Fix a few issues after element->site rename.
This commit is contained in:
parent
2100662fb3
commit
d5a5cd7de4
@ -229,7 +229,6 @@
|
||||
DABD3ABF1711E29800CF925C /* icon_plus@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD37F91711E29600CF925C /* icon_plus@2x.png */; };
|
||||
DABD3B1C1711E29800CF925C /* icon_up.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38561711E29700CF925C /* icon_up.png */; };
|
||||
DABD3B1D1711E29800CF925C /* icon_up@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38571711E29700CF925C /* icon_up@2x.png */; };
|
||||
DABD3B8A1711E29800CF925C /* help.html in Resources */ = {isa = PBXBuildFile; fileRef = DABD38C61711E29700CF925C /* help.html */; };
|
||||
DABD3B8D1711E29800CF925C /* keypad.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38C91711E29700CF925C /* keypad.png */; };
|
||||
DABD3B8E1711E29800CF925C /* logo-bare.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38CA1711E29700CF925C /* logo-bare.png */; };
|
||||
DABD3B8F1711E29800CF925C /* menu-icon.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38CB1711E29700CF925C /* menu-icon.png */; };
|
||||
@ -1171,7 +1170,6 @@
|
||||
DABD38C11711E29700CF925C /* tip_location_teal@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "tip_location_teal@2x.png"; sourceTree = "<group>"; };
|
||||
DABD38C21711E29700CF925C /* tip_location_wood.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = tip_location_wood.png; sourceTree = "<group>"; };
|
||||
DABD38C31711E29700CF925C /* tip_location_wood@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "tip_location_wood@2x.png"; sourceTree = "<group>"; };
|
||||
DABD38C61711E29700CF925C /* help.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = help.html; sourceTree = "<group>"; };
|
||||
DABD38C81711E29700CF925C /* jquery-1.6.1.min.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; path = "jquery-1.6.1.min.js"; sourceTree = "<group>"; };
|
||||
DABD38C91711E29700CF925C /* keypad.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = keypad.png; sourceTree = "<group>"; };
|
||||
DABD38CA1711E29700CF925C /* logo-bare.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "logo-bare.png"; sourceTree = "<group>"; };
|
||||
@ -1579,7 +1577,6 @@
|
||||
DABD38751711E29700CF925C /* Tooltips */,
|
||||
DABD3FC81712446200CF925C /* cloud.png */,
|
||||
DABD3FC91712446200CF925C /* cloud@2x.png */,
|
||||
DABD38C61711E29700CF925C /* help.html */,
|
||||
DABD3FCC1714F45B00CF925C /* identity.png */,
|
||||
DABD3FCD1714F45B00CF925C /* identity@2x.png */,
|
||||
DABD38C81711E29700CF925C /* jquery-1.6.1.min.js */,
|
||||
@ -3120,7 +3117,6 @@
|
||||
DA3BCFCB19BD09D5006B2681 /* SourceCodePro-Regular.otf in Resources */,
|
||||
DA250A121956484D00AC23F1 /* image-0.png in Resources */,
|
||||
DA4522441902355C008F650A /* icon_book.png in Resources */,
|
||||
DABD3B8A1711E29800CF925C /* help.html in Resources */,
|
||||
DA2509FF1956484D00AC23F1 /* image-9@2x.png in Resources */,
|
||||
DABD3B8D1711E29800CF925C /* keypad.png in Resources */,
|
||||
DABD3B8E1711E29800CF925C /* logo-bare.png in Resources */,
|
||||
|
@ -2,12 +2,18 @@
|
||||
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
||||
<plist version="1.0">
|
||||
<dict>
|
||||
<key>MPSiteGeneratedEntity</key>
|
||||
<key>MPGeneratedSiteEntity</key>
|
||||
<dict>
|
||||
<key>Login Name</key>
|
||||
<array>
|
||||
<string>cvccvcvcv</string>
|
||||
</array>
|
||||
<key>Phrase</key>
|
||||
<array>
|
||||
<string>cvcc cvc cvccvcv cvc</string>
|
||||
<string>cvc cvccvcvcv cvcv</string>
|
||||
<string>cv cvccv cvc cvcvccv</string>
|
||||
</array>
|
||||
<key>Maximum Security Password</key>
|
||||
<array>
|
||||
<string>anoxxxxxxxxxxxxxxxxx</string>
|
||||
@ -77,6 +83,8 @@
|
||||
<string>@&%?,=[]_:-+*$#!'^~;()/.</string>
|
||||
<key>x</key>
|
||||
<string>AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz0123456789!@#$%^&*()</string>
|
||||
<key> </key>
|
||||
<string> </string>
|
||||
</dict>
|
||||
</dict>
|
||||
</plist>
|
||||
|
@ -1,342 +0,0 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<style>
|
||||
body {
|
||||
color: white;
|
||||
text-align: center;
|
||||
text-shadow: 0 1px black;
|
||||
font: 16px "Baskerville";
|
||||
}
|
||||
h1, h2 {
|
||||
margin-top: 1.5em;
|
||||
padding-top: 1em;
|
||||
font-family: inherit;
|
||||
font-weight: bold;
|
||||
}
|
||||
h2 {
|
||||
font-size: inherit;
|
||||
}
|
||||
h3 {
|
||||
padding-top: 1.5em;
|
||||
font-size: 12px;
|
||||
}
|
||||
i {
|
||||
font-weight: bold;
|
||||
}
|
||||
q {
|
||||
font-style: italic;
|
||||
}
|
||||
img {
|
||||
display: inline-block;
|
||||
height: 1.4em;
|
||||
margin: -0.2em 0;
|
||||
vertical-align: middle;
|
||||
}
|
||||
a, a:link {
|
||||
color: inherit;
|
||||
font-weight: bold;
|
||||
}
|
||||
header {
|
||||
height: 8em;
|
||||
padding: 3em 0 0;
|
||||
}
|
||||
header h1, header h2 {
|
||||
margin: 0;
|
||||
padding: 0.5ex;
|
||||
}
|
||||
header h3 {
|
||||
padding-top: 2em;
|
||||
}
|
||||
</style>
|
||||
<script src="jquery-1.6.1.min.js" type="text/javascript"></script>
|
||||
<script type="text/javascript">
|
||||
function setClass(activeClass) {
|
||||
$(".Class").css("display", "none");
|
||||
if (!$(".Class." + activeClass).length)
|
||||
return "Not found: " + activeClass;
|
||||
|
||||
$(".Class." + activeClass).css("display", "block");
|
||||
}
|
||||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<header>
|
||||
<h1>Master Password</h1>
|
||||
<h2>by <a href="http://www.lyndir.com">Lyndir</a></h2>
|
||||
<h3>© 2011</h3>
|
||||
</header>
|
||||
|
||||
<h2 id="1">— 1 —</h2>
|
||||
<p>
|
||||
<b>Find the site</b> that you need a password for by entering its name into the <i>search field</i>.
|
||||
</p>
|
||||
<p>
|
||||
<b>While searching</b>, the names of previously used sites will be listed.<br />
|
||||
Tap one of these results to go straight to its password.
|
||||
</p>
|
||||
|
||||
<h2 id="2">— 2 —</h2>
|
||||
<p>
|
||||
<b>The site</b>'s password is now displayed.<br />
|
||||
Tap it to <i>copy the password</i>. Once copied, you can switch to another application and paste it into a password field.
|
||||
</p>
|
||||
|
||||
<p class="Class MPElementStoredEntity">
|
||||
<b>To change</b> the password for this site, tap the <i>edit icon</i> <img src="icon_edit.png" />.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<b>Below the password</b> you can set the <i>password type</i>. Some types <i>create a password for you</i>,
|
||||
others let you <i>choose your own</i>.
|
||||
</p>
|
||||
|
||||
<p class="Class MPElementGeneratedEntity">
|
||||
<b>If the site complains</b> when you try to set or update the password, try changing the password type.
|
||||
</p>
|
||||
<p class="Class MPElementGeneratedEntity">
|
||||
<b>To create a new</b> password for this site, you can increment the <i>password counter</i> <img src="icon_plus.png" />.
|
||||
This is useful, for example, after you've had to share the password with somebody else.
|
||||
</p>
|
||||
|
||||
<h2 id="faq">— F.A.Q. —</h2>
|
||||
|
||||
<ol>
|
||||
<li><a href="#what" >What is it and how do I use it?</a></li>
|
||||
<li><a href="#why" >Why do I need Master Password?</a></li>
|
||||
<li><a href="#custom" >A password was given to me.</a></li>
|
||||
<li><a href="#loss" >What if I loose my device?</a></li>
|
||||
<li><a href="#device" >Am I dependant on my device?</a></li>
|
||||
<li><a href="#paranoid" >How do I maximize my security?</a></li>
|
||||
<li><a href="#hacked" >A website I use got hacked!</a></li>
|
||||
<li><a href="#forgot" >I forgot my master password!</a></li>
|
||||
<li><a href="#algorithm">How does Master Password work?</a></li>
|
||||
<li><a href="#branded" >Do you offer enterprise solutions?</a></li>
|
||||
</ol>
|
||||
|
||||
<h3 id="what">What is Master Password and how do I use it?</h3>
|
||||
<p>
|
||||
Master Password <b>creates secure and unique passwords for you</b>, so you don't have to.<br />
|
||||
The human brain is not well suited for creating secure and random passwords, and it's also terrible at remembering lots of unique passwords.
|
||||
Master Password does the work for you: all you need to do is remember a single long and secure master password to log into the app.
|
||||
</p>
|
||||
<p>
|
||||
<b>Begin by entering the name</b> of the thing you want a password for. Naming is entirely up to you, but remember to be consistent.<br />
|
||||
<i>Good names</i> could be:<br />
|
||||
<code>apple.com</code>, <code>john@doe.com</code>, <code>office safe</code>, <code>bike lock</code>, etc.
|
||||
</p>
|
||||
<p>
|
||||
Every name has a different password, so the following names may be <i>difficult to recall</i>:<br />
|
||||
<code>pw for amazon</code>, <code>pin for my cell</code>, etc.
|
||||
</p>
|
||||
<p>
|
||||
<b>Tap the resulting password</b> to copy it for pasting in a different application or read it to type it in or use it manually elsewhere.
|
||||
</p>
|
||||
<p id="why">
|
||||
The thought behind this application is to secure your online (and offline) life by <b>changing all of your passwords</b>
|
||||
to passwords generated by this app.
|
||||
</p>
|
||||
|
||||
<h3>That's crazy talk.<br />
|
||||
Why would I do that?</h3>
|
||||
<p>
|
||||
The theory of password authentication is simple: To log in to a site, you share a secret word with the site
|
||||
that <b>only you and the site know</b>. Since nobody else knows your secret password, nobody else can log
|
||||
into your account.
|
||||
</p>
|
||||
<p>
|
||||
It sounds good in theory. In practice, it's an <b>absolute hell</b>. These days, people have hundreds of
|
||||
accounts on sites all over the Internet. Does that mean we're all remembering hundreds of secret passwords?
|
||||
No, of course not. That would be impossible. If you're like most people, you remember one or two
|
||||
passwords, and use those for all your sites everywhere.
|
||||
</p>
|
||||
<p>
|
||||
<q>So, what?</q>, you might say.<br />
|
||||
Here's the problem: When you share a secret password with a site, and then share the same secret password
|
||||
with another site, both sites can now use the password you gave them to log into your account on the
|
||||
<i>other</i> site. Nothing is stopping them from trying to log into <i>your</i> GMail, Hotmail or Twitter
|
||||
accounts using the same password that you used to register an account on their site. Even if you only give
|
||||
your password to sites you trust, all it takes is for one of those sites to get hacked and lose their
|
||||
passwords database. Those hackers now have all it takes to impersonate you.
|
||||
</p>
|
||||
<p>
|
||||
Some of you already try to remember unique-ish passwords for different sites. This causes problems too:
|
||||
with so many passwords to remember, you easily forget passwords for sites you haven't used in a while. Or
|
||||
you make up a simplification algorithm such as tacking your birth year onto the site name. This is really
|
||||
not any more secure than using the same password for every site. And then there's those sites with
|
||||
<q>password policies</q>: suddenly your long password isn't good enough, because it begins with a number,
|
||||
or because (god forbid) it's <q>too long</q>. You now find yourself forced to create a strange variant
|
||||
of your password that you'll have forgotten before the day is out.
|
||||
</p>
|
||||
<p>
|
||||
This app <b>solves the problem</b> by letting you remember only a single password without requiring you to
|
||||
share the password with anyone else. Instead, the app creates secure passwords for use with whatever site
|
||||
or purpose you might need a password for.
|
||||
</p>
|
||||
|
||||
<h3 id="custom">I can't change all my passwords.<br />
|
||||
Some of them were assigned to me.</h3>
|
||||
<p>
|
||||
That's why this application allows you to change the password type to <code>Personal</code> or <code>Device
|
||||
Private</code>. These types let you enter a password for a site, and the app will encrypt and save it so
|
||||
you it's there for future reference.
|
||||
</p>
|
||||
<p>
|
||||
These types of <q>stored</q> passwords don't have all the advantages that their generated counterparts have
|
||||
(they can be lost if you lose your device and don't back it up), but when you can't change a site's
|
||||
password to one generated by the app, this is as good as it gets.
|
||||
</p>
|
||||
|
||||
<h3 id="loss">So, what if I lose my device?<br />
|
||||
I'm locked out of everything?</h3>
|
||||
<p>
|
||||
<b>Absolutely not!</b> In fact, generated passwords aren't even stored on your device. No, not in the
|
||||
cloud either. They're not stored anywhere! What that basically means is, if you grab the iPhone of a
|
||||
colleague or friend and open this app on it, re-create your user and log in, <i>it'll give you all your
|
||||
generated passwords</i>. So, if you lose your iPhone or forget it, just open the app on your iPad,
|
||||
or borrow a friend's device, and you're back in business. No backups or restores needed.
|
||||
</p>
|
||||
<p>
|
||||
This also means that, unlike all those apps that store your passwords or send them off to be stored on the
|
||||
Internet, this app makes your passwords much safer from theft. If your device is stolen, the thieves can't
|
||||
get at your passwords. There's also no cloud service that can be mis-managed or hacked.
|
||||
</p>
|
||||
|
||||
<h3 id="device">Great, but that still means I need my device to get my passwords.</h3>
|
||||
<p>
|
||||
Correct. However, remember that usually you'll only need to use this app once for each site. After you log
|
||||
into a site once using the password generated by this app, your browser will probably ask you to remember
|
||||
the password for the future. Agree to that, and you won't need to bring up your device again the next time
|
||||
you log in to the account.
|
||||
</p>
|
||||
<p>
|
||||
There is also a <b>Mac version</b> of Master Password that will be released on the Mac App Store.
|
||||
It allows you to generate any of your passwords without the need to bring out your device.
|
||||
</p>
|
||||
|
||||
<h3 id="paranoid">I'm paranoid.<br />
|
||||
How do I maximize my security?</h3>
|
||||
<p>
|
||||
The <b>most important</b> aspect to the security of your passwords is your <b>master password</b>. Make sure
|
||||
you've chosen a <em>long and unique master password</em>. Master Password's algorithm makes it exceedingly
|
||||
difficult for an attacker to try and guess your master password, but that doesn't make you invulnerable when
|
||||
your master password is short or easy to guess. Ideally, your master password should be <em>longer than 10 characters</em>.
|
||||
<b>An absurd sentence is a great idea</b>, especially if you add non-english or gibberish words to it.
|
||||
Absurd sentences are long and high in entropy, but also particularly easy for the human brain to remember.
|
||||
</p>
|
||||
<p>
|
||||
Armed with a good master password, your next step is to assign generated passwords to all of your sites.
|
||||
By default, Master Password creates passwords that are secure and still easy to copy from your device to a
|
||||
computer by keyboard. If you prefer, you can go into Master Password's preferences (using the top-right icon)
|
||||
and change the default password type to <code>Maximum Security</code>. Any new sites will now generate
|
||||
passwords that are even higher in entropy. These types of passwords are nigh impossible for an attacker to
|
||||
brute-force (though a <code>Long Password</code> really is secure enough for most any purpose, see
|
||||
<a href="#hacked">What if a site I use gets hacked?</a>).
|
||||
</p>
|
||||
<p>
|
||||
Also check out the application's preferences (using the action icon on the top right, select <code>Preferences</code>).
|
||||
Make sure that <code>Save Password</code> is disabled. Saving your password is a convenience feature that lets your
|
||||
device save your master password so you don't need to enter it anymore. It also means that if somebody finds your device
|
||||
somewhere or steals it, the only obstacle between them and your passwords are your device's PIN code (assuming you even
|
||||
have one set).<br />
|
||||
If you go into <code>Settings</code> from the <code>Preferences</code> page, you'll see some global application settings.
|
||||
Make sure that <code>Stay logged in</code> is disabled here. If enabled, Master Password will not log you out when you
|
||||
close the app. Your master password isn't saved on your device, but kept in memory for as long as your device remains
|
||||
powered on. Again, a malignent person can easily get to your passwords if they find your device powered on and logged
|
||||
into Master Password.
|
||||
</p>
|
||||
|
||||
<h3 id="hacked">What if a site I use gets hacked?</h3>
|
||||
<p>
|
||||
There have been some high-profile password database leaks lately. LinkedIn, eHarmony, Last.fm, to name a few,
|
||||
have lost millions of people's password hashes. In these cases, attackers have obtained a <q>hash</q> of
|
||||
the passwords of all of these people, which makes it much easier for them to guess their real password.
|
||||
A single sophisticated computer can be used to try about 200 million password combinations per second in an
|
||||
attempt to find the real password behind a hash. That means these millions of people should be really worried
|
||||
about their account's security.<br />
|
||||
However, if your account is protected by a <code>Long Password</code> generated by Master Password, it would
|
||||
take an attacker with ten sophisticated machines multiple lifetimes to find your actual password from a hash.
|
||||
If the attacker knew beforehand that you had used Master Password to generate your password, he could make
|
||||
his approach smarter and ten sophisticated machines would still take more than a year of constantly trying
|
||||
millions of password combinations to find out your actual password.<br />
|
||||
If instead you used a <code>Maximum Security</code> password to protect your account, the time it would take
|
||||
for an attacker to brute-force your password goes completely off the scale: 10,000 sophisticated machines
|
||||
would take up to 312409704477000000 years to try and find your password, even if the attacker knew you're
|
||||
using Master Password.
|
||||
</p>
|
||||
<p>
|
||||
If you're worried anyway or you need a new password for your site for some other reason, tap the password
|
||||
counter button (the plus icon) to instantly create a new password for that site.
|
||||
</p>
|
||||
<p>
|
||||
Long story short: When a website you use gets hacked and your password hashes are revealed to hackers, this
|
||||
is a big problem for the security of your account, but only if you're <b>not</b> using Master Password.
|
||||
</p>
|
||||
|
||||
|
||||
<h3 id="forgot">I forgot my master password. What are my options?</h3>
|
||||
<p>
|
||||
Due to the nature of this app's algorithms and the decisions that were made to protect against brute-force
|
||||
attacks, it is simply infeasible to recover your master password. If you really can't remember it, your
|
||||
passwords are <b>gone</b>.
|
||||
</p>
|
||||
<p>
|
||||
Where you go from here is: on the unlock screen, tap and hold your user. A dialog will pop-up that will allow
|
||||
you to reset your master password. Assign a new master password, log in, and for each of your accounts, go
|
||||
through the password recovery procedure (which will usually involve the site sending a mail to your email account)
|
||||
and reset the passwords of these accounts to passwords generated by your newly chosen master password.<br />
|
||||
Now don't forget it again! :-)
|
||||
</p>
|
||||
|
||||
<h3 id="algorithm">So how does this thing work internally?</h3>
|
||||
<p>
|
||||
The way Master Password works internally is <a href="http://masterpassword.lyndir.com/algorithm.html">fully disclosed</a>.
|
||||
The source code for this application is also available from <a href="https://github.com/Lyndir/MasterPassword">GitHub</a>.
|
||||
I invite anyone with a technical background to go through these resources to make certain of the trustworthiness of Master Password.
|
||||
</p>
|
||||
|
||||
<h3 id="outdated">Is the algorithm stable?<br />
|
||||
Will my passwords ever change?</h3>
|
||||
<p>
|
||||
While we're very confident of the strength of the Master Password algorithm, we're also constantly keeping an eye out
|
||||
for what the evolutions are of hackers' tools and capabilities. To give you the best possible protection, there is
|
||||
always the possibility that we'll have to make tweaks to the Master Password algorithm in order to fend off any
|
||||
attempts at breaking in.
|
||||
</p>
|
||||
<p>
|
||||
Usually, these tweaks will be automatically applied when you install the latest version. In this case, you will notice
|
||||
nothing and all you need to take away from this is that it's best to always be running the latest version of Master Password.
|
||||
</p>
|
||||
<p>
|
||||
It is possible, however, that to apply an upgrade to your passwords, a new password will need to be set for your site's
|
||||
account. In this case, Master Password will leave your passwords the way they are but give you the <em>option</em> of
|
||||
upgrading your passwords when it's convenient to you. Whenever you're ready, just tap the upgrade password icon and
|
||||
Master Password will show you the old password and the new one so that you can easily update your site's account.
|
||||
</p>
|
||||
<p>
|
||||
<em>Please note</em>: if Master Password warns you that you have outdated passwords, it's best to upgrade them all
|
||||
as soon as convenient. If you lose your device or data and recreate your Master Password user on another device,
|
||||
Master Password can only regenerate the passwords for you that you've upgraded. iCloud/iTunes sync or exports are not
|
||||
affected, so these are good ways to safely back up your passwords.
|
||||
</p>
|
||||
<p>
|
||||
<a href="?outdated">Tap here</a> to check if you have any outdated passwords.
|
||||
</p>
|
||||
|
||||
<h3 id="branded">This stuff is gold.<br />
|
||||
I want one branded for our company.</h3>
|
||||
<p>
|
||||
<a href="mailto:masterpassword@lyndir.com">Contact me</a> directly for enterprise inquiries.
|
||||
I can provide branded clients and enterprise distribution if your company is interested in deploying this solution internally.
|
||||
</p>
|
||||
<p>
|
||||
Master Password can also be used as a One-Time Password token generator to secure your infrastructure and client access.
|
||||
</p>
|
||||
|
||||
<footer>
|
||||
<a href="http://masterpassword.lyndir.com">Homepage</a> | <a href="http://www.lyndir.com">Lyndir</a> |
|
||||
<a href="http://www.lyndir.com/contact">Contact</a>
|
||||
</footer>
|
||||
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user