Master password loading improvements + changing + docs.

[ADDED] The master password can now be changed. [IMPROVED] Flow of handling the master password when activating the app. [IMPROVED] iTunesArtwork & icons. [ADDED] Elements are now scoped to the current master password. [ADDED] Lots of documentation for the user: - Settings - FAQ - A quickstart guide
2012-01-29 12:41:48 +01:00
parent e5ab2605f9
commit 571898632f
27 changed files with 460 additions and 168 deletions
--- a/OnePassword/Resources/help.html
+++ b/OnePassword/Resources/help.html
@@ -9,7 +9,7 @@
                font: 16px "Baskerville";
            }
            h1, h2 {
-                margin-top: 1em;
+                margin-top: 1.5em;
                padding-top: 1em;
                font-family: inherit;
                font-weight: bold;
@@ -20,12 +20,19 @@
            i {
                font-weight: bold;
            }
+            q {
+                font-style: italic;
+            }
            img {
                display: inline-block;
                height: 1.4em;
                margin: -0.2em 0;
                vertical-align: middle;
            }
+            a, a:link {
+                color: inherit;
+                font-weight: bold;
+            }
        </style>
        <script src="jquery-1.6.1.min.js" type="text/javascript"></script>
        <script type="text/javascript">
@@ -70,5 +77,100 @@
            This is useful, for example, when you've had to share the password with somebody else.
        </p>
        
+        <h2 id="faq">&mdash; F.A.Q. &mdash;</h2>
+
+        <h3>What is this thing?<br />
+            How do I use it?</h3>
+        <p>
+            The idea of this application is that you <b>change all of your passwords</b> everywhere to a password
+            generated by this app.
+        </p>
+
+        <h3>That's crazy talk.<br />
+            Why would I do that?</h3>
+        <p>
+            Everybody everywhere uses passwords for authentication nowadays.  The theory of password authentication is
+            simple: It's a secret word that <b>only you</b> and the other party know.  So, because nobody else knows
+            your secret password, nobody else can log into your <abbr>E-Mail</abbr> or Twitter account with it.
+        </p>
+        <p>
+            That's fine and dandy in theory.  In practice, it's an <b>absolute hell</b>.  In modern times, people have
+            hundreds of accounts on sites all over the Internet.  So does that mean we're all remembering hundreds of
+            secret passwords?  No, of course not.  That would be <i>impossible</i>.  If you're like most people, you
+            remember one or two passwords, and use those for all your sites everywhere.
+        </p>
+        <p>
+            <q>So what</q>, you say?  Here's the problem: You're not the only one that knows your secret password.  Each
+            time your make an account with a site and tell them your secret password, <i>they know it too</i>!  Nothing
+            is stopping them from trying to log into GMail, Hotmail or Twitter with the same password and username you
+            used to register with their own site.  Even if you only give your password to sites you trust, all it takes
+            is for one of those sites to get hacked and loose their password database.  Those hackers now have all it
+            takes to impersonate you.  This is, in fact, so common, that it's one of the main reasons people's accounts
+            are getting hacked or compromised nowadays.
+        </p>
+        <p>
+            This app <b>solves the problem</b> by letting you remember only a single password without requiring you to
+            share the password with anyone else.  Instead, the app creates secure passwords for use with whatever site
+            or purpose you might need a password for.
+        </p>
+
+        <h3>Uh, so what if I loose my device?<br />
+            I'm locked out of everything?</h3>
+        <p>
+            <b>Absolutely not!</b>  In fact, generated passwords aren't even stored on your device.  No, not in the
+            cloud either.  They're not stored anywhere!  What that basically means is, if you grab the iPhone of the
+            person sitting next to you and open this app on it with your own master password, <i>it'll give you all
+            your generated passwords</i>.  So, if you loose your phone or forget it, just borrow a friend's phone or
+            get a new one, and you're back in business.  No backups or restores needed.
+        </p>
+        <p>
+            That also means that, unlike all those apps that store your passwords or send them off to be stored
+            on the internet, your passwords are much safer.  Nobody knows about them.  If your device is stolen,
+            the thieves can't get at them.
+        </p>
+        
+        <h3>I entered my master password on my friend's app.  It just says <q>Invalid master password</q> and exits!</h3>
+        <p>
+            For your own protection and to avoid opening the app after <i>mistyping</i> your master password (and thus
+            generating bad passwords for your sites), the app normally checks whether you're entering the same master
+            password as the one you've been using before.
+        </p>
+        <p>
+            To open the app with <b>a different master password</b>, just go into your device's <code>Settings</code>, find
+            <code>Master Password</code>'s settings somewhere near the bottom, and flip the setting: <code>Change my
+            password</code>.  The next time you open the app, you can enter a new master password.  Don't worry:
+            you're not wiping your friend's passwords this way.  All he needs to do to get back at his own passwords is
+            flip the switch again and change back to his own master password.
+        </p>
+    
+        <h3>Great, but that still means I need my phone to access anything.</h3>
+        <p>
+            Correct.  However, remember that usually you'll only need to use this app once for each site.  Imagine
+            you're usually on your MacBook Air.  You go to Twitter, it asks for your password.  You get your phone out,
+            start the app and generate the password for <code>twitter.com</code>.  You copy the password manually by
+            typing it out on your MacBook Air.  You may notice that the generated passwords have been created such that
+            they're fairly easy to copy.  Once you log in, though, your MacBook will ask you to save the password in its
+            key chain.  Agree to that, and you won't need to bring up your phone again the next time you log in to
+            Twitter.
+        </p>
+        <p>
+            If you're still worried, the app's homepage details <b>the algorithm</b> used to generate your passwords.
+            There's also <b>a Bash script</b> that you can use to generate your passwords on any POSIX system (such as,
+            your Mac).  A Mac version of this app is also in the works so that you can easily get to all your passwords
+            without needing to bring up your phone.
+        </p>
+
+        <h3>This stuff is gold.<br />
+            I want one branded for our company.</h3>
+        <p>
+            Contact me directly for enterprise inquiries.  I can provide branded clients and enterprise distribution
+            if your company is interested in deploying this solution internally.
+        </p>
+    
+        <footer>
+            <a href="http://masterpassword.lyndir.com">Homepage</a> | <a href="http://www.lyndir.com">Lyndir</a> |
+            <a href="http://www.lyndir.com/contact">Contact</a>
+        </footer>
+
    </body>
 </html>