floyd Posted June 7, 2005 Report Share Posted June 7, 2005 Bob: Are there any options to have the passwords either encrypted or at least obfuscated? Maybe. The problem is that the password is actually part of the VBScript that runs. That being said, maybe the Encrypted Text command will work. I will see if something can be done. Quote Link to comment Share on other sites More sharing options...
randallc Posted June 9, 2005 Report Share Posted June 9, 2005 Hi, Floyd, It's not just the encryption, though, is it? It is the whole concept that a stolen laptop could be used to log on to a Banking WebSite, just by running a macro, and not having to enter a password. Even having it available around home would be a problem for visitors accessing your Wesites! - I mean, an individual might not be too concerned to have their email available to anyone, but corporations should be worried, and banking sites should worry everyone, I would have thought. It worries me that you might include it in a package! More for your thoughts, Best, Randall Quote Link to comment Share on other sites More sharing options...
joe Posted June 9, 2005 Author Report Share Posted June 9, 2005 Hello Randall! Including it does no harm. I'm sure that, like you, other users and developers realize the danger of leaving sensitive information laying around. Just because the function exists, does not mean it has to be used, as is true with any of the other functions. And I will include a warning in the docs. What the encrypted text might do, and we are still looking at it, is to encrypt the password until it is needed. We might be able to substitute text with variables in the target macro. It will mean, however, a change to both how the target macro gets generated and also how it gets called. It is important for the upcoming Macro Express data mining and/or screen scraping functions that these issues get resolved, and I appreciate your feedback. Keep it coming. Quote Link to comment Share on other sites More sharing options...
kevin Posted June 9, 2005 Report Share Posted June 9, 2005 The following comments have little to do with Joe's function and more to do with automating logins in general. I have been thinking about the issue of stolen passwords for quite a while now. The issue goes beyond stolen equipment. We should also be concerned about someone sitting in front of our computer when we're away and gaining access to sensitive sites. This concern has kept me from automating logins to certain sites. I have thought of two techniques but I have not implemented either of them. Yet. The first approach is to require the user to 'log on' to the macro. The login names and passwords for your sites are encrypted and, until you enter a master password, they remain encrypted. This can be accomplished using macros but I think it will be cumbersome. It may be simpler to use an external program. Some computers now are offering biometric input ... a fingerprint reader, for example. This would be an ideal source for the 'master password'. Scan your fingerprint and then your password macros are enabled. For a time. The second, and perhaps easiest for us to implement right now, is to separate the macro from the passwords. USB Flash drives (aka thumb or jump drives) are inexpensive these days. The macro that we use to send our passwords could get the login information from a macro or file on the flash drive. If the flash drive is not present, the macro cannot log in. This, of course, has the disadvantage that you have to keep a flash drive plugged in all the time. But it has the advantage that if someone sits in front of your computer or if they steal your notebook computer, they do not have access to your login sites. Of course you have to remember to remove the flash drive whenever you leave your computer. There is a risk that you will loose the flashdrive and not the computer. But, without both, someone cannot access your protected sites. Quote Link to comment Share on other sites More sharing options...
-nic Posted June 9, 2005 Report Share Posted June 9, 2005 Macros don't kill people, people kill people. There are a lot of functions that could be harmful if used maliciously or wrongfully, not just the login function. But we as macro users should understand that more than anyone. I think it's something that comes with the territory. Use macros wisely or you could get burned. The function sounds good and I would love to test it once I get the function library installed (waiting on IT), but I also know that I would need to weigh the convenience vs. criticalness. That's my two pennies for what it's worth..... -nic Quote Link to comment Share on other sites More sharing options...
joe Posted June 9, 2005 Author Report Share Posted June 9, 2005 I used to have a password to fire the {IE Login Popup Menu} function, but it defeated the purpose. In other words, it didn't make sense to have to enter a password to not to have to enter a password. I like Kevin's idea about the jump drive. Portable, removable, safe. We used to have a similar device called a "floppy disk" . Speaking of which, anybody remember cassette drives? The most convenient way to protect oneself is to have a biometric device for your laptop or desktop. So I agree with Kevin on this, too. I would rather protect the whole thing with one device rather than try to protect hundreds of macros and web sites with an equal number of passwords. Convenient, however, does not mean "most secure". Anybody can yank a hard drive from a stolen computer and place it in another computer. The {Generate an Internet Login} macro is a nice convenient shortcut that makes no claims to being secure. Quote Link to comment Share on other sites More sharing options...
cyberchief Posted June 9, 2005 Report Share Posted June 9, 2005 Joe, in regards to your response of entering a password to not enter a password... if you have set up a multiple choice menu of IE sites that all contain different passwords... you could, in effect, reduce all of your passwords to 1... enter 1 password to access the menu and fire away from there. I guess I can see the use of that from a home computer standpoint. I guess I would not use this on a corporate network though. Quote Link to comment Share on other sites More sharing options...
kevin Posted June 9, 2005 Report Share Posted June 9, 2005 My idea is that you would enter a 'master password' the first time you need a password. Then, for a period of time, it would be unnecessary to enter any passwords. But, if you leave the computer idle for a while, you would have to reenter the 'master password'. Quote Link to comment Share on other sites More sharing options...
joe Posted June 9, 2005 Author Report Share Posted June 9, 2005 Hello Cyberchief! C'mon! ... be adventuresome. Take a chance. What could happen? There are sites that are not critical, like this one. And yes, I use this auto login macro on my personal computer. But for as many as sites that I log into, there are still a couple that I do manually ... and they will remain that way for the obvious reason that the data is too sensitive. Also, it is sometimes necessary that clients which we generate macro systems for give us their passwords. These are never placed into an automatic login macro. Ever. All that being said, I think that this macro will be very useful for many many people. Not for everyone. Actually, this macro was originally started as a way to test data mining and the DOM. It grew from there ... like the Frankenstein monster. Does this macro have a place in the PGM Functions Library? Does it belong with the other data mining macros (now in development)? Randall does not think so, what do the rest of you think? Quote Link to comment Share on other sites More sharing options...
cyberchief Posted June 9, 2005 Report Share Posted June 9, 2005 Me? Adventuresome? Here... let me just out right give you all of my passwords as well as banking information... would that make you feel better? Here... let me put it in the public forum over there --------------------------------> I guess I think it would be a nice addition to the PGM library. Again, it is a function that others could use. As far as security... you can't babysit everyone that purchases the library... Put a nice little disclaimer there and let loose. There is already a bunch of password managers out there. Why should this be any different? Quote Link to comment Share on other sites More sharing options...
bobchernow Posted June 9, 2005 Report Share Posted June 9, 2005 I like Kevin's idea about the jump drive. Portable, removable, safe. We used to have a similar device called a "floppy disk" . Speaking of which, anybody remember cassette drives? DO NOT GO THERE! I remember when cassette drives were considered new technology As far as it being an addition to the PGM Library I think it is worthwhile and should be included as part of any Data Mining efforts. When I compare capabilities in this arena (passwords and form filling) I use the capabilities of Roboform. That I know is a very high bar to aspire to since they probably have a lot more access as a plugin and it is also their Main product focus. Quote Link to comment Share on other sites More sharing options...
randallc Posted June 10, 2005 Report Share Posted June 10, 2005 Randall does not think so, what do the rest of you think? Hi Joe, Hey, I'm really not that fussed; I would only be against it if there were no warning that came up when first making a macro at any apparent banking or financial institution, Credit card site etc and said "You are putting your financial security at risk if you continue in view of potential bypass of your password at this site"! Can you identify such sites within the macro, and give reasonable warning? I vaguely wonder if you are putting yourself at legal risk. Would a simple blanket warning stand up in court! (I'm no lawyer, though!) Perhaps you know more about it if there are other companies who have made password bypassing part of their programs? Best, Randall EDIT; My wording keeps coming out stronger than I really feel about this - sorry! Quote Link to comment Share on other sites More sharing options...
randallc Posted June 17, 2005 Report Share Posted June 17, 2005 On one machine I get "Can't find [long filename].vbs the first time I run, intermittently; usually when it is running slowly, then runs OK the 2nd time Randall Quote Link to comment Share on other sites More sharing options...
floyd Posted June 17, 2005 Report Share Posted June 17, 2005 Thanks Randall. I will try and duplicate this. Quote Link to comment Share on other sites More sharing options...
randallc Posted July 3, 2005 Report Share Posted July 3, 2005 Same again - It seems to be when memory is swapping (for other reasons!) so there's a delay. Also, if there is already a Window open for IE6, the macro seems not to complete and hit the "login" button at the end. Best, Randall Quote Link to comment Share on other sites More sharing options...
randallc Posted July 26, 2005 Report Share Posted July 26, 2005 (edited) hi guys, ** IGNORE THIS PLEASE Thanks, Randall EDIT-Sorry, tried to import IELoginPopupMenu.mex as a "playable macro" Edited July 26, 2005 by randallc Quote Link to comment Share on other sites More sharing options...
floyd Posted July 26, 2005 Report Share Posted July 26, 2005 Randall - I get "Can't find [long filename].vbs the first time I run, if there is already a Window open for IE6, the macro seems not to complete and hit the "login" button at the end I am unable to duplicate these. Quote Link to comment Share on other sites More sharing options...
randallc Posted July 26, 2005 Report Share Posted July 26, 2005 Hi, Yes. I hardly ever see them! I have one machine with intermittent low virtual memory (tries to run VmWare with XP and only 500Mb Ram!); it seems to be when memory swaps occur after that in particular (it may take a couple of minutes to get over it!) I have not checked how you know if "vbs" is ready? Best, randall Quote Link to comment Share on other sites More sharing options...
floyd Posted July 26, 2005 Report Share Posted July 26, 2005 Randall - I have not checked how you know if "vbs" is ready? If you mean how does the macro know if the Windows Script has finished, there is no need to know in this case. Because there is no post-processing tasks for the macro to do, it ends immediately after firing the script. Quote Link to comment Share on other sites More sharing options...
randallc Posted July 28, 2005 Report Share Posted July 28, 2005 Hi, Floyd, No, I think I have tracked it down; when you Wait for file ready" for saving vbs file, you have only allowed max 5 secs; when memory is swapping there may be a delay? Randall Quote Link to comment Share on other sites More sharing options...
floyd Posted July 28, 2005 Report Share Posted July 28, 2005 Good point ... thanks Randall. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.