Oh nice, I've been thinking about something like this a lot lately. I don't really like the idea of truncating the generated password, though. I'd rather it use a proper KDF and fill the password field to its limit.
I think the reason they did it is because a lot of sites have maximum password lengths that would prevent the full output. Those are exactly the type of sites that you want to be using something like this on.
Sure, but as long as the site actually sets the password length limit on the field it shouldn't matter. It will obviously be truncated a lot of the time, but I'd rather it be truncated at thelongestpossible point.
From looking around it seems like the reason is that they wanted the visual representation of typing the password to reflect the number of characters you actually typed as you type them. I'm not sure if this comes out true, though, as I can't actually get it to work in chrome.
The chrome extensions requires putting '@@' at the start of the password field. This turns it yellow to indicate it is now active for that field.
>Sure, but as long as the site actually sets the password length limit on the field it shouldn't matter.
Yes, but in my experience sites rarely implement this. If they do, it's probably inconsistent (i.e. different limits on the login field, create account, and reset password fields).
Yep, tried that. Just doesn't do anything at all as far as I can tell. Maybe it has issues with linux chromium? I dunno.
Re password lengths, my experience is that they usually truncate on the server side at that point, rendering it pretty moot. But yes, I do see this problem. I'm just not sure you're not going to run into it either way if you're practicing good password hygiene. I'd still prefer it make an attempt at adding as much difficulty to the password as possible, though.