Author Topic: remove *required* Use this URL message  (Read 6164 times)

Offline ajw

  • Jr. Member
  • **
  • Posts: 81
remove *required* Use this URL message
« on: October 28, 2005, 06:36:43 PM »
Since I use PM as a password/confidential-info manager (instead of just a password *maker*) I have information that doesn't have a URL.

There's now a popup message if you try to create an account that has an empty "Use this URL" field.

This interferes with using PM this way - can we make this more intelligent or something?  Perhaps the warning, but not *require* the field?   Or only require it when there's something in the "When URL contains" field - if they're both empty, no warning.
Not sure what's best...

- Al -

LkonKbd

  • Guest
remove *required* Use this URL message
« Reply #1 on: October 29, 2005, 09:24:03 PM »
"Hey "AL,""

Just create one of your own because that has an influence on the calculated password.  Added security!!

Example: HTTP:///wwww.Al's_own.home

Offline ajw

  • Jr. Member
  • **
  • Posts: 81
remove *required* Use this URL message
« Reply #2 on: October 30, 2005, 02:31:42 AM »
I've just been putting an 'x' in it - these are entries that are confidential information; they don't have passwords at all.  (so the URL is irrelevant - the generated password isn't used for this entry)

It just irks me to put something unneccessary in the field...

- Al -

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3352
    • http://passwordmaker.org/
remove *required* Use this URL message
« Reply #3 on: October 30, 2005, 03:01:43 AM »
Hi everyone,

Quote
There's now a popup message if you try to create an account that has an empty "Use this URL" field.

Yes, this was very recently added due to this thread:

Quote
I've got several accounts set up with the same user name, and nothing in the "use this URL" - they all get the same password. (although it happens I had them set for different lengths; that's why I didn't notice it at first)

Quote
Hm, I should have made Use This URL a required field. I'll do that now, unless anyone objects...

I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...

-Eric

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
    • http://www.wprus.com
remove *required* Use this URL message
« Reply #4 on: October 30, 2005, 04:31:47 AM »
Code: [Select]
I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...When I first noticed that this is now required, I didn't quite see a reason for it, either.  It doesn't help protect against phishers.  It does, however make the password more complex, because, as far as I know, it gets hashed into the generated password.  The only one that could protecting from phishers would be if the when URL contains were required.

But it is there, now and I don't see anything wrong with that.
It is impossible to create a fool-proof system, because fools are ingenious.

Offline ajw

  • Jr. Member
  • **
  • Posts: 81
remove *required* Use this URL message
« Reply #5 on: October 30, 2005, 07:22:30 PM »
Quote
I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...
I agree with anything that helps in that respect, but if there's no URL in the first place (meaning "When URL Contains" and "Use this URL" are *both* empty, then the password will never be used for a web site.  In that case, *requiring* a URL isn't necessary.  (that account would/could never match a URL in the browser, right?)

Requiring the user put in a false URL just makes it more obnoxious when an account is for something *other* than a web site.  (like frequent flier numbers or such)

I admit, I do use PM differently from the rest of you - *I* like to think I'm a visionary and just leading you all, but it's also possible I'm just an idiot...  :)

In fact, I'd like to be able to disable the automatic generation of passwords (the use of the default account) - my preference is to *require* a custom account for any URL to create a password - I imagine that's *radically* different from everyone else!   (I'll post that as a separate feature request, btw)

- Al -

PasswordMaker Forums

remove *required* Use this URL message
« Reply #5 on: October 30, 2005, 07:22:30 PM »

 

anything