1. add an "avoid ambiguous characters" option (is that an "l" or a "1", an "O" or an "0", etc.).
2. encouraging people to type or generate passwords into/from random web sites is a bad idea -- perhaps even making the problem worse instead of solving it.
3. who's your target audience? The tech community already understands this. Is it my mother, the average user? She'd use this exactly once and then forget it. Why? "getvau.lt". While that's "cute" and us techies love crap like that, all Joe User knows is .com. When he tries to come back to the site tomorrow, he'll type in "getvault.com" or (more likely) "get vault" or "getvault", end up somewhere else, and never use your service again.
Yep, I started using KeePassX years ago and love it. About a year ago I switched to LastPass because it is just so damn convenient, even though I know I probably shouldn't be using a password manager that stores my passwords "in the cloud" (again, it's so damn convenient). I am, however, trying to switch back to KeePassX but it's harder to use since I've stopped using Dropbox, et al., as well.
+1 for this. I have been using keepassX for at least 5 years now and I can access the file through dropbox on my phone, laptop, and desktop machine without issue and the 2FA is an extra bonus on the full computers.
Neat, but SuperGenPass does this better- has a bookmarklet with configurable salt, and it's based off the domain name, not the service, so you can't get into ambiguities (Gmail, GMail, gmail?)
"The SuperGenPass UI is rendered within the DOM of the current page when you click the bookmarklet. The UI is where you enter your master password. And because the UI is part of the current page, any script running in the page can read your master password. Remember that script can be external too, as in advertisements or widgets of some kind." -
http://akibjorklund.com/2009/supergenpass-is-not-that-secure
1. add an "avoid ambiguous characters" option (is that an "l" or a "1", an "O" or an "0", etc.).
2. encouraging people to type or generate passwords into/from random web sites is a bad idea -- perhaps even making the problem worse instead of solving it.
3. who's your target audience? The tech community already understands this. Is it my mother, the average user? She'd use this exactly once and then forget it. Why? "getvau.lt". While that's "cute" and us techies love crap like that, all Joe User knows is .com. When he tries to come back to the site tomorrow, he'll type in "getvault.com" or (more likely) "get vault" or "getvault", end up somewhere else, and never use your service again.
HTH.