Advanced Options: Accounts Tab
The left side of the Advanced Options window is identical to the Basic Options dialog, with the exception/addition of the 'Master Password Hash' feature.
The functionality provided by the menus is easily ascertained by simply looking at them, but the most important to note is the File menu, that allows you to:
- Import Settings
- Export Settings
- Print Settings
When Printing your settings, you have the option of including the generated passwords for your local and remote accounts, but be aware - you will be prompted for your master password for each and every account, so if you have a lot, this could be time-consuming and confusing.
ToDo: This dialog/process needs a 'Cancel' option...
2. Master Password Hash
The ability to store the master password hash is a powerful and convenient feature that allows you to verify that the master password you enter when prompted via the master password prompt pop-up window is the same one that was used when you generated the password for the account in question. Here is how it works:
ToDo: Add how it works here
The fact that you can enter the wrong master password is actually indicative of a very subtle yet powerful feature of PasswordMaker that you may not yet have grasped:
- there is nothing preventing you from using more than one master password
Using more than one master password can add greatly to the security provided by PasswordMaker, but doing so also adds a level of complexity that can be confusing. If you choose to do this, you should take some time and define precisely how you will implement it. See this tip for a scenario that will clarify this issue, and will enable you to easily create your own, unique method.
- "I use more than one master password" - Because of the way PasswordMaker works, a mechanism for dealing with whether or not you are using a single master password had to be provided, and is currently implemented with this option.
- Here is how it works:
- If it is unchecked, PasswordMaker will use a 'global hash' for all accounts
- If it is checked, PasswordMaker will use the account-specific hash, if it has been stored
- PasswordMaker will not attempt to verify the master password if:
- It is unchecked and the master password global hash has not been stored on disk (1.6 behavior), or
- It is checked but the selected/triggered account has no hash stored on disk
- You can safely switch between the two 'modes' - meaning, you can safely check and uncheck this option - as doing so does not delete any of the Hashes that have been stored, e.g.:
- if you uncheck this option after having saved some account specific master password hashes, and a Global Hash has been stored, it will be used instead of the account specific hash
- if no Global Hash has been stored, it will do nothing
- if you then re-enable this option, the individual Account Hashes that have been stored will again be used
- Hash status - This indicator simply tells you whether or not the master password hash has been stored for the selected account or not. The possible states, which should be self-evident, are:
- Not stored on disk
- Doesn't Match
Suggested ToDo: Simplify the GUI for this even further by changing it to this:
The button label would be contextual - meaning, it would change between Store and Clear, depending on whether the Selected Account has its master password hash already stored or not.
- Store / Clear Master Password Hash -
3. Make Selection Selector
The select box allows you to work with your Groups and Accounts. All of these actions are also available from the context menu.
When the Accounts tab is selected, there are four buttons directly beneath the tabs. Initially, the only entry shown in the Name column is the Default Options account. The only two buttons that are activated/clickable are the New Group and the Settings buttons.
4. Defaults settings
5. Custom Account Group
6. Custom Account
Advanced Options: Global Settings Tab
Here you'll define settings which apply to all of PasswordMaker. Currently, there are seven checkboxes and one drop-down:
- 1. Mask Generated Password - when checked, generated passwords are masked with asterisks so that they are not legible to the casual observer
- 2. Hide Master Password Field (number of asterisks) This option causes the master password box to be completely concealed, thereby disabling the casual observer to determine the password length by counting asterisks
- 3. Confirm master password by typing it twice -
- 4. Show all passwords on web pages as clear text -
- 5. Enable auto-complete on pages that disable it - (todo: describe why this is valuable)
- 6. Auto-clear clipboard n seconds after copying it there - this security feature prevents you from having to remember to clear the clipboard of generated passwords. If checked, the clipboard is automatically cleared n seconds after pressing the Copy to Clipboard button, where n is the value entered in the associated input field. However, before clearing the clipboard, PasswordMaker checks that nothing else has been copied there since the generated password. If something has been copied there since then, the clipboard contents are not cleared. This prevents other data in the clipboard from being overwritten
- 7. Show status-bar indicator -
- 8. Action to take when coolkey (or ALT-`) is activated - the four options are:
- 1. Do nothing, which means ... do nothing
- 2. Populate all fields, which means that all fields will be populated (todo: clearly PasswordMaker doesn't populate all fields, so describe this better)
- 3. Populate empty fields only, which means that only empty password fields will be populated
- 4. Clear all fields, which means all the fields on the web page will be cleared
Advanced Options: Upload / Download Tab
Advanced Options: Special Domains Tab
Some domains mandate the use of subdomains. The most common examples of this are ccTLDs (country code top-level domains), such as .uk. A domain in .uk never exists without a SLD (second-level domain), such as .co.uk.
Some domains even require third-level domains; for example, government departments in Australia must include a regional subdomain (e.g., .nsw for New South Wales) followed by .gov.au. In other words, government departments in New South Wales, Australia, must be in the .nsw.gov.au domain.
Finally, some countries issue domain names in both their ccTLD and in SLDs. Japan is an example: their ccTLD is .jp. They issue domains in both .jp and .co.jp. (see http://jprs.jp and http://jprs.co.jp).
With the myriad possibilities for required subdomains, PasswordMaker can't account for them all. It includes some common ones -- the list of which grows from release to release (the default list). However, you are free to add/remove your own using the Special Domains Dialog. Your customizations to the special domains list are exported when using the Export Preferences feature, and imported when using the Import Preferences feature (providing the file being imported contains special domains). In this way, you can easily transfer customized lists to other PasswordMaker installations.
Advanced Options: URLs Tab
PasswordMaker uses what are called URL patterns to detect when you are on a page for a particular account that you have specified.
Important: The pattern(s) you define should be secure and specific enough to avoid false positives and prevent phishing attacks.
PasswordMaker supports two types of patterns: wildcard and regular expression.
Wildcards are pervasive throughout computing; you've most likely seen them before. The asterisk (*) represents zero or more characters and the question mark (?) any single character in the URL to match. In Unix, this is referred to as globbing. These wildcard characters are often used for matching filenames.
Here are some examples:
Everything in Yahoo's domain
Regular Expression Patterns
Regular expressions are also pervasive throughout computing, although they are sometimes considered an advanced topic. Regular expressions are like "wildcards on steroids" because they are more powerful and flexible, but their goal is similar to wildcards: define a means with which to match arbitrary text.
Entire books have been written about regular expressions, so rather than discuss them here, we refer you to some free, valuable on-line resources which teach everything you need to know about them. This list is by no means concise, and we have no affiliation with these resources.
- Regular Expression Tutorial and Reference - One of the most comprehensive, free regular expression tutorials on the net.
- RegexAdvice.com - Forums and blogs dedicated to regular expressions.
- Regular Expression Library - Currently contains over 1000 expressions from contributors around the world.
- Using Regular Expressions - Brief introduction to regular expressions
- Regular Expression Cheat Sheet - A one page printable reference for regular expressions
- Regular expressions: a short tutorial - A five-minute tutorial on how to learn the most useful regular expressions
- A List of Regex Topics - Wiki with various topics about regular expressions.
- Mastering Regular Expressions - Official website for Jeffrey Friedl's book.
- Regenechsen - Beginners regular expression tutorial with exercises.
Of course, you can always ask for regular expression advice in the the PasswordMaker Forums.
Advanced Options: Extended Tab
- 1. Username - blah blah
- 2. Use l33t - blah blah
- 3. Hash Algorithm - blah blah
- 4. Password Length - blah blah
- 5. Characters - blah blah
- 6. Modifier - blah blah
- 7. Password Prefix - blah blah
- 8. Password Suffix - blah blah
Password Details simply shows the relative strength of the password (this algorithm could use some work), and displays the Generated Password - unless you have enabled the 'Mask Generated Passwords with Asterisks' Global Setting.
Advanced Options: Advanced Auto-Populate Tab
- 1. Field Name - blah blah
- 2. Field Value - blah blah
- 3. Field ID - blah blah
- 4. Field Type - blah blah
- 5. Notes - blah blah
- 6. Form Name - blah blah
- 7. Notify option - blah blah
Once you have entered the Field Value and set the Field Type option, you must remember to click the 'Add' button, or it will not save the field/value.