Author Topic: Hide Account Settings  (Read 13231 times)

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide Account Settings
« on: July 11, 2005, 05:20:22 PM »
Topic split from here (Bugs forum)


Hi Romeo,

Thanks again for the compliments :)

Quote
one thing I am still really missing is the ability to hide the site settings, when the master password is not supplied
Yes, I know you want this. It's still in the queue. One question: if the user has chosen Store Master Password in Memory or Stored Master Password on Disk and in Memory, does he really have to enter the master password again to see the account settings?

Also, you do realize the treepicker has to be secured, too, right? The treepicker looks like this (click thumbnail for large image).



One can see all the data in the account settings dialog simply by checking all columns in the treepicker. So, to be thorough, I'll have to force the user to enter the master password before checking one of the treepicker columns.

Please give me feedback on whether or not I should prompt for master password if it's already been saved. My gut tells me no...

Thanks,
Eric
« Last Edit: July 15, 2005, 07:23:52 PM by grimholtz »

Romeo

  • Guest
Hide Account Settings
« Reply #1 on: July 11, 2005, 06:19:05 PM »
Eric,

Thank you for the prompt reply to my previous post.  That was totally unexpected, because I am sure that you are working feverishly on the next release.

If you could just make it so that without a master password, the user would just get the default settings, like the ones you get when you install passwordmaker for the very first time, that would be great.  If you did that, you would not have to worry about the tree picker.

However, if you store your master password on the disk, you know that anyone can use passwordmaker without having to supply the PW, which means that the user is aware of the security risk.  Therefore, if the PW is stored on disk, the settings should be wide open, just as they would be when the PW is supplied manually.

Regards,

Romeo

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide Account Settings
« Reply #2 on: July 12, 2005, 06:31:43 AM »
Romeo,
I tried to squeeze this into 0.6.1 beta6 but could not. I still need some more information from you (and anyone else who's interested).

Quote
If you could just make it so that without a master password, the user would just get the default settings, like the ones you get when you install passwordmaker for the very first time, that would be great. If you did that, you would not have to worry about the tree picker.
So when the user clears the master password field (i.e., it's reset), the tree columns should change to the defaults?

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
Hide Account Settings
« Reply #3 on: July 12, 2005, 01:45:16 PM »
Eric,

I just renamed passwordmaker.rdf to passwordmaker.rdf.HLD.  When I open up passwordmaker under these conditions, i.e. a 'new install', that is exactly what I would like to see.

So, in other words, when the master password is not supplied, passwordmaker should think that passwordmaker.rdf does not exist.  Without the master password, I guess passwordmaker should loose all its functionality and just ask for a master password, when you click on the toolbar icon.

However, if passwordmaker.rdf does not exist in the profile folder, all options should be there.

Boy, I did not think that so much would be involved in doing this, but I do appreciate you taking the time trying to incorporate this.  I hope that my explanation cleared up some of the confudion.

I also know that paragraphs 1 and 2 say somewhat different things, but after I had written the first one, I started thinking what would happen if the user starts to create a new PM profile and there is already one there, which is why I said what I said in the second one.

I hope that this cleared things up a little.  I know what I would like to see, but I realize that there are many different ways to go about achieving this and it is very hard to put it into words.

Sincerely,

Roemo
« Last Edit: July 12, 2005, 01:46:19 PM by Romeo »
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide Account Settings
« Reply #4 on: July 13, 2005, 09:37:47 PM »
I've come up with a much nicer solution. I think you'll like it. It will be in 0.7.1.

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
Hide Account Settings
« Reply #5 on: July 13, 2005, 11:19:19 PM »
Eric,

I just installed 0.7.  I haven't had a chance to look at it yet, but I am sure that it will work as well as all the previous releases have.

Quote
I've come up with a much nicer solution. I think you'll like it. It will be in 0.7.1.

I just knew you would.  But now you've really got me wondering.  I guess I'll just have to let it be a surprise.  I am certain that I'll be positively surprised, as I always am, when I install the next revision of PM.

Thanks again for this well thought out extension and all the hard work you have been and continue to put into it.

Sincerely,

Romeo
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide Account Settings
« Reply #6 on: July 14, 2005, 10:29:47 PM »
Romeo,
Quick question: do you save the master password to disk?

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
Hide Account Settings
« Reply #7 on: July 15, 2005, 01:00:52 AM »
Eric,

I used to here on my machine at home, but I do not do that anymore, since we started talking about this feature.  As I said before, I think that when the user decides to save the password on disk, he / she should be aware of the security risk and the account settings should be visible.  In other words, if the password is not supplied, be it on disk or in memory, the account settings should be invisible.

Thanks for working on this, constantly improving on this extensions, and considering user comments / requests.  It gets better and better with every upgrade.

Sincerly,

Romeo    :)
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide Account Settings
« Reply #8 on: July 15, 2005, 07:43:43 PM »
Hi Romeo,

Quote
Thanks for working on this, constantly improving on this extensions, and considering user comments / requests. It gets better and better with every upgrade
Thank you very much! I hope you'll consider donating :)

Here's what I'm considering. Please let me know if it meets your needs. There is a new checkbox on the Accounts tab named Show This Tab. It looks like this:



Please ignore the fact that there aren't any actual accounts in the tree -- this is just a demo. If you uncheck Show This Tab, the entire Accounts tree disappears:



Notice also that the master password field is disabled. You can't change the master password when Show this Tab is unchecked. This is because, when Show This Tab is checked again, the user will be prompted to type the master password. If he were allowed to change the master password while Show This Tab was unchecked, he could change the master to anything he wanted, check the checkbox, and then he'd know the master password to reveal the accounts.

The only caveat to this is if you don't choose Store master password on disk and in memory (encrypted), next time PasswordMaker starts up, it can't very well know what master password should be used to unhide them. Therefore, the listbox will be set to Store master password on disk and in memory (encrypted) and be disabled (not changable) unless you answer the master password prompt correctly.

Does all this make sens? This is the way I prefer to implement it, although there is another option...

I'll share that with you later,
Eric

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
Hide Account Settings
« Reply #9 on: July 16, 2005, 12:43:32 AM »
Eric,

I am sorry I did not get back to you sooner.  I was kind of busy at work today and didn't even get a chance to look at the forum.

I think I kind of understand.  However, if the master password is disabled, but still there when you uncheck the box, the user will be able to use passwordmaker to log into the sites you have set up, because the password will be there.

But I think I see now where the problem is.  In order to protect the settings with a password, you've got to store the master password somewhere, else you've got nothing to check the supplied password against.  May be, this is not really what we should do.

If you required a password that is different from the masterpassword to show the account settings, though, one could store that on disk.  Storing the masterpassword on disk, would defeat the beauty of passwordmaker, in my humble opinion.

I don't know. May be I should just remove this request, because I now see your point about having to store the password on disk.

Oh well, before I ramble on too long, I better stop and wait to hear what the other option is.

Thanks for all the effort you've put into this.

Regards,

Romeo
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide Account Settings
« Reply #10 on: July 16, 2005, 05:46:12 AM »
Quote
May be I should just remove this request
No, it is a good request and an excellent idea. There is no reason people should be able to see this information about your accounts unless you want them to

Quote
I think I kind of understand. However, if the master password is disabled, but still there when you uncheck the box, the user will be able to use passwordmaker to log into the sites you have set up, because the password will be there.

True. OK, let me change the idea a little. Let's say you hide the accounts and close Firefox. Next time you start Firefox, you are prompted for the master password. If you don't enter it correctly, the accounts don't show and the master password field isn't populated. If you do enter it correctly, the master password field is populated (but the accounts still don't show -- you have to check the Show This Tab checkbox and enter the correct MPW again for that to happen). This way, the MPW is saved but the Store master password on disk and in memory (encrypted) doesn't have to be selected.

In other words, by hiding the accounts tab, someone could not start Firefox and automatically login to your accounts without first entering the MPW. Neither could he see the accounts tab....

What do you think? Let me know if this isn't clear. It's 2:00 AM and maybe I'm not thinking straight... :)

-Eric

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
Hide Account Settings
« Reply #11 on: July 16, 2005, 02:38:52 PM »
Good Morning Eric,

I just got up and the first thing I checked was this forum.  When I saw your post, I had to take a while to digest it, but I think I unsterstand.  Let me see if I got this right:

When you say:
Quote
True. OK, let me change the idea a little. Let's say you hide the accounts and close Firefox. Next time you start Firefox, you are prompted for the master password. If you don't enter it correctly, the accounts don't show and the master password field isn't populated. If you do enter it correctly, the master password field is populated (but the accounts still don't show -- you have to check the Show This Tab checkbox and enter the correct MPW again for that to happen). This way, the MPW is saved but the  Store master password on disk and in memory (encrypted) doesn't have to be selected.
This means that when and only when you select to hide the accounts, will the encrypted MPW be saved on disk as a way to confirm the correct entry of the MPW, when you start up FF.  In other words, the current functionality will not be changed, if you do not check the box.

If this is what you meant, then it may work without affecting the beauty of PM.

I still don't like the idea of storing the MPW on disk, however.  You do not seem to like the idea of having two passwords, one as the MPW and one to show the settings.  But, since you want to enter the MPW two times anyway, I do not see anyting wrong with having two passwords.  The user could always choose to make them the same.  This way, the PW to show the settings could be stored on disk, while the MPW remains secret.

I hope that this makes sense to you.  It is perfectly clear to me in my mind, but it is difficult to put it down in words.

Looking forward to hearing your thoughts on this.

Romeo
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide Account Settings
« Reply #12 on: July 16, 2005, 05:26:05 PM »
Quote
You do not seem to like the idea of having two passwords, one as the MPW and one to show the settings
Yeah, it kinda goes against the One Password To Rule Them All slogan.

I'm starting to like your original suggestion, or a slight variation on it: if the MPW isn't entered correctly, the GUI just looks like it does as if PasswordMaker was just installed.

By the way, I think the entire passwordmaker.rdf file should be encrypted -- not just the master password as it is today -- otherwise someone can open this file and see your accounts (if he can read RDF :)) without the PasswordMaker GUI.

Offline Romeo

  • Hero Member
  • *****
  • Posts: 561
Hide Account Settings
« Reply #13 on: July 16, 2005, 05:52:13 PM »
Eric,

I just had a hunch that you did not like the idea with two passwords.

That sounds like a plan.  Be aware, though, that if the MPW is not supplied and someone sets up new accounts, the original rdf file would be changed, unless you disallow changes, if a MPW exists and it has not been correctly supplied.

However, the masterpassword should only be stored on disk, if the user chooses to hide the account settings.

But I like the idea of encrypting the rdf file.  Even though I do not know how to read rdf  files, I can still make out some things just by looking at it.

Romeo
It is impossible to create a fool-proof system, because fools are ingenious.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hide Account Settings
« Reply #14 on: July 17, 2005, 12:12:04 AM »
Hi Romeo,
Quote
Be aware, though, that if the MPW is not supplied and someone sets up new accounts, the original rdf file would be changed, unless you disallow changes, if a MPW exists and it has not been correctly supplied.
Yes, I remember you pointing this out before. Thanks, I will definitely accomodate that possibility.

Quote
the masterpassword should only be stored on disk, if the user chooses to hide the account settings.
I don't think there's any harm in prompting the user for a password when he hides the account settings. If the user decides to use the same pw as the MPW, that's up to him...

Hope to get to this very soon.

Regards,
Eric

PasswordMaker Forums

Hide Account Settings
« Reply #14 on: July 17, 2005, 12:12:04 AM »