David E. Ross wrote:
On 4/26/2015 9:39 AM, Ray_Net wrote:
> Danny Kile wrote on 26/04/2015 16:59:
>> Danny Kile wrote:
>>> DoctorBill wrote:
>>>> Most all Username / Password entry boxes only show the Asterisk (*)
>>>> when
>>>> one enters the password.
>>>>
>>>> Is there something in SeaMonkey that one can toggle so that one sees
>>>> what one is actually entering ?
>>>>
>>>> I tuype so poooorly thet I meed tyu sea what I hab enterd.....
>>>>
>>>> DoktoeVill
>>>
>>>
>>> DoctorBill I have your solution take a look at the following program
>>>
>>> KeyPass2 here is the link: http://keepass.info/
>>>
>>> I use the program to keep all my passwords, you only have to remember
>>> one password to get into Keypass. From Keypass you can launch the
>>> website and the have it enter the username and password. The database
>>> file can be copied to another PC to use the password from another PC.
>>> There is also a Android App so you can use it from a cell phone. Check
>>> it out I have been using it for years.
I concur on using some sort of external password-keeping utility.
Personally, I do allow Seamonkey to remember some of my passwords, as a
convenience thing, but I consider KeePass to be my primary password store.
The thing about KeePass is that it offers a bunch of extra flexibility,
including the ability of doing password generation, with as much entropy
as you think you may need. Thus, nearly all of my passwords are ones
that are as long and as cryptic as I can get them.
Also, I really like the capacity of keeping free-form notes. With that,
I can log things such as previous passwords used, when I've changed
passwords, email address associated with password recovery mechanism,
and questions and answers for two-factor authentication. With the
latter, I have the ability of making sure I actually remember the
specific answers (e.g., for some questions, there may actually be
several possible answers), but with this, I can come up with nonsensical
answers. One other thing that I have done with KeePass was that when we
were seeing the problems with HeartBleed last year, I was able to track
which services were likely safe, and which needed password changes,
including being able to keep notes on whether or not a service had
updated its SSL cert (and I waited until cert changes, before changing
passwords).
>>
>>
>My preference is:http://passwordsafe.sourceforge.net/
>
Ragarding both KeyPass2 and Password Safe: Are their password databases
local to my PC? Or are they on some external servers?
KeePass, definitely, and I'm pretty sure that Password Safe is, as well.
Both have been around since before cloud-based storage was in common
use. I haven't seen it, but I'm guessing that Dashlane also permits
that option.
With KeePass, there is a capacity for synchronization to a server, if
you want. Personally, I keep my primary copy of a KeePass on my primary
working laptop, but I synchronize a copy to a server in my LAN, so that
all the machines in my LAN have access to the content.
I'm actually not adverse to recommending LastPass. I know that that one
does presume server-based access and synchronization (and initial setup
requires creation of a user ID and password on a LastPass server), and I
don't like that. But as far as I'm aware, I believe that you can do
things where you don't have to sync with the server, and LastPass
documentation indicates that it's fully functional, without having to
have access to a server.
To me, there's two reasons to avoid a server. One is in not being
reliant on a server copy, so that you have have access to your stuff, if
you can't get the server (e.g., no Internet access, server not
available, etc.), and that's an issue with any kind of cloud-based
service (particularly backups). The other is a question of whether you
trust the encryption processes well enough to store on somebody else's
hardware.
With LastPass, my inclination is that it's sufficiently zero-knowledge
that saving on a server is safe enough. Thus, for non-technical end
users that often get tripped up on user interfaces in open source
projects, I will sometimes point them to LastPass, as a way of getting
them to use a password manager.
At this point, the topic has strayed far enough from specifics of
Seamonkey, that I'm going to cross-post to mozilla.general and set
follow-ups to go there.
Smith
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
