Not at all happy with getting started with Topaz plug-in -- SOLVED

[Mike Buckley]

I don't understand why you entered your password again, after you had it working?

I needed to input the password to purchase the license. The company finally put all individual programs on sale today, whereas the earlier holiday sale applied only to a bundled package of programs that I wasn't interested in using.

I needed to reset the password because I forgot to record the password that they finally got working for me nearly a month ago.

 

[Growltiger]

I needed to reset the password because I forgot to record the password that they finally got working for me nearly a month ago.

I strongly recommend KeePass. A quick glance at it tells me I currently have 473 ordinary website passwords stored on it, plus about 80 more important entries covering computer passwords, financial passwords etc. No one could remember all those passwords.
It is free and uses genuinely good encryption.
https://keepass.info/download.html
As you will see on that page there are versions for all platforms. I also use KeePass2Android on my phone, it uses the same database. If I lose the phone it doesn't matter, it is impossible for anyone to get the passwords out of the database.

 

[pixel_a_ted]

If I lose the phone it doesn't matter, it is impossible for anyone to get the passwords out of the database.

Impossible or extremely unlikely?

 

[Growltiger]

Impossible or extremely unlikely?

Effectively impossible. This is serious security. I have also been assured by an expert security specialist I trust that it is safe.
First read the summary I've copied below, and then read all of this page to learn much more:
https://keepass.info/help/base/security.html

• KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these ciphers are regarded as being very secure. AES e.g. became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.
• The complete database is encrypted, not only the password fields. So, your user names, notes, etc. are encrypted, too.
• SHA-256 is used to hash the master key components. SHA-256 is a 256-bit cryptographically secure one-way hash function. No attacks are known yet against SHA-256. The output is transformed using a key derivation function.
• Protection against dictionary and guessing attacks: by transforming the master key component hash using a key derivation function (AES-KDF, Argon2, ...), dictionary and guessing attacks can be made harder.
• Process memory protection: your passwords are encrypted while KeePass is running, so even when the operating system dumps the KeePass process to disk, your passwords aren't revealed.
• [2.x] Protected in-memory streams: when loading the inner XML format, passwords are encrypted using a session key.
• Security-enhanced password edit controls: KeePass is the first password manager that features security-enhanced password edit controls. None of the available password edit control spies work against these controls. The passwords entered in those controls aren't even visible in the process memory of KeePass.

 

[Mike Buckley]

I heard back from customer support within 24 hours. The responding email provided a new password along with the acknowledgement that their system doesn't always recognize the new password that is automatically reset.

The following is my return email:

"Thank you for the quick and helpful response, Jenny. I have now successfully licensed Sharpen AI, changed my account password to one that is devised by me, and have recorded it.

Though I won't go into the details of the process required to change from the trial license to the paid license, I will mention that it's far more cumbersome and time-consuming than processes regularly used by other companies providing photography software applications. Indeed, I don't remember experiencing such a complex process.

More important, it is mind-boggling to me that by your own admission, using the reset password generated by your company's automated process is known to be fallible, which requires customers to contact customer support so the password can be manually generated on your end.

Last, despite the inconvenience this has caused me twice in a period of a month, neither you nor your Operations Manager apologized about that. I urge you and everyone at TopazLabs to consider that such behavior is rude and, thus, is not an effective business practice.

--Mike Buckley

 

[pixel_a_ted]

Effectively impossible. This is serious security. I have also been assured by an expert security specialist I trust that it is safe.

I'm just saying that there's an assumption it was all implemented correctly without bugs in their code, app or OS updates won't adversely introduce security cracks that go undetected for a while, no disgruntled employees, etc. I won't question the steps that they take as the subject is way above my head. And I'm sure it's very, very safe compared to obviously unsafe practices such as writing passwords in a notebook or keeping them in an Excel file. I'm just one of those people who would have a hard time giving all my important passwords to an app, but acknowledge the consensus view that I am wrong.

 

[Growltiger]

I'm just saying that there's an assumption it was all implemented correctly without bugs in their code, app or OS updates won't adversely introduce security cracks that go undetected for a while, no disgruntled employees, etc. I won't question the steps that they take as the subject is way above my head. And I'm sure it's very, very safe compared to obviously unsafe practices such as writing passwords in a notebook or keeping them in an Excel file. I'm just one of those people who would have a hard time giving all my important passwords to an app, but acknowledge the consensus view that I am wrong.

I agree with everything you say. A key point I didn't mention is that it is open source and has been examined in great detail. You can download and read the code yourself. I also take a precaution which is to NEVER allow transfer of the database across the internet.

 

[Mike Buckley]

neither you nor your Operations Manager apologized

I received an email of apology today. Though an apology always feels hollow when it comes only after being told they should have apologized (that happens a lot), at least they had the good sense to finally apologize.

 

[Lucky Duck]

I needed to reset the password because I forgot to record the password that they finally got working for me nearly a month ago.

Mike, how was the password which you failed to record provided to you? Usually these things arrive in an email which is easy to refer back to. Did Topaz use some other method?

 

[Mike Buckley]

Mike, how was the password which you failed to record provided to you?

It was in an email that was no longer on my system.

 

[Lucky Duck]

Ok, thanks. I just wanted to be prepared in case Topaz was mailing out memos written with disappearing ink.