Comodo I-Vault Wishlist rev 1

[Guest]

[Melih]

Please tell us how you would like to see us improve this software

thanks
Melih

[aleghart]

Remove the fake dependency on the LaunchPad advertising vehicle.   The new version of Launch Pad is not as blatantly intrusive, but from an operational standpoint, there is no functionality related to i-Vault.  It is purely an advertising vehicle.

You give away "free" e-mail certs to encourage users to buy more certs for business use.  You have a decent pwd management program, but will not sell a version to businesses sans advertising.  If you won't sell us an advertising-free product, please allow us to easily disable the unnecessary components.

I can buy System Works and choose _not_ to install CleanSweep.  (Unfortunately, I can't buy just PasswordManager any more, thus the use of i-Vault.)

I know I'll keep harping on this, and be politely ignored.  But, you asked.

[aleghart]

Make it portable.  I'd like to carry it on a USB keyfob.  But, as I explained elsewhere, it requires installation on a workstations first, copying the files, and manually launching, opening, and killing.  Cumbersome at best.

Note to self...seems to work just fine without LaunchPad. 

[ektorbarajas]

I-Vault already has integration with Internet Explorer.

Would be nice to integrate with other programs like:
- Mozilla Firefox
- Mozilla Thunderbird
- Opera Browser

[Melih]

Thanks for the feedback Aleghart

on contrary we have taken this advice on board and trying to schedule it so that Launchpad can be switched off. One point though: its more then advertising, its about letting users know what other free software they can have. We have not integrated all the software into one product, so we need a way of telling the user what other software is also available so that they can have them.

Melih

Remove the fake dependency on the LaunchPad advertising vehicle.   The new version of Launch Pad is not as blatantly intrusive, but from an operational standpoint, there is no functionality related to i-Vault.  It is purely an advertising vehicle.

You give away "free" e-mail certs to encourage users to buy more certs for business use.  You have a decent pwd management program, but will not sell a version to businesses sans advertising.  If you won't sell us an advertising-free product, please allow us to easily disable the unnecessary components.

I can buy System Works and choose _not_ to install CleanSweep.  (Unfortunately, I can't buy just PasswordManager any more, thus the use of i-Vault.)

I know I'll keep harping on this, and be politely ignored.  But, you asked.

[Zero3K]

It should be made to where it monitors the supported browser and pops up a message when you visit a site that it has details for. The message would ask if you want it to automatically log you on to that site. If you say yes, then it would input the username/password for you and then "click" the button neccesary to submit the login info to the site.

[JimmyD]

What would really make this a great program would be if all your information is stored on an encrypted server somewhere so that you can access your data from any computer. For example, see Just1Key  service.

[aleghart]

Then, it wouldn't be a program.  It would be a web-based service.  And inherently unsafe.

Your using it from a computer outside of your control makes your "encrypted" data subject to snooping.

That's like hiding your money in your socks.  Then, hope that the luggage handlers and hotel cleaning staff won't look.  The honor system only goes so far in the computer world.

YMMV.

What would really make this a great program would be if all your information is stored on an encrypted server somewhere so that you can access your data from any computer. For example, see Just1Key  service.

[aleghart]

Excellent!  The automatic login does not work as well as other SSO products, but the ability to store additional information (with several pre-formatted forms) makes i-Vault unique.

I have evaluated several applications.  The best logins come from Hewlett-Packard's Credential Manager.  It's managed every pop-up dialog, web page, and Windows application that I have running.  But, it is only good at credentials.  No other info, such as serial numbers, generic passwords, notes, etc.

If you could make i-Vault work with Windows application dialogs, it would be very valuable to me.

HP's Credential Manager, Softex's Omnipass, and Utimaco's SafeGuard SSO all allow me to record a login by indicating the window, fields, and responses.  They are wizard-driven or in semi-manual drag/drop mode.  Helps incredibly for things like application logins, Google Mail Notifier, FedEx logins, etc.

Oh, yeah.  And free is better.  I've already spent over $150 to "test" some of these SSO solutions.  Many of the vendors refuse to acknowledge requests or sell their software to me because I am too small.  I can't even get a rep on the phone or qualify for demos unless I have a planned deployment of 500 or more.

i-Vault is well on its way to a great tool.  I'm not quite ready to recommend it fully, but I have rescinded my "dump it" recommendations.  Thanks for toning down the overbearing Launch Pad.

Regards,
Alan Leghart

Thanks for the feedback Aleghart

on contrary we have taken this advice on board and trying to schedule it so that Launchpad can be switched off. One point though: its more then advertising, its about letting users know what other free software they can have. We have not integrated all the software into one product, so we need a way of telling the user what other software is also available so that they can have them.

Melih

[aleghart]

Another suggestion:

Don't make us search for the stores.  Really, it's not like we have dozens of them scattered about.  I have two.  One for work stuff.  One for personal stuff.

Shouldn't be that hard for i-Vault to remember where they are.  Or, at the very least, put the stores in the root folder of the application by default.  Then, let i-Vault recognize (show) any stores in the root dir.  That would be an easy way to make it more usuable on a USB key.

The locally-installed appliation can store that info in a config file with the app, or throw the locations of the "remembered" stores in the registry.  Text-based config file is easier, as it can be hand-tuned by more experienced users.  It doesn't decrease security, since anyone snooping for stores can just look for the unique file extension.

My 2 cents.
--
Alan

[aleghart]

OK, another thought...if you're ever going to release this to business customers.  (I've been asking to see this on our price list for quite a while, so we don't have to deal with the silly e-mail registrations.)

Let me create a store with two passwords.  One is for the user.  One is for the admin.  If you're still focusing on consumers, call it kid (user) and mom (admin).

I want to store login credentials that are not necessary for the user to know.  Web sites, minor accounting, report generators, custom applications.  I can generate pseudo-random logins and passwords for better security.  In the event of a change, I can update the user's credential store without their intervention.

Also, the "user" status will prevent certain actions, such as changing field data, copying and pasting to plain text.  User can add notes.  User can change own master password, but not remove admin password.

I would think not a major modification in the password store itself, but a change in the way the application handles the store.

My 2 cents.  Thanks for actually listening to user feedback.
--
Alan

[Melih]

OK, another thought...if you're ever going to release this to business customers.  (I've been asking to see this on our price list for quite a while, so we don't have to deal with the silly e-mail registrations.)

Let me create a store with two passwords.  One is for the user.  One is for the admin.  If you're still focusing on consumers, call it kid (user) and mom (admin).

I want to store login credentials that are not necessary for the user to know.  Web sites, minor accounting, report generators, custom applications.  I can generate pseudo-random logins and passwords for better security.  In the event of a change, I can update the user's credential store without their intervention.

Also, the "user" status will prevent certain actions, such as changing field data, copying and pasting to plain text.  User can add notes.  User can change own master password, but not remove admin password.

I would think not a major modification in the password store itself, but a change in the way the application handles the store.

My 2 cents.  Thanks for actually listening to user feedback.
--
Alan

Alan

You are touching on a very important area of password managemen and user authentication! One of my goals is to put "user authentication" on the net. That means all little passwords here and there are handled by some application which user controls. I will most definitely be putting more attention into that area once we have launched the "security" range. First I want to secure everyone's PC (for free), then I want to bring "Authentication" to all users.

Keep the thoughts coming pls, I-vault is an interesting product but very much depends on user feedback as its a product that is very much involved with "user habits".

Melih

[JimmyD]

Then, it wouldn't be a program.  It would be a web-based service.  And inherently unsafe.

Your using it from a computer outside of your control makes your "encrypted" data subject to snooping.

My understanding is that this thread is a "wishlist" and not a debate thread. 

[Melih]

My understanding is that this thread is a "wishlist" and not a debate thread. 

You are right Jimmy, the last posting was a mixture of wish + debate. Thanks for bringing this to our attention.

Melih

[JimmyD]

Another suggestion:

*Allow us to "drag and drop" files onto the GUI so that they can can be entered into the vault, or is that beyond the scope of what you designed this program for? I know it's mainly for passwords/personal data but what about other files in general?

[Tags:]