Cool implementation. Were you inspired by the Google 2-factor approach to log in to Goog websites that was pulled?<p><a href="http://www.readwriteweb.com/archives/google_launches_qr_code-based_login_security_measu.php" rel="nofollow">http://www.readwriteweb.com/archives/google_launches_qr_code...</a><p>As others said, I'd love to see an android version. However, before I use it for my important Web service accounts, I'd like the ability to encrypt my passwords both on the phone app and the browser plugin with a key known only to me so I don't have to trust your service with my cleartext passwords.
I just tried it out. Works quite well! I think this is pretty damn cool.<p>Feature requests:<p>- The ability to add sites to the db using the extension (unless I missed this). Typing on the iphone's a pain vs typing on my laptop.<p>- A way to quickly copy the credential data from the iOS app so it can be used in other iOS apps.<p>- A password auto-generator.<p>- Dropbox support. That way this could sync up and work across platforms, and wouldn't require me to trust you with my precious data. (I'm already trusting dropbox, for better or worse, but at least there I can ensure it's encrypted)
How is this better than something like 1Password? The only difference seems to be that instead of entering my master password in the browser extension, it's on my phone and I have to do extra work to log into the web site... I don't see any real security advantage, and the UX is much worse. Maybe I am missing something though.
what bit talks to the browser? Don't websites need to be "QRAuth" enabled? Have I just asked one of those questions which is "funny you should ask that..." ?