Disconnect between web page and extension

[qwavel]

I'm using the Firefox extension v1.5.1 (the latest version).  The default algorith is MD5.

When I go to the web version:
http://passwordmaker.org/passwordmaker.html
the default algorithm is SHA-256.

This is a problem for novice users.  The passwords generated by the web page won't match and they won't know why.

I think you should have a simple web page with just the basic options - the same way that the extension has a simple mode - as well the the page with all the options.  The default settings for these should match so that the novice user can use both without knowing anything about the advanced settings.

Thanks for PasswordMaker.
Tom.

[morguns]

settings for the web version are stored in a cookie. once you get the settings the way you like them, they'll stick as long as you use the same pc and don't clear or disable cookies. i can see your point re: a different 'default' hash though; seems kinda silly when you think about the definition of default!

[Eric H. Jung]

I agree the defaults should be the same across all editions of PasswordMaker. Can someone add this to the FRL for the HTML/Javascript edition please?

[qwavel]

settings for the web version are stored in a cookie. once you get the settings the way you like them, they'll stick as long as you use the same pc and don't clear or disable cookies. ...

That doesn't help much.  Most people who use PM use a browser extension at home, and only use the web page version when they are away from their home computer - so they don't even want their settings stored in a cookie.

I agree the defaults should be the same across all editions of PasswordMaker. Can someone add this to the FRL for the HTML/Javascript edition please?

I would, but I don't know what a FRL is?

[Miquel 'Fire' Burns]

He's asking the mods to do so.

[Eric H. Jung]

mods = moderators
FRL = Feature Request List

[morguns]

so they don't even want their settings stored in a cookie

now i'm confused. if they don't want the settings stored [in a cookie] (which is usually a choice made by those who want to be extra careful), then that means they want to enter the settings manually every time. this is contrary to what you said previously.

[qwavel]

now i'm confused. if they don't want the settings stored [in a cookie] (which is usually a choice made by those who want to be extra careful), then that means they want to enter the settings manually every time. this is contrary to what you said previously.

What I'm saying is this.  If they are a newbie, and they have only used the basic options in their browser extension (ie. they never activated the 'advanced options' mode), and then they need a password when they are away from their home computer (eg. innternet cafe or friend's house), so they use the website, they should be able to use the website without changing any options and have it produce the same password.

They can't choose what their hash algorithm is, because they have never heard of a hash algorithm.  If the website defaults don't match the extension defaults then it won't work for them.

Now, if they do change some options on the web page (maybe they are an intermediate user), should those settings be stored in a cookie?  I think the answer is no, because they are probably using a public terminal and that cookie would be a security leak.

[Eric H. Jung]

I will make the changes so MD-5 is the default algorithm on the web edition. There is a beta of the web edition which includes more features as discussed here. One of the features is the option to not store any settings in a cookie.

If all goes well, I should be able to release the new web edition this weekend.