Results 1 to 6 of 6
Like Tree4Likes
  • 4 Post By Nafetz
  1.    #1  
    I hope it's ok to edit this first posting in case it will get several updates - so you can always find it here.

    Passwordmaker for webOS

    General description

    Passwordmaker for webOS is an application based on PasswordMaker. The javascript-code of this site is implemented in app/sourcePasswordmaker.jsjsjs $of$ $this$ $application$. $I$ $would$ $suggest$ $to$ $test$ $the$ $offline$ $html$-$version$ $before$ $using$ $the$ $webOS$ $app$ $or$ $use$ $both$ $together$ $at$ $the$ $beginning$ $so$ $you$ $can$ $see$ $what$ $is$ $happening$ $with$ $all$ $the$ $parameters$ $you$ $fill$ $in$.
    You can download the html-file here and e.g. put it on a folder of your HP Touchpad and call it with your browser so you don't need an internet connection.

    I'm not using the field "Using text" as input field since it is automatic filled with values out of "Input URL" and "URL components". But it is important to see what happens to the "Input URL" when you select an "URL component":
    If you check protocol you'll get different passwords for https://www.webosnation.com and webOS Nation | webOS Forums, News, Reviews, Apps and Help. If you uncheck protocol you'll get the same password.
    The same happens if you check "port, path,...":
    webOS Nation | webOS Forums, News, Reviews, Apps and Help will get another password as webOS Nation | webOS Forums, News, Reviews, Apps and Help/
    So you have to be aware which settings you chose...

    How to use Passwordmaker for webOS

    When starting the app for the first time, a database with two tables is created. One is for the categories and one for the account settings. One entry in each table is automatically set. As category is entered "Unfiled", as account is entered a preference dataset.

    You should start entering additional categories like "email", "shopping", etc. You can enter the category scene with the app-menu. The category-entry is not used for calculating the account-password. But it is used in the search function. If you type "shopping" in the account list then all datasets with category "shopping" should be visible.

    Next is to edit the preferences which can be found in the app-menu. All values that are entered in the preferences scene are loaded when you create a new account. So creating a new account is comfortable if the settings are chosen well.

    Now you can create your accounts. It is indeed possible, to insert a master password here. But this entry would be stored in the database - no good idea at all. But for comforts sake itís here. So if you would like to have a master-password like ^rz(H7tUk you could insert ^ in this field which is not easy to type on a webOS device. Then the input of the master-password would be easier as the special char is already in the password field. In this case only ^ would be stored in the database.
    There is a "Test" button where a popup stage appears where you can enter the master-password. This way you can calculate the password with the inserted parameters without storing the data into the database. If all is perfect and you like to store your account you can press the "Save" button. In any case the master-password of the popup-stage isnít stored in the database nor in a cookie.

    In the accountlist view you can tap on a stored account. This will call the popup window where you insert your master-password. Press the green button and the generated password is copied into clipboard. When you wipe the notification out of the screen then the clipboard is overwritten with " ".
    You can also tap on three dots on the right side of the list to get additional actions for this account. When you select to open the url of the account the browser will try to open the url that is set in the field of this account.


    Different modes of usage (compare with KeePass)

    1. You can always use the test button while creating an account and press cancel afterwards. In this case nothing would be stored in your database. Only one dataset of the preferences would be stored. So if someone gets your device only the preferences would give a hint of the passwords you are using. But it would be very difficult to guess master-password, username and url. So this would be very secure.
      But it would be hard to remember yourself: what was my username? was it webOS Nation | webOS Forums, News, Reviews, Apps and Help or forum.webosnation.com?
    2. You can store all your accounts and settings. If someone gets your your device, he may get access to all your account usernames. If he would have your masterpassword he may have all your accounts. (last point same as in KeePass). It seemed to me impossible to to get the database when developer mode is turned off and a device password is set. (but I can't tell that for sure)
      You can increase security a little bit if you e.g. insert, append or delete chars after the password is generated - same effect as if you had used the prefix or suffix field in combination with another password length. The only difference is that this manipulation is stored in your head and not in the database (same is possible in KeePass).
    3. You can store all your accounts even with the master-password. You will have very quick access to your passwords Ė as everyone else who gets your device. Not recommended Ė but possible.



    My conclusion (why Iím using this app)

    So far Iím still using KeePass for my account passwords (which are mostly secure passwords). As written above, passwordmaker for webOS used with mode 2 seems almost as secure for me as KeePass
    What I like with passwordmaker is:
    If I have not synced my passwords from KeePass (what happens very often) and have my HP Veer with me I have no chance to get my password that is stored at my PC at home.
    If I have not synced my passwords from Passwordmaker (what will happen very often) and have my HP Veer with me I do have a chance to get my password. I only have to remember my settings of this account. This may not work every time, but it will work sometimes.



    Below you can find some screenshots and a zip-file. The zip-file contains a ipk-file, that can be installed with WebOSQuickInstall. The other file is a script for Save/Restore if you want to have your database on several devices.

    History

    Version 0.1.0: First public release


    ---------------------------------------------
    Original posting from 06/08/2015, 07:55 PM


    Anybody interested in Passwordmaker for webOS?

    One year ago I read an interesting german article about password security and liked the idea of having an application that is generating secure passwords without storing them and only having to know one passwort to generate the passwords for different accounts on different devices.
    Unfortunately I didn't find any app running on webOS which satisfied my needs.
    I tried pwdHash which is really good and well done in Enyo, but it isn't possible to modify password length or the used character set. So it can't be used for providers with special demands on the used passwords.

    I finally found passwordmaker.org that can be used on every device at least with a browser that is supporting javascript. There is also a free app for android and iOS so I used the javascript code that can be found on https://passwordmaker.org/Javascript to build a webOS app.

    Since I'm only a self-made spare-time coder, there might be ridiculous "kindergarten" errors in my app. But I did my very best to solve all problems to make this app work. So don't espect too much.

    For the next weeks I'll test if the app is working as I wanted it to. If there is interest in this app I might try to make my first translated app. At the moment - as I am the only user - it is only in german :-)

    Below are some screenshots of the first successfull launch on my daily driver showing:

    - Customized category list for the accounts
    - List of my created accounts
    - Possible actions when tapping on the dots of the list
    (generate password, edit account, openURL)
    - Editing the properties of the account
    (only the important fields)
    - Input field for the master-password when tapping on a field of the account list
    - when confirmed the password is copied into clipboard
    - tap on the notification to see the password
    - Editing the properties of the account in a touchpad
    (this time all fields)
    Attached Images Attached Images
    Attached Files Attached Files
    Last edited by Nafetz; 06/13/2015 at 03:49 AM. Reason: Deleted german screencaptures / uploaded english screencaptures
  2. #2  
    Well, yes I'm interested. It should make a good companion for FreeOTP

    I listed both on this new thread: New Apps for webOS / LuneOS
  3. #3  
    Nice job! I'd like an english version (actually a dutch version ;-) ) Did you think very good about the masterpassword, and especially how you save/keep this ...?
  4.    #4  
    Quote Originally Posted by poehoes View Post
    Did you think very good about the masterpassword, and especially how you save/keep this ...?
    At least I tried...
    There are several ways to use this app where as always comfort conflicts with security. The way I would suggest to use this app the masterpassword is written into a field of a dialog-window (like in picture passwordmaker05.jpg). The value of the masterpassword runs into the javascript code of password.org (without connection outside the app) and returns the password for the account.
    After this the dialog window is closed with
    Code:
    this.widget.mojo.close();
    In the cleanup function of the dialog window I have a
    Code:
    this.pwdInboxModel.value = "";
    this.sceneAssistant.controller.modelChanged(this.pwdInboxModel);
    So I really hope there is nothing left of the masterpassword what a non-forensic-expert could get.

    But of course if you store all your accounts and settings in the list the only thing to get all accounts would be the masterpassword. So I would definitely NOT store the masterpassword.
    But there are maybe some other concepts in the usage of the app that are still comfortable and bring back some unknown variables.

    I will explain the possible usages when publishing this app maybe at the weekend. At the moment I found out that it would be useful if the username is in the banner too and that an option for opening the url AND copying the password to clipboard would be nice.
  5.    #5  
    Finally I finished my test and did some improvements and uploaded the ipk file above in posting #1. Questions and suggestions always welcome
  6. #6  
    I know it's not a problem you can fix, but http://passwordmaker.org/ seems to be down - hopefully it is a temporary fault.

Similar Threads

  1. Replies: 1
    Last Post: 08/26/2011, 12:13 AM
  2. Replies: 10
    Last Post: 06/19/2011, 07:38 PM
  3. Replies: 6
    Last Post: 11/10/2010, 01:36 PM
  4. Replies: 14
    Last Post: 08/23/2010, 11:59 PM

Posting Permissions