Author Topic: PassWordMaker and new passwords . . .  (Read 14415 times)

LkonKbd

  • Guest
PassWordMaker and new passwords . . .
« on: September 15, 2005, 02:27:23 AM »
Greetings from LeonSprings, Texas,

Wondering if when you change a password on a site and use PWM for creating the password, how aare we to know what that password is?  Also still not sure how the PWM knows what the password is when you go to a login screen, yes it will know what URL you have accessed if you have entered that in the Advanced Options.  Where do you enter the password for the PWM to encrypt so it is entered when you right click on the PW field and select PWM?

O/S Win98SE v4.10.2222A on AMD K6 2 350Mg 196MG RAM, Mozilla FireFox v1.0.6/w latest workaround enabled (FALSE setting).  Cannot remember where it is in the Config listing, but; it has been changed anyway.

LkonKbd

  • Guest
PassWordMaker and new passwords . . .
« Reply #1 on: September 15, 2005, 02:32:50 AM »
Greetings again,

OK!  It is "network.enableIDN" boolean set to "FALSE".  Found it in my SANS NewsBites newsletter.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
PassWordMaker and new passwords . . .
« Reply #2 on: September 15, 2005, 06:59:38 PM »
Greetings LkonKbd,

Quote
Wondering if when you change a password on a site and use PWM for creating the password, how aare we to know what that password is?
If you turn off "Password Masking", you can see the generated passwords in PasswordMaker. To turn it off, go to Advanced Options->Global Settings tab->uncheck Mask Generated Password.

Quote
Also still not sure how the PWM knows what the password is when you go to a login screen, yes it will know what URL you have accessed if you have entered that in the Advanced Options.
No, you don't have to enter the URL in the Advanced Options screen. PasswordMaker watches the URL as every web page loads. It always uses the current URL shown in the address bar.

Quote
Where do you enter the password for the PWM to encrypt so it is entered when you right click on the PW field and select PWM?
I'm not sure I know what you're asking, but I think you're asking about the Master Password field?

-Eric
« Last Edit: September 15, 2005, 06:59:57 PM by Eric H. Jung »

LkonKbd

  • Guest
PassWordMaker and new passwords . . .
« Reply #3 on: September 15, 2005, 08:43:21 PM »
"Eric,"

quote from Eric:
"I'm not sure I know what you're asking, but I think you're asking about the Master Password field?"

NO, not the MasterPassword, when you first install and want to put in the "Accounts" but have not accessed the proper link yet, like OffLine.  How will PWM know what password to encrypt to fill the field?  The only way I can see is to access the location and enter the info for access and PWM monitors the fields so when you access the next time it can fill in the correct password?  Or when in the area under username and password access the Change Password area and enter the old PW and let PWM enter both of the new PWs?

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
PassWordMaker and new passwords . . .
« Reply #4 on: September 15, 2005, 10:23:37 PM »
Hello Mr. LkonKbd,

Quote
Or when in the area under username and password access the Change Password area and enter the old PW and let PWM enter both of the new PWs?
This one is correct. PasswordMaker does not know your existing (current) passwords. It does not "monitor the fields so when you access the next time it can fill in the correct password."

You must manually change passwords. This is described very well in the Help Manual here with pictures and animations:

Quote
Of course, PASSWORDMAKER can not and will not know your site specific password, unless you change the password of the site or service to the password generated by PASSWORDMAKER. You do this by logging in to the site in question and select to change the password on that site. Typically, you will supply your old password and then a new password, which you will the have to enter again to confirm the new password





The old password, of course, is the one which you are currently using to log in to the site. To enter and to confirm the new password, you'll right click on the new password box and select PasswordMaker from the context menu and PASSWORDMAKER will paste the new password into these boxes. Then, once you submit the changes, you are ready to start using PASSWORDMAKER to log into the site.

Does that help?
Eric

LkonKbd

  • Guest
PassWordMaker and new passwords . . .
« Reply #5 on: September 16, 2005, 07:57:50 AM »
Quote
Hello Mr. LkonKbd,

Quote
Or when in the area under username and password access the Change Password area and enter the old PW and let PWM enter both of the new PWs?
This one is correct. PasswordMaker does not know your existing (current) passwords. It does not "monitor the fields so when you access the next time it can fill in the correct password."

You must manually change passwords. This is described very well in the Help Manual here with pictures and animations:

Quote
Of course, PASSWORDMAKER can not and will not know your site specific password, unless you change the password of the site or service to the password generated by PASSWORDMAKER. You do this by logging in to the site in question and select to change the password on that site. Typically, you will supply your old password and then a new password, which you will the have to enter again to confirm the new password





The old password, of course, is the one which you are currently using to log in to the site. To enter and to confirm the new password, you'll right click on the new password box and select PasswordMaker from the context menu and PASSWORDMAKER will paste the new password into these boxes. Then, once you submit the changes, you are ready to start using PASSWORDMAKER to log into the site.

Does that help?
Eric
"Eric,"

Thank you for this information on PWM not knowing our current passwords, maybe it should monitor the password field so it can 'learn' our existing passwords and encrypt them on the 'fly'.

#1. For those of us on DialUp our WebMail, @ our ISP, uses the same password as our LogOn to gain access to the web.  That one we do not change directly it is done by the ISP.  How would PWM learn or be able to encrypt that one?  There could be a box for 'Learn' mode we could select for temporary setting of our existing passwords.

#2. YES, that does help, the explanation in the HELP file is very well put from my point of view.  That is very clear and there is not a problem with it.

Maybe I just do not understand the process of encrypting and passwords over the net.  The encryption is done to prevent keyloggers from stealing them from our computers, right?  Because if you encrypt it and send it over the net then there needs to be a decyphererer on the other end so the receiver will recognize the password.  Can you give me a very quick and short explanation on this point before I confuse myself to the point of maybe I will vanish.  I understand the encryption part, just not sure about sending it over the net as a secure object.  In the packet with the password is there a decypherer key so the system on ther other end can recognize the password?

I am going to have to STOP there, it is getting too late here for this deep thinking and this is getting too long,

Thank you,

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
PassWordMaker and new passwords . . .
« Reply #6 on: September 16, 2005, 01:09:07 PM »
LkonKbd, the password being sent to the web site, which you are logging in to is not encrypted.  The encryption part happens only on your PC.  Here is how it works.  When PM knows the URL of the web site and the MPW, it'll take those two pieces of information and 'hashes them together with the hash algrorythms you specify.  What this does is create a unique PW for every web site you log in to.  This means that if you do not know your MPW and all the other settings, you will not be able to log in.  The only thing which could be grabbed by keyboard loggers would be your MPW, but so what.  They'll know the MPW, but they don't know all the other settings meaning that they won't be able to construct your web site PW.

So, your web site password is always calculated on the fly by PM and will always be the same, unless you change any of the pieces of info being used for the hash.

I hope that this will help explaining this a little bit better and you have a better understanding of this excellent idea and extension.
« Last Edit: September 16, 2005, 01:10:38 PM by Romeo »
It is impossible to create a fool-proof system, because fools are ingenious.

Offline quixin

  • Hero Member
  • *****
  • Posts: 538
PassWordMaker and new passwords . . .
« Reply #7 on: September 16, 2005, 02:20:06 PM »
LkonKbd,  I would only add this to what Romeo described.  Imagine taking your password on a piece of paper and creating a code that would change your password in a way that was unrecognizable.  For example maybe you substitute a for z and b for y.  Then only you would be able to reproduce the original password based on that code.  Essentially this is exactly what PasswordMaker does but much much more complex.  The example 'code' I described is obviously very simple and wouldn't be very hard to figure out,  PasswordMaker uses encryption 'codes' for maximum security.

Hope this helps.
« Last Edit: September 16, 2005, 05:07:07 PM by Eric H. Jung »



LkonKbd

  • Guest
PassWordMaker and new passwords . . .
« Reply #8 on: September 16, 2005, 06:32:57 PM »
"Romeo" & "quixin,"

Yes I do understand what you have explained, as you could tell from my previous message, it was getting very late and the Brain was not functioning very well.  Difficult to concentrate on this deep a subject.  With your explanations, and a little rest, it is better understood.  Now have to workout how to make a change to my WeMail accounts on my ISP so they will be more secure.

"quixin,"

Sorry about the missed spelling in the first post, now with this edit maybe I can make thingys a little better.

Thank you for this info,
CU L8R,
« Last Edit: September 16, 2005, 06:34:57 PM by LkonKbd »

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
PassWordMaker and new passwords . . .
« Reply #9 on: September 16, 2005, 06:39:51 PM »
A future version will let you specify the password to use for specific websites so you don't have to change anything. You'll be able to take advantage of PasswordMaker's other features (like auto-populate, reminders, auto-submit, etc). However, you won't be taking advantage of PasswordMaker's secure password generation mechanism.

That way you won't have to change passwords on your WebMail accounts. Coming Soon :)
« Last Edit: September 16, 2005, 06:41:19 PM by Eric H. Jung »

Offline quixin

  • Hero Member
  • *****
  • Posts: 538
PassWordMaker and new passwords . . .
« Reply #10 on: September 16, 2005, 06:49:03 PM »
Quote
A future version will let you specify the password to use for specific websites so you don't have to change anything.

I actually already do this.  If I have a password that I just want PasswordMaker to store for me.  I put the password in the prefix box and change the password length to the length of the password.  For example to make things simple, If I want PasswordMaker to store "bartsimpson".  I put 'bartsimpson' in the prefix field and make the password length 11.  The password that results is 'bartsimpson'.



Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
PassWordMaker and new passwords . . .
« Reply #11 on: September 16, 2005, 06:51:26 PM »
Interesting. Care to add that the to FAQ?

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
PassWordMaker and new passwords . . .
« Reply #12 on: September 16, 2005, 06:53:04 PM »
Eric, I think we should have a page called tricks and tips, what do you think ?

edit: may be tips and tricks ?    :unsure:
« Last Edit: September 16, 2005, 06:54:19 PM by Romeo »
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
PassWordMaker and new passwords . . .
« Reply #13 on: September 16, 2005, 08:55:20 PM »
Sounds good, as long as we can come up with more than one tip/trick!

LkonKbd

  • Guest
PassWordMaker and new passwords . . .
« Reply #14 on: September 17, 2005, 02:43:59 PM »
"Eric,'

With these you have on this Forum there will not be a problem finding 'Tip/Tricks' to enter in that area.  You have some very creative minds on this forum for these issues and more.

PasswordMaker Forums

PassWordMaker and new passwords . . .
« Reply #14 on: September 17, 2005, 02:43:59 PM »