts: 2
Re: Accounts and URL patterns question
« Reply #7 on: July 30, 2007, 09:26:20 PM »
I can't say I've had much experience with writing Wikis, but it does look like you need someone keen to do it. I think I'm too new to PM to be of much help at this stage, but if no-one else steps up later in the game....

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Accounts and URL patterns question
« Reply #8 on: July 30, 2007, 09:47:12 PM »
I can't say I've had much experience with writing Wikis, but it does look like you need someone keen to do it. I think I'm too new to PM to be of much help at this stage, but if no-one else steps up later in the game....
The technical skills are about as complex as those required to write rich content in forum posts (like this forum). IOW, if you know bbCode, you're very close to knowing wiki markup. As for getting the content completely accurate and correct, we would definitely help (about 4-5 of us who actively contribute) by editing what you start. I don't think anyone is going to step up to initiate things, but once some basic content is there I imagine it would take off; that's seems to be a common experience with wikis. A simple approach would be to just port what's at http://manual.passwordmaker.org to http://wiki.passwordmaker.org. Once that's done, we can all start edits to make it up-to-date. Interested?

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Accounts and URL patterns question
« Reply #9 on: July 30, 2007, 10:36:37 PM »
Absolutely... I initially thought I was going to have time to take this on, but as always, the boss had other plans...

But I'll be happy to help as much as possible by answering questions...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Accounts and URL patterns question
« Reply #10 on: July 30, 2007, 10:45:54 PM »
Absolutely... I initially thought I was going to have time to take this on, but as always, the boss had other plans...

But I'll be happy to help as much as possible by answering questions...

Eh...that question was targeted at MyCsPiTTa since I already know your answer, tanstaafl :)

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Re: Accounts and URL patterns question
« Reply #11 on: July 30, 2007, 11:06:50 PM »
Heh - yeah - I guess my 'absolutely' could have been construed as answering your last question - but it was intended more as an echoing of what you said about it taking off once a basic outline was done... that is the hard part, and what I got bogged down with (I'm a perfectionist, and believe me it is a curse)...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Re: Accounts and URL patterns question
« Reply #12 on: July 31, 2007, 01:44:44 AM »

PasswordMaker Forums

Re: Accounts and URL patterns question
« Reply #12 on: July 31, 2007, 01:44:44 AM »