Currently RndPhrase only replaces passwords when pressing tab or enter, or when blurring the password field.
A phising site or a valid site with injected malicious third party javascript code can read the value of the password field or the keyboard events while typing.
Possible imrovements:
Use a master password across all tabs that you type in once, using this RndPhrase can autofill the password when typing '@' in a pasword field.
Have RndPhrase pop up a browser chrome window outside of the DOM sandbox when typing '@' in a password field. Put the encrypted password in the password field when done.
Currently RndPhrase only replaces passwords when pressing tab or enter, or when blurring the password field.
A phising site or a valid site with injected malicious third party javascript code can read the value of the password field or the keyboard events while typing.
Possible imrovements:
Both changes should of course be non-intrusive.