The password does not match enum. Panbagon

Important feature Most electronic payment systems require authorization. The simpler, more reliable and convenient it is, the better. The Webmoney system has several authorization options, one of which is E-num. The E-num Webmoney tool makes working with the system much easier. If you are interested in how to use it, then this article may be useful.

Enum introduces an authorization system that allows you to access a number of WebMoney Transfer services using a secret key. For normal operation of the authorization system, a unique key must be stored on the user’s device (tablet, smartphone, etc.). Since you can activate the system without difficulty, all its possibilities will open up to you.

The system is different high level security, which allows you to use all WebMoney Transfer services without the risk of losing data from different devices. Since it is very easy to connect, this significantly increases its popularity.

Why is it needed?

Registration in the system and restoration of access to your account.
One of the ways to log into WM Keeper. Using this method, there is no need to store WMID access keys on the local device. They are stored in a special service storage. This significantly improves safety.
As a tool for confirming financial transactions carried out in the WebMoney system. Safety - important point, and Enum in this sense is good decision and allows you to significantly increase it.
Additional authorization in the service. Used when logging into your account to perform certain tasks. These include setting up security, transferring funds within the system, issuing funds on the credit exchange within the system.

How to use?

To register in the system you need:

E-mail address;
Mobile phone number;
mobile device.

If you are using enum, then you do not need to store WMID access keys on the device.

Errors

There may be system failures that could negatively impact operations. But they are quickly corrected. If you don't know how to pair the system with a device, you can contact technical support. Specialists will help resolve issues as quickly as possible.

Video “Confirmation method in the Webmoney system”

From this video you will learn about the method of confirming e-num in the previously discussed payment system.

There are many articles on the Internet on the topic of WebMoney wallet security, telling what the user needs to do to protect their electronic money. A lot of good and useful recommendations can be found in this article or on the official website. However, today we would like to focus on the simplest and, perhaps, the safest means of protecting money on WM Keeper Claassic from fraudsters - the E-NUM service.

Key storage

Modern Trojan programs (spyware viruses that do not directly harm your computer, but only steal your information) can not only read the passwords that you store in a Word file (you don’t store passwords in a Word file, do you?), but also record everything you type from the keyboard, but also transfer files to attackers. We're not talking about your audiobook or music collection. They transfer small files – just like .kwm keys. Standard recommendations - storing keys on removable media such as a flash drive actually reduces the danger of a file being stolen, but does not eliminate it.

Therefore, in order not to have to worry about storing the .kwm file on a separate flash drive, which you would only use for WebMoney, WebMoney Keeper Classic offers the ability to store the key file in Enum-Storage or E-NUM storage. It's simple, convenient and safe.

How to connect E-NUM?

First, you need to register with E-NUM, indicating your valid email address during registration. It is not at all necessary that the address coincide with the address specified when registering with WebMoney (for the completely paranoid, it is even better that these are different addresses).

Then you should install the E-NUM client for mobile (your mobile will most likely be supported, since the client is a cross-platform Java application) using the link that will be sent to you by mail, E-NUM client for fingerprints, or select “Question - Answer” using SMS." Read more about the last method.

Launch your WM Keeper Classic and wait for a connection to the server.

In the "Tools" > "Program Options" menu, open the "Security" tab. Select “Enum-storage” as the storage location for your keys:

Confirm the operation by clicking “OK” and entering the check digits in the image. Be sure to read the warning text and confirm your agreement:

In the window that appears, enter the email address specified when registering in the E-NUM system and select the authorization method:

It works even simpler, but has a limit of 3 SMS messages per day.

I went to complain on the government services portal. You fill out information about yourself, and then come up with a password. A good password is a phrase. For example, “Sasha was walking along the highway.” It’s easy to remember and difficult to find. I type this password and repeat it...

— I enter “repeat password” again
— The entered passwords do not match
— o_O

I try this way and that. I erased and entered the first password again, then the second. Then the husband sitting next to him remarks: “So even your length is different!” I look at the screen, erase the first field and start typing again. For the screenshot I entered “One two three”:

The first field - when you enter a space, an asterisk appears in the field and immediately disappears (input is prohibited, guess).

The second field - the space is not cut. Therefore, the password is longer:

You enter the same thing, but the values differ in length

Here's a test for you!

Firstly, why prohibit any characters in the password at all? On the contrary, it’s better for you - the password is more complex. At the same time, how can the user know that he has cut something? The password is hidden under asterisks. I don't even see that the symbol is "disappeared"...

Secondly, if you put checks, then everywhere:

— during authorization;

In this case, the second field was continued. This is just one of the “doing it stupidly” series - the analyst said to cut out the spaces in the password, the developer removed it. Spaces in the "password" field. Exactly what they said. And the tester also checked exactly what was written in the technical specifications. But you can’t just check the problem. We need to dig around. What else will it be affected? So, so, so, we want to cut out the spaces. Where do you enter the password? Oh, there are two fields, but did they make the second one? No? Reopen, we are finalizing it. What about authorization? No? We need to finish it, what are you talking about! This is a user who registers, but then won’t be able to log in! Because how does he know that the form cut out spaces when registering?

In general, let's format it according to:

When registering with a space in the password, the error “Data does not match”

Steps to reproduce

Open registration for government services - https://esia.gosuslugi.ru/registration/
Fill in your name, phone number and email
Enter the password with a space in both fields, for example: “One two three”

Result

The spaces in the “Password” field were cut out, but not in the “Confirm Password” field. As a result, different lengths and the error “Passwords do not match.” See Fig. “Password error”.

Expected Result

When a user enters the same string, it should be considered the same. It is not clear why to cut out spaces - it is worth removing this restriction.

But, if you leave it, then cut them out everywhere:

— when registering in both password entry fields;
— during authorization;
— manual entry and when the password was copied and pasted;

Then the user will not even notice that the system is making its own changes to his password.

***********************************************************************

In the expected result, we offer our ideal picture of the world, but we may not know something. Maybe this is a requirement from above or solves some problem. In this case, we describe where to fix it so that the requirement works everywhere.

It's quite normal in a bug to describe the result as "either or". Otherwise, they will put the bug aside, come back in six months and say, “Eh, well, we need to cut it out, because... So I’ll just correct the second field.” And in authorization it will remain inactive, because we didn’t write anything about it. And again reopening, discussions and all that. Offer possible options right away!

Hello, dear readers of the blog site. Today I want to continue the conversation about safe ways to work with WebMoney electronic money in different ways. In the first publication, I talked about it from my own sad experience.

In fact, the security problem when working with WebMoney is very acute, and in the first article I advised you to pay attention to the security settings that can be made through the Security system, namely, blocking access via IP. But there is an even stronger and more radical tool - Enum Storage.

Connect Enum to WebMoney and sleep well

Today I just want to talk about this, almost one hundred percent, protection of your wallets. This kind of panacea has become the E-num authorization system, the essence of which is to use a mobile phone or a fingerprint scanner to confirm any payment, transfer or authentication.

In the simplest case of using it to confirm a payment, transfer or authentication, your mobile phone will receive an SMS with several numbers, which will become the key to confirm the action you are performing. It will be much more difficult for attackers to gain access to these messages than to your email.

Now you can forget about yours, Keeper Light or, and carry out the operations you need with electronic money from absolutely any computer and without remembering any passwords.

The main device, replacing both the keeper, the key file, and the set of passwords, will be your own mobile phone(in some and, this authorization method is used by default).

A very good idea that allows you to bring the issue of ensuring the security of payments in WebMoney to the area that by default is considered inaccessible to hackers - a mobile phone.

When using the Enum system, there are no connections to a obviously vulnerable data transmission channel (the Internet), so the issue of hacking becomes very difficult to resolve, for example, for those radishes who stole money from my WM wallet. In any case, I really hope so.

But even if it is absolutely hack-proof, it will not guarantee you 100% protection. There are examples of the successful use of social engineering to ensure that a user working through Enum himself performs actions that allow hackers to gain access to electronic money.

But this can no longer be foreseen in advance, because we all are at times so overwhelmed that we are able to perform some actions simply automatically, without asking the question of the intended consequences. This is psychology, and the criminals who engage in this type of fraud are quite good experts in it.

Let's now see what Enum Storage is in practice, in relation specifically to your WebMoney wallets and your mobile phone.

Let's consider possible ways authorization depending on the device you use (mobile phone model or fingerprint scanner) and how your phone number and mailbox address are linked. And finally, let’s configure the keeper to use Enum instead of the traditional WebMoney authorization.

Registration in the E-num system

First you will need to go through registration(we will assume that you have already chosen the method and received the WMID).

In this case, of course, indicate your true data, because the matter involves money and you may always need to confirm your identity. Also pay close attention to the security question, which will help you restore the ability to manage your WebMoney money after losing access to the phone number specified during registration (anything can happen, you know).

Please note that the second option is not suitable for all phone models, but only for those running Android, Windows Mobile, iPhone/iPad or having Java support (but, it seems, only for Symbian).

And then an SMS with an activation code will be sent to the specified cell phone number and, if you have chosen the Enum type of authorization through a mobile client, then you will also be provided with a WAP link, by clicking on which you can download the mobile client (a program for a smartphone that allows you to further increase security of operation compared to sending regular SMS messages with a key).

Unfortunately, my phone is not suitable for installing the “Mobile Client” (it’s old, but terribly convenient), so I have to be content with SMS messages with an authorization code. But if your phone allows you to install the program, then do it without hesitation, because this will make Enum Storage even more invulnerable, and will also allow save a little.

The fact is that for each SMS sent to your mobile phone when making a payment or transfer to WebMoney via Enum, you will be charged a commission in the amount equivalent to 0.05WMZ.

Plus, when choosing the authorization method via SMS messages, there is a limit of 5 messages per day, which you can use for authentication on WebMoney sites or to log into the Keeper Classic program (this option is activated in the keeper settings).

Now on the main page, select the “Account” item from the left menu and you will be asked to carry out your first authorization on the Enuma website using the method you have chosen:

Thus, you marked the beginning of a whole stage in your work with WebMoney currencies, because you got the opportunity to safely carry out following operations:

Setting up login via Enum to keepers and WebMoney sites

Now let's look at how to set up all this splendor. Ideally, to achieve absolute security, you will need to configure mandatory authorization through Enum Storage when performing all possible operations, then hackers will not have a single chance of hacking.

Let's start with the fact that you can configure the input to the keeper you are using (Classic, Light or Mini) through this system. Why might this be necessary? Well, in principle, it will be much simpler and certainly safer to log in to the keeper not by entering a password and a key file, but only by entering the key received on your mobile phone.

In order for such login to Keeper Classic has become a reality, you need to configure the transfer of the storage location of the key file to the so-called E-num Storage (which will be impossible for hackers to reach).

You should also enter your registration E-mail and select the Enum authorization method you are using from the drop-down list (in my case, this is an SMS message) in the Keeper Classic settings: “Tools” - “Program Options” - “Security” tab.

Confirm your actions using the method you just selected. That’s it, now when you enter the program, you will need to select the “E-num Storage” option in the “Location of storage of access keys” field, after which you can log in to it via SMS, mobile client or fingerprint scanner.

In addition, if you install Keeper Classic on another computer where there is no key file, this method of logging into the keeper via Enum will still allow you to successfully work with this program.

You can make similar settings in WebMoney Keeper Light. To do this, you will need to first log into it in the usual way, using the Transfer certificate, and then select from the “Settings” menu - “Program Settings” - the “Security” tab:

In the “Use to log in” field, check the “Enum authorization” box and on the next page indicate the mailbox to which your account is linked (in Enum). Next, log in using SMS or the other two options. Everything is very simple, as you can see.

Authorization via Enum on websites and payment in Merchant

Now let's see how you can make transactions with money and log in to their sites without launching the keeper. First you will need to go to the service WebMoney Security, logging in using the Classic program or any other method of managing your accounts (Mini or Light).

Go to the “E-Num authorization” tab and on the page that opens, enter the name of the mailbox to which your account on the Enuma service is linked. You will then be asked to authenticate via SMS or the other two options to confirm your ownership of the account.

That's all, now you can log into any WebMoney system sites via ENum and make payments without using keepers, which is very convenient and, most importantly, much more secure.

If you suddenly want to start working through WM Keeper again, then go back to this page of the Security service and click on the “deny authorization” button:

But you probably won’t have to do this, because Enum is quite convenient to use. Now just open the last tab:

And select the login method you are using from the drop-down list (in my case it is SMS) and do all the necessary authorization operations via mobile phone.

Let me remind you that you can log in using SMS no more than 5 times a day (because they are sent free of charge for you, and the WebMoney giant cannot afford to be generous indefinitely). When using the Enum client there will be no restrictions on the number of inputs.

If you pay for services or make a purchase through the WebMoney Merchant system, then you also have the opportunity to select the Enum authorization option from the proposed tabs:

The following is the standard login procedure using the method you have chosen (SMS, mobile client or fingerprint scanner). Let me remind you that for sending SMS in this case (when paying for a product or service), you will be charged an additional commission in the amount equivalent to 0.05WMZ for each transaction performed. There is no commission charged when using the client.

Confirmation of all operations in WebMoney via E-num

In order to achieve absolute security when working with electronic money, it will be possible to enable mandatory confirmation of all operations (transactions) carried out through Enum. In this case, the attacker will not be able to perform a single action without your knowledge, because only you will have access to the mobile phone.

True, the work in this case becomes somewhat paranoid, but what can you do for your peace of mind. So, you will again need to go to WebMoney Security and go to the “Confirmation of transactions” tab.

Next, you will need to click on the “Connect” button opposite the Enum authorization method that you use, and on the next page confirm your choice by clicking on the enable button. Well, at the end you will be asked to log in using the method you have chosen.

Now all operations in the WebMoney system will require fiddling with a mobile phone or a fingerprint scanner, which will be somewhat tedious for you, but your WM wallets will become simply impenetrable to hacking.

It’s a pity that I don’t have the opportunity to try out the mobile client due to my outdated phone, but it’s possible that I’ll soon change it to a modern model.

Good luck to you! See you soon on the pages of the blog site