I'm hoping ajw will add his opinions here, too.
You got it! (if there's nothing else I have, it's opinions! and I
do remember the old quote about everyone having opinions and... :)
About multiple master passwordsThink about the case of someone having hundreds of accounts - many of which may never be used again - or maybe they will...
There's no way any user is going to go hit all the sites just so they can change the master password - that's just too time-consuming.
Worse, imagine this poor guy is sloppy and keeps compromising their master password (or just keeps wanting to change it...)
Two MPW won't be enough - you're forcing them to update all the old sites before they can change the MPW again.. Three, or 10, or 50 might not be enough! Managing that many MPWs sounds very messy to me.
Instead of remembering multiple MPWs, I'd suggest the scheme from
ability to change master password without loss:
PM would iterate through all the accounts, generate the password with the old MPW, and store it as a pre-determined password (in the soon-to-be-added (?) "static password" field), so that password isn't lost - after all, that's the one the web site is set to use.
It would mark a flag indicating that this account needs to be changed to the new MPW-generated password. (The next time the account is used, and the old password entered at the web site, a popup could alert the user to change to the new password)[/li][/list](note: this is the same as some of us currently do: set the prefix field to the desired password, and set the password length for that password)
This way, any old accounts retain their last-used password, and the master password can be changed immediately. And may be changed multiple times - the old accounts will still keep their 'fixed' password, any newer accounts (with passwords generated using the new MPW will be set to their now-'fixed' password, and the MPW can be changed. And this can be done over and over without losing any in-use passwords.)
The accounts should be tagged to indicate they're using an old password (and should be updated to use the new MPW) - the red/green idea. (although I agree with Eric - it should be red/black)
And, I might add, this stays as "One Password to Rule Them All" :)
If you wait until all accounts are no longer red (every account has been updated) before switching to the new MPW, some users (like me) will *never* switch because there's just too many old accounts to update.
Somehow I'm reminded of a quote from History of the World: Part I, "I give you the 15 [moses accidentally drops and breaks one of the three tablets he's holding], no 10, 10 commandments!". One... no two... two passwords to rule them all!
that was a great film. "the inquisition, lets begin, the inquisition, look out sin" etc.
Oh, indeed! Other than Spaceballs (which just came out years too late) I can't think of a Mel Brooks movie I haven't loved! Saw Blazing Saddles recently - every bit as funny as I remembered it to be!
well, my second idea was to make the whole thing much more generic, i.e. have two systems: one to flag accounts for action, and let the use set and clear the flags, sort of like how you do "follow up" flags in many mail programs.
Are the flags just for any use the user wants? The user can apply the flag/remove it whenever? If so, how can each account be shown to which master password it belongs? Should each master password be assigned a number?
There should be a flag to make the account show up "red" - which should be able to be reset by the user - they may not *care* that it's using an old MPW (or 'fixed' password in my scheme). I'd say these should be resettable on a per-account, per-group, or global basis. (or possibly by selecting accounts and resetting the flag on those)
The other flag I see would be one to display a popup "this site should change to the new master password" - again, resettable on the same basis. Any such popup should be able to remain "on top" without interfering in any use of the browser or PM. I'd suggest it have buttons like "fill in old password field" and "fill in new password field(s)" to make it convenient to change passwords at the site. Probably other buttons like "remind me next time" "don't remind me again" etc.
Keeping it on-top is a good reminder to change passwords (I really *will* forget by the time I log in! :) and if it's kept displayed it absolutely must not interfere with other use - they have to be able to navigate to the "change password" page!
- Al -