First of all, thank you for making this wonderful product and service. Until the security and limited adoption issues with OpenID are resolved, I think PasswordMaker is the best password management solution that emulates a universal single sign-on system.
Problem:One issue with PasswordMaker that worries me is the potential loss of all passwords created using PasswordMaker. As the FAQ states, if I forget my master password, I'm out of luck. However, the more troublesome case is if I forget the settings I used in PasswordMaker to generate passwords. Was my password length 8 or 12? Was the hash algorithm MD5 or SHA-256? What was my "Use l33t" setting? What was the "l33t level"? What character set did I choose? As I understand it, if I am mistaken about any of these settings, I will be unable to recreate my passwords even if I remember my master password.
The obvious solution for people who are afraid they'd forget the settings is to leave everything as is, not changing the default settings. Unfortunately, this gives rise to another problem. The default settings in the online edition and the Firefox extension edition of PasswordMaker are different. Ex. default password length is 8 in Firefox and 12 online; default algorithm is MD5 in Firefox and SHA-256 online; online edition has the following character set but the Firefox edition does not:
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
Suggestion:The default settings should be identical in every edition of PasswordMaker. Users should be warned that they are not to change the default settings unless they know what they're doing, and if they do change the settings, they had better remember them.
A further improvement would be to add preset profiles to every edition of PasswordMaker. For example, a default profile may have settings that generate passwords that are compatible with most sites. A "compatibility" profile may have settings that generate passwords that are guaranteed to work almost anywhere (no special characters, not too long, etc.). A "secure" profile may have settings that generate passwords that are extra strong but might be rejected by some sites. Again, these profiles must be identical across every edition of PasswordMaker.
This way, a user just has to remember his/her master password and settings profile.