BrowseX Passman: A Password Manager
What Is It?
Passman is a userid/password manager embedded within BrowseX .
It can save userids and passwords to an encrypted database file
so that you only have to remember a single master password.
Passman can on demand fill in the correct userid and password
form fields on a page, or in a Basic Authentication popup.
How Does It Work?
Passman is on by default.
The first time you go to a given login page, fill in the userid
and password as you normally would. Then before submitting the page,
right-click on the password field. A dialog box should popup
enabling you to save this userid and password information to
an encrypted database. (The very first page you do this on will
also ask you to pick a Passman master password.)
In the future when you visit this page, fill in nothing,
but instead right-click on the password field and you
will be prompted for the Passman master password.
Supply it and the fields are filled in for you.
Optionally, you can fill in some or all of the userid
field if multiple userids are used on the page.
What About Basic Authentication
Basic Authentication is when you go to a page and a userid/password
dialog box pops up. Passman automatically fills in the
userid (if you've been there before) and then works as above.
Similarly, the first time you visit a page, type in the
site specific password and you will be prompted to add
it to Passman. If you've been to the site before,
the dialog will have the userid filled in and prompt you in red
for the passman password.
How Is It Implemented? How Secure Is It?
The browser never stores your Passman password internally.
Instead, the Passman DB is encrypted with the password using DES encryption.
Everytime you are asked for this password, BrowseX uses it to decrypt
the Database. There is currently no option to have the browser
internally store the password, and that is probably a bad idea.
The security of DES is probably only as good as your password, and
any password can be subject to brute force attacks. So
it is best to not allow anyone to have access to the DB.
How Do I Disable Passman
In Preferences/Security, uncheck Password Manager.
Where is the DB
It is stored in two files in your user directory. Under Unix
this is in ~/.brx/passman.db and ~/.brx/passman.ctl.
You may want to backup these files to floppy, in case
something goes wrong. Alternatively, you can edit the
password file via Preferences/Security. Note if you loose
or corrupt this file and don't know the passwords therein
you are SOL.
Can A Second BrowseX Use The Password DB
Yes, the DB files are Base64 encoded.
Just copy the two passman.* files into your second
browsers ~/.brx user dir.