passwordmaker / chrome-passwordmaker Goto Github PK

Is there a way to emport your settings & profiles from one copy of chrome to another? Or even better a way to have it sync your settings with Chrome sync.

As long as the confirmation is blank, just ignore it. You can enter the confirmation on registration, and ignore when logging in.

When I try to add a password suffix, no password is generated ie. the "Genereated Password" textbox is blank. When I remove the password suffix, but keep all the other settings the same, the password appears (without the suffix of course).

This is slightly nit-picky, but for those of us that are very keyboard centric, it would be nice to simply press enter when we correctly type both master passwords. Currently, you have to to click on the "Fill password field" button when you finish entering in your master passwords

Chrome has a few new File-Apis that can be used with javascript for reading/writing files. Those apis should be used for the rdf im/export.

The "I" (uppercase "i") and "l" (lowercase "L") looks completely the same. If I want to enter generated password by hand, I have to copy it and paste to notepad to distinguish this letters. See screenshot http://bit.ly/olyutf

Saving settings doesn't work on windows on chrome 20.0.1132.57 m
on linux works great

I'm trying to change hash algorythm then I click save and finally I see yellow highlight word "Default" but changes won't save.

At the moment, there are three options for "Save password":

• Never store
• In memory
• On disk

These are a good selection, but in some cases it would be nice to have an alternative version of "In memory" that remembers the password but still requires it to be typed into one of the fields. This would give the advantage over "in memory" of a bit more security, but would have the advantage over "Never store" that you'd only have to type the password in once. It would obviously not be as secure as "Never store" as someone could theoretically work out the password by trying things until it said the password matched, but that would be acceptable for many people.

As the custom profiles are named based on the url used for hashing, I imagine it shouldn't be hard to auto recognize if the user has a custom profile for that site and to auto-select that profile for use.
If no custom profile exists, it should default to the Default profile.
(Considering the default profile can be renamed, you could add an option on the options page for the user to choose which profile they consider their default profile to avoid confusion)

In FF I have nearly every site custom and I'm talking hundreds of sites, so having to select the correct profile from the pulldown box is a nightmare.

I guess I'm too used to the FF plugin auto recognizing the site.

Also I noticed that if I have selected a custom profile for one site, the next time I use your plugin, that same profile will be selected, rather than the default. Again, very confusing as the FF plugin behaves differently.

I'm running a McBook Pro, Mountain Lion, using the most current stable release of Chrome (Version 23.0.1271.64). I also use this extension on another computer which is a Windows 7 PC also running the most current Chrome. I use the extension entirely offline, no sync.

On my Mac, the extension always seems to save the master password in the extension drop down menu, despite having the setting set to "Never store". This is true regardless of whether I set the "General" options to keep the master password hash. On my Windows 7 PC, I don't have this problem and the extension flushes the password box and prompts me to enter the master passord every time, which keeps my actual site passwords secure in the event someone gains access to my machine (or I leave it unlocked by accident).

My obvious concern is that the extension becomes quite insecure if I let someone else use my computer (could happen) as they can simply go to any website I use and quickly reveal my password without doing anything more than clicking on the extension. My computer is always password protected, but notwithstanding, this issue is a bit like having a super secure lock that always has the key left in it.

Let me know if I can do anything to help reproduce or debug--unfortunately I have only very rudimentary programming experience and even less knowledge of the inner workings of Chrome extensions.

Any chance to have support for RDF import & export? I have way too many different accounts each with variable username, non-standard URL, multiple accounts on same site, etc... Basically the "Advanced Options" of the FireFox PasswordMaker extension... Got to use it to its full potential :-)

Hello
I'm opening a new issue since I don't see a way to file a feature request.

I was recently introduced to PasswordMaker Pro and I liked it since it seems very well designed. Unfortunately I use Opera instead of Chromium, and it doesn't have any such extension. On the PasswordMaker forums [1] it was suggested that there was little to no difference between Chromium and Opera extensions, hence my inquiry:

Do you have any plans to additionally provide PasswordMaker Pro as an Opera extension?

[1] http://forums.passwordmaker.org/index.php/topic,1749.0.html

Some hashing algorithms support using multiple encryption rounds where the generated hash is used as a salt in order to create a new hash and the process is repeated, say, 5000 times. An example would be SHA-256 (at least according to php.net/crypt. I don't see why it wouldn't be possible with the other algorithms as well). This would increase computing power to prevent brute force attacks in the case that anyone was ever able to obtain your encrypted password.

copied from issue #8

Make it possible to translate the text in the plugin

When typing in your password, the first password box is automatically active, but pressing the tab key no longer switches to the 2nd password box and one needs to click it manually with the mouse.

Sometimes the passwordmaker opup only appears after clicking 1-3 times, using Chromium 10.0.623.0 (70185), seen this on other builds as well, on OS X 10.6.5.

It would be really nice to get the password on the clipboard as soon as one clicks the password-maker icon. I like to keep my password hidden and this would ensure I never need to peek into it.

I noticed you use a single SHA-256 hash. Try to chain various methods, and use seeds.

Example:
hash = sha256(password + seed)
for 1 to 16:
hash = sha256(hash + seed)
hash = sha1(hash + seed)
hash = md5(hash + seed)
hash = md4(hash + seed)

This makes cracking it much harder, as both dictionary and rainbow table attacks are rendered useless. Plus brute force attacks will take many many times longer. Also, speed shouldn't be a problem, as even old computers can hash thousands of times per second.

RFE: Add a global option so that users can choose if they should type the master password once or twice.

I use a custom character set with the other PasswordMaker extensions (Firefox and the earlier Chrome one), but it looks like this extension only allows me to choose from a list of canned character sets.

Use context menu to fill form

https://developer.chrome.com/extensions/contextMenus

Is there a hotkey/coolkey to populate the password?

The URL components are quite powerful right now.

Extract path as a separate component
Extract port as a separate component

Optionally, arbitrary Reg-exp support

Would it be possible to synchronize settings between computers using the Chrome storage API? (http://code.google.com/chrome/extensions/trunk/storage.html)

Currently, I have separate profiles from some sensitive (mostly banking) sites. When a site requests a password change I update the modifier in the profile, but have to remember to do the same for every computer the extension is installed on. Synchronizing the settings would solve that. The downside is that the data is stored unencrypted, so it's a potential security issue.

Menu not completely, please fix.
http://min.us/mJEZYVaR5#1o
0.2.1 version no problem.
Browser versions: chrome 17.0.963.46 beta-m
chrome 16 Stable version have also experienced this problem.

Migrate this script:

http://github.com/neelance/chrome_password_maker/blob/master/content_script.js

into this chrome passwordmaker

Sorry if I'm being dim...

I've set up passwords using MD5 12 characters. On a particular site I want to now change the password and I can't see how to do that! How do I generate a new password?

Thanks.

I'm being advised that SHA2 is a better algorithm to use than MD5 (the default) these days. There are three flavours available however:

SHA-256
HMAC-SHA-256
HMAC-SHA-256 Version 1.5.1

Which one is best / advised? And any news on using the new SHA3?

Or any other view on the algorithm to use...?

Thanks

Currently, when creating a new profile, its settings always start with some hard coded default. I set my default encryption algo to SHA-256, for example. All new profiles should adopt the same default.

Not sure if this would constitute "intuitive" behavior, but it's what I expected from the extension.

Good job thus far :)

I have a RDF that I imported from Firefox. All of the settings appeared to import successfully. But when I enter in my master password, the generated password is blank.

Here is what I see

1. I start typing in the master password.
2. immediately the password & confirm password & generated passwords turn red.
3. I complete type thing the master password & confirmation. The red goes away.
4. Under generated password, it's completely blank. I'd expect to see a password there.

I have a site that will not allow special characters in a password - how do I deal with that?

Thanks.

For a couple of my passwordmaker entries, I'm using a different domain string from the one used by the site itself. This is in cases where the site's domain has changed but I have not wanted to modify my password, or where authentication is through a provider on a different domain.

At present I can manually enter the domain along with my password each time I want to use passwordmaker for those sites, but storing the used text field would make this much easier.

Hi,

Is it possible to enable PMP to appear in pop-windows that are used for sign-in purposes? I had an example this morning:

The forum used by 'Sidewise' (Chrome extension) enables you to sign in via, for example, Google (and others), but this results in a pop-up to sign in to Google. Under those circumstances it isn't possible to use PMP at all, as the pop-up loses focus as soon as you click on the toolbar icon.

So we either need right click menu access or the icon in pop-ups.

Thanks.

Thanks for answering the question on special characters. Managed to suss that out for myself :)

Says in the text here somewhere that there is no active development on this extension.

1. Are you maintaining it? I.E bug fixing?
2. Are you open to feature requests or not?

Haven't been using it long but it seems excellent, so thanks.

For instance: https://servicing.capitalone.com/c1/login.aspx

This may be due to the fact that the password field is within an iframe on that page.

A recent change (in chrome perhaps?) means I can't tab from one master-password field to the next anymore, have to use the mouse. While we're messing with keyboard bindings, can we have 'enter' bound to 'fill fields'?

The Chrome extension generates different passwords from http://passwordmaker.org/passwordmaker.html and the PasswordMaker Pro Android app with what appear to be the same settings:

URL components: Domain
Use l33t: Not at all
Hash algorithm: MD5
Password length: 8
Characters: Alpha Number Symbols - ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`~!@#$%^&*()_-+={}|[]:";'<>?,./

The other two methods generate the same passwords. Is there a setting I've missed in the Chrome extension somewhere to get it to generate the same passwords or some other difference? Thanks in advance!

It would be very useful to have a password strenght indicator like in the FF plugin.

In FF I used the password strenght indicator combined with the 'importance' of the site to adjust the settings if needed, i.e. create a custom account.

Example: for a 'simple' login, I might use the default settings. For a banking site, I would want to make sure that the password strenght is near maximum and would adjust the custom settings to make sure it was.

Of course, this would also mean that the 'custom account' form would need the option to enter your master password (without saving) and possibly a (again unsaved) 'generated password' non-editable field.
That way when you create a new account you can easily adjust the settings to optimize password strenght.

Again: this is totally similar to what the FF plugin already does.

Thank you for creating this plugin for Chrome. I would like a checkbox added (off by default), such that I only have to enter the master password once. The Firefox plugin has this same feature, so please consider it for your Chrome plugin.

It seems with the latest release that fixed the right side being cut off: When you enter your password on the first line and press tab the next textbox does not receive focus. If you click on the first textbox then tab it works correct.

I created a Yahoo profile for yahoo.com flickr.com was checking to see if it would keep the existing pw if I added a new top level domain. I was hoping yes as I can see new domains using yahoo pw, etc. Well it didn't even use the same password even before I changed the "Use with Sites" when going from yahoo.com to flickr.com! Seams to be missing the export of settings for synching across systems too. This looks very promising though! Maybe a few more versions and I can make the switch. Thanks, Jeff
.

The top built-in option in the "Characters" dropdown appears at first glance to be the same as the top option in the passwordmaker.org web UI, but it is subtly different: it is missing the backslash character right before the colon. This can cause hair-pulling when trying to figure out why different passwords are generated by the web UI vs PasswordMakerPro when using that Characters setting.

Thanks for a great extension!

Everything is on that video below:
http://www.youtube.com/watch?v=_R-lLYS766A

Sometimes generates wrong password for the first time. I have to close popup window, open it, and enter password again.

Open the PasswordMaker is no cursor.
http://imageshack.us/photo/my-images/341/20120329001.png/

Need to click.
http://imageshack.us/photo/my-images/692/20120329002.png/

please fix.

System:Windows 7
Browser versions: 18.0.1025.142 m

Not have this problem in the chrome 17 Stable version.