Remembered password shouldn't be viewable

[MaxLap]

If remember password is set, someone using my PC could access encrypted content during the timeout. That makes sense and is expected.

What is not expected is that someone using my PC could access the password itself by clicking on the glasses icon while the password is remembered. The password is, in a way, the most private part of the encrypted note, since it opens access to the note and possibly other notes / accounts.

Thanks for this great plugin.

[meld-cp]

Oh, like if you give someone access to your note... But not having your password exposed by the click of a button... Makes sense.

I could add an option to hide the glasses icon in settings.

Although, someone with enough knowhow could still reveal the password from the input box. So, it's probably better to not have the passwords remembered at all in that case.

But yes, at least a settings option would make it harder to have a password exposed than simply clicking a button.

[MaxLap]

Indeed, that would be a good improvement. As a side note, another change would make this need obsolete:

In Lastpass, when it remembers my password, it doesn't ask me at all for that duration.

Ideally, this would mean that while a password is remembered:

• if it matches an encrypted file I'm trying to access, I wouldn't even get a popup. (Maybe a flash message to mention that the remembered password was used).
• if the password doesn't match, you just show the form as usual, without any password pre-filled.

Doing this would solve all of the problems mentionned in this issue so far and be a better experience for the user.

[meld-cp]

I like it, linking to #63

[meld-cp]

added in next release