Using the Anti-phishing Welcome Message

As many of you know, PassPack has defined an innovative Anti-phishing mechanism which uses a combination of your custom Welcome Message, IP recognition and hand-eye training. This post will cover how to set up your Welcome Message.

How To Set It Up

Sign into your PassPack account, click on the Security tab, then Welcome Message. Type in the sentence you’d like PassPack to greet you with every time you sign in, then scroll down to set the rest of the options.

Do you want to see the intro screen?

If you want to make signing into PassPack faster, you can choose to deactivate the intro screen. We don’t suggest doing this since you will not benefit from the hand eye training.

Also, the intro screen must be activated to use the “Remember me” feature.
Welcome Message - Show Intro Screen

What do “IP” and “IP family” mean?

Welcome Message -  Activate IP
When you press the Update button, the IP address that you are currently connecting from will be automatically added to those which are allowed to see the Welcome Message. You need only choose if you want to activate the single IP, or the entire IP family.

An IP address is the number your internet provider assigns to your internet connection. An example of an IP address could be 23.180.210.56.

An IP family is a set of IP addresses, where only the last few numbers change. For example both 23.180.210.37 and 23.180.210.86 are part of the same IP family.

Three ways an IP can change

Let’s assume you have 23.180.210.37 activated. Here are some examples:

1) When you reconnect, your new IP is 23.180.210.38. The provider is assigning adjacent numbers. Simply pressing the Update button will add the new IP address automatically. There is no need to change any other settings.

2) When you reconnect, your new IP is 23.180.210.97. The provider is seems to be using the entire IP family. Activating the IP family option would be useful.

3) When you reconnect, your new IP is 23.180.64.137. The provider is assigning radically different IP adresses. In this case, unfortunately, you will not be able to use the Welcome Message. You might as well deactivate the intro screen.

When you travel around a lot

Every time you physically move to another place, then your IP address will change and you will not see the Welcome Message. However, many people often connect from two or three different places on a regular basis. For example, suppose you usually connect both from home and in the office, and maybe sometimes from your sister’s house too. You can set up PassPack to recognize the IP of these places as well.

To set this up, you need to physically go to each place, connect to PassPack making sure the address is correct, then enter your account as usual and go straight to the Security tab, click on Welcome Message and press the Update button. There is no need to change any other settings, simply pressing Update will add the new IP address automatically.

From this point on, you should be able to see your Welcome Message even from that other location.

So what happens if you don’t see your Welcome Message?

First, don’t panic. Stop, and look and see if you are connected to https://www.passpack.com (be careful of artfully similar domains like passspack.com). If the domain is correct, it’s just a false alarm.

If the adress is not correct, then follow the instructions here.

Questions, comments or concerns? Just let me know and I’ll be happy to answer your questions.

Technorati Tags: , , , , , ,

About these ads

11 responses to “Using the Anti-phishing Welcome Message

  1. I have yet to find where you are suppose to type in a sentence. Is this valid?

  2. @Mark,
    Please have a look at this screenshot:
    Anti-Phishing Welcome Message – Where to Type Sentence

    You should sign into your PassPack account, click the Account Settings tab (1), followed by the Welcome Message link (2) and then type in your personalized welcome message in the field underneath the preview (3) and when you’re done press the Update button (4).

    If that doesn’t help, or if you are not able to see that screen as illustrated, please send me an email with the type of browser and computer you are using.

    Let me know,
    Tara

  3. Thank you for your time. Didn’t notice that was a typeable field.

  4. @Mark,
    You’re quite welcome. Let me know if you need a hand with anything else.

  5. Pingback: PassPack - Online Privacy Manager Reviewed | ShanKri-la

  6. TO: tara@passpack.com
    RE: Confusion about the Anti-Phishing Welcome Screen

    After writing this, it turned out to be much longer than I anticipated when I began it. Hopefully, my confusion is more than just my confusion and this will prove valuable for you. Hopefully, it is not too long to be accepted by your WordPress feedback, for which I want to compliment you.

    Your web site introduction to your anti-phishing mechanism says on http://www.passpack.com/info/home/ :
    “Anti-phishing Welcome Message
    “Be sure your connected to the real PassPack.”

    And on http://www.passpack.com/info/security/ you say:
    ‘Your custom welcome message is shown to you AFTER EVERY LOG IN, but before inserting your Packing Key. So if you accidentally sign into a fraudulent site, you’ll immediately notice that the welcome message is missing.’

    THOSE TWO PAGES GET ME FOCUSED ON THE CONCEPT OF BEING PROTECTED FROM LOGGING INTO A FAKE WEB SITE. But then other pages which you have posted make it sound like the focus is to assess whether I am really the person who is trying to log into my account on your server.

    On https://passpack.wordpress.com/2007/02/17/anti-phishing-welcome-message/ you say:
    “”If you ARE NOT at your usual computer, then it’s ok, you may proceed. If not, it may be an attempt at fraud. ”

    And at https://passpack.wordpress.com/2007/04/20/using-the-anti-phishing-welcome-message/ you say the following:
    “When you travel around a lot
    “Every time you physically move to another place, then your IP address will change and YOU WILL NOT SEE YOUR WELCOME MESSAGE. However, many people often connect from two or three different places on a regular basis. For example, suppose you usually connect both from home and in the office, and maybe sometimes from your sister’s house too. You can set up PassPack to recognize the IP of these places as well.
    “To set this up, you need to physically go to each place, connect to PassPack making sure the address is correct, then enter your account as usual and go straight to the Security tab, click on Welcome Message and press the Update button. There is no need to change any other settings, simply pressing Update will add the new IP address automatically.
    “From this point on, you should be able to see your Welcome Message even from that other location.”

    The text quoted from your various web pages seems to be inherently contradictory and is a source of confusion, at least for me. My guess is that you are over-using the Welcome Screen. You seem to me to be MIXING AND MATCHING ANTI-PHISHING WITH OTHER THINGS, thereby making it far too complex for users who are not daily users to keep straight when to expect to see the Welcome Message or how to interpret its absence. In regard to its significance, may I also suggest that you revise the Welcome Message text and font size, so as to emphasize the significance of its presence or absence ON EVERY NORMAL LOGON. For example, revising it as follows might be helpful:
    in ten point blue font: Hi Gobble, Do you always sound like a turkey?
    in sixteen point red all caps font: VERIFY YOUR PERSONALIZED PASSPACK WELCOME MESSAGE ABOVE.
    IF IT IS MISSING OR WRONG, YOU HAVE REACHED A PHISHING SITE, AND YOU SHOULD NOT CLICK THE BLACK BOX TO CONTINUE.
    and everything else on the welcome screen in black text with nothing else bigger than the Verify sentence.
    My suggestion is to implement a site design policy that colored text would be used exclusively for such administrative/control/error messages to the user.

    But back to my primary point. My suggestion is to assign a single meaning for the absence of the Welcome Message, to wit: that the site reached is not really a PASSPACK site. For you to also assign to its absence the possible meanings that EITHER I am at a new hotspot OR my ISP has assigned a new IP address to me at my home or office is to engender confusion and defeat the Anti-Phishing purpose, in part for the reason explained in my final paragraph below.

    Going back to https://passpack.wordpress.com/2007/02/17/anti-phishing-welcome-message/ where you say:
    “”If you ARE NOT at your usual computer, then it’s ok, you may proceed. If not, it may be an attempt at fraud. ”
    What I get from that nonsensical wording is that I should not expect to see the Welcome Message if I am logging in from (one of) my registered IP address(es). But that interpretation conflicts with what you say (quoted above) at https://passpack.wordpress.com/2007/04/20/using-the-anti-phishing-welcome-message/ .

    Should I or should I not expect to see a Welcome Message EVERY TIME when I successfully reach your web site, regardless of where I am located? Your web site suggests that the answer is “No”. My guess right now is that over time you have developed contradictory or inconsistent concepts of how and when to implement the Welcome Message, and that your web site reflects the fluidity of conceptual development and the effort to incorporate various admirable and essential security goals. I might even guess that a design goal that you have for your enterprise versions might contemplate that employees who try to log in to the PassPack database from any site other than an administratively approved site would be locked out. However, the end result for me, at least, is confusion in reading your web pages.

    Your web site may somewhere discuss what I should expect when I log in from a location from which I have no wish to record its IP address. Is that circumstance discussed somewhere?

    The complexity of remembering how to (UNintuitively) record a secondary or tertiary IP address is a separate problem, but it pales by comparison to the need to recognize that IP address recording is the matter at hand. I am forced to infer from your explanation on https://passpack.wordpress.com/2007/04/20/using-the-anti-phishing-welcome-message/ that my ability to recognize from the ABSENCE OF THE WELCOME MESSAGE (and nothing else) that simple and benign user-administrative IP RECORDING needs may be presenting themselves. The problem of prompting users to record a secondary or tertiary IP address should not be confused with the need to clearly alert users to the fact that they have logged into a phishing site. Two separate prompts or alert-mechanisms should be used, it seems to me, even if it takes you longer to roll it out.

    Looked at from yet another design angle, the anti-phishing solution can be seen in the following way: Whereas certain usage environments in which daily use is envisioned are appropriate for a mechanism in which the ABSENCE of something can be expected to be recognized, other usage environments are less appropriate to such a mechanism. My suggested re-wording of the Welcome Screen aims to refresh user recollection about how the absence is meaningful, but even so, daily users will stop reading it after the first few days.

    The confusion which this memo discusses seemed worth the time, and I hope it is not restricted to me. In other words, have you heard the same thing from others?

  7. great stuff. well done.

  8. Very good information! Thanks very helpful.

  9. Pingback: How to Sign In to PassPack « PassPack Blog

  10. This is very helpfull.. Thanks

  11. Pingback: A Question For Passpack Users With OpenID « Passpack Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s