Not sure how to handle this one... It's sort-of a twist on
ability to change master password without lossI was logging in to my firewall from a different computer; one where I don't have PM installed. So I got the password from PM on my notebook, wrote it down, and walked to the other computer.
Then I realized I had some characters I wasn't sure of - is this an "O" or a zero? Is this a capital I or lower-case 'L' ?
So I wanted to change the character list - remove letters and digits that could be confused with each other. But then I realized that would change the generated password - and if I did that, I'd lose the password I'm currently using! (that would be a Bad Thing - then I wouldn't be able to log into my firewall! :)
I'm not sure what's the best way to handle this kind of thing - some ideas are:
1) Ask the user if the previous password should be retained - it would be set into the password prefix and set the correct password length for it.
2) Save the previously-generated password - so when it changes, you still have access to the old password. (But then why not save the last two passwords, or the last three, or every one ever generated for this account? gets messy...)
3) create "alias" accounts - these would be the same account but with the old information (in this case the old character list) so the alias account would show the old password. (I like the historical nature of this - I really like a history of changes to each account...) This could allow something like a popup when Alt~ or auto-fill-in is used - something like "you have 3 passwords for this account, which should be used?" - and the aliases could be set to show or not-show in that popup. This way, the previous password - or even many old passwords - are available as well as the new password, and the user has can change the web site to the new password and then mark the old password as "don't show any more" - or just delete the now-not-needed alias.
4) ???
- Al -