Jump to content
Macro Express Forums

How To: Login Automatically To Web Sites


Recommended Posts

Bob:

Are there any options to have the passwords either encrypted or at least obfuscated?

Maybe. The problem is that the password is actually part of the VBScript that runs. That being said, maybe the Encrypted Text command will work. I will see if something can be done.

Link to comment
Share on other sites

Hi, Floyd,

 

It's not just the encryption, though, is it?

 

It is the whole concept that a stolen laptop could be used to log on to a Banking WebSite, just by running a macro, and not having to enter a password. Even having it available around home would be a problem for visitors accessing your Wesites! - I mean, an individual might not be too concerned to have their email available to anyone, but corporations should be worried, and banking sites should worry everyone, I would have thought.

 

It worries me that you might include it in a package!

 

More for your thoughts,

Best, Randall

Link to comment
Share on other sites

Hello Randall!

 

Including it does no harm. I'm sure that, like you, other users and developers realize the danger of leaving sensitive information laying around. Just because the function exists, does not mean it has to be used, as is true with any of the other functions. And I will include a warning in the docs.

 

What the encrypted text might do, and we are still looking at it, is to encrypt the password until it is needed. We might be able to substitute text with variables in the target macro. It will mean, however, a change to both how the target macro gets generated and also how it gets called.

 

It is important for the upcoming Macro Express data mining and/or screen scraping functions that these issues get resolved, and I appreciate your feedback. Keep it coming.

Link to comment
Share on other sites

The following comments have little to do with Joe's function and more to do with automating logins in general.

 

I have been thinking about the issue of stolen passwords for quite a while now. The issue goes beyond stolen equipment. We should also be concerned about someone sitting in front of our computer when we're away and gaining access to sensitive sites. This concern has kept me from automating logins to certain sites.

 

I have thought of two techniques but I have not implemented either of them. Yet.

 

The first approach is to require the user to 'log on' to the macro. The login names and passwords for your sites are encrypted and, until you enter a master password, they remain encrypted.

 

This can be accomplished using macros but I think it will be cumbersome. It may be simpler to use an external program.

 

Some computers now are offering biometric input ... a fingerprint reader, for example. This would be an ideal source for the 'master password'. Scan your fingerprint and then your password macros are enabled. For a time.

 

The second, and perhaps easiest for us to implement right now, is to separate the macro from the passwords. USB Flash drives (aka thumb or jump drives) are inexpensive these days. The macro that we use to send our passwords could get the login information from a macro or file on the flash drive. If the flash drive is not present, the macro cannot log in.

 

This, of course, has the disadvantage that you have to keep a flash drive plugged in all the time. But it has the advantage that if someone sits in front of your computer or if they steal your notebook computer, they do not have access to your login sites. Of course you have to remember to remove the flash drive whenever you leave your computer.

 

There is a risk that you will loose the flashdrive and not the computer. But, without both, someone cannot access your protected sites.

Link to comment
Share on other sites

Macros don't kill people, people kill people.

 

There are a lot of functions that could be harmful if used maliciously or wrongfully, not just the login function. But we as macro users should understand that more than anyone. I think it's something that comes with the territory. Use macros wisely or you could get burned. The function sounds good and I would love to test it once I get the function library installed (waiting on IT), but I also know that I would need to weigh the convenience vs. criticalness. That's my two pennies for what it's worth.....

 

-nic

Link to comment
Share on other sites

I used to have a password to fire the {IE Login Popup Menu} function, but it defeated the purpose. In other words, it didn't make sense to have to enter a password to not to have to enter a password.

 

I like Kevin's idea about the jump drive. Portable, removable, safe. We used to have a similar device called a "floppy disk" :rolleyes:. Speaking of which, anybody remember cassette drives?

 

The most convenient way to protect oneself is to have a biometric device for your laptop or desktop. So I agree with Kevin on this, too. I would rather protect the whole thing with one device rather than try to protect hundreds of macros and web sites with an equal number of passwords. Convenient, however, does not mean "most secure". Anybody can yank a hard drive from a stolen computer and place it in another computer.

 

The {Generate an Internet Login} macro is a nice convenient shortcut that makes no claims to being secure.

Link to comment
Share on other sites

Joe, in regards to your response of entering a password to not enter a password... if you have set up a multiple choice menu of IE sites that all contain different passwords... you could, in effect, reduce all of your passwords to 1... enter 1 password to access the menu and fire away from there. I guess I can see the use of that from a home computer standpoint. I guess I would not use this on a corporate network though.

Link to comment
Share on other sites

My idea is that you would enter a 'master password' the first time you need a password. Then, for a period of time, it would be unnecessary to enter any passwords. But, if you leave the computer idle for a while, you would have to reenter the 'master password'.

Link to comment
Share on other sites

Hello Cyberchief!

 

C'mon! ... be adventuresome. Take a chance. What could happen?

 

There are sites that are not critical, like this one. And yes, I use this auto login macro on my personal computer. But for as many as sites that I log into, there are still a couple that I do manually ... and they will remain that way for the obvious reason that the data is too sensitive. Also, it is sometimes necessary that clients which we generate macro systems for give us their passwords. These are never placed into an automatic login macro. Ever.

 

All that being said, I think that this macro will be very useful for many many people. Not for everyone.

 

Actually, this macro was originally started as a way to test data mining and the DOM. It grew from there ... like the Frankenstein monster. :blink: Does this macro have a place in the PGM Functions Library? Does it belong with the other data mining macros (now in development)? Randall does not think so, what do the rest of you think?

Link to comment
Share on other sites

Me? Adventuresome? Here... let me just out right give you all of my passwords as well as banking information... would that make you feel better? :P Here... let me put it in the public forum over there -------------------------------->

 

 

 

 

I guess I think it would be a nice addition to the PGM library. Again, it is a function that others could use. As far as security... you can't babysit everyone that purchases the library... Put a nice little disclaimer there and let loose. There is already a bunch of password managers out there. Why should this be any different?

Link to comment
Share on other sites

I like Kevin's idea about the jump drive. Portable, removable, safe. We used to have a similar device called a "floppy disk" . Speaking of which, anybody remember cassette drives?

 

DO NOT GO THERE! I remember when cassette drives were considered new technology :D

 

As far as it being an addition to the PGM Library I think it is worthwhile and should be included as part of any Data Mining efforts. When I compare capabilities in this arena (passwords and form filling) I use the capabilities of Roboform. That I know is a very high bar to aspire to since they probably have a lot more access as a plugin and it is also their Main product focus.

Link to comment
Share on other sites

Randall does not think so, what do the rest of you think?

Hi Joe,

 

Hey, I'm really not that fussed; I would only be against it if there were no warning that came up when first making a macro at any apparent banking or financial institution, Credit card site etc and said

 

"You are putting your financial security at risk if you continue in view of potential bypass of your password at this site"!

 

Can you identify such sites within the macro, and give reasonable warning?

 

I vaguely wonder if you are putting yourself at legal risk. Would a simple blanket warning stand up in court! (I'm no lawyer, though!)

 

Perhaps you know more about it if there are other companies who have made password bypassing part of their programs?

 

Best, Randall

EDIT; My wording keeps coming out stronger than I really feel about this - sorry!

Link to comment
Share on other sites

  • 3 weeks later...
  • 4 weeks later...

Hi,

Yes. I hardly ever see them!

I have one machine with intermittent low virtual memory (tries to run VmWare with XP and only 500Mb Ram!); it seems to be when memory swaps occur after that in particular (it may take a couple of minutes to get over it!)

I have not checked how you know if "vbs" is ready?

Best, randall

Link to comment
Share on other sites

Randall -

 

I have not checked how you know if "vbs" is ready?

If you mean how does the macro know if the Windows Script has finished, there is no need to know in this case. Because there is no post-processing tasks for the macro to do, it ends immediately after firing the script.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...