Some suggestions about password-manager HOT 13 CLOSED

Thank you for your suggestions!

For 4: Yes, the 'Generate new password' option can cause problem. I'll try to find a way to prevent damages caused by mistake. (Maybe keep one history in server) But I don't think the enable/disable feature is needed. You 'disable' this feature as long as you don't click it.

For 1, 2 &3, if you go through my commit history, you'll find I didn't do much on such additional features. My logic is simple - keep sensitive data in password field and all other description in account field. Both fields will be encrypted but the password field will have a stronger encryption. Though they're single line field, you can exactly put [PASSWORD XXXXXXX PIN XXXXXXX] into the password field anyway. I'll finally make those improvements as time goes by but my main focus for now is security. If you really need all those features, LastPass will be a better choice for you.

Actually I wrote this project for my own use. I care more about my password security than those features that make my life easier. The reason I don't use LastPass-like service is that they can recover your account when you forget your login password. This is unsafe to me because it means the company can have your data if they really want. So in my design, forgetting password theoretically means data lost forever and only your browser sees your login password. By the way, those popular online service would be a bigger target for hackers.

In a word, thank you for your suggestions but I'm afraid I won't implement them in the near future.

from password-manager.

Would you accept pull requests for simple enhancements where possible security implications would be easy to see?
I mean things like url fields or tagging.

from password-manager.

Sorry but I can't simply understand why adding those two fields leads to
problems as long as you encrypt them like the account field.

I definitely won't accept any PR which has a negative impact to security.
But as I said, I don't see why URL and tagging would have such impact. If
you think users might input malicious URL, that's their own business.

On Thursday, 28 January 2016, Benjamin Häublein [email protected]
wrote:

Would you accept pull requests for simple enhancements where possible
security implications would be easy to see?
I mean things like url fields or tagging.

—
Reply to this email directly or view it on GitHub
#3 (comment)
.

from password-manager.

Sorry but I can't simply understand why adding those two fields leads to
problems as long as you encrypt them like the account field.

I think so too. I just wanted to imply that I'm not going to ask for a pull when it's not easy to see that security is not concerned.

So on to work.

from password-manager.

@nickbe All your requested features are included in v9.0

from password-manager.

Hey great - I'll check this out ASAP.
Thanks :)

from password-manager.

Much better now. Thanks again :)

A new suggestion if I might: Let's click on the EntryName and show the completely entry similar to the edit window, but only as nicely formatted text.

I thik this is what I would use on my mobile most.

from password-manager.

I'll consider this in future versions

from password-manager.

@nickbe Please try newly released v9.05

from password-manager.

Hey great good.
Could you make the complete name clickable? (A link, but not an obviously underlined one),
It would be easier for mobiles this way :)

from password-manager.

I won't make it clickable because I might need to copy the contents in
account name. I think my implementation is just equivalent.

On Thursday, 17 March 2016, nickbe [email protected] wrote:

Hey great good.
Could you make the complete name clickable? (A link, but not an obviously
underlined one),
It would be easier for mobiles this way :)

—
You are receiving this because you modified the open/close state.
Reply to this email directly or view it on GitHub
#3 (comment)

from password-manager.

Well, Very good point!

So what about a more button like design for the view and edit icons.
I think they're a little bit hard to click on mobiles.

from password-manager.

Well, it will take too much space if made bigger. I've tested on my phones and I think they are just about the right size.

You can adjust the icon size your self in password.php if you really feel it's small

from password-manager.