This is a FR for a new 'MPW Hash Mis-Match' dialog window when the MPW Hash doesn't match the Stored Hash.
Currently, when using auto-populate, if the Hash of the MPW has been saved for an Account, if the user enters the wrong MPW (Hashes don't match), the 'OK' button is the default behavior for when the 'Enter' key is pressed, and PWM just goes ahead and populates the wrong generated password.
With this in mind, I propose that the MPW prompt function, whether initiated by the auto-populate feature, or user initiated, should be changed to work in the following manner...
Given that the user has correctly stored the MPW Hash and enabled auto-populate for Account X, and has not elected to store the MPW on disk:
- User navigates to the site for Account X
- PWM prompts for MPW (whether by auto-pop or user initiated)
- User typos the MPW, causing a Hash mismatch, and hits 'Enter'
- PWM should pop-up a different dialog - similar to the one that it currently pops-up if the user hists 'Enter' without entering anything for the MPW - informing the user that the MPW hash of the entered PW doesn't match the Hash that is currently stored for this account, and give the user 3 options (buttons):
- 'Re-enter MPW' (default)
- 'Continue'
- 'Replace Hash'