On Oct 3, 2014, at 6:54 PM, Ryan Feeley <[email protected]> wrote:
> As its a hash of your master password, it's safe to increment your master > password by one as an exception. It’s not clear to me what you’re proposing, but if you change your master password in this scheme, it changes all your passwords. I just want to change the password at one site and leave all the others the same. You could start doing goofy things like Google5 -> Google6 for the site name, but that defeats the elegance of it because now I need help to remember all these additional numbers for all the sites. At that point, why not just change the salt from Google -> #$kjj1@asjk1jSJd@,c,.ajkdAS when I want to change the password? Which requires a service to help me remember. Which makes me wonder why you just don’t use a password manager with randomly generated passwords. -chris > Ryan Feeley – terse mobile edition > Product Designer, Identity > Mozilla UX > IRC: rfeeley > > On Oct 3, 2014, at 7:49 PM, Chris Karlof <[email protected]> wrote: > >> >> On Oct 3, 2014, at 7:22 AM, Ryan Feeley <[email protected]> wrote: >> >>> I showed the password playground to a friend (and xoogler) yesterday who >>> was strongly opposed to us deploying this on anything but one site (e.g. we >>> should not make this available for other sites to use as a service on the >>> web). If sites starting linking to the playground from their password >>> manager, we would indirectly be encouraging password reuse. He felt that >>> people would just start using the playground like a password generator >>> entering the same phrase everywhere. >>> >>> He suggests that instead of a 1Password-style password manager, we should >>> instead be exploring a password generator not unlike: >>> https://oneshallpass.com/ >>> or >>> http://www.supergenpass.com/mobile/ >>> …which combines a phrase with the hostname and generates a strong password, >>> but doesn’t actually store passwords. >>> >>> There are a upsides and downsides to this approach as it’s so radically >>> different, but I’m going to explore the idea of native support in the >>> browser, likely in some kind of Australis-menu item. >>> >> >> I agree you’d want to salt the passwords in some way. Doing based on the >> domain has been proposed before, but it’s challenging. What if you want to >> change the password for a single site? >> >> -chris >> >> >> >> >>> Ryan Feeley >>> UX, Cloud Services >>> Mozilla UX >>> IRC: rfeeley >>> >>> On Oct 2, 2014, at 12:24 PM, Jared Hirsch <[email protected]> wrote: >>> >>>> >>>> On Oct 2, 2014, at 8:28 AM, jgruen <[email protected]> wrote: >>>> >>>>> Here’s the prototype I built for intern Greg this >>>>> summer:http://people.mozilla.org/~jgruen/passwords/mnemonic/#mn-two >>>>> >>>>> Ryan, your mockup shows color changing letters in a <textarea>, whereas >>>>> my prototype uses a second <div> to highlight first chars of each >>>>> substring. Off the top of my head, IDK how to implement the color change >>>>> directly in a <textarea>. I’m sure there’s a hack out there somewhere, >>>>> but I’m open to suggestions. >>>> >>>> Here's an idea: instead of a textarea, you could use a sized div with a >>>> solid border and contenteditable set to "true". >>>> >>>> You could drop in some jQuery if you need it to be draggable-resizable. >>>> >>>> Have fun :-) >>>> >>>> Jared >>>> >>>> >>>>> >>>>> JG >>>>> >>>>> >>>>> On Oct 1, 2014, at 6:19 PM, Chris Karlof <[email protected]> wrote: >>>>> >>>>>> Nick and Shane, also. >>>>>> >>>>>> I’m thinking something very quick and dirty here. Maybe something we can >>>>>> enable/disable with a feature toggle, or only show to a small number of >>>>>> users to start. >>>>>> >>>>>> -chris >>>>>> >>>>>> >>>>>> >>>>>> On Oct 1, 2014, at 3:11 PM, Ryan Feeley <[email protected]> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> I had a chat with Chris Karlof today about a tool to help users create >>>>>>> better passwords. Based on some early work I did, and further >>>>>>> development by Greg Norcie and John Gruen, I’m hoping we can create a >>>>>>> little wizard to do just that. >>>>>>> >>>>>>> I created an issue which includes a link to the wireframes: >>>>>>> https://github.com/mozilla/fxa-content-server/issues/1732 >>>>>>> >>>>>>> This is something we can deploy for FxA but also eventually offer to >>>>>>> other sites on the web as a service (they can link or use an iframe >>>>>>> overlay). >>>>>>> >>>>>>> Zaach and Vlad, is this something that’s possible for the next two >>>>>>> weeks? >>>>>>> >>>>>>> Katie, we’d also like to track impressions and click-thrus. How many >>>>>>> people take advantage of a tool that helps them make a better password >>>>>>> when it’s available? (you might see where we’re doing with this). >>>>>>> >>>>>>> Take a look, and feedback appreciated (keep in mind I’d love to keep it >>>>>>> down to one screen though). >>>>>>> >>>>>>> Ryan Feeley >>>>>>> UX, Cloud Services >>>>>>> Mozilla UX >>>>>>> IRC: rfeeley >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev-fxacct mailing list >>>>>>> [email protected] >>>>>>> https://mail.mozilla.org/listinfo/dev-fxacct >>>>>> >>>>>> _______________________________________________ >>>>>> Dev-fxacct mailing list >>>>>> [email protected] >>>>>> https://mail.mozilla.org/listinfo/dev-fxacct >>>>> >>>>> _______________________________________________ >>>>> Dev-fxacct mailing list >>>>> [email protected] >>>>> https://mail.mozilla.org/listinfo/dev-fxacct >>> >>> _______________________________________________ >>> Dev-fxacct mailing list >>> [email protected] >>> https://mail.mozilla.org/listinfo/dev-fxacct >>
_______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
