|From:||Jacob Morzinski <email@example.com>|
|Subject:||KfW should not display my password in LRUPrincipals|
|Date:||Fri, 25 Apr 2008 17:49:22 -0400|
Hello! I think the design of the Net ID Manager has a bug,
and am writing in the hope that design can be improved.
Please give the Network Identity Manager a way to clear or edit
the list of Recently Used Principals. I typo'd my password into
the Username field, and was disturbed to see the password saved
there forever, with no way to clear it from the list.
I'm using Kerberos for Windows 3.2.2
NetIDMgr's menu for Help > About says "NetIDMgr 18.104.22.168"
I have Windows XP SP2
KfW opened the "New credentials" dialog window on my computer.
I glanced at it, quickly typed my password and pressed the Enter key.
I got a "Decrypt integrity check failed" error.
The error probably means that input focus had been in the "username"
field and not the password field. Ok, I can retype, no problem...
The program keeps a saved list of "usernames", and it saved my password.
I can find no way to clear list of saved usernames.
My password is immortalized in the list of recently-typed usernames.
Digging around the registry, I found the key
which lets remove my password by editing "LRUPrincipals".
I shouldn't need to go registry-diving for this. Can the NetIDMgr
be improved to allow me to remove entries from the LRUPrincipals list?
One suggestion for the design of this would be to have a UI element
visible in the drop-down list itself -- perhaps the list of saved
usernames can have a separator at the bottom, and then an entry
for "clear this list" or "edit this list". Or perhaps something
in the preferences windows would work. I'm not a GUI designer,
and perhaps an actual designer would have better suggestions.
Thanks for reading, and I hope NetIDMgr can be persuaded to stop
saving typo'd passwords.
Jacob Morzinski <firstname.lastname@example.org>
Client Support Services
Information Services and Technology