Difference between revisions of "Firefox/Mozilla/SeaMonkey/Flock/Netscape/Advanced"

From PasswordMaker
Jump to navigationJump to search
Line 249: Line 249:
 
====Extended Tab====
 
====Extended Tab====
  
Needs input
+
*1. Username - blah blah
 +
 
 +
*2. Use l33t - blah blah
 +
 
 +
*3. Hash Algorithm - blah blah
 +
 
 +
*4. Password Length - blah blah
 +
 
 +
*5. Characters - blah blah
 +
 
 +
*6. Modifier - blah blah
 +
 
 +
*7. Password Prefix - blah blah
 +
 
 +
*8. Password Suffix - blah blah
 +
 
 +
Password Details simply shows the relative strength of the password (this algorithm could use some work), and displays the Generated Password - unless you have enabled the 'Mask Generated Passwords with Asterisks' Global Setting.
  
 
====Advanced Auto-Populate Tab====
 
====Advanced Auto-Populate Tab====

Revision as of 05:57, 26 February 2009

Advanced Options: Accounts Tab

Accounts Tab

The left side of the Advanced Options window is identical to the Basic Options dialog, with the exception/addition of the 'Master Password Hash' feature.

1. Menus

The functionality provided by the menus is easily ascertained by simply looking at them, but the most important to note is the File menu, that allows you to:

  • Import Settings
  • Export Settings
  • Print Settings

When Printing your settings, you have the option of including the generated passwords for your local and remote accounts, but be aware - you will be prompted for your master password for each and every account, so if you have a lot, this could be time-consuming and confusing.

ToDo: This dialog/process needs a 'Cancel' option...

2. Master Password Hash

The ability to store the master password hash is a powerful and convenient feature that allows you to verify that the master password you enter when prompted via the master password prompt pop-up window is the same one that was used when you generated the password for the account in question. Here is how it works:

ToDo: Add how it works here

The fact that you can enter the wrong master password is actually indicative of a very subtle yet powerful feature of PasswordMaker that you may not yet have grasped:

  • there is nothing preventing you from using more than one master password

Using more than one master password can add greatly to the security provided by PasswordMaker, but doing so also adds a level of complexity that can be confusing. If you choose to do this, you should take some time and define precisely how you will implement it. See this tip for a scenario that will clarify this issue, and will enable you to easily create your own, unique method.

  • "I use more than one master password" - Because of the way PasswordMaker works, a mechanism for dealing with whether or not you are using a single master password had to be provided, and is currently implemented with this option.
Here is how it works:

  • If it is unchecked, PasswordMaker will use a 'global hash' for all accounts
  • If it is checked, PasswordMaker will use the account-specific hash, if it has been stored
PasswordMaker will not attempt to verify the master password if:

  • It is unchecked and the master password global hash has not been stored on disk (1.6 behavior), or
  • It is checked but the selected/triggered account has no hash stored on disk

You can safely switch between the two 'modes' - meaning, you can safely check and uncheck this option - as doing so does not delete any of the Hashes that have been stored, e.g.:
  • if you uncheck this option after having saved some account specific master password hashes, and a Global Hash has been stored, it will be used instead of the account specific hash
  • if no Global Hash has been stored, it will do nothing
  • if you then re-enable this option, the individual Account Hashes that have been stored will again be used
  • Hash status - This indicator simply tells you whether or not the master password hash has been stored for the selected account or not. The possible states, which should be self-evident, are:
  • Not stored on disk
  • Doesn't Match
  • Matches

Suggested ToDo: Simplify the GUI for this even further by changing it to this:
New hash gui.png
The button label would be contextual - meaning, it would change between Store and Clear, depending on whether the Selected Account has its master password hash already stored or not.

  • Store / Clear Master Password Hash -

3. Make Selection Selector

The select box allows you to work with your Groups and Accounts. All of these actions are also available from the context menu.

When the Accounts tab is selected, there are four buttons directly beneath the tabs. Initially, the only entry shown in the Name column is the Default Options account. The only two buttons that are activated/clickable are the New Group and the Settings buttons.
New Group This button is used to set up a new group -- a container for accounts. When clicked, a dialog is displayed asking for the Folder/Group Name and description. Upon completion of this dialog, the newly-created folder is displayed in the Account Settings dialog along with its description (if one was supplied).
New Account When a group is selected, the New Account button is activated/clickable. This button allows you to define custom password-generation settings for specific URLs that should be handled differently than all other ("default") URLs. When the button is pressed, a New Account entry is created and the [account-settings.xhtml Account-Specific Settings] dialog is displayed.
Delete Selection As the name indicates, this button deletse the selected account or the selected group. Use caution here, however. If a group is deleted, all the accounts within that group are also deleted. You are prompted for confirmation before anything is deleted.

Settings When the Settings button is pressed or an account is double-clicked, the PasswordMaker [account-settings.xhtml Account-Specific Settings] dialog is displayed. This dialog allows you to define custom password-generation settings for the selected account; for example, how long the password should be for your email account at gmail.com.

Make selection.png

4. Defaults settings

5. Custom Account Group

6. Custom Account

Advanced Options: Global Settings Tab

Global Settings Tab

Here you'll define settings which apply to all of PasswordMaker. Currently, there are seven checkboxes and one drop-down:

  • 1. Mask Generated Password - when checked, generated passwords are masked with asterisks so that they are not legible to the casual observer
  • 2. Hide Master Password Field (number of asterisks) This option causes the master password box to be completely concealed, thereby disabling the casual observer to determine the password length by counting asterisks
  • 3. Confirm master password by typing it twice -
  • 4. Show all passwords on web pages as clear text -
  • 5. Enable auto-complete on pages that disable it - (todo: describe why this is valuable)
  • 6. Auto-clear clipboard n seconds after copying it there - this security feature prevents you from having to remember to clear the clipboard of generated passwords. If checked, the clipboard is automatically cleared n seconds after pressing the Copy to Clipboard button, where n is the value entered in the associated input field. However, before clearing the clipboard, PasswordMaker checks that nothing else has been copied there since the generated password. If something has been copied there since then, the clipboard contents are not cleared. This prevents other data in the clipboard from being overwritten
  • 7. Show status-bar indicator -
  • 8. Action to take when coolkey (or ALT-`) is activated - the four options are:

Coolkey Actions

1. Do nothing, which means ... do nothing
2. Populate all fields, which means that all fields will be populated (todo: clearly PasswordMaker doesn't populate all fields, so describe this better)
3. Populate empty fields only, which means that only empty password fields will be populated
4. Clear all fields, which means all the fields on the web page will be cleared

Upload / Download Tab

Special Domains Tab

l33t
Some domains mandate the use of subdomains. The most common examples of this are ccTLDs (country code top-level domains), such as .uk. A domain in .uk never exists without a SLD (second-level domain), such as .co.uk.

Some domains even require third-level domains; for example, government departments in Australia must include a regional subdomain (e.g., .nsw for New South Wales) followed by .gov.au. In other words, government departments in New South Wales, Australia, must be in the .nsw.gov.au domain.

Finally, some countries issue domain names in both their ccTLD and in SLDs. Japan is an example: their ccTLD is .jp. They issue domains in both .jp and .co.jp. (see http://jprs.jp and http://jprs.co.jp).

With the myriad possibilities for required subdomains, PasswordMaker can't account for them all. It includes some common ones -- the list of which grows from release to release (the default list). However, you are free to add/remove your own using the Special Domains Dialog. Your customizations to the special domains list are exported when using the Export Preferences feature, and imported when using the Import Preferences feature (providing the file being imported contains special domains). In this way, you can easily transfer customized lists to other PasswordMaker installations.

Account Settings

URLs Tab

PasswordMaker uses what are called URL patterns to detect when you are on a page for a particular account that you have specified.

Important: The pattern(s) you define should be secure and specific enough to avoid false positives and prevent phishing attacks.

PasswordMaker supports two types of patterns: wildcard and regular expression.

Wildcard Patterns

Wildcards are pervasive throughout computing; you've most likely seen them before. The asterisk (*) represents zero or more characters and the question mark (?) any single character in the URL to match. In Unix, this is referred to as globbing. These wildcard characters are often used for matching filenames.

Here are some examples:

*.yahoo.com/*

Matches

Everything in Yahoo's domain

Non-Matches

http://mail.google.com/

*mail.yahoo.com*

Matches

http://mail.yahoo.com/ https://1.mail.yahoo.com.spoof.net/ http://mail.yahoo.com/clownshoes/ http://mail.yahoo.com/inbox/123.html ftp://mail.yahoo.com

Non-Matches

http://maps.yahoo.com

http://??.wikipedia.org/wiki/Clown

Matches

http://en.wikipedia.org/wiki/Clown http://de.wikipedia.org/wiki/Clown http://cs.wikipedia.org/wiki/Clown

Non-Matches

https://en.wikipedia.org/wiki/Clown
http://de.wikipedia.org/wiki/Clown/
ftp://en.wikipedia.org/wiki/Clown

http://digg.com/

Matches

http://digg.com/

Non-Matches

http://digg.com
http://www.digg.com/

*://*.asimov.???/*

Matches

ftp://ftp.asimov.net/
ftp://ftp.asimov.com/theory.html
http://bear.asimov.net/mom/
https://isaac.asimov.org/hercules
gopher://asimov.net/

Non-Matches

ftp://ftp.asimov.co.uk
http://isaac.home.com/tin.php

*

Matches

(Matches everything)

Non-Matches

Regular Expression Patterns

Regular expressions are also pervasive throughout computing, although they are sometimes considered an advanced topic. Regular expressions are like "wildcards on steroids" because they are more powerful and flexible, but their goal is similar to wildcards: define a means with which to match arbitrary text.

For those already familiar with regular expressions, PasswordMaker adheres to the JavaScript 1.5 regular expression syntax. When in doubt, refer to this guide. Do not surround regular expressions with forward slashes like this: /abc/ Further Reading

Entire books have been written about regular expressions, so rather than discuss them here, we refer you to some free, valuable on-line resources which teach everything you need to know about them. This list is by no means concise, and we have no affiliation with these resources.

Thanks, Wikipedia.

Of course, you can always ask for regular expression advice in the the PasswordMaker Forums.

Extended Tab

  • 1. Username - blah blah
  • 2. Use l33t - blah blah
  • 3. Hash Algorithm - blah blah
  • 4. Password Length - blah blah
  • 5. Characters - blah blah
  • 6. Modifier - blah blah
  • 7. Password Prefix - blah blah
  • 8. Password Suffix - blah blah

Password Details simply shows the relative strength of the password (this algorithm could use some work), and displays the Generated Password - unless you have enabled the 'Mask Generated Passwords with Asterisks' Global Setting.

Advanced Auto-Populate Tab

Needs Input

Context Menu

Menu