A1: How safe are my passwords?
Very safe as none of your passwords are stored, but generated each time dynamically, Even if a hacker compromises our site the passwords cannot be used without them knowing the email or login name you use. If you register anonomously you should be safe even if oursite is hacked.
Anyone who says their system is unhackable is probably a bit optomistic. Encryption techniques can be cracked and there is always the possibility of insider fraud or viruses.
Also you rely on the security of your target websites. If their passwords/login security is breached or you succumb to a virus or phishing attack (as has happened in several high profile cases) then you may be at risk. We try to minimise this by giving you the ability to quickly change your password. Automatically with the paid version or manually with the free version.
What we rely on is the fact that we make it difficult to get any information from our data. Everything is encrypted in several different ways and in more than one place.
Ultimately though we rely on the fact that the UserName and Password you supply cannot be traced back to you.
Providing you follow our guidelines such as:
- not supplying our site with any information you use for signing in to your other sites,
- not using the My Site Passwords username or password for signing in to other sites,
- by making sure your My Site Passwords username or password can not be linked to you.
- always cut and paste the url of the site you are using,
(This can help prevent phishing attacks).
then it will be extremely difficult for any hacker to use any information obtained from our site (if they are able to obtain it).
A2: What are the differences between the licence versions?
All versions are available on any internet connected device.
Applications are available that reduce the amount of Internet connection time to a minimum and can reside on most devices.
The main defferences between the Free version and the paid for versions are as follows
Has all the functionality of the main version, but with the following restrictions.
• Changes of password are not remembered automatically.
• If you use a version number or some text to change the password you will need to manually do this each time to obtain the same generated password.
• Generated password length is restricted to 8 characters.
• Symbols are a restricted set and may not be accepted on all sites.
If you need to change a password regularly or the site you are using has had its password file hacked then you will need to change the password to a new one. We recommend that you add a character to the site or domain name. E.G. www.anysite.com/rubbish becomes www.anysite.com1/rubbish.
Free/Trial version can be upgraded automatically on payment. Any passwords you have generated before upgrading will be generated in the same way.
SinglePaid for Version.
Paid for versions allow users to record that a site password has been changed and provide the new site password automatically in subsequent requests. This is a useful facility where sites require enforced password changes. It can also be used where a site (and your passwords) have been compromised.
Paid for versions have more options for generating passwords up to 24 characters and symbols that can be edited to your requirements.
• Defaults for generation can be amended.
• Site generation methods can be stored and automatically used later.
• Safe Data store is available for storing non password information if you wish.
A Licence key is provided for each purchase that will automatically upgrade the free/trial user, or allow them to register a paid version subsequently. You will (optionally) need to provide an email address at the time of purchase to receive a copy of the licence key. This will not be stored by us as we hold no personal information that can be used to identify you. (see Why My Site Passwords)
Licences can be purchased in bulk for organisational use and a licence key will be provided for the purchaser that will allow the required number of users to operate paid versions. The licence key can be used by any free/trial user to upgrade to a paid version or to register as a paid for user. Any keys subsequently generated will be the same as those before the upgrade.
It is important that the licence key is kept securely as once activated by a user we have no way of knowing which are the genuine and fraudulent users and therfore cannot rescind the licence of unknown users. For this reason we recommend that you purchase licences in small blocks to prevent non company users obtaining your licence key and hijacking your purchase.
A3: What do I do if I forget my password or screen lock?
We provide a facility to amend both.
- To change the screen lock you need to provide your username and password.
- To change the password you will need to provide the username and the answer to your security question.
If you are a paid for user, then you may provide your valid licence key instead.
(This will be checked against your username).
A4: What can I do if I forget my Username?
This is very unfortunate!
One part of our security is based on not storing information about the user account in any way that can be meaningful to anyone hacking our system. This means that we will be unable to tell you (or anyone else) your Username. We suggest you obtain a new instance of MySitePasswords and use the change password facilities of the sites you access to change to the new account generated passwords (which will obviously be different).
if you are not sure of your username, but have a reasonable idea then you could always try logging in, but try no more than three times without closing and re-opening a session.
N.B. We are currently working on another solution for paid users, but have to be sure it is secure (and anonymous) before implementing.
A5: Why do you parse and truncate the site URL?
The reasons for this are:
- To make it harder for hackers (It is easier for them if they know large parts of the reference provided);
- To ensure that if a site makes any changes to their login URL it will not result in a change to the generated password.
- It also helps if you are directed to a phishing site as the parsed phishing site URL will probably be different.
A6: What happens if my licence has expired?
If your licence expires you will revert to a lapsed version.
- You can upgrade Lapsed to a paid version at any time within six months..
- Your safe store data will also be restored unchanged, but temporarily inaccessible.
- Any new passwords will be the same as the free version (8 characters).
- In the lapsed version we will continue to provide any saved password generation methods, but you will not be able to change them or add new ones.
© 2020 - My Site Passwords Limited