Re: MASTER PASSWORD OVER KILL !

[Phillip Jones]

John Doue wrote:
On 5/17/2010 3:37 AM, Bill Davidsen wrote:
JOLAN1 wrote:
Aloha!
There is something very wrong with SeaMonkey 2.04, or my installation
is somehow badly screwed up! Initially, it asked for our Master
Password at logon, which I disabled in about:config. But...
subsequently, it asks for the Master Password when: downloading e-
mail, accessing any one of our credit accounts, accessing banking
accounts, making auto payments, paying for our internet service, on
and on, even wants a Master Password to get on MozzilaZine !!! Real
bother and we're using Master Password so often...might as well not
have one.

If you don't want MP protection turn it off. I don't know what you
messed with in config, but the way you disable that is to set it to an
empty string.

This past week, we had to hire a temporary book keeper because ours
was out sick. The first day we had to be out of the office; came back
to find one very frustrated woman! She couldn't access anything she
need to on the internet because she didn't have the Master Password.
Cost me $$ for the day -- upsetting, to say the least.

Yes, if you had just disabled your MP then the temp could have stolen
every passwork in the machine. Or do you totally trust your temps?

All our accounts are user name/password protected. Adding the Master
Password is overkill, useless and absurd. I've told everyone to
uninstall 2.04 and put 1.18 back on until we can get some fix for
this.

There is nothing to fix other than your understanding of the correct usage.

Is there any way to disable all these requests for a Master
Password ???

I've mentioned it here, others have posted it, if you want it off, turn
it off. You now have zero security. Anyone can view all the saved
passwords in clear. Setting the "ask me later" config works fine, as
long as you have an idea what "ask me later" implies.

Another issue I've been seeing recently is that 2.04 starts slowing
down the longer I've been on the Internet, to the point that it can't
connect to web sites, like Yahoo News, for example. Tried shutting
down and restarting, same issue.
Meanwhile, 1.1.18 works like a charm...all the time.

For values of charm mapping to "with no security."

BTW: the correct way to do this is to have a profiles for temps, having
only the passwords they need, and have an employee enter the MP so the
temps can't use it to view passwords. Giving a temp MP or running
without one is utterly unsafe.

If SM has a fault it's that there is no way to have a "sub-master"
password to use the information but not view it.

I have followed with a lot of interest this thread, but it seems to me,
the 1.1.19 behavior is what most users regret, I included. The setting
signon.startup.prompt does not work for me. Neither the setting "only
when it is needed". SM2 (2.04) requires it immediately after launching
in Browser mode. And my default page, Yahoo.com, does not require a
password.

IMHO, the master password should not be requested before it is *really*
needed, but SM2 understanding of "when it is needed" baffles me: just
launched the browser in SM2 should not meet that criteria, until you
want to get into a site that requires a password.

Am I oversimplifying things?
You have three choices

The first us the best:
The first time its needed which as soon as you open SM it ask for Master 
password. If your using SM why would you need set otherwise.

The second is for the paranoid in us. Ever time its needed -- every time 
you go to a site needing a password including first time you open SM

then:

If it has not been used within .... you choose the time.

--
Phillip M. Jones, C.E.T.        "If it's Fixed, Don't Break it"
http://www.phillipmjones.net        mailto:pjon...@kimbanet.com
_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey