Prompt to change password

[Romeo]

Eric, it would be very nice to have a little textbox in which one can enter a number of days, which will prompt the user that it is time to change the password.

In other words, I enter 60 and after sixty days of continued use of the same password is up, it'll just pop up a friendly reminder telling the user that it would be a good idea to change the password.  Of course, if the box is blank, it won't prompt the user.

This would be very useful for sites where the admin doesn't do so.

What do you think ?

[Eric H. Jung]

I like the idea even if I personally wouldn't use it. Is that something you'd actually use or something you thought other people might like?

 :cheers:

[Romeo]

Yes, I would actually use it, because my bank doesn't prompt me to change my PW.  And everyone knows that it is good practise to periodically change your password - at least I hope so.

[David]

I thought the counter field was for something like that??

[Eric H. Jung]

I thought the counter field was for something like that??

Very true! Thanks for the reminder. So how about I add a button next to the counter labeled "Notification". Clicking this button opens a new dialog where you can turn on/off password change notification. Note that notification can only work if you enter a number in the counter field, so if you've used anything besides numbers, you'll get a friendly message telling you of the problem.

The Notification Dialog can also have a reset button which, when pressed, starts the countdown over.

Comments?

[Tyrantmizar]

That sounds good, mostly.

So how about I add a button next to the counter labeled "Notification". Clicking this button opens a new dialog where you can turn on/off password change notification. Note that notification can only work if you enter a number in the counter field, so if you've used anything besides numbers, you'll get a friendly message telling you of the problem.

I don't really like this.  Why wouldn't a number work?  I would want it to only tell me when x number of days has passed.  Also, I would suggest that you go either 2 ways with the countdown:

• Have a fixed counter that countdown a number of days,
• Have it notify you when you haven't changed your password in a determined number of days.  Note that you better make sure that it doesn't reset the counter unless the password is changed.  I don't want it to start over every time I click "Settings."

[Eric H. Jung]

Why wouldn't a number work?

I think you misread what I wrote. I wrote:

Note that notification can only work if you enter a number in the counter field, so if you've used anything besides numbers...

or do I misunderstand you?

   1. Have a fixed counter that countdown a number of days,
   2. Have it notify you when you haven't changed your password in a determined number of days. Note that you better make sure that it doesn't reset the counter unless the password is changed. I don't want it to start over every time I click "Settings."

Yep.

[Tyrantmizar]

Why wouldn't a number work?

I think you misread what I wrote. I wrote:

Note that notification can only work if you enter a number in the counter field, so if you've used anything besides numbers...

or do I misunderstand you?

Why do you have to enter a number into the counter field?  Why not a letter?

[Eric H. Jung]

Currently, you can enter anything you like in the counter field. But if you want notifications of when the password should be changed, I'll need a number representing the number of days for which the password is good. If you enter letters, how would PasswordMaker know how many days that represents?

I'm not proposing the field be prevented from allowing letters; just that if you want password expiration notification that you must use numbers only (e.g., 60 for 60 days).

[quixin]

The counter field was added to act as a modifier correct?  If a website forces me to change my password every however many days, The counter field gave me the ability to change my password while keeping all my other settings the same.  If you make the counter field contain the time for PWMs countdown, it wont act as a modifier anymore because the next time I goto change my password I may want to use the same time duration as a reminder and a different modifier.  
 
The countdown intraval should be entered in a different field and heres why IMO.  If I have an account that forces me to change my password every 90 days, I may want to have PWM remind me in 89 days then I will add a 1 to the counter field to modify my password.

Am I wrong?

[Romeo]

I am very sorry but I missed all this back and forth for some reason.  But it is very interesting to see what kind of can of worms I have opened here.  Quixin, you got that right.  The counter acts as a modifier and the new field would be used for specifiyng the number of days for which the current password is good.  In other words, when you enter 90 into the new field, PM would prompt you after 90 days that it is time to change the password, not the MPW but the PW for the web site.  Then, once you increment the counter (ie. effectively change the password, it'll reset, start counting the days at 1.

At least, that is the original gist of the request.

[Tyrantmizar]

However, I would want to change it every, say, 60 days.  I don't want to have to increment it to get the counter to reset.  I think that there should be a separate counter that doesn't modify anything for the notification.  Otherwise I'll have to pick a completely different number each time I want to change my password to something completely new.

[edit: let me rephrase that:]
I would want it to change every 60 days.  However, when 60 days are up, I also want to change what is in the counter so that the password is completely different.  If I want it to remind me in 60 days again, I'm out of luck.  I'd probably choose 59 or 61 days.  I also don't really want the same two passwords to reappear, so I'm not going to ever choose 60 days again.  

By simple mathematical logic, the time until the notification to reset the password will get continuously smaller or larger.  It won't work like that.  You can't make the counter field also the time until notification!

[Romeo]

Tyrant, that is exactly what I am saying, I believe.  The new field for number of reminder days is purely that.  It tells PM to remind you when the number of days is up, but has absolutely nothing to do with the way the password looks.

For example, the number of days is 50 and the counter is blank.  Then, after fifty days is up, you log into the website, log in, select to change PW.  Here for the current PW, you would specify the password which is generated by PM with the blank counter field.  Before you fill in the new password, you put a 1, or whatever character, into the counter field and populate the new PW field with the new PW, which has the one hashed into it.  In order to confirm the new PW, you would put the same new PW in the box.  Then, when you hit submit on the web site, you'll have a new PW.  At the same time, you'll hit the reset timer button in PWM and the day count will start from the beginning.

Then, after 50 days are up, you'll go thru the same process except you would use 2, or whatever other character, in the counter field.

[Eric H. Jung]

OK. I understand. You are all correct. It has to be a separate field on a separate dialog with options for resetting, enabling, disabling, etc.

Can we add it to the FRL?

[LkonKbd]

The counter field was added to act as a modifier correct?  If a website forces me to change my password every however many days, The counter field gave me the ability to change my password while keeping all my other settings the same.  If you make the counter field contain the time for PWMs countdown, it wont act as a modifier anymore because the next time I goto change my password I may want to use the same time duration as a reminder and a different modifier.  
 
The countdown intraval should be entered in a different field and heres why IMO.  If I have an account that forces me to change my password every 90 days, I may want to have PWM remind me in 89 days then I will add a 1 to the counter field to modify my password.

Am I wrong?

"quixin",

Thank you for this explanation as I did not understand how this 'Counter' was used.  Now I have a little understanding.  As an untrained Ex-system administrator for a system no one wanted to use and I was the only one that dove in and managed to make it work for us and was completely responsible for operations, security, access, well the full ball of wax.  I am very security minded and agree there should be a "HONKER" sound to remind you for a specific password that needs to be replaced, that will get a little complex and deep into operations because not all require the same length of time nor password length.  You will not really want them all coming due the same day because you will get a little busy changing passwords.  If you are a little like me, belong to approx. 9 different Forums alone, and not wanting to access any banking or cc usages until I feel a little more comfortable with this system.  I feel sure thingys are headed in the correct direction for better security, I just need to learn enough to be able to take off my 'training wheels' so there is a little comfort in it for me.

Thank you for reading my long winded input, all it really says is I agree,