I am in the process of upgrading Password Safe on all my computers from versions 3.42 and 3.43 to the latest 3.46.
I feel somewhat forced to do this since having the most recent version of the store for your sensitive passwords feels mandatory, though I really don’t like the new version for two main reasons. And while these may seem minor, they annoy me to the point of considering changing to competitor Keepass, at least to see how it works.
The main problems are first of all the new version has removed support for system tray icon color, and it’s now red (brown?) when Password Safe is minimized without any open database. And while I don’t have a color problem with seeing differences between red and green, I really liked having this white.
The second and more interesting issue is that the new version has a setting for autostart, just like the previous versions have. But the new version also seems to preload opening of the database in some way. While the old installed version would autostart the software, opening the actual database would require choosing File… Open…, the new has already selected the last used database and as soon as the icon in the system tray is clicked the password prompt appears.
Now this may seem handy, but what I’m not sure is how this works, is the database opened or not? And if opened, how does this affect file locks on the file in Dropbox. and furthermore, how does it affect login to multiple computers at the same time? I’d really prefer if autostart only actually autostarted the program itself.
Oddly enough, the database cannot be closed from the system tray before having been first unlocked, and a mouse-over shows no filename, indicating the database is actually not really open. But in that case the icon color ought to be red (brown?) instead of the green it is now.
I would have given Keepass another try again much sooner had it not been for the difficulties in finding a reliable and trustworthy iOS counterpart for the Windows version.
While I believe in security in general, and in SSL-certificates as a means for that, it gets quite annoying to have the newly released password form warning for several of my sites.
In particular my home router and my intranet NAS-box at home, which prefers http login, even though the NAS actually comes with an https-variant, which unfortunately does not work very well since it uses a self-signed certificate issued to QNAP NAS, and therefore does not match the hostname/URL of my configured NAS. Which still creates warnings and needs for exceptions and so on rather than actually helping out.
But anyway, the point of this post was not about QNAP, (who beyond this little misstep makes a splendid product), but about how to disable the insecure password form warning in Firefox, and also how to re-enable password autofill on http sites again.
So. Here’s how to disable Firefox insecure password warnings:
- Open a new tab, paste about:config into the address bar.
- In the Search box at the top, paste insecure_field_warning.contextual.enabled
- Double click the setting to change it to “false”, to disable Firefox’s insecure password warning.
To also restore autofill functionality, so saved login/password automatically populates in an HTTP form here’s how:
- In the Search Box on the about:config page, paste signon.autofillForms.http
- Double click the setting to change it to “true,” to enable autofill
And I believe the old joke on doing unsafe things you shouldn’t used to come with the warning “don’t do this at home!”… 😉
One thing I would like very much however is for Binero to come up with their planned support for free SSL-certificates through some 3rd party provider. (I believe Let’s Encrypt was mentioned in a comment to a blog post a while back but now I can no longer even find that specific blog post so it might have been deleted).
I came across this article on enabling two-factor-authentication for several accounts.
I noticed that not only are there several more services now offering 2FA than when I last checked a few months back. But once I set out to enable my accounts on these services I also noticed that several of them now supports apps in addition to SMS-messages.
And I’m also very glad that the apps are becoming more generic so I don’t need to have a mass of apps installed on my phone, but rather that it’s now possible to use for example Microsoft Authenticator not only for Microsofts own accounts but also for Google, Twitter, Dropbox, Amazon and others.
The article doesn’t mention Steam though, but I think it should. Steam is quite huge as platform and enabling 2FA was both easy and well worth it, considering the info stored there. And neither is Apple mentioned which is a little odd, but AppleID is also very smooth to enable for 2FA.
There are also some identity services missing in the article where maybe I should look more into their respective settings to see if they now support easy to use 2FA as well.
I’m thinking specifically of WordPress, Instagram, IMDb and Origin. And of course all the web shops where personal info is stored.
And lastly what I’d like to see now is support in Password Safe for PC and the pwSafe iOS app for tagging accounts with a green colour flag if they’re 2FA enabled.