passman-webextension icon indicating copy to clipboard operation
passman-webextension copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Browser feature request: ask for master password at startup

Open MG2R opened this issue 7 years ago • 8 comments

Often I forget I need to enter Passman's master password at browser startup, only to figure this out when I need to log in somewhere. When I discover it during login process, not only do I have to enter the master password, I also have to refresh the page to get Passman to parse the DOM and discover the login text fields. Would be nice if Passman just requested the password on first startup.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

MG2R avatar Dec 18 '17 12:12 MG2R

It's not possible to open the the dialog (Chrome / firefox limitations), we could show a notification but that will get annoying.

brantje avatar Dec 18 '17 12:12 brantje

personally i would kill the add on that pops-up every time i open my browser. I get what you mean with forgetting it (I also have that), maybe something as an option to enable or disable for a pop-up would be a better solution.

OS3DrNick avatar Dec 18 '17 12:12 OS3DrNick

I'm all for having options to enable/disable a popup.

To make this even less infuriating, why not have Passman analyze the DOM regardless of being locked? This way it could recognize a login prompt and then warn the user that it should be unlocked.

MG2R avatar Dec 18 '17 14:12 MG2R

It's not possible to open the the dialog/popup (Chrome / firefox limitations),

brantje avatar Dec 18 '17 14:12 brantje

You mentioned that the warning could be a notification. Heck, just analyzing the DOM means that when the user realizes they forgot to unlock Passman, unlocking Passman is enough to fill in the password without refreshing the page. AFAIK Passman now just stops completely the moment it's locked. If it parses the DOM when locked or immediately after unlocking, the refresh wouldn't be necessary. Unless I'm completely talking about impossible stuff, in which case I should just stop talking....

MG2R avatar Dec 18 '17 14:12 MG2R

the thing is that firefox or chrome won't let us open a popup window asking for the password, only a notification warning about it.

We think that showing a notification would be annoying.

animalillo avatar Dec 18 '17 14:12 animalillo

Fair enough. I was thinking about an opt-in feature. I'll just have to get used to remembering stuff. Might be a good brain training.

MG2R avatar Dec 18 '17 14:12 MG2R

Why is master password stored in plain text? Can it not be stored hashed with SHA512 and randomly generated salt? See #263

lowlyocean avatar Jun 16 '18 03:06 lowlyocean