Closed r-a-y closed 6 years ago
Yes, it's somewhat heavy in this dialog and takes some time getting used to, I know. But I hope for a positive security aspect here. I occasionally find myself typing my master password into an unrelated password field. If the PfP master password prompt is less generic, I hope that it becomes associated with the PfP master password and typing this password elsewhere will no longer happen.
So let's go for "wontfix" for now but I am definitely keeping this issue in mind.
Thanks for considering.
I guess my issue is if the intention is to associate the PfP icon with PfP, what is stopping a malicious addon author to fork your code as-is while adding a crypto miner or keylogging or to use your icon somewhere else?
If the icon had some functional use like how SuperGenPass uses identicons to determine whether you have entered a master password that you recognize, I could see some value to it.
No, that's not it. If you install a malicious add-on, there is nothing I can do to help you. If you visit a malicious website, it won't be able to spoof a pop-up that extends outside the content area. So nothing for me to do here.
It's a way more trivial issue. I occasionally start typing my PfP password into legitimate but unrelated password fields, simply because of muscle memory. It's not a terrible issue (I mostly trust the applications in question to not record input) but it is clearly suboptimal. So I want to see whether making the PfP password prompt less generic will get rid of that.
Not a bug, but I'm finding the new icon in the popup to enter the master password a little distracting in v2.0. I preferred the barebones look without the icon, but that's just me.
Trivial I know, but feel free to delete this issue.