Web lists-archives.com

Re: Password Manager opinions and recommendations




As I sometimes (often?) do, just commenting on a few points:

On Friday, March 30, 2018 04:39:05 AM der.hans wrote:
> Am 26. Mar, 2018 schwätzte Richard Hector so:
> > On 26/03/18 04:52, rhkramer@xxxxxxxxx wrote:

> We can add character set requirements and most sites now allow 30+
> characters, so they at least look random.

Good point, I hadn't really thought that one through--I thought maybe I'd 
generate an intentionally longer password and then just delete unallowable 
characters.  (Or maybe the "right size" password and then substitute (random) 
allowable characters for the unallowable characters.

I'm not sure what that would do to the cryptographic security if the 
passwords.
 
> >>    * a means to automatically update passwords on the target websites
> >>    (to
> >> 
> >> facilitate regular / frequent password changes)--this is probably a
> >> stretch--I mean something that would work its way through the various
> >> screens and prompts to change a password with a minimum of manual
> >> intervention by me
> > 
> > Difficult. That would have to be scripted for each website etc, wouldn't
> > it?
> 
> Many of the KeePass* tools support auto-type which will send a sequence to
> the browser. The sequence can use the default pattern or be customized.
> 
> I believe one of the commercial, proprietary tools offers to change all
> your passwords for you and uses a JavaScript client to do so, so perhaps
> there's already a model to replicate.

Hmm, if anybody can shed more light on that, I'd be interested--not sure I 
could make use of it in any quick fashion, but, if it exists, I'd like to 
learn more about it.
 
> I don't use auto-type, so haven't investigated beyond seeing that it's
> there. I have had multiple people report that it works well for them.