Password indirection using password-manager

Similar Messages

• I have installed oracle 10g in my winxp machine. i am using enterprise manager. i am not able to shutdown the system as it asks for os username and password. i have provided my os username and password but eerror persiste. somebody pls help me to get rid

  I have installed oracle 10g in my winxp machine. i am using enterprise manager. i am not able to shutdown the system as it asks for os username and password. i have provided my os username and password but eerror persiste. somebody pls help me to get rid of this.

  Here I am using Java Type IV for database
  connection.
  So,there was no necessity of creating DNS.How your app communicates with db shouldn't matter for the end user. Still, you may want to use a functional network name also for the thin client driver connection string.
  So,is there any other way to solve this problem.What is the problem really? Do you not use dns for network naming? Maybe you have to manage the hosts file on every client then.

• Using "Keychain Access" as a Password Manager

  Hello All,
  While searching for a secure, trustworthy password manager I started wondering why I couldn't just use Keychain Access built into the Mac OS.
  I've tried others and they're all nice in their own way but why not use what's already there?
  Any suggestions, concerns or gotchas are welcomed.
  Thanks in advance for your time.
  IAV

  You can also change the security settings on your keychain and/or create additional keychains. So you might have one keychain with especially secure settings for certain items and another with less secure settings for others. Moreover, you can adjust some settings for each item within a keychain, as well.
  Or you can do what I do which is set up several keychains and then render the whole system entirely pointless by saving the passwords in your original keychain because you are terrified you'll forget them otherwise... (I don't actually know why I set them up this way...)
  My login password is not my keychain password and my keychain locks after a minute, I require a password to wake from sleep/screensaver (though this does not always work properly) and sensitive items require re-entry of the keychain password anyway. So you can set things up so your keychain is more secure if you want to, at the price of some increased inconvenience.
  - cfr

• Do any versions of FF support the use of Lenovo's ThinkVantage Password Manager s/w and fingerprint scanner?

  Lenovo Edge 15" laptop running Windows 7 (64 bit) and using Thinkvantage Password Manager Ver 3.20.0330 and TouchStrip Fingerprint Sensor (UPEK).
  The password manager is to set to restrict logins to websites to fingerprint but when logging into websites I am not given the option to use the fingerprint reader -(the login info stored in the P/W manager is entered and login takes place). I have seen elsewhere that FF 3.6 has problems supporting this combination and wonder if any earlier versions of FF would be suitable or if FF 4 is likely to support it.
  Any help would be appreciated

  Kent1968
  I would recommend, if you have it set, to go to a restore point before you uninstalled the password manager version that did not give you a problem and not use the new version until this bug is resolved.
  If the fingerprint light is not showing up, then it is probably not limited to you and I hope Lenovo checks it out.
  Too bad the newer version seems to load slowly - I will check it out as well.
  jEdgar

• I use the older style firefox and cannot get the password manager to remember one of my passwords, how do I do this

  I use the older style Firefox browser and cannot get the password manager to remember one of my main site's password. how can I do this?

  The website may be using autocomplete=off to prevent Firefox from saving the name and password.
  You can remove autocomplete=off with a bookmarklet to make Firefox save the name and password.
  *http://kb.mozillazine.org/User_name_and_password_not_remembered

• Firefox stops working when I use the password manager on certain pages

  Hey.
  When I visit certain pages, Firefox will consistently crash. One of these pages for example is:
  betabrand.com
  The moment the password manager window jumps up, the window hangs and Firefox stops. It also happens randomly on other pages including
  gmail.com
  Sometimes, though not always, a script error will appear that says that googletag has stopped working. I don't know what that is and have tried debugging, stopping the script and just continuing. No real effect. Firefox still crashes after trying each in turn.
  Firefox will also crash if I try to access the options window.
  I have tried:
  1. uninstalling firefox and reinstalling fresh. No result.
  2. disabling all addons (addons I use are: addblock plus 2.6.5 - Clean Links 2.6.1.0 - Myibidder 1.3.7 and Web Of Trust 20131118). Firefox will function without crashing once I do this but I cannot identify whcih addon is causing the problem because it functions well on each occassion when I cycle through and disable them one by one.
  My system specs are:
  i7 @ 3.4g
  4gig ram
  Win7 32
  FF crashed while terying to install the troubleshooter addon.
  Thanks for any help.

  Do you have an ad blocker, firewall, or antivirus installed that may be blocking the google tag?
  [http://www.google.com/tagmanager/]
  We're sorry to hear that Firefox is crashing. In order to assist you better, please follow the steps below to provide us crash IDs to help us learn more about your crash.
  #Enter ''about:crashes'' in the Firefox address bar and press Enter. A Submitted Crash Reports list will appear, similar to the one shown below.
  #Copy the '''5''' most recent Report IDs that start with '''bp-''' and then go back to your forum question and paste that into the "Post a Reply" box. (Please don't take a screenshot of your crashes, just copy and paste the ID's. The below image is just an example of what your Firefox screen should look like)
  [[Image:aboutcrashesFx29|width=520]]
  <br><br>
  Thank you for your help!
  More information and further troubleshooting steps can be found in the [[Firefox crashes - Troubleshoot, prevent and get help fixing crashes]] article.

• Is it recommended to use a password manager?

  Hi,
  I've recently installed a password manager (PasswordSafe) after having mixed thoughts about using a password manager. The thing I'm scared of is that it creates a single point of failure, where if someone figures out the password to my database, they will have access to all my passwords. Are these unbased fears? Where else should I keep the passwords if not here? I'm paranoid by nature and value privacy highly.
  Last edited by Median (2015-06-07 01:02:38)

  Median:
  Password managers are introducing the single point of failure — that's true! But the risk is not only overestimated, but also greatly outweighted by the profits.
  First of all, if your password manager database is stolen AND the passphrase to it is known, this implies your computer has been compromised. If it is so, then most probably passphrases are leaked anyway. There is a difference is in the size of the leak if the time window in which the attacker was able to log your passphrases was short. But it should be emphasized, that that's the only difference. It's not about "100% vs 0%", but more like between "100% vs much".
  And the profits are considerable:
  With a password manager you actually can have unique passphrase to every service you're using, and chenge it as often as you want.
  You're no longer bound to memorable passphrases. You can just output as much as you need from /dev/urandom and use it.
  Note that I assume that you're already using the passphrases only on trusted machines. Otherwise the question and the answer makes no sense. If you're — for example — leaking your bank account passphrase on your college workstation — then the security holes are on a much more basic layer than the question of using or not using a password manager. In such case password manager may not be the good solution, as you will indeed leak everything pretty fast.
  Aerial Boundaries:
  Correct horse battery staple is even simpler than diceware, provides better security and is easier to memorize. However, the OP asked not about how to generate passphrases, but about their storage. Whether you're using diceware, Randal;'s c.h.b.s. or any other generator, human's memory is capable of holding only a few to a dozen of good passphrases on average, and only to the often used resources (home pc, pc at the work, favourite fora, facebook or other marketing networks, banking, …). But nowadays we're having much, much more accounts everywhere. This is way beyond capabilities of our brains. An external storage is needed. Otherwise you'll start to re-use passphrases, which is bad from security pov. Re-use both spatially — between resources — and temporally — between passphrase changes on a single resource. Password managers are the answer.

• Password Autofill does not function on Windows 7 netbook using Large Password Manager

  I have installed a portable version of Large Password Manager on my Windows 7 netbook. Firefox does not allow the LPM autofillin plugin to instal, requiring the standard plugin. This works fine on my XP Pro (32 bit) Desk Top.

  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).
  *Do NOT click the Reset button on the Safe mode start window or otherwise make changes.
  *https://support.mozilla.org/kb/Safe+Mode
  Try to disable hardware acceleration in Firefox.
  *Tools > Options > Advanced > General > Browsing: "Use hardware acceleration when available"
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
  *https://hacks.mozilla.org/2010/09/hardware-acceleration/

• My Kaspersky Password manager and a whole list of things I use daily have been disabled. I want to go back to my older version of Mozilla. How do I do that.

  I want to go back to the older version of Mozilla. The new version does not support alot of the programs that I used daily, like my Kaspersky Password Manager (which is essential), I can't remember all of my usernames and passwords. If I can't use this feature, then I don't want the new version. How do I go back to the older version? Otherwise, I'll be forced to use Internet Explorer.

  Due to security vulnerabilities, rolling back to Firefox 4.0.1 is not recommended. Firefox 3.6.18 would be the safer choice.
  Here's the process to roll back:
  First, I recommend backing up your Firefox settings in case something goes wrong. See [https://support.mozilla.com/en-US/kb/Backing+up+your+information Backing up your information]. (You can copy your entire Firefox profile folder somewhere outside of the Mozilla folder.)
  Next, download and save Firefox 3.6 to your desktop for future installation. http://www.mozilla.com/firefox/all-older
  Close Firefox 5.
  You could install Firefox 3.6 over it (many have reported success) or you could uninstall Firefox first. If you uninstall, do not remove your personal data and settings, just the program.
  Unless you have installed an incompatible add-on, Firefox 3.6 should pick up where you left off. If there are serious issues, please post back with details.
  Note: I haven't actually tried this myself!

• Using ThinkVanta​ge Password Manager with multiple Google Accounts

  Hi,
  I have multiple google accounts with unique passwords for each.
  If I register one password with the Password Manager, sign out of that google account and attempt to sign in to another account via the following page:
  https://accounts.google.com/ServiceLoginAuth
  The Password Manager prompts to overwrite the existing login credentials, so how can I setup the Password Manager to recognise multiple google accounts?
  Thanks

  Hi,
   If you input different log-in name l, password manager will ask you to save this entry.
  And it will save two entries for google login with different log-in account
  , and you could select the one you want to login in the future.

• Incompatible with Kaspersky PURE: cannot use password manager.

  After upgrading to Firefox 5.0 I get the following error:
  This version of "Password Manager Autofill Engine" does not support your web-browser.
  Please, contact developers: [email protected]
  Reason: TypeError: Components.classesByID[KPMAUTOFILL_CID] is undefined

  I had the same problem when Firefox 5 was out (Password Manager Autofill Plugin not compatible).
  Installing Standalone Password Manager only sort of fixed the issue, as it was in trial mode (my license is for PURE) and didn't import the DB from old version.
  Doing as it says [http://support.kaspersky.com/faq/?qid=208284589 here] fixed the issue (ofc, the fix came about 2 weeks after official release of Firefox 5).
  But here we go again, now that Firefox 6 is out. I already opened a request w/ Kaspersky Tech Support, my guesstimate is in about 3 weeks we'll have a patch for PM, so just be patient and don't try too many things to "fix" it, it won't work until new patch is out.
  Edit: do '''NOT''' install stand-alone Password Manager, if it's the same as with FF5, you will have it as trial mode and you won't be able to import the DB.

• Does anyone use Mitro password manager?

  At least in this case they are being proactive and warning people. Some places have just closed doors with no comment so yes, always have a backup plan!

  To be fair, I hadn't heard of them until today but if you are a Mitro user then you need to be aware that they are shutting down in six weeks.
  Password manager Mitro will shutter itself on 31 August • The Register
  This topic first appeared in the Spiceworks Community

• Fingerprin​t Reader access to KeePass (from a Thinkpad with Password Manager)

  The goal: secure, convenient, automated login to password-protected sites
  KeyPass is a great open-source program for secure creation, storage and use of login passwords and other information. With a plugin called KeeForm, it allows very convenient automatic login to password-protected sites by clicking on a KeePass entry. To preclude unintended access to all of your secure information, it is wise to close Keepass after each use, or set Keepass to lock when minimized. But this is less convenient, because a long secure master password then has to be entered before each use of Keepass.
  Using a fingerprint reader to enter Keepass can be a big time saver while retaining security. Capacitive swipe fingerprint readers can be very secure, provided they operate through equally secure software. They are available as USB units, or integrated into some keyboards and notebook computers, for example some Lenovo ThinkPads.
  Unfortunately, set-up can be a challenge and there may be disadvantages even after the best workable interface between KeePass and a particular biometric system. This example uses the integrated fingerprint reader and software on a Lenovo ThinkPad X61.
  The problem: getting secure fingerprint software to use KeePass
  ThinkPads can use Lenovo fingerprint software alone for start-up into Windows, but they need additional layers of software (Client Security Solution - CSS, and Password Manager  - PM) to work with other programs including KeePass. PM uses CSS security functions.
  Cautions about Lenovo CSS:
  1. Some organisations advise against CSS because of problems including clashes with antivirus programs. See http://www.ncsu.edu/antivirus/lenovo/ and
  http://prowiki.isc.upenn.edu/wiki/ThinkVantage_Sof​tware_Under_Windows_Vista
  These bugs may have been fixed over time - but install at your own risk!
  2. CSS and PM introduce their own system overheads which may slow some operations.
  3. Once tried, CSS may not simply be inactivated while restoring basic fingerprint start-up into Windows. The X61 at least insists that CSS be reactivated for any fingerprint function. If you try a Windows system restore to a time before CSS was first activated, you may experience the ‘blue screen of death'. The security chip evidently regards your desire for a past configuration as a security breach. With luck you may ‘live again' if you can log into Windows in Safe Mode to undo the attempted system restore. After that, I reactivated CSS. I was not game to try uninstall after inactivation of CSS - but see the ncsu link above.
  Having decided to accept the ‘risks' of activating CSS and PM, you may want to try PM for all password management. For me it would not recognise some internet logins, could not complete auto-submission in others, and did not allow the manual adjustments that make KeePass so versatile. Unfortunately PM help is very limited. There is no current user manual (old manuals up to v1.4 available on the web do not match the properties of the current v3 of the software). KeePass (or the KeeForm plugin) also struggles with some sites, but it works much better overall. Help on KeeForm plugin syntax is limited, but otherwise KeePass help is great.
  So we really want the fingerprint reader (via PM) to work for KeePass master password entry.
  This is not so simple for five interacting reasons:
  (i)  It is tricky to register KeePass in PM;
  (ii) PM then gets confused by ‘hidden' entry of a master password during fingerprint login to KeePass, and repeatedly tries to save ****** as a changed master password;
  (iii) PM also tries to automatically register each entry opened for editing within KeePass;
  (iv) PM tries to automatically register other logins even if they are managed through KeePass.
  (v) Your KeePass records are now only as secure as your PM login (which is likely to be your Windows login).
  The solutions: or workarounds at least
  The best workarounds I could develop for these five issues were:
  (i) To register KeePass in PM, first ensure that PM is running (icon in the system tray). Then launch KeePass, click the login window box for unobscured password display (three blue dots turn black), enter the master password and click OK to start KeePass as usual.
  If PM does not offer to save an entry for KeePass by this stage, try ‘plan B'. Open a window to edit an entry in KeePass, then click Cancel. PM seems to recognise this more readily as a login window and may offer to create an entry. Accept the offer, and name the entry KeePass. Then open PM to edit the saved entry. You will have to edit several fields to achieve an effective PM entry for KeePass:
  The title field must be "Open database - database.kdb", to match the title of the KeePass login window.
  The file name field should show the full path to KeePass.exe (something like C:\Program Files\KeePass\PeePass.exe depending on your installation).
  The login and password data field is accessed by double clicking the entry. It will need to show only your KeePass master password (in the unobscured text view). In login and password data, delete each line of unwanted text until you get to the final password line (shown as *****), and edit this line to provide your master password.
  In the Advanced tab, select auto-fill and auto-submit and the desired security level [see (v) below]. Then select OK to get to the PM front window, and File - Save Changes, then Exit.
  Now when you close and re-launch KeePass, PM should automatically intervene (requesting a fingerprint to complete the KeePass login if you selected that security level. Select ‘No' when PM asks to change the password [see (ii) below].
  If you had no luck, try ‘plan C'. Close KeePass completely, then launch it again to open the login window. Then right-click the PM icon in the system tray, open the ‘Type and Transfer Tool', click the box for unobscured password display, type in the KeePass master password, drag the cross-hairs to the password field in the waiting KeePass login window, and release the password there. Click OK to start KeePass as usual, then click OK to close the PM transfer window. If there is still no KeePass entry in PM, check that KeePass has not been included in the PM excluded programs list. If this sequence does not work, reboot and check again. Failing all else, any entry that PM succeeds in making from any login page can be edited to an effective KeePass entry by editing fields as described above for ‘plan B'.
  PM (v3.00) can be coy to associate initially, but it will accept KeePass (v1.14) as a password-managed program, and thereafter it reliably succeeds to auto-submit the KeePass login after some help described in (ii) below.
  (ii) Having sent the correct master password to the KeePass login window, PM becomes confused by the ‘hidden' text now in the password field, and offers to change its record of your KeyPass master password to ******. You can manually select ‘No' in the PM changed-password dialogue box that appears every time you use PM / fingerprint for KeePass login. But Beware: if you ever accidentally select ‘Yes' (the default) your KeePass master password record in PM will be changed to ******. This can be edited to provide the correct password again, but it is more than a minor pain in the AR5E. Unless you know (or have a backup of) your KeePass master password you just lost access to your KeePass database!
  To avoid this big nuisance and risk, you can set up to restart KeePass for each use from a desktop shortcut (instead of minimising it to the system tray) and have the shortcut run a batch file with vbs scripts that send the ‘No' message to PM automatically.
  Here is an example batch file, with corresponding vbs scripts. You can make all these files using Notepad and save the files with the names indicated, into the KeePass program directory (C:\Program Files\KeePass in this example).
  KeePass.bat (This launches KeePass and tells PM v3 not to change the password. Caution: If Lenovo changed PM program design in future, the effect could change; the batch file might send {TAB}{ENTER} keystrokes to another open window on your computer):
  C:
  cd\
  cd "C:\Program Files\KeePass"
  start " " "C:\Program Files\KeePass\KeePass.exe" "C:\Program Files\KeePass\Database.kdb"
  start /w Sleep.vbs 1
  start /w AppActivate.vbs
  start /w SendKeys.vbs
  Sleep.vbs (provides a short delay to open the ThinkVantage dialogue window, otherwise the following scripts fail because they are sent too soon):
  Wscript.Sleep Wscript.Arguments(0) * 1000
  AppActivate.vbs (puts focus on the ThinkVantage  Password change dialogue window so that Tab and Enter commands are not sent elsewhere with undesired effects):
  CreateObject("WScript.Shell").AppActivate "ThinkVantage Password Manager"
  SendKeys.vbs (sends a ‘No' response to the PM request to change its KeePass entry):
  CreateObject("WScript.Shell").SendKeys "{TAB}{ENTER}"
  Please substitute ) where you see smileywink: in the vbs scripts above - I can't get this forum window to stop automatically translating the " ) sequence of text (without a space) as an emoticon.
  This batch file approach should work with additional startup switches for KeePass, for example the /backup.path: switch used by ‘another backup' plugin (or you can use the db_backup plugin that works from the KeePass.ini file). Quotes are needed around any entry with spaces. But some things that ‘should work' such as just writing "KeePass.exe" instead of the full path in line 4 of the batch file do not give the same outcome for me. This may be an effect on timing of the switch of focus between windows - so if you strike a problem it may be worth experimenting with the delay time set through the sleep script.
  If you set KeePass to lock when minimised, you will have to deal manually with the PM changed-password dialogue every time you re-access KeePass. So it is simpler to close rather than minimise KeePass after each use and restart it when needed, via the batch file.
  (iii) You have to tell PM ‘No' whenever it offers to save an entry that is edited in KeePass. This is less of a nuisance, because entries rarely need to be edited once set up in Keepass.  There is no way to turn off this requirement. If you select ‘Never' it will prevent use of PM and therefore fingerprint entry to start KeePass (not just the edit window).
  (iv) Turn off internet login within PM. This will leave all internet logins to KeePass. Unfortunately you can not set PM to only allow a single program login (KeePass), but you can set it to exclude specific programs, so do that for other programs that you access via KeePass.
  (v) Finally, set PM security within CSS so that a fingerprint (or a password if the fingerprint reader fails) is needed every time PM is launched (not just once per boot). Similarly, set KeePass security this way within PM. Otherwise (if you set the requirement to once per boot) your passwords are open to inspection while you are away from your booted computer.
  Caution: How secure is your Windows login password? Most likely this is also your PM login password, so it now allows access to your KeePass database! Make sure that it is a unique, secure and preferably memorable password.
  How close are we now to the desired combination of security and convenience?
  Click on the KeePass shortcut to the batch file given above, swipe the fingerprint, wait while CSS works, then click on the relevant Keepass entry to access any password-protected site or application in your Keypass list - great convenience.
  Security is very strong - both KeePass and PM are extremely secure unless you use a weak or insecure master password or select less secure settings.
  Starting (or opening a locked instance of) KeePass without the batch file given above requires a couple of extra carefully-placed clicks in the process to tell PM not to mess up its entry for KeePass, then to complete KeePass startup. This is less convenient, and a mistake could prevent future database access - so the batch file method is recommended.
  A final caution (while enjoying secure & convenient logins):
  Beware - fingerprint access is so convenient that you may forget your master passwords! Eventually they will be needed! You may click the wrong button in PM, suffer a faulty fingerprint reader or change computers! Then you must recall your master passwords before you can access your password file (and possibly your computer). This could be devastating: loss of all secure password information in KeePass and PM (and possibly loss of all information on a protected computer drive, not to mention need to pay for a computer motherboard and HDD replacement). So:
  1. Choose very secure but ‘unforgettable' master passwords for KeePass and computer (PM) access.
  2. Always set up a secure master password as an alternative to biometric authentication (in case of a faulty fingerprint reader).
  3. Keep your password database backups, and your separate master password backups, in another secure (preferably encrypted) but accessible location!
  Program versions tested:
  KeePass v1.14 (v2 betas not tested) with KeeForm v2 and DB_Backup v1.14
  Lenovo CSS v8.20 with PM v3.00
  The solutions were tested in November 2008 on a Thinkpad X61 running Windows Vista Business. The tricks to interface with KeePass can vary between fingerprint programs (search the KeePass forum).
  Message Edited by r_g_b on 11-03-2008 07:01 PM
  Message Edited by r_g_b on 11-04-2008 12:00 AM

  I'm reviving quite an old topic here, but I have been unable to find any other good information on this.  I currently use the latest version of Keepass v2.23 and have Lenovo Passoword Manager v4.3 installed on my new W530 laptop.  I can't get PM to recognize any passowords at all, in web browsers or in windows application.  
  In PM the only thing I can do is create folders and secure notes.  My fingerprint software works great for automated logins to windows.  Does anyone have any experience with using the fingerprint reader with a windows application like Keepass?  
  How can I get the Password manager to do ... anything?  Recognize a password in windows or a web browser?
  I'm open to any other software to be used or I can write scripts if necessary to accomplish this.  It doesn't seem like this should be so difficult, but from what I've learned about Lenovo so far, is that nothing is easy.  After trying to get battery charge thresholds working proplery in Windows 8, I've already lost faith in a company that I thought had a great reputation.  

• I have a password manager built into my fingerprint scanner. It worked on the older version of Firefox but it will not on this new version. It will not recognize log in pages and will not load information.

  With the old version, all I had to do was go to the log in page to any of my email accounts or membership sites and scan my finger. It would fill in the fields and open my account. I like this new version of Firefox, but if I am not able to use that password manager then I will have to install the older version.

  A 2008 black MacBook can run OS X Lion (OS X 10.7). However, if you want to use that Mac for apps that do not work with the new MacBook, I recommend you to leave it with Mac OS X 10.6.8, because OS X Lion removes compatibility with PowerPC apps.
  Do not worry about the battery of the new MacBook Pro. You can replace it yourself or take it to an Apple Store or reseller, and the cost is similar. However, it's important to take the Mac to an Apple Store or reseller if your Mac's battery fails while the Mac is in warranty, because you will get the battery replaced for free.

• Looking for a good Password Manager App for the iPhone

  I'm looking for a good and reliable Password Manager App for the iPhone with sync capabilities on macs. I've read several reviews on several different apps on iTunes, and either they don't work properly, or they're a rip off, or they just don't sync or all of the above. Any recommendations?
  Thanks in advance.

  I've been very happy with 1Password, though I haven't used the iPhone component (not having an iPhone).
  Disclaimer: any product suggestion and link given is strictly for reference and represents my opinion only. No warranties express or implied. I get no personal benefit from the sale of any product I may recommend in any of my posts in the Discussions. Your mileage may vary. Void where prohibited. You must be this tall to ride. Objects in mirror may be closer than they appear. Preservatives added to improve freshness. No animals were harmed in the making of this post.