From d5a5cd7de47dbf5c137097b10bfcb8dc03196d3f Mon Sep 17 00:00:00 2001 From: Maarten Billemont Date: Sun, 21 Sep 2014 14:09:43 -0400 Subject: [PATCH] Fix a few issues after element->site rename. --- .../project.pbxproj | 4 - MasterPassword/Resources/Data/ciphers.plist | 10 +- MasterPassword/Resources/Media/help.html | 342 ------------------ 3 files changed, 9 insertions(+), 347 deletions(-) delete mode 100644 MasterPassword/Resources/Media/help.html diff --git a/MasterPassword/ObjC/iOS/MasterPassword-iOS.xcodeproj/project.pbxproj b/MasterPassword/ObjC/iOS/MasterPassword-iOS.xcodeproj/project.pbxproj index e6fda07e..3f4f321b 100644 --- a/MasterPassword/ObjC/iOS/MasterPassword-iOS.xcodeproj/project.pbxproj +++ b/MasterPassword/ObjC/iOS/MasterPassword-iOS.xcodeproj/project.pbxproj @@ -229,7 +229,6 @@ DABD3ABF1711E29800CF925C /* icon_plus@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD37F91711E29600CF925C /* icon_plus@2x.png */; }; DABD3B1C1711E29800CF925C /* icon_up.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38561711E29700CF925C /* icon_up.png */; }; DABD3B1D1711E29800CF925C /* icon_up@2x.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38571711E29700CF925C /* icon_up@2x.png */; }; - DABD3B8A1711E29800CF925C /* help.html in Resources */ = {isa = PBXBuildFile; fileRef = DABD38C61711E29700CF925C /* help.html */; }; DABD3B8D1711E29800CF925C /* keypad.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38C91711E29700CF925C /* keypad.png */; }; DABD3B8E1711E29800CF925C /* logo-bare.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38CA1711E29700CF925C /* logo-bare.png */; }; DABD3B8F1711E29800CF925C /* menu-icon.png in Resources */ = {isa = PBXBuildFile; fileRef = DABD38CB1711E29700CF925C /* menu-icon.png */; }; @@ -1171,7 +1170,6 @@ DABD38C11711E29700CF925C /* tip_location_teal@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "tip_location_teal@2x.png"; sourceTree = ""; }; DABD38C21711E29700CF925C /* tip_location_wood.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = tip_location_wood.png; sourceTree = ""; }; DABD38C31711E29700CF925C /* tip_location_wood@2x.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "tip_location_wood@2x.png"; sourceTree = ""; }; - DABD38C61711E29700CF925C /* help.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = help.html; sourceTree = ""; }; DABD38C81711E29700CF925C /* jquery-1.6.1.min.js */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.javascript; path = "jquery-1.6.1.min.js"; sourceTree = ""; }; DABD38C91711E29700CF925C /* keypad.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = keypad.png; sourceTree = ""; }; DABD38CA1711E29700CF925C /* logo-bare.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = "logo-bare.png"; sourceTree = ""; }; @@ -1579,7 +1577,6 @@ DABD38751711E29700CF925C /* Tooltips */, DABD3FC81712446200CF925C /* cloud.png */, DABD3FC91712446200CF925C /* cloud@2x.png */, - DABD38C61711E29700CF925C /* help.html */, DABD3FCC1714F45B00CF925C /* identity.png */, DABD3FCD1714F45B00CF925C /* identity@2x.png */, DABD38C81711E29700CF925C /* jquery-1.6.1.min.js */, @@ -3120,7 +3117,6 @@ DA3BCFCB19BD09D5006B2681 /* SourceCodePro-Regular.otf in Resources */, DA250A121956484D00AC23F1 /* image-0.png in Resources */, DA4522441902355C008F650A /* icon_book.png in Resources */, - DABD3B8A1711E29800CF925C /* help.html in Resources */, DA2509FF1956484D00AC23F1 /* image-9@2x.png in Resources */, DABD3B8D1711E29800CF925C /* keypad.png in Resources */, DABD3B8E1711E29800CF925C /* logo-bare.png in Resources */, diff --git a/MasterPassword/Resources/Data/ciphers.plist b/MasterPassword/Resources/Data/ciphers.plist index 1c354462..3a64450c 100644 --- a/MasterPassword/Resources/Data/ciphers.plist +++ b/MasterPassword/Resources/Data/ciphers.plist @@ -2,12 +2,18 @@ - MPSiteGeneratedEntity + MPGeneratedSiteEntity Login Name cvccvcvcv + Phrase + + cvcc cvc cvccvcv cvc + cvc cvccvcvcv cvcv + cv cvccv cvc cvcvccv + Maximum Security Password anoxxxxxxxxxxxxxxxxx @@ -77,6 +83,8 @@ @&%?,=[]_:-+*$#!'^~;()/. x AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz0123456789!@#$%^&*() + + diff --git a/MasterPassword/Resources/Media/help.html b/MasterPassword/Resources/Media/help.html deleted file mode 100644 index 9eb5ac78..00000000 --- a/MasterPassword/Resources/Media/help.html +++ /dev/null @@ -1,342 +0,0 @@ - - - - - - - - -
-

Master Password

-

by Lyndir

-

© 2011

-
- -

— 1 —

-

- Find the site that you need a password for by entering its name into the search field. -

-

- While searching, the names of previously used sites will be listed.
- Tap one of these results to go straight to its password. -

- -

— 2 —

-

- The site's password is now displayed.
- Tap it to copy the password. Once copied, you can switch to another application and paste it into a password field. -

- -

- To change the password for this site, tap the edit icon . -

- -

- Below the password you can set the password type. Some types create a password for you, - others let you choose your own. -

- -

- If the site complains when you try to set or update the password, try changing the password type. -

-

- To create a new password for this site, you can increment the password counter . - This is useful, for example, after you've had to share the password with somebody else. -

- -

— F.A.Q. —

- -
    -
  1. What is it and how do I use it?
    2. -
  2. Why do I need Master Password?
    3. -
  3. A password was given to me.
    4. -
  4. What if I loose my device?
    5. -
  5. Am I dependant on my device?
    6. -
  6. How do I maximize my security?
    7. -
  7. A website I use got hacked!
    8. -
  8. I forgot my master password!
    9. -
  9. How does Master Password work?
    10. -
  10. Do you offer enterprise solutions?
    11. -
- -

What is Master Password and how do I use it?

-

- Master Password creates secure and unique passwords for you, so you don't have to.
- The human brain is not well suited for creating secure and random passwords, and it's also terrible at remembering lots of unique passwords. - Master Password does the work for you: all you need to do is remember a single long and secure master password to log into the app. -

-

- Begin by entering the name of the thing you want a password for. Naming is entirely up to you, but remember to be consistent.
- Good names could be:
- apple.com, john@doe.com, office safe, bike lock, etc. -

-

- Every name has a different password, so the following names may be difficult to recall:
- pw for amazon, pin for my cell, etc. -

-

- Tap the resulting password to copy it for pasting in a different application or read it to type it in or use it manually elsewhere. -

-

- The thought behind this application is to secure your online (and offline) life by changing all of your passwords - to passwords generated by this app. -

- -

That's crazy talk.
- Why would I do that?

-

- The theory of password authentication is simple: To log in to a site, you share a secret word with the site - that only you and the site know. Since nobody else knows your secret password, nobody else can log - into your account. -

-

- It sounds good in theory. In practice, it's an absolute hell. These days, people have hundreds of - accounts on sites all over the Internet. Does that mean we're all remembering hundreds of secret passwords? - No, of course not. That would be impossible. If you're like most people, you remember one or two - passwords, and use those for all your sites everywhere. -

-

- So, what?, you might say.
- Here's the problem: When you share a secret password with a site, and then share the same secret password - with another site, both sites can now use the password you gave them to log into your account on the - other site. Nothing is stopping them from trying to log into your GMail, Hotmail or Twitter - accounts using the same password that you used to register an account on their site. Even if you only give - your password to sites you trust, all it takes is for one of those sites to get hacked and lose their - passwords database. Those hackers now have all it takes to impersonate you. -

-

- Some of you already try to remember unique-ish passwords for different sites. This causes problems too: - with so many passwords to remember, you easily forget passwords for sites you haven't used in a while. Or - you make up a simplification algorithm such as tacking your birth year onto the site name. This is really - not any more secure than using the same password for every site. And then there's those sites with - password policies: suddenly your long password isn't good enough, because it begins with a number, - or because (god forbid) it's too long. You now find yourself forced to create a strange variant - of your password that you'll have forgotten before the day is out. -

-

- This app solves the problem by letting you remember only a single password without requiring you to - share the password with anyone else. Instead, the app creates secure passwords for use with whatever site - or purpose you might need a password for. -

- -

I can't change all my passwords.
- Some of them were assigned to me.

-

- That's why this application allows you to change the password type to Personal or Device - Private. These types let you enter a password for a site, and the app will encrypt and save it so - you it's there for future reference. -

-

- These types of stored passwords don't have all the advantages that their generated counterparts have - (they can be lost if you lose your device and don't back it up), but when you can't change a site's - password to one generated by the app, this is as good as it gets. -

- -

So, what if I lose my device?
- I'm locked out of everything?

-

- Absolutely not! In fact, generated passwords aren't even stored on your device. No, not in the - cloud either. They're not stored anywhere! What that basically means is, if you grab the iPhone of a - colleague or friend and open this app on it, re-create your user and log in, it'll give you all your - generated passwords. So, if you lose your iPhone or forget it, just open the app on your iPad, - or borrow a friend's device, and you're back in business. No backups or restores needed. -

-

- This also means that, unlike all those apps that store your passwords or send them off to be stored on the - Internet, this app makes your passwords much safer from theft. If your device is stolen, the thieves can't - get at your passwords. There's also no cloud service that can be mis-managed or hacked. -

- -

Great, but that still means I need my device to get my passwords.

-

- Correct. However, remember that usually you'll only need to use this app once for each site. After you log - into a site once using the password generated by this app, your browser will probably ask you to remember - the password for the future. Agree to that, and you won't need to bring up your device again the next time - you log in to the account. -

-

- There is also a Mac version of Master Password that will be released on the Mac App Store. - It allows you to generate any of your passwords without the need to bring out your device. -

- -

I'm paranoid.
- How do I maximize my security?

-

- The most important aspect to the security of your passwords is your master password. Make sure - you've chosen a long and unique master password. Master Password's algorithm makes it exceedingly - difficult for an attacker to try and guess your master password, but that doesn't make you invulnerable when - your master password is short or easy to guess. Ideally, your master password should be longer than 10 characters. - An absurd sentence is a great idea, especially if you add non-english or gibberish words to it. - Absurd sentences are long and high in entropy, but also particularly easy for the human brain to remember. -

-

- Armed with a good master password, your next step is to assign generated passwords to all of your sites. - By default, Master Password creates passwords that are secure and still easy to copy from your device to a - computer by keyboard. If you prefer, you can go into Master Password's preferences (using the top-right icon) - and change the default password type to Maximum Security. Any new sites will now generate - passwords that are even higher in entropy. These types of passwords are nigh impossible for an attacker to - brute-force (though a Long Password really is secure enough for most any purpose, see - What if a site I use gets hacked?). -

-

- Also check out the application's preferences (using the action icon on the top right, select Preferences). - Make sure that Save Password is disabled. Saving your password is a convenience feature that lets your - device save your master password so you don't need to enter it anymore. It also means that if somebody finds your device - somewhere or steals it, the only obstacle between them and your passwords are your device's PIN code (assuming you even - have one set).
- If you go into Settings from the Preferences page, you'll see some global application settings. - Make sure that Stay logged in is disabled here. If enabled, Master Password will not log you out when you - close the app. Your master password isn't saved on your device, but kept in memory for as long as your device remains - powered on. Again, a malignent person can easily get to your passwords if they find your device powered on and logged - into Master Password. -

- -

What if a site I use gets hacked?

-

- There have been some high-profile password database leaks lately. LinkedIn, eHarmony, Last.fm, to name a few, - have lost millions of people's password hashes. In these cases, attackers have obtained a hash of - the passwords of all of these people, which makes it much easier for them to guess their real password. - A single sophisticated computer can be used to try about 200 million password combinations per second in an - attempt to find the real password behind a hash. That means these millions of people should be really worried - about their account's security.
- However, if your account is protected by a Long Password generated by Master Password, it would - take an attacker with ten sophisticated machines multiple lifetimes to find your actual password from a hash. - If the attacker knew beforehand that you had used Master Password to generate your password, he could make - his approach smarter and ten sophisticated machines would still take more than a year of constantly trying - millions of password combinations to find out your actual password.
- If instead you used a Maximum Security password to protect your account, the time it would take - for an attacker to brute-force your password goes completely off the scale: 10,000 sophisticated machines - would take up to 312409704477000000 years to try and find your password, even if the attacker knew you're - using Master Password. -

-

- If you're worried anyway or you need a new password for your site for some other reason, tap the password - counter button (the plus icon) to instantly create a new password for that site. -

-

- Long story short: When a website you use gets hacked and your password hashes are revealed to hackers, this - is a big problem for the security of your account, but only if you're not using Master Password. -

- - -

I forgot my master password. What are my options?

-

- Due to the nature of this app's algorithms and the decisions that were made to protect against brute-force - attacks, it is simply infeasible to recover your master password. If you really can't remember it, your - passwords are gone. -

-

- Where you go from here is: on the unlock screen, tap and hold your user. A dialog will pop-up that will allow - you to reset your master password. Assign a new master password, log in, and for each of your accounts, go - through the password recovery procedure (which will usually involve the site sending a mail to your email account) - and reset the passwords of these accounts to passwords generated by your newly chosen master password.
- Now don't forget it again! :-) -

- -

So how does this thing work internally?

-

- The way Master Password works internally is fully disclosed. - The source code for this application is also available from GitHub. - I invite anyone with a technical background to go through these resources to make certain of the trustworthiness of Master Password. -

- -

Is the algorithm stable?
- Will my passwords ever change?

-

- While we're very confident of the strength of the Master Password algorithm, we're also constantly keeping an eye out - for what the evolutions are of hackers' tools and capabilities. To give you the best possible protection, there is - always the possibility that we'll have to make tweaks to the Master Password algorithm in order to fend off any - attempts at breaking in. -

-

- Usually, these tweaks will be automatically applied when you install the latest version. In this case, you will notice - nothing and all you need to take away from this is that it's best to always be running the latest version of Master Password. -

-

- It is possible, however, that to apply an upgrade to your passwords, a new password will need to be set for your site's - account. In this case, Master Password will leave your passwords the way they are but give you the option of - upgrading your passwords when it's convenient to you. Whenever you're ready, just tap the upgrade password icon and - Master Password will show you the old password and the new one so that you can easily update your site's account. -

-

- Please note: if Master Password warns you that you have outdated passwords, it's best to upgrade them all - as soon as convenient. If you lose your device or data and recreate your Master Password user on another device, - Master Password can only regenerate the passwords for you that you've upgraded. iCloud/iTunes sync or exports are not - affected, so these are good ways to safely back up your passwords. -

-

- Tap here to check if you have any outdated passwords. -

- -

This stuff is gold.
- I want one branded for our company.

-

- Contact me directly for enterprise inquiries. - I can provide branded clients and enterprise distribution if your company is interested in deploying this solution internally. -

-

- Master Password can also be used as a One-Time Password token generator to secure your infrastructure and client access. -

- - - - -