pashword
[feature] Extension
Would an extension be useful? I was thinking of making a Brower extension where you'd:
- go to a website
- Click the extension
- Enter your username and secret key on the extension popup
- the extension fills the provided username and generated pashword on the site.
If interested, I could throw together a little demo for it :) #
Yes, it could be very useful. It would mean users wouldn't have to go to pashword.app everytime they want to get their passwords. Ideally, you'd use Pashword with your browser's default password manager so that it can store the generated passwords but an extension could still be very useful :D
I thought about having the option to save the password, my only concerns there are how to store and retrieve the password securely. 🤔 I'll do some research and put together a proof of concept though! How should the pashword.ts file get called? It doesn't look like the repo is set up for using it as a module. Maybe it should be seperated into a utility repo/package?
I could turn pashword.ts into a module or it could be called just locally. Now, I haven't really worked on browser extensions from scratch so I'm not sure if they allow this, but I would assume they do. pashword.ts only requires jsSHA and scrypt-js for the most part so copying the file and using it in another project shouldn't cause any problems :)
The primary reason why I never started with a password store was because I wanted the users to enter their secret key again and again. This is a technique used by Authy as well because it doesn't let the user forget their master password.
A browser extension could store the information in its own local storage or maybe the browser keyring for prolonged usage.
The extension side of things won't be an issue for me :) honestly, im least versed in design. That being said, I'll just use what you've done for the site!
Hmm, well, we could just not store the password So people can enter their username and password on the extension and it'd autofill the pashword and username on the site they're currently on. This would make sure they have to keep using the master password, as well as still making it easier and not having to go the pashword website for every site they visit. We can just autofill the pashword domain requirement using the subdomain and domain of the current site (so ignoring protocol, href, etc.) To keep things in line with how the pashword website shows domains written.
I'd have to look into using the browser keyring - I don't know if they make any APIs publicly available or not. That's if we decide to store the master password or not though. We could always set an expiry and temporarily cache the password so they only have to enter it say once per 2 hours or something 🤔 that sounds like a reasonable compromise between security and ease of use to me at least
I definitely think migrating the pashword lib to a module - and making use of Async/await to move things off the main thread would be a good idea. The latter part would make it not block page rendering when calculating a hash as well
I definitely think migrating the pashword lib to a module - and making use of Async/await to move things off the main thread would be a good idea. The latter part would make it not block page rendering when calculating a hash as well
I honestly don't know why I didn't do it the async way😆 It would have made more sense for me to have the function called asynchronously. Thanks a lot for the idea, I should update the webapp😅
EDIT: Come to think of it, I think synchronous code makes more sense on the frontend since it's easier to handle and the calculations are done by the same device, not a server.
If you'd like, I could submit a pr for it :) It just needs a promise wrapper to get it off the main thread. Although, I reckon you should instead set up an org and migrate pashword to a module on there, that way the extension and site could also be in the pashword org
I didn't create an organization because the vercel free tier requires a personal repository. I could move it off to the MagLit account where it's sponsored by Vercel and has Pro features enabled. I'll try that next.
Could always try Railway! (https://railway.app) I'm currently running a discord bot on there and it's seemed pretty nice so far~ I can give you a referral code if you'd like! There's plenty of other alternatives though. It could even run on GitHub Pages for free seeing as it's a static site
On Sat, 13 Aug 2022, 21:24 NayamAmarshe, @.***> wrote:
I didn't create an organization because the vercel free tier requires a personal repository. I could move it off to the MagLit account where it's sponsored by Vercel and has Pro features enabled. I'll try that next.
— Reply to this email directly, view it on GitHub https://github.com/NayamAmarshe/pashword/issues/5#issuecomment-1214141305, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQSYG5ADVPFPFLKBF47FQTVY6AW3ANCNFSM56MLWABA . You are receiving this because you authored the thread.Message ID: @.***>
Could always try Railway! (https://railway.app) I'm currently running a discord bot on there and it's seemed pretty nice so far~ I can give you a referral code if you'd like! There's plenty of other alternatives though. It could even run on GitHub Pages for free seeing as it's a static site … On Sat, 13 Aug 2022, 21:24 NayamAmarshe, @.> wrote: I didn't create an organization because the vercel free tier requires a personal repository. I could move it off to the MagLit account where it's sponsored by Vercel and has Pro features enabled. I'll try that next. — Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQSYG5ADVPFPFLKBF47FQTVY6AW3ANCNFSM56MLWABA . You are receiving this because you authored the thread.Message ID: @.>
Looks great! I'll give this a try as well. When Vercel sponsored MagLit they told me I could host other projects on the pro account too, so I can move pashword there as well.
Could always try Railway! (https://railway.app) I'm currently running a discord bot on there and it's seemed pretty nice so far~ I can give you a referral code if you'd like! There's plenty of other alternatives though. It could even run on GitHub Pages for free seeing as it's a static site … On Sat, 13 Aug 2022, 21:24 NayamAmarshe, @.> wrote: I didn't create an organization because the vercel free tier requires a personal repository. I could move it off to the MagLit account where it's sponsored by Vercel and has Pro features enabled. I'll try that next. — Reply to this email directly, view it on GitHub <#5 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQSYG5ADVPFPFLKBF47FQTVY6AW3ANCNFSM56MLWABA . You are receiving this because you authored the thread.Message ID: _@**.**_>
Looks great! I'll give this a try as well. When Vercel sponsored MagLit they told me I could host other projects on the pro account too, so I can move pashword there as well.
Awesoooome~ you'll have to link the org here when you've migrated things so I can have a look, and help with things. In the meantime, I'll get to work on the base of the extension and maybe a PR to move things off the main thread in Pashword
I see you set up the org! Now we just have to get the Pashword lib split off to a separate module!
@brocococonut I noticed that the pashword generation times are far greater with async. On mobile, it used to take around 1.5 seconds, now it takes around 10 for me. On PC even, the loading time is a bit more than synchronous. I'll have to investigate this.
It's likely because it's not blocking the thread with calculating the hashes and encrypting. It's doing that while also letting the site run normally. It'll probably be faster and better if it gets moved over to a service worker instead I'll work on doing at sometime soon
Sweet, thanks! I've added you to the Pashword org, please accept the invite :)
Is the browser extension still in the works :) and an android app would be awesome.
Is the browser extension still in the works :) and an android app would be awesome.
Yeah sorry for the delay. These days I'm extremely busy with other projects and work. I'll start working on the extension and coordinate with @brocococonut on this.
Sorry for the delay.
As for the android app, If we can use React Native and reuse components from pashword website that'd be great. There's also ionic framework but I've never used it. Will see what's possible :)