Hi Dave,<div><br></div><div>Thanks for the feedback, it's all appreciated. I can see your point about people not trusting a website. After some other feedback regarding assuring provenance to users I'm in the process of changing the online version to run under an SSL connection. The Javascript code (yes it is in that) was run through an optimiser / obfuscater just whilst I was playing with it. I'm now thinking about replacing it with the original code and commenting it up so anyone can read it and see that there's no communication of passwords going on. Even if I was evil and attempted to collect the passwords and pins I wouldn't know who they were for or their usernames so I wouldn't get too far making my millions there :-)</div>
<div><br></div><div>I had thought about a browser extension a while back, but as I never use any promptly forgot about it! I have very limited knowledge on extensions, but I think I'm right in saying they are Javascript under the hood. So porting the code over should be fairly easy (the code for the webpage is far simpler than the app as it only has to do the basics).</div>
<div><br></div><div>I suppose the next decision would be Firefox or Chrome! Chrome is the most popular browser after IE, so I think that would be the best target.</div><div><br></div><div>Thanks again for the feedback</div>
<div><br></div><div>Les</div><div><br><div class="gmail_quote">On 18 July 2012 18:41, David Holden <span dir="ltr"><<a href="mailto:dh@iucr.org" target="_blank">dh@iucr.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Les gave it a try - very nice. But I'd be more likely to use it as an<br>
extension. The "online" version may be running locally (javascript?) but<br>
I think a user would be more confident he wasn't sharing his account<br>
password and key if it was an extension.<br>
<br>
<br>
Still the java app would be very worthwhile for sysadmins to share for<br>
their daily password needs.<br>
<br>
Cheers,<br>
<br>
Dave.<br>
<div class="im"><br>
<br>
On 18/07/12 12:51, Les Pritchard wrote:<br>
> Hi Mike,<br>
><br>
> Thanks for your thoughts. My problem was creating (or rather<br>
> remembering) a new unique pass phrase for each site. If you use some<br>
> form of pattern, once one is found an attacker would have more<br>
> information to attempt access to others I own. Using a hardware device<br>
> like the Yubikey is a nice idea and works well. Personally I wanted<br>
> something that would work on any system without the need for carrying<br>
> around additional hardware and would work on all smartphones.<br>
><br>
> Obviously it's all about finding a solution that works for you. You seem<br>
> to have it cracked with a nice solution. This app was something to solve<br>
> my own need and hopefully it will help some others too.<br>
><br>
> Thanks for looking<br>
><br>
> Les<br>
><br>
> On 18 July 2012 12:30, Michael Crilly <<a href="mailto:mrcrilly@gmail.com">mrcrilly@gmail.com</a><br>
</div><div class="im">> <mailto:<a href="mailto:mrcrilly@gmail.com">mrcrilly@gmail.com</a>>> wrote:<br>
><br>
> I'll give it a try at some point, Les. Personally I use a pass<br>
> phrase in my head (different ones for each service), combined with a<br>
> static string that my Yubikey outputs. Two factor authentication<br>
> with a physical aspect seems to be the best solution in my opinion.<br>
><br>
> - MTC<br>
><br>
> On 17 Jul 2012, at 13:49, Les Pritchard <<a href="mailto:les.pritchard@gmail.com">les.pritchard@gmail.com</a><br>
</div><div class="im">> <mailto:<a href="mailto:les.pritchard@gmail.com">les.pritchard@gmail.com</a>>> wrote:<br>
><br>
> > Hi all,<br>
> ><br>
> > I mentioned at the last LUG meet that I've been working on a small<br>
> > password manager app, well it's now available and it would be great if<br>
> > some of you could take a look and try it out. The big difference<br>
> > between this and the common 'password safe' type system is that this<br>
> > tool never saves any passwords, so there's no central location to be<br>
> > attacked or lost. It works by creating repeatable passwords for each<br>
> > set of variables (your common password, pin and the name of the<br>
> > account). Take a look at the website for more information about the<br>
</div>> > app and to download a copy - <a href="http://www.passeto.com" target="_blank">www.passeto.com</a> <<a href="http://www.passeto.com" target="_blank">http://www.passeto.com</a>>.<br>
<div class="im">> ><br>
> > There's a desktop app (Linux version of course!) and an online version<br>
> > for when you're on the move. I'm going to add some more features in<br>
> > the near future and hopefully produce a mobile app.<br>
> ><br>
> > Please take a look and email directly if you have any questions,<br>
> > feedback or feature requests! It's not Open Source (yet) but is free<br>
> > for all.<br>
> ><br>
> > Thanks<br>
> ><br>
> > Les<br>
> ><br>
> > _______________________________________________<br>
> > Chester mailing list<br>
</div>> > <a href="mailto:Chester@mailman.lug.org.uk">Chester@mailman.lug.org.uk</a> <mailto:<a href="mailto:Chester@mailman.lug.org.uk">Chester@mailman.lug.org.uk</a>><br>
<div class="im">> > <a href="https://mailman.lug.org.uk/mailman/listinfo/chester" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/chester</a><br>
><br>
> _______________________________________________<br>
> Chester mailing list<br>
</div>> <a href="mailto:Chester@mailman.lug.org.uk">Chester@mailman.lug.org.uk</a> <mailto:<a href="mailto:Chester@mailman.lug.org.uk">Chester@mailman.lug.org.uk</a>><br>
<div class="im HOEnZb">> <a href="https://mailman.lug.org.uk/mailman/listinfo/chester" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/chester</a><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Chester mailing list<br>
> <a href="mailto:Chester@mailman.lug.org.uk">Chester@mailman.lug.org.uk</a><br>
> <a href="https://mailman.lug.org.uk/mailman/listinfo/chester" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/chester</a><br>
><br>
<br>
</div><span class="HOEnZb"><font color="#888888">--<br>
Dr David Holden. (<a href="mailto:dh@iucr.org">dh@iucr.org</a>)<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
<br>
_______________________________________________<br>
Chester mailing list<br>
<a href="mailto:Chester@mailman.lug.org.uk">Chester@mailman.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/chester" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/chester</a><br>
</div></div></blockquote></div><br></div>