Proposed feature list

[MrTact]

Hey all. I have been wanting to do some work on this plugin for a while now. Since it's back in active development, I reached out to Eric to find out how to go about this, and he suggested creating a single issue to propose the stuff I'd like to do. And here we are.

I'm mainly interested in two forms of feedback: which features interest you the most, and any concerns you might have (especially from a security standpoint, as, frankly, that's not my area of expertise. I'm more of a usability guy.) Of course, any other input is welcome.

The big list (roughly in the order I would tackle them):

• Auto-remember the last profile used with this host. This would be configurable from the options panel.
• One-click login: If the browser has prepopulated your userid (and we can consistently detect that somehow), your password is stored somewhere, and we have a definitive direction on what profile to use for this host, when you click the button we can just immediately populate the password field and submit the form.
• Store password in memory with expiration: This is a new config option for the General tab, allowing you to store your password in memory, but set a (configurable) window of time after which you will have to type it again. (Because I often just close the lid on my laptop, putting it to sleep, so I have browser sessions that can last for weeks.)
• While we're on that subject, is there a reason the password storage option is on the dropdown instead of in the extension settings? Is there anyone who actually changes that regularly, or (as I suspect) does everyone pick one and then forget about it for all time? I can't think of what that use case is. (So I guess the proposed feature is, move it off the dropdown and into settings.)
• Eventually, I would love to make "Keep master password hash" enabled by default, because that feature is awesome and I didn't even know it existed until I started looking at implementing it. This could entail adding a setup experience that would prompt people to enter their master password when they first install the extension.

[tasermonkey]

Hey, if you have an Android phone or tablet I wouldn't mind some usability expertise there as well. I've tried to make it better over the summer too. But also I like to keep any features in the chrome extension on there too.

On the note of password hash, I'm a big fan of the verification code, since then nothing is stored, and I found it pretty easy to remember it for my password.

[MrTact]

I don't, but I should have access to an Android device through my job at some point Real Soon Now. And I really ought to get more familiar with Android development anyway. So no promise on a timeframe, but I will add installing and taking a look at that extension to my mental "to-do" list.

Edit: "app," I meant "app"!

[heavensrevenge]

Hi @MrTact I'll ask about the 1st one you mention since we had that "feature" before but it hid bugs in the profile selection so I just made sure url matching was amazing and removed this horrible html string building function https://github.com/passwordmaker/chrome-passwordmaker/blob/6f38a6367d8aed11be31fdbb8a28580a3e1f952e/javascript/popup.js#L157-l167 so are there any realy really really good pro's or reasons why this should be added vs adding a website URL to that profile's siteLists? I'd prefer auto-selection be improved somehow if it's not good enough vs allow "sticky" selection of a profile. Also the last one of making "Keep master password hash" on by default claws at my security know-better but could be done if you really really wanted to but i'd prioritize it at close to 0 (mainly I've also been wanting to enable the "Manually Verify Password using 3 Letter Code" by default instead so this may be a null request)

The ones I do like and I'll mention them in the order I'd suggest tackling (in terms of practical usefulness and difficulty of implementation) :

1. Store password in memory with expiration
2. move storage location off the drop down and into settings (it exists to be 100% familiar for Firefox converts since the Firefox version has this in the main user interface) so we can try this and if people hate it we can always just revert later on as I have wanted to do this in the past once already.
3. One-click login, the most difficult in terms of getting it right and integrating it in a way that's smooth but could be useful if it's done correctly.

[heavensrevenge]

Have you ever tried out the profile auto-detection by domain in a profiles "siteList" before @MrTact ? BTW putting sites in the Default profile will always stay blank by design since it needs to stay generic so anything you put in the default siteList wont be applied/saved, they only apply to "custom" profiles.

[MrTact]

My intent with the "use last profile" deal was to use the profile's siteList. I don't know what you mean by "auto detect" there -- I don't see that as an option in the settings.

I suppose saving the password hash renders it susceptible to a dictionary attack... anyway, it was last on my list for a reason :-) I will have to give the the confirmation code feature a try, though.

[heavensrevenge]

Well @MrTact if you made a Github profile and put github.com in the siteList & saved the profile(don't forget to save it), every time you activate(open) the popup while on github, that github profile should be automatically selected so all the options you've set in that custom profile will be used automatically. This website detection depends on matching the domain's URL you put in the siteList so you can be exact on which profile gets used for password generation. Hopefully you'll love it after you try it out :P

[MrTact]

Oh yeah, I actually have been using that feature since forever. It's excellent, in fact. (I believe I was overthinking what you meant by "autodetection.")

What I'm talking about is extending that. If you enable the feature from the general options screen, anytime you choose a non-default profile, we would add the current domain to the list for that profile.

[heavensrevenge]

Ah, now I know what you mean. I've tried to completely separate usage of the extension from customization of the extension, That's why theres absolutely 0 settings available in the popup in order to avoid clutter which is why the 1-click login thing may be a tad difficult in a way of separating usage & flow vs config of it.

[heavensrevenge]

Hey @MrTact, I removed the "Save Password" option in the popup. Any update on your end or if you even use my master branch anymore?

[heavensrevenge]

I have removed the "Save Password section from the popup and only have the option in the settings page in my 0.8.8 version.