A craving for information

[davey]

I recently discovered PM and find it intriguing.

Although I currently use KeePass, and am happy with it,
I am thinking of making a switch to PM (despite the learning curve).

I still have a few questions for which I could not find clear answers.
I hope that someone will be able to help out.

1. I understand that the passwords are stored nowhere but since the account info/settings are stored in the profile directory on my computer, isn't some security compromised?

2. I have offline applications (like MS Onenote) that can be password protected. Is it possible to use PM for these programs?  Is this what the desktop version is for?

3.  If I am away from my computer and using someone else's computer, I will still need my passwords and to access my settings.  How is this possible?  With the online version?

4.  If i am using the browser version and the online version and the desktop version, and creating new passwords from all three, are all settings saved in same RDF file?  How is this coordinated?

5.  I understand that there is no automatic syncing system.  This needs to be manually done.
From the info I read, I would want to have a "master" copy on one computer and "slave" versions on other computers.
Would I then use import/export function or copy/paste the RDF file into profile directory?

6. Where else could RDF file be saved?  In my Gmail Gspace? of DigitalBucket?  I would then be able to access the settings info anywhere but would that comprise security?

Thanks for the help.

[tanstaafl]

1. I understand that the passwords are stored nowhere but since the account info/settings are stored in the profile directory on my computer, isn't some security compromised?

Of course... there is no such thing as a completely secure computer, unless it is unplugged, locked in an impenetrable titanium safe, and dropped to the bottom of the Challenger Deep in the Marianas Trench.

2. I have offline applications (like MS Onenote) that can be password protected. Is it possible to use PM for these programs?  Is this what the desktop version is for?

Yep... I use the Firefox extension to 'store' passwords for all kinds of things that aren't available online...

3.  If I am away from my computer and using someone else's computer, I will still need my passwords and to access my settings.  How is this possible?  With the online version?

That would be the only way...

I keep mine on a copy of Portable Firefox on a usb thumbdrive for just that scenario...

4.  If i am using the browser version and the online version and the desktop version, and creating new passwords from all three, are all settings saved in same RDF file?  How is this coordinated?

Right now it isn't...

There is a Feature Request for syncing the file with an online copy, but, like Foxmarks syncs your bookmarks, but it hasn't been implemented, and I have no idea where that might fall in Erics Honey-Do list...

5.  I understand that there is no automatic syncing system.  This needs to be manually done.
From the info I read, I would want to have a "master" copy on one computer and "slave" versions on other computers.
Would I then use import/export function or copy/paste the RDF file into profile directory?

Ok, I don't know why you numbered these separately, since this is basically a continuation of question 4...

Right now there is no way to 'merge' two different RDF files, short of manually copy/pasting the raw RDF file, and I wouldn't want to try to do that unless it was an emergency.

6. Where else could RDF file be saved?  In my Gmail Gspace? of DigitalBucket?  I would then be able to access the settings info anywhere but would that comprise security?

All I can recommend right now is a USB thumbdrive.

[Eric H. Jung]

Some info that tanstaafl left out:

* You can save the RDF file on an FTP or WebDAV server and PasswordMaker for Firefox automatically retrieves and saves it there.
* You should use TrueCrypt to encrypt your profile directory if you want even more protection.

[Miquel 'Fire' Burns]

Even more info that seems to be left out.

The Desktop Edition is a browser independent version of PasswordMaker. Currently, it doesn't support accounts and special domains.

For both the online and desktop editions, you need to copy the input URL and output password.

[tanstaafl]

And one more thing...

While the FTP upload/download process does work, don't be confised... it is NOT 'merging' the files, it is a REPLACE process... if you download it, the local copy is REPLACED by the one you just downloaded.

The best answer for me, like I said before, is to use a portable version of Firefox on a USB thumbdrive.

If Foxmarks like syncing is ever introduced, that'd be the cats meow...

For this to be reliable, I imagine the Firefox extension would have to be re-written to store the accounts is an sqlite db (since FF3 now has native support for this), which I imagine would make it much easier to implement a lot of the other feature requests (syncing, sorting, etc) - but I also imagine this would be pretty much a complete rewrite, so most likely a very daunting and time consuming task...

[Miquel 'Fire' Burns]

Also, until Firefox 2 is not being supported by Mozilla (and then PasswordMaker itself), it can't use the sqlite setup, it can't use it.

[tanstaafl]

Oh, thats easy - just fork it... have two extensions, one for FF2, which will never change or get new features, and the new one for FF3+...

[davey]

Thanks so much for all the answers.

Eric, you mentioned:

You can save the RDF file on an FTP or WebDAV server and PasswordMaker for Firefox automatically retrieves and saves it there.

tanstaafl added:

While the FTP upload/download process does work, don't be confised... it is NOT 'merging' the files, it is a REPLACE process... if you download it, the local copy is REPLACED by the one you just downloaded.

Is replacing the file a problem?
Should this be avoided?

Eventhough the USB option may be the best option, I am not sure if it will work for me.
I have a desktop and a laptop at home.  True, switching the USB between the two should not be a problem, but I also have a wife at home, and she sometimes takes the laptop to the cafe.
The problems should now be self evident.

So is the upload/download process workable?  Could I use a TruCrypt file container and access the RDF file online, backing up from the "master" online, manually copy/paste whenever a change is made?

Thanks again for the helpful information.

[tanstaafl]

No, replacing the file is not a 'problem' - unless of course it contained important accounts that you didn't want to lose and that didn't exist in the one you replaced it with.

This is why I personally don't use the FTP capability - too much room for error (for me at least).

Don't get me wrong - it does work, and reliably as far as I know, and yes, as long as you were careful about chich version was the 'live' version, you should be fine....