The main problem with password managers is not all devices support the
manager software. (Especially walled gardens like gaming consoles, Apple
products, etc)
- Greg
On 10/15/14, 12:49 PM, Chris Karlof wrote:
On Oct 3, 2014, at 6:54 PM, Ryan Feeley <[email protected]
<mailto:[email protected]>> wrote:
As its a hash of your master password, it's safe to increment your
master password by one as an exception.
It’s not clear to me what you’re proposing, but if you change your
master password in this scheme, it changes all your passwords. I just
want to change the password at one site and leave all the others the
same. You could start doing goofy things like Google5 -> Google6 for the
site name, but that defeats the elegance of it because now I need help
to remember all these additional numbers for all the sites.
At that point, why not just change the salt from Google ->
#$kjj1@asjk1jSJd@,c,.ajkdAS when I want to change the password?
Which requires a service to help me remember.
Which makes me wonder why you just don’t use a password manager with
randomly generated passwords.
-chris
Ryan Feeley – terse mobile edition
Product Designer, Identity
Mozilla UX
IRC: rfeeley
On Oct 3, 2014, at 7:49 PM, Chris Karlof <[email protected]
<mailto:[email protected]>> wrote:
On Oct 3, 2014, at 7:22 AM, Ryan Feeley <[email protected]
<mailto:[email protected]>> wrote:
I showed the password playground to a friend (and xoogler) yesterday
who was strongly opposed to us deploying this on anything but one
site (e.g. we should not make this available for other sites to use
as a service on the web). If sites starting linking to the
playground from their password manager, we would indirectly be
encouraging password reuse. He felt that people would just start
using the playground like a password generator entering the same
phrase everywhere.
He suggests that instead of a 1Password-style password manager, we
should instead be exploring a password generator not unlike:
https://oneshallpass.com/
or
http://www.supergenpass.com/mobile/
…which combines a phrase with the hostname and generates a strong
password, but doesn’t actually store passwords.
There are a upsides and downsides to this approach as it’s so
radically different, but I’m going to explore the idea of native
support in the browser, likely in some kind of Australis-menu item.
I agree you’d want to salt the passwords in some way. Doing based on
the domain has been proposed before, but it’s challenging. What if
you want to change the password for a single site?
-chris
Ryan Feeley
UX, Cloud Services
Mozilla UX
IRC: rfeeley
On Oct 2, 2014, at 12:24 PM, Jared Hirsch <[email protected]
<mailto:[email protected]>> wrote:
On Oct 2, 2014, at 8:28 AM, jgruen <[email protected]
<mailto:[email protected]>> wrote:
Here’s the prototype I built for intern Greg this
summer:http://people.mozilla.org/~jgruen/passwords/mnemonic/#mn-two
Ryan, your mockup shows color changing letters in a <textarea>,
whereas my prototype uses a second <div> to highlight first chars
of each substring. Off the top of my head, IDK how to implement
the color change directly in a <textarea>. I’m sure there’s a hack
out there somewhere, but I’m open to suggestions.
Here's an idea: instead of a textarea, you could use a sized div
with a solid border and contenteditable set to "true".
You could drop in some jQuery if you need it to be draggable-resizable.
Have fun :-)
Jared
JG
On Oct 1, 2014, at 6:19 PM, Chris Karlof <[email protected]
<mailto:[email protected]>> wrote:
Nick and Shane, also.
I’m thinking something very quick and dirty here. Maybe something
we can enable/disable with a feature toggle, or only show to a
small number of users to start.
-chris
On Oct 1, 2014, at 3:11 PM, Ryan Feeley <[email protected]
<mailto:[email protected]>> wrote:
Hi all,
I had a chat with Chris Karlof today about a tool to help users
create better passwords. Based on some early work I did, and
further development by Greg Norcie and John Gruen, I’m hoping we
can create a little wizard to do just that.
I created an issue which includes a link to the wireframes:
https://github.com/mozilla/fxa-content-server/issues/1732
This is something we can deploy for FxA but also eventually
offer to other sites on the web as a service (they can link or
use an iframe overlay).
Zaach and Vlad, is this something that’s possible for the next
two weeks?
Katie, we’d also like to track impressions and click-thrus. How
many people take advantage of a tool that helps them make a
better password when it’s available? (you might see where we’re
doing with this).
Take a look, and feedback appreciated (keep in mind I’d love to
keep it down to one screen though).
Ryan Feeley
UX, Cloud Services
Mozilla UX
IRC: rfeeley
_______________________________________________
Dev-fxacct mailing list
[email protected] <mailto:[email protected]>
https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________
Dev-fxacct mailing list
[email protected] <mailto:[email protected]>
https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________
Dev-fxacct mailing list
[email protected] <mailto:[email protected]>
https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________
Dev-fxacct mailing list
[email protected] <mailto:[email protected]>
https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
_______________________________________________
Dev-fxacct mailing list
[email protected]
https://mail.mozilla.org/listinfo/dev-fxacct
