Re: MASTER PASSWORD OVER KILL !
John Doue wrote: On 5/17/2010 3:37 AM, Bill Davidsen wrote: JOLAN1 wrote: Aloha! There is something very wrong with SeaMonkey 2.04, or my installation is somehow badly screwed up! Initially, it asked for our Master Password at logon, which I disabled in about:config. But... subsequently, it asks for the Master Password when: downloading e- mail, accessing any one of our credit accounts, accessing banking accounts, making auto payments, paying for our internet service, on and on, even wants a Master Password to get on MozzilaZine !!! Real bother and we're using Master Password so often...might as well not have one. If you don't want MP protection turn it off. I don't know what you messed with in config, but the way you disable that is to set it to an empty string. This past week, we had to hire a temporary book keeper because ours was out sick. The first day we had to be out of the office; came back to find one very frustrated woman! She couldn't access anything she need to on the internet because she didn't have the Master Password. Cost me $$ for the day -- upsetting, to say the least. Yes, if you had just disabled your MP then the temp could have stolen every passwork in the machine. Or do you totally trust your temps? All our accounts are user name/password protected. Adding the Master Password is overkill, useless and absurd. I've told everyone to uninstall 2.04 and put 1.18 back on until we can get some fix for this. There is nothing to fix other than your understanding of the correct usage. Is there any way to disable all these requests for a Master Password ??? I've mentioned it here, others have posted it, if you want it off, turn it off. You now have zero security. Anyone can view all the saved passwords in clear. Setting the ask me later config works fine, as long as you have an idea what ask me later implies. Another issue I've been seeing recently is that 2.04 starts slowing down the longer I've been on the Internet, to the point that it can't connect to web sites, like Yahoo News, for example. Tried shutting down and restarting, same issue. Meanwhile, 1.1.18 works like a charm...all the time. For values of charm mapping to with no security. BTW: the correct way to do this is to have a profiles for temps, having only the passwords they need, and have an employee enter the MP so the temps can't use it to view passwords. Giving a temp MP or running without one is utterly unsafe. If SM has a fault it's that there is no way to have a sub-master password to use the information but not view it. I have followed with a lot of interest this thread, but it seems to me, the 1.1.19 behavior is what most users regret, I included. The setting signon.startup.prompt does not work for me. Neither the setting only when it is needed. SM2 (2.04) requires it immediately after launching in Browser mode. And my default page, Yahoo.com, does not require a password. You are totally right, it used to work perfectly, now it sucks. It's fine if you have one and only one user who has the password, but NG if you want to let someone use the browser for something. Ideally there would be TWO passwords, one to use (but not view) saved passwords, and one which does what the current MP is doing. IMHO, the master password should not be requested before it is *really* needed, but SM2 understanding of when it is needed baffles me: just launched the browser in SM2 should not meet that criteria, until you want to get into a site that requires a password. Why is this so broken? I have asked and gotten two answers: 1 - it's better this way (as in less secure and clumsey to use being better?) 2 - that's the way the people at Firefox want it and we're not allowed to change how it works. Am I oversimplifying things? You are assuming that the problem is technical rather than political. I don't know if that's oversimplifying things or not. -- Bill Davidsen david...@tmr.com We have more to fear from the bungling of the incompetent than from the machinations of the wicked. - from Slashdot ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
John Doue wrote: On 5/17/2010 3:37 AM, Bill Davidsen wrote: JOLAN1 wrote: Aloha! Snip IMHO, the master password should not be requested before it is *really* needed, but SM2 understanding of when it is needed baffles me: just launched the browser in SM2 should not meet that criteria, until you want to get into a site that requires a password. Am I oversimplifying things? I have SM set-up to open in the Mail Newsgroup pageand the first thing it then goes and does is get my mail, which requires my mail account password.which would require my entering my master password, if I used one. So I'm guessing all those who open into just the Mail Newsgroup screen or into the Browser Screen AND the Mail Newsgroup screens would have the same situation. Not sure about a Browser Only set-up! Daniel ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
On 5/18/2010 3:44 PM, Daniel wrote: John Doue wrote: On 5/17/2010 3:37 AM, Bill Davidsen wrote: JOLAN1 wrote: Aloha! Snip IMHO, the master password should not be requested before it is *really* needed, but SM2 understanding of when it is needed baffles me: just launched the browser in SM2 should not meet that criteria, until you want to get into a site that requires a password. Am I oversimplifying things? I have SM set-up to open in the Mail Newsgroup pageand the first thing it then goes and does is get my mail, which requires my mail account password.which would require my entering my master password, if I used one. So I'm guessing all those who open into just the Mail Newsgroup screen or into the Browser Screen AND the Mail Newsgroup screens would have the same situation. Not sure about a Browser Only set-up! Daniel It does make sense to be asked for the master password if you launch the Mail UI first. Not my case. Personally, I only launch the Browser interface and open only later the Mail UI when I need it. -- John Doue ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
John Doue wrote: On 5/18/2010 3:44 PM, Daniel wrote: John Doue wrote: On 5/17/2010 3:37 AM, Bill Davidsen wrote: JOLAN1 wrote: Aloha! Snip IMHO, the master password should not be requested before it is *really* needed, but SM2 understanding of when it is needed baffles me: just launched the browser in SM2 should not meet that criteria, until you want to get into a site that requires a password. Am I oversimplifying things? I have SM set-up to open in the Mail Newsgroup pageand the first thing it then goes and does is get my mail, which requires my mail account password.which would require my entering my master password, if I used one. So I'm guessing all those who open into just the Mail Newsgroup screen or into the Browser Screen AND the Mail Newsgroup screens would have the same situation. Not sure about a Browser Only set-up! Daniel It does make sense to be asked for the master password if you launch the Mail UI first. Not my case. Personally, I only launch the Browser interface and open only later the Mail UI when I need it. Ask for Master on first requirement only got broken somehow back in the 1.1.x series (sometime between 1.1.16 and 1.1.17, I think...I'm not sure exactly when). I launch SM with Browser only, and I have SM Mail set up not to look for new messages unless I do it manually - that's the way I've been set up for a few years, and it used to work like the dialog said...but now... I don't get the request for my Master on startup or on opening SM Mail, but I do get it at seemingly random times. Both with 1.1.19 and 2.0.4...most frustrating is when I'm in the middle of a download - SM just freezes and I can't enter anything...I have to Force Quit SM and relaunch. -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
On 5/17/2010 3:37 AM, Bill Davidsen wrote: JOLAN1 wrote: Aloha! There is something very wrong with SeaMonkey 2.04, or my installation is somehow badly screwed up! Initially, it asked for our Master Password at logon, which I disabled in about:config. But... subsequently, it asks for the Master Password when: downloading e- mail, accessing any one of our credit accounts, accessing banking accounts, making auto payments, paying for our internet service, on and on, even wants a Master Password to get on MozzilaZine !!! Real bother and we're using Master Password so often...might as well not have one. If you don't want MP protection turn it off. I don't know what you messed with in config, but the way you disable that is to set it to an empty string. This past week, we had to hire a temporary book keeper because ours was out sick. The first day we had to be out of the office; came back to find one very frustrated woman! She couldn't access anything she need to on the internet because she didn't have the Master Password. Cost me $$ for the day -- upsetting, to say the least. Yes, if you had just disabled your MP then the temp could have stolen every passwork in the machine. Or do you totally trust your temps? All our accounts are user name/password protected. Adding the Master Password is overkill, useless and absurd. I've told everyone to uninstall 2.04 and put 1.18 back on until we can get some fix for this. There is nothing to fix other than your understanding of the correct usage. Is there any way to disable all these requests for a Master Password ??? I've mentioned it here, others have posted it, if you want it off, turn it off. You now have zero security. Anyone can view all the saved passwords in clear. Setting the ask me later config works fine, as long as you have an idea what ask me later implies. Another issue I've been seeing recently is that 2.04 starts slowing down the longer I've been on the Internet, to the point that it can't connect to web sites, like Yahoo News, for example. Tried shutting down and restarting, same issue. Meanwhile, 1.1.18 works like a charm...all the time. For values of charm mapping to with no security. BTW: the correct way to do this is to have a profiles for temps, having only the passwords they need, and have an employee enter the MP so the temps can't use it to view passwords. Giving a temp MP or running without one is utterly unsafe. If SM has a fault it's that there is no way to have a sub-master password to use the information but not view it. I have followed with a lot of interest this thread, but it seems to me, the 1.1.19 behavior is what most users regret, I included. The setting signon.startup.prompt does not work for me. Neither the setting only when it is needed. SM2 (2.04) requires it immediately after launching in Browser mode. And my default page, Yahoo.com, does not require a password. IMHO, the master password should not be requested before it is *really* needed, but SM2 understanding of when it is needed baffles me: just launched the browser in SM2 should not meet that criteria, until you want to get into a site that requires a password. Am I oversimplifying things? -- John Doue ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
John Doue wrote: On 5/17/2010 3:37 AM, Bill Davidsen wrote: JOLAN1 wrote: Aloha! There is something very wrong with SeaMonkey 2.04, or my installation is somehow badly screwed up! Initially, it asked for our Master Password at logon, which I disabled in about:config. But... subsequently, it asks for the Master Password when: downloading e- mail, accessing any one of our credit accounts, accessing banking accounts, making auto payments, paying for our internet service, on and on, even wants a Master Password to get on MozzilaZine !!! Real bother and we're using Master Password so often...might as well not have one. If you don't want MP protection turn it off. I don't know what you messed with in config, but the way you disable that is to set it to an empty string. This past week, we had to hire a temporary book keeper because ours was out sick. The first day we had to be out of the office; came back to find one very frustrated woman! She couldn't access anything she need to on the internet because she didn't have the Master Password. Cost me $$ for the day -- upsetting, to say the least. Yes, if you had just disabled your MP then the temp could have stolen every passwork in the machine. Or do you totally trust your temps? All our accounts are user name/password protected. Adding the Master Password is overkill, useless and absurd. I've told everyone to uninstall 2.04 and put 1.18 back on until we can get some fix for this. There is nothing to fix other than your understanding of the correct usage. Is there any way to disable all these requests for a Master Password ??? I've mentioned it here, others have posted it, if you want it off, turn it off. You now have zero security. Anyone can view all the saved passwords in clear. Setting the ask me later config works fine, as long as you have an idea what ask me later implies. Another issue I've been seeing recently is that 2.04 starts slowing down the longer I've been on the Internet, to the point that it can't connect to web sites, like Yahoo News, for example. Tried shutting down and restarting, same issue. Meanwhile, 1.1.18 works like a charm...all the time. For values of charm mapping to with no security. BTW: the correct way to do this is to have a profiles for temps, having only the passwords they need, and have an employee enter the MP so the temps can't use it to view passwords. Giving a temp MP or running without one is utterly unsafe. If SM has a fault it's that there is no way to have a sub-master password to use the information but not view it. I have followed with a lot of interest this thread, but it seems to me, the 1.1.19 behavior is what most users regret, I included. The setting signon.startup.prompt does not work for me. Neither the setting only when it is needed. SM2 (2.04) requires it immediately after launching in Browser mode. And my default page, Yahoo.com, does not require a password. IMHO, the master password should not be requested before it is *really* needed, but SM2 understanding of when it is needed baffles me: just launched the browser in SM2 should not meet that criteria, until you want to get into a site that requires a password. Am I oversimplifying things? You have three choices The first us the best: The first time its needed which as soon as you open SM it ask for Master password. If your using SM why would you need set otherwise. The second is for the paranoid in us. Ever time its needed -- every time you go to a site needing a password including first time you open SM then: If it has not been used within you choose the time. -- Phillip M. Jones, C.E.T.If it's Fixed, Don't Break it http://www.phillipmjones.netmailto:pjon...@kimbanet.com ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
JOLAN1 wrote: Aloha! There is something very wrong with SeaMonkey 2.04, or my installation is somehow badly screwed up! Initially, it asked for our Master Password at logon, which I disabled in about:config. But... subsequently, it asks for the Master Password when: downloading e- mail, accessing any one of our credit accounts, accessing banking accounts, making auto payments, paying for our internet service, on and on, even wants a Master Password to get on MozzilaZine !!! Real bother and we're using Master Password so often...might as well not have one. If you don't want MP protection turn it off. I don't know what you messed with in config, but the way you disable that is to set it to an empty string. This past week, we had to hire a temporary book keeper because ours was out sick. The first day we had to be out of the office; came back to find one very frustrated woman! She couldn't access anything she need to on the internet because she didn't have the Master Password. Cost me $$ for the day -- upsetting, to say the least. Yes, if you had just disabled your MP then the temp could have stolen every passwork in the machine. Or do you totally trust your temps? All our accounts are user name/password protected. Adding the Master Password is overkill, useless and absurd. I've told everyone to uninstall 2.04 and put 1.18 back on until we can get some fix for this. There is nothing to fix other than your understanding of the correct usage. Is there any way to disable all these requests for a Master Password ??? I've mentioned it here, others have posted it, if you want it off, turn it off. You now have zero security. Anyone can view all the saved passwords in clear. Setting the ask me later config works fine, as long as you have an idea what ask me later implies. Another issue I've been seeing recently is that 2.04 starts slowing down the longer I've been on the Internet, to the point that it can't connect to web sites, like Yahoo News, for example. Tried shutting down and restarting, same issue. Meanwhile, 1.1.18 works like a charm...all the time. For values of charm mapping to with no security. BTW: the correct way to do this is to have a profiles for temps, having only the passwords they need, and have an employee enter the MP so the temps can't use it to view passwords. Giving a temp MP or running without one is utterly unsafe. If SM has a fault it's that there is no way to have a sub-master password to use the information but not view it. -- Bill Davidsen david...@tmr.com We have more to fear from the bungling of the incompetent than from the machinations of the wicked. - from Slashdot ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
S. Beaulieu wrote: Rufus a écrit : and having all your passwords in such a convenient location and NOT using a strong Master is just begging for trouble. Agreed. But that,s only IF you store your passwords in SM. Encryption or not, I don't trust any software with my passwords. I know them and type them every time. Thus, no master password is necessary. What would it protect? That's one case I can think of where a null password makes sense. I'm sure there are others. S. I guess if you're not storing anything at all it's ALL null by default...which is just fine. I've been warned against using the password storage capabilities in browsers by my IT security folks at work, and now that I know what's going on and how they actually work I'm becoming more and more inclined to agree with them...and you. -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
S. Beaulieu wrote: Rufus a écrit : I'm becoming more and more inclined to agree with them...and you. Oh, please don't use me as a source! I'm generally on the paranoid side of things! ^_^; S. ...just because you're paranoid don't mean you're always wrong! -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
Rufus a écrit : I'm becoming more and more inclined to agree with them...and you. Oh, please don't use me as a source! I'm generally on the paranoid side of things! ^_^; S. ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
MASTER PASSWORD OVER KILL !
Aloha! There is something very wrong with SeaMonkey 2.04, or my installation is somehow badly screwed up! Initially, it asked for our Master Password at logon, which I disabled in about:config. But... subsequently, it asks for the Master Password when: downloading e- mail, accessing any one of our credit accounts, accessing banking accounts, making auto payments, paying for our internet service, on and on, even wants a Master Password to get on MozzilaZine !!! Real bother and we're using Master Password so often...might as well not have one. This past week, we had to hire a temporary book keeper because ours was out sick. The first day we had to be out of the office; came back to find one very frustrated woman! She couldn't access anything she need to on the internet because she didn't have the Master Password. Cost me $$ for the day -- upsetting, to say the least. All our accounts are user name/password protected. Adding the Master Password is overkill, useless and absurd. I've told everyone to uninstall 2.04 and put 1.18 back on until we can get some fix for this. Is there any way to disable all these requests for a Master Password ??? --- Another issue I've been seeing recently is that 2.04 starts slowing down the longer I've been on the Internet, to the point that it can't connect to web sites, like Yahoo News, for example. Tried shutting down and restarting, same issue. Meanwhile, 1.1.18 works like a charm...all the time. ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
JOLAN1 wrote: Aloha! There is something very wrong with SeaMonkey 2.04, or my installation is somehow badly screwed up! Initially, it asked for our Master Password at logon, which I disabled in about:config. But... subsequently, it asks for the Master Password when: downloading e- mail, accessing any one of our credit accounts, accessing banking accounts, making auto payments, paying for our internet service, on and on, even wants a Master Password to get on MozzilaZine !!! Real bother and we're using Master Password so often...might as well not have one. This past week, we had to hire a temporary book keeper because ours was out sick. The first day we had to be out of the office; came back to find one very frustrated woman! She couldn't access anything she need to on the internet because she didn't have the Master Password. Cost me $$ for the day -- upsetting, to say the least. All our accounts are user name/password protected. Adding the Master Password is overkill, useless and absurd. I've told everyone to uninstall 2.04 and put 1.18 back on until we can get some fix for this. Is there any way to disable all these requests for a Master Password ??? Interesting... I downloaded the first off version of 2.x back when it was only a few days old. Your experience mirrors what I found, and essentially everybody passes that off as ‘not a problem.’ Well, I thought it WAS a problem, so I promptly dumped SM 2.x and want back to 1.1.18, where I am now. I swore I would not return to any SM 2.x version until someone fixed that nasty annoyance. It seems that so far they haven’t... Thanks for the heads up, keith ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
Keith Whaley a écrit : I swore I would not return to any SM 2.x version until someone fixed that nasty annoyance. It seems that so far they haven’t... Because no fix is needed since everything works as it's meant to. To stop the successive requests, simply change the master password to nothing (i.e. leave the field empty). S. ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
S. Beaulieu wrote: Keith Whaley a écrit : I swore I would not return to any SM 2.x version until someone fixed that nasty annoyance. It seems that so far they haven’t... Because no fix is needed since everything works as it's meant to. To stop the successive requests, simply change the master password to nothing (i.e. leave the field empty). S. ...man, do I hate the thought of that working - and I know it does...especially since we're talking about a business here. Scary... -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
Rufus a écrit : Because no fix is needed since everything works as it's meant to. To stop the successive requests, simply change the master password to nothing (i.e. leave the field empty). S. ...man, do I hate the thought of that working - and I know it does...especially since we're talking about a business here. Scary... Why? To change the master password to nothing, you need to know the old master password. You can't just cancel it like that. And business or not, if someone doesn't want to use a master password, that's the only way to do it. Either you use it or you don't. You can't have it both ways. S. ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
S. Beaulieu wrote: Rufus a écrit : Because no fix is needed since everything works as it's meant to. To stop the successive requests, simply change the master password to nothing (i.e. leave the field empty). S. ...man, do I hate the thought of that working - and I know it does...especially since we're talking about a business here. Scary... Why? To change the master password to nothing, you need to know the old master password. You can't just cancel it like that. And business or not, if someone doesn't want to use a master password, that's the only way to do it. Either you use it or you don't. You can't have it both ways. S. I use a master password all the time in all the Browsers I have that use such. Although I am the only person in my household that even knows how to turn a computer on. On occasion (rare) I travel. and also I live in a rather run down neighborhood and a community that is losing jobs left and right. If someone breaks into my Home and steals my computers(s) I don't want to make it easy to get in and steal my information. Anyone that doesn't use a Master Password is playing with fire. -- Phillip M. Jones, C.E.T.If it's Fixed, Don't Break it http://www.phillipmjones.netmailto:pjon...@kimbanet.com ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
Interviewed by CNN on 13/5/2010 20:38, Phillip Jones told the world: I use a master password all the time in all the Browsers I have that use such. Although I am the only person in my household that even knows how to turn a computer on. On occasion (rare) I travel. and also I live in a rather run down neighborhood and a community that is losing jobs left and right. If someone breaks into my Home and steals my computers(s) I don't want to make it easy to get in and steal my information. Anyone that doesn't use a Master Password is playing with fire. An option is to use the Seamonkey password manager only for unimportant stuff and an external password manager (like Roboform or Keepass) for the critical stuff. Then you can leave Seamonkey set at a lower-security level (such as ask for master password only on the first time it's needed, or even with no master password if it's really unimportant stuff) and still keep your critical passwords safe. -- MCBastos This message has been protected with the 2ROT13 algorithm. Unauthorized use will be prosecuted under the DMCA. -=-=- ... Don't drink water. Fish make love in it. *Added by TagZilla 0.066.2 running on Seamonkey 2.0.4 * Get it at http://xsidebar.mozdev.org/modifiedmailnews.html#tagzilla ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
With patience akin to a cat's, JOLAN1, on 5/13/2010 7:44 AM typed: Aloha! There is something very wrong with SeaMonkey 2.04, or my installation is somehow badly screwed up! Initially, it asked for our Master Password at logon, which I disabled in about:config. Just to clarify, the pref of which you're speaking is signon.startup.prompt and is set to false--correct? This setting prevents SM from requesting the master password at startup (or logon). Works as expected with my setup of SM 2.0.4. But... subsequently, it asks for the Master Password when: downloading e- mail, accessing any one of our credit accounts, accessing banking accounts, making auto payments, paying for our internet service, on and on, even wants a Master Password to get on MozzilaZine !!! Real bother and we're using Master Password so often...might as well not have one. First, given that you're using SM in a business situation, you *definitely* need a master password if you're having SM store passwords to websites and accounts--*something* must be in place to encrypt stored passwords. I'd strongly recommend you make an MP a necessary security tool. If you are *not* using SM to store passwords, then an MP probably isn't necessary, since there is nothing there for it to encrypt or protect. Second, please check your master password settings in SM, under the following menu steps: Edit | Preferences | Privacy Security | Master Passwords. What is the setting for the Master Password Timeout section? The second option (Every time it is needed) may be ticked, given the program behavior you've described. I'd recommend the first option (The first time it is needed), and that *should* cause SM to behave accordingly. Please report back to the newsgroup with these settings so I or others can assist you further. This past week, we had to hire a temporary book keeper because ours was out sick. The first day we had to be out of the office; came back to find one very frustrated woman! She couldn't access anything she need to on the internet because she didn't have the Master Password. Cost me $$ for the day -- upsetting, to say the least. An unfortunate situation, but if it had been my business, I would have planned for the temp by making the MP available to her at the time she was working, and then changed it after her span of work was complete. Yes, all other employees would have had to been informed about the MP change afterword, but the small amount of time required to do this outweighs, IMO, the very real security risks otherwise. All our accounts are user name/password protected. Adding the Master Password is overkill, useless and absurd. Again, ONLY if SeaMonkey is NOT being used to store passwords. If it is, a master password is a MUST, especially in a business. I've told everyone to uninstall 2.04 and put 1.18 back on until we can get some fix for this. Unwise: 1.1.18 is now months behind on security fixes and will become a detriment regarding web access in the near future. A fix should be doable without putting your business in an insecure state, browser-wise. [small snip] Another issue I've been seeing recently is that 2.04 starts slowing down the longer I've been on the Internet, to the point that it can't connect to web sites, like Yahoo News, for example. Tried shutting down and restarting, same issue. Meanwhile, 1.1.18 works like a charm...all the time. I'm using SM 2.0.4 on WinXP SP3 on a self-built AMD dual core PC, and I haven't experienced this behavior at all. More information is needed to troubleshoot this situation: What OS are you using? Is this happening on only one workstation? What extensions have you installed? Have you tried a new, clean profile (no extensions) to test? What other programs are being run at the same time as SM? With a little more info, hopefully the community can come together and help SM 2.0.4 work well for you and your business. Purrs -- -- /\ /\ | For push of nose, ^o o^D.K. Cat Kraft | for perseverance, -T- | there is nothing to beat a cat. ~ Lynnwood, WA | ___oOO___OOo___| -- Emily Carr ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
S. Beaulieu wrote: Rufus a écrit : Because no fix is needed since everything works as it's meant to. To stop the successive requests, simply change the master password to nothing (i.e. leave the field empty). S. ...man, do I hate the thought of that working - and I know it does...especially since we're talking about a business here. Scary... Why? To change the master password to nothing, you need to know the old master password. You can't just cancel it like that. And business or not, if someone doesn't want to use a master password, that's the only way to do it. Either you use it or you don't. You can't have it both ways. S. ...all I know is that is doesn't behave like I'd have expected it to, and I'm all confused now and don't trust whatever it does anymore...I certainly wouldn't want a null string as a password. But I guess that's just me... -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
D. K. Kraft wrote: With patience akin to a cat's, JOLAN1, on 5/13/2010 7:44 AM typed: Aloha! There is something very wrong with SeaMonkey 2.04, or my installation is somehow badly screwed up! Initially, it asked for our Master Password at logon, which I disabled in about:config. Just to clarify, the pref of which you're speaking is signon.startup.prompt and is set to false--correct? This setting prevents SM from requesting the master password at startup (or logon). Works as expected with my setup of SM 2.0.4. But... subsequently, it asks for the Master Password when: downloading e- mail, accessing any one of our credit accounts, accessing banking accounts, making auto payments, paying for our internet service, on and on, even wants a Master Password to get on MozzilaZine !!! Real bother and we're using Master Password so often...might as well not have one. First, given that you're using SM in a business situation, you *definitely* need a master password if you're having SM store passwords to websites and accounts--*something* must be in place to encrypt stored passwords. I'd strongly recommend you make an MP a necessary security tool. If you are *not* using SM to store passwords, then an MP probably isn't necessary, since there is nothing there for it to encrypt or protect. Second, please check your master password settings in SM, under the following menu steps: Edit | Preferences | Privacy Security | Master Passwords. What is the setting for the Master Password Timeout section? The second option (Every time it is needed) may be ticked, given the program behavior you've described. I'd recommend the first option (The first time it is needed), and that *should* cause SM to behave accordingly. Please report back to the newsgroup with these settings so I or others can assist you further. This past week, we had to hire a temporary book keeper because ours was out sick. The first day we had to be out of the office; came back to find one very frustrated woman! She couldn't access anything she need to on the internet because she didn't have the Master Password. Cost me $$ for the day -- upsetting, to say the least. An unfortunate situation, but if it had been my business, I would have planned for the temp by making the MP available to her at the time she was working, and then changed it after her span of work was complete. Yes, all other employees would have had to been informed about the MP change afterword, but the small amount of time required to do this outweighs, IMO, the very real security risks otherwise. All our accounts are user name/password protected. Adding the Master Password is overkill, useless and absurd. Again, ONLY if SeaMonkey is NOT being used to store passwords. If it is, a master password is a MUST, especially in a business. I've told everyone to uninstall 2.04 and put 1.18 back on until we can get some fix for this. Unwise: 1.1.18 is now months behind on security fixes and will become a detriment regarding web access in the near future. A fix should be doable without putting your business in an insecure state, browser-wise. [small snip] Another issue I've been seeing recently is that 2.04 starts slowing down the longer I've been on the Internet, to the point that it can't connect to web sites, like Yahoo News, for example. Tried shutting down and restarting, same issue. Meanwhile, 1.1.18 works like a charm...all the time. I'm using SM 2.0.4 on WinXP SP3 on a self-built AMD dual core PC, and I haven't experienced this behavior at all. More information is needed to troubleshoot this situation: What OS are you using? Is this happening on only one workstation? What extensions have you installed? Have you tried a new, clean profile (no extensions) to test? What other programs are being run at the same time as SM? With a little more info, hopefully the community can come together and help SM 2.0.4 work well for you and your business. Purrs -- Good words, D.K.! -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
Re: MASTER PASSWORD OVER KILL !
Phillip Jones wrote: S. Beaulieu wrote: Rufus a écrit : Because no fix is needed since everything works as it's meant to. To stop the successive requests, simply change the master password to nothing (i.e. leave the field empty). S. ...man, do I hate the thought of that working - and I know it does...especially since we're talking about a business here. Scary... Why? To change the master password to nothing, you need to know the old master password. You can't just cancel it like that. And business or not, if someone doesn't want to use a master password, that's the only way to do it. Either you use it or you don't. You can't have it both ways. S. I use a master password all the time in all the Browsers I have that use such. Although I am the only person in my household that even knows how to turn a computer on. On occasion (rare) I travel. and also I live in a rather run down neighborhood and a community that is losing jobs left and right. If someone breaks into my Home and steals my computers(s) I don't want to make it easy to get in and steal my information. Anyone that doesn't use a Master Password is playing with fire. I don't have to worry about other people in my household, but I DO worry about hackers, and about losing my laptop someplace - even though I use a Mac, I'm not convinced about any sort of immunity because of it. I always use a Master, and it's been one of my secondary - if not primary - reasons for using first Netscape and now SeaMonkey. Strong passwords are employed where they are for a reason...and having all your passwords in such a convenient location and NOT using a strong Master is just begging for trouble. -- - Rufus ___ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
