RFE integrate domain extractor to allow consistent results despite sloppy copy paste like SuperGenPass and PwdHash
(revised and reposted in relation to original https://tmthrgd.github.io/mpw-js web version i prefer to use for its portability and context field support for recovery questions, but this applies to all platforms)
RFE integrate domain extractor to allow consistent results despite sloppy copy paste like PwdHash
https://pwdhash.github.io/website flexibly parses a wide variety of inputs thanks to...
https://github.com/collinjackson/pwdhash-website/blob/gh-pages/domain-extractor.js
this would help with consistency, because changing the "site" entry from starting with http to https and including or dropping the www portion should not result in a different password.
domain extraction would be optimal:
from my experience of trying to use mpw or getting someone else to use it (specifically non-tech savvy seniors and folks that just write down passwords based on birthdays, relatives, pets)...
trying to explain the issue of reduced security from manually entering the domain they think they are logging into (maybe user followed a lookalike spoof site) plus the frustration of typos if they ignore that security advice anyway, copy paste would be safest, however...
explaining copy paste and trimming down the site they want to login to (which some people have skill and or mobility issues doing precisely anyway, and some can be very long) in a consistent way (when usually it doesn't matter if there is a dangling slash or not on URLs) because the URL could be different depending on what sub-page they were at when they hit login.
they don't understand why the password is different, because they are still saying what site they want to login to, they forgot that the tool is super picky, and get frustrated, and want to just go back to what they were doing (writing down family pet birthday passwords in notes all over the place).
as for compatibility, easy enough to work around:
i would change "Site:" label to "Full URL:" and add a display box below that with a default marked checkbox labeled "Use core domain instead:" which would display the extracted domain that will be used (for full transparency). that way switching modes is a simple and fast uncheck-recheck, just like the other post key generation dropdowns and templates.
anyway thanks for creating a nice and tidy tool, and helping improve user security, cheers.