vedicaudio Posted January 13, 2018 Report Share Posted January 13, 2018 Normally passkeeper prompts user to enter Maxthon password before anything is revealed. However, if user has passkeeper open in a tab when Maxthon is shut down, the next time Maxthon is opened, and any user opens passkeeper again from the list on Last Session tab, then passkeeper opens and gives an unauthorized user full access to all website passwords. Version 5.1.5.1000 Link to comment Share on other sites More sharing options...
PHYR Posted January 13, 2018 Report Share Posted January 13, 2018 Confirmed. M5 also opens if you click no on windows user account control on start up. Link to comment Share on other sites More sharing options...
Tony Posted January 13, 2018 Report Share Posted January 13, 2018 dont use last session but its easier than that goto passkeeper and open by entering password close maxthon then open again go to passkeeper and its open - no password required [sorry if thats what you mean above] for a browser that trumpets its secure this is one hell of a breach in that security Tony - Vivaldi 4 on Windows 10 64Bit Link to comment Share on other sites More sharing options...
SnowLeopard Posted January 13, 2018 Report Share Posted January 13, 2018 8 hours ago, Tony said: dont use last session but its easier than that goto passkeeper and open by entering password close maxthon then open again go to passkeeper and its open - no password required [sorry if thats what you mean above] for a browser that trumpets its secure this is one hell of a breach in that security You're right; I confirm this is a serious security FUBAR that needs to be fixed immediately. However, the fact that I had never encountered this bug prompted me the do some experiments. The findings are: 1. If Passkeeper is opened, the password entered, and while Passkeeper is left open the browser is closed, you will find that Passkeeper remains open and accessible without the password the next time someone launches the browser. There's no need to usethe Last Session link. 2. However, if subsequently to having Passkeeper open under either stage of test 1, the browser is cloed with Passkeeper also closed, then upon the next launch of MX5 Passkeeper will require the password. So the workaround until the bug is fixed is to always close Passkeeper before closing the browser. By luck rather than intention this has been my practice. So make it intentional pending the bug fix. <<SL>> Link to comment Share on other sites More sharing options...
pantantrollo Posted January 13, 2018 Report Share Posted January 13, 2018 I understand that you are all referring to Passkeeper with user account? Link to comment Share on other sites More sharing options...
7twenty Posted January 13, 2018 Report Share Posted January 13, 2018 3 hours ago, SnowLeopard said: do some experiments. Did the same and came to the same conclusion. Link to comment Share on other sites More sharing options...
SnowLeopard Posted January 14, 2018 Report Share Posted January 14, 2018 19 hours ago, pantantrollo said: I understand that you are all referring to Passkeeper with user account? Yes. my normal SnowLeopard account. 18 hours ago, 7twenty said: Did the same and came to the same conclusion. Thanks for confirming. <<SL>> Link to comment Share on other sites More sharing options...
BugSir006 Posted January 15, 2018 Report Share Posted January 15, 2018 Hi Everyone Entered password to access your Passkeeper account, If it is more than 15 minutes from the last “operation” in the time of entry, then the password is required again. That's the product logic(SnowLeopard said right, it not relate with Last Session, it just relate with time) It is to prevent users from entering passwords many times in period of time, If you have higher security requirements, you can "exit" Passkeeper feature everytime you left the page Link to comment Share on other sites More sharing options...
Tony Posted January 15, 2018 Report Share Posted January 15, 2018 1 hour ago, BugSir006 said: Hi Everyone Entered password to access your Passkeeper account, If it is more than 15 minutes from the last “operation” in the time of entry, then the password is required again. That's the product logic(SnowLeopard said right, it not relate with Last Session, it just relate with time) It is to prevent users from entering passwords many times in period of time, If you have higher security requirements, you can "exit" Passkeeper feature everytime you left the page you have to be kidding - if thats how you think it should be then your thinking is wrong - passkeeper should lock on exit with no user input - just another reason not to use this badly thought out 'feature' Tony - Vivaldi 4 on Windows 10 64Bit Link to comment Share on other sites More sharing options...
vedicaudio Posted January 31, 2018 Author Report Share Posted January 31, 2018 @Tony , I tend to agree with you that passkeeper should lock on browser exit regardless of whether passkeeper is open in a tab or not. However, I'm not sure why you say the feature is badly "thought out." I wouldn't even consider using a browser these days that didn't manage passwords...they have become too much of a nuisance with all the requirements of IT security departments to try to manually enter them. Overall I like the feature, but it's not clear to me that everyone in this thread is on the same page. Do we all agree that the desirable behavior would be: 1. Passkeeper should lock on browser exit regardless of whether passkeeper is open in a tab or not. 2. Passkeeper should not require repeat master password entry within 15 minutes as long as the browser stays open. Many are calling the current behavior a bug, but it's only a bug if it wasn't designed to work that way intentionally, which @BugSir006 seems to be suggesting. On another note, my bigger problem with passkeeper is that it doesn't function well on all websites. One example is: https://www.managedtechnicalsupportaccess.com Another problem is that it has no options for password requirements. Some sites have very specific requirements, like at least one number, one of @#$%^&, one Capital letter, one lowercase letter, and at least 10 characters overall. Other sites disallow @#$%^&. At minimum there should be options to set minimum characters, and whether to include @#$%^& or not. Otherwise, there are actually a lot of sites where the password generator cannot be used. Link to comment Share on other sites More sharing options...
Secret-HQ Posted February 1, 2018 Report Share Posted February 1, 2018 While not technically a bug, I'd say this is a design oversight. Hopefully the devs will take the suggestion into account and implement some logic that will lock Passkeeper as part of the browser shutdown process. Link to comment Share on other sites More sharing options...
BugSir006 Posted February 1, 2018 Report Share Posted February 1, 2018 3 hours ago, vedicaudio said: 1. Passkeeper should lock on browser exit regardless of whether passkeeper is open in a tab or not. 2. Passkeeper should not require repeat master password entry within 15 minutes as long as the browser stays open. 2. 15 minutes is just to prevent "repeated" enter password. This is exactly our current logic. 1. I can understand what you mean, the disagreement between us is whether need to follow the "15 minutes" logic when exit the browser. Now the product logic is just "don't ask your password again" no matter you stay on browser or exit. Later, we will pay attention to these type feedback. 3 hours ago, vedicaudio said: Another problem is that it has no options for password requirements. Some sites have very specific requirements, like at least one number, one of @#$%^&, one Capital letter, one lowercase letter, and at least 10 characters overall. Other sites disallow @#$%^&. At minimum there should be options to set minimum characters, and whether to include @#$%^& or not. Otherwise, there are actually a lot of sites where the password generator cannot be used. You can choose the generated password freely on Passkeeper feature. It has option for different requirements: Link to comment Share on other sites More sharing options...
BurkeTheKilla Posted February 2, 2018 Report Share Posted February 2, 2018 I agree passkeeper should lock if you close your browser. If you close it that means your are done with the session. It makes no sense that it should stay open for 15 minutes after you leave. Someone could easily come after you are done and have access to your passwords. Link to comment Share on other sites More sharing options...
vedicaudio Posted February 3, 2018 Author Report Share Posted February 3, 2018 On 2/1/2018 at 10:08 PM, BugSir006 said: You can choose the generated password freely on Passkeeper feature. It has option for different requirements: Huh, I guess the devs quietly added that feature recently and I hadn't noticed it yet! Thanks! However, I would suggest a couple things...Preferences set in the options should be remembered for next password generation. Also, if you check the _$%@# box, it should force at least one of those characters to appear in every generated password. Right now, I have to keep clicking Generate Again until I randomly get a password that meets a particular websites' requirements. Link to comment Share on other sites More sharing options...
DeleteThisAccount-Please Posted February 3, 2018 Report Share Posted February 3, 2018 9 minutes ago, vedicaudio said: Huh, I guess the devs quietly added that feature recently and I hadn't noticed it yet! Thanks! However, I would suggest a couple things...Preferences set in the options should be remembered for next password generation. Also, if you check the _$%@# box, it should force at least one of those characters to appear in every generated password. Right now, I have to keep clicking Generate Again until I randomly get a password that meets a particular websites' requirements. nope, it's been there for awhile now. Link to comment Share on other sites More sharing options...
BugSir006 Posted February 5, 2018 Report Share Posted February 5, 2018 On 2018/2/3 at 10:27 AM, vedicaudio said: I would suggest a couple things...Preferences set in the options should be remembered for next password generation. Also, if you check the _$%@# box, it should force at least one of those characters to appear in every generated password. Right now, I have to keep clicking Generate Again until I randomly get a password that meets a particular websites' requirements. It really is, thanks for your report. Through communication, this issue has confirmed as bug. This expected can be arranged to suit your requirements(without refresh the page)and has done arranged in developers schedule. Kindly wait in patient. Link to comment Share on other sites More sharing options...
BugSir006 Posted March 6, 2018 Report Share Posted March 6, 2018 On 2/3/2018 at 10:27 AM, vedicaudio said: Huh, I guess the devs quietly added that feature recently and I hadn't noticed it yet! Thanks! However, I would suggest a couple things...Preferences set in the options should be remembered for next password generation. Also, if you check the _$%@# box, it should force at least one of those characters to appear in every generated password. Right now, I have to keep clicking Generate Again until I randomly get a password that meets a particular websites' requirements. @vedicaudio Due to the fact that the password generator has its 'memory', it will remain the rules which you set last time. So it is a normal phenomenon; It will change the 'memory' by clicking 'Generate again'. In future, and I have mark this issue and maybe there will change and adjustment on this requirement. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.