Memory Management mode is very confusing

[NicoHood]

I was trapped again of the memory management mode. There are several issues:

• [x] You need to press enter to add a new entry. A button as alternative is highly appreciated.
• [ ] If there is data in the field and you click safe it should give a warning and not simply close memory management mode. Edit: This bug is still valid if you edit an existing password AND add a normal password.
• [x] If you enter the mode again the last passphrase is still written there! Since it is javascript, you can still read out this password somehow I think. also for the UX it should be cleared (with the patch above applied).
• [ ] The password does not have to be retyped
• [x] The password is written in clear text. Please make it not visible for others near to you. You can use a special "show" button like keepass and other programs to, to show a clear text if desired. This way no person can accidentally see the password that simple (or screenshot viruses, whatever).
• [x] A password generator (using the MP device) is highly appreciated. Using the MP as source is the first step, the 2nd would be to never expose the PW to the PC app when generating. The more the PC app sees, the more it is vulnerable, as the app is "just" javascript.
• [ ] You cannot really maximize the window. This small view is not enough for me personally.
• [ ] Critical: If the screen saver becomes active while in memory management several function become unavailable, but with weird errors. After a final safe an error pops up and all changed passwords are lost. Afterwards (entering again) I got duplicated entries of (all) old! passwords.
• [ ] If you edit a password without clicking the safe button no warning (for unsaved changes) pops up and the password is lost. Meh.
• [ ] If you click the save button it should a) directly change the single password or b) change all "unsafed" password but NOT leave memory management mode (to avoid the screensaver bug for example, I always safe whenever I can. But retyping my card pin is annoying).
• [ ] 31 char passwords are too short.
• [ ] The description should be a larger text field which also supports a line feed
• [ ] If you deny to add a new password it will be added anyways (the entry, but no password).
• [ ] If you change a favorite star no warning of "unsaved changes" will appear
• [ ] You need to accept a password change on the device but not a password deletion
• [ ] If you have entries "t1, t2, t3, t4, t5" you can go to "t", scroll to the right for a more detail search, go to the end and then got back to the left. you are not able to go right again.
• [ ] You cannot reorder favorites
• [ ] If you delete an entry "test" it scrolls all the way up again
• [ ] The Description field is missing in the Quick Credential Add menu.
• [ ] The "View Password" button is inside the password textbox. If the password is too long, it will overlaps.
• [ ] Minor: An optional menu for special characters selection would be cool Because a few are currently missing (^ <>) and for example th backslash is forbidden for most passwords.
• [ ] [Quick Mode] If you deny to add a password (maybe accidentally) the password is lost. This does not happen if you unplug the device and replug (which is very good). Maybe it should be kept in the textboxes, so you can reedit if you made a typo for example, but the password is not lost.
• [x] Does the password generate use the MP hardware RNG? I highly suggest as there were problems with java in the past.. Edit: yes it does limpkin said.
• [ ] You can use > 31 chars in the length field of the password gen. If you add a password (memory management mode) the length field gets reset (with no number)
• [ ] If you edit a credential, click global safe (without saving the entry), enter memory management mode again and edit this entry again it says, that another entry is already in edit mode.
• [ ] If you unplug the device while in memory management mode it will not be recognized.

[limpkin]

written in our todo list.

[NicoHood]

More details of some of the critical bugs:

#1
Enter memory management mode
add a password (password1)
klick safe
deny on the device to update the (new) password
reenter memory management mode
the password is still there, but it is not on the device!

#2
Open memory management mode
add a new password (password2)
wait until the lock times out (3 minutes for me)
klick safe
it will fail
if you enter memory management again the bug above will (still) show up, and will be triggered twice.
So in the end you have 2x password1 and 1x password 2, all of them unsafed and not on the device.
All other entries will also be duplicated! I am afraid to safe those. You need to restart the app.
No "unsafed changes" warning will appear though
it will still fail if you unlock the device before you click safe. so there is at least a bug in the app, while the firmware also should not just leave memory management mode.

# possible solutions:
when entering memory management the list should be cleared, so no old entries will be there. or for better security when you leave it.
when safing the app should check if the device is locked and then needs to add a warning again when safing.
the firmware should not lock when in memory management mode, the display may go off though.