A couple of things:<p>1. add an "avoid ambiguous characters" option (is that an "l" or a "1", an "O" or an "0", etc.).<p>2. encouraging people to type or generate passwords into/from random web sites is a bad idea -- perhaps even making the problem worse instead of solving it.<p>3. who's your target audience? The tech community already understands this. Is it my mother, the average user? She'd use this exactly once and then forget it. Why? "getvau.lt". While that's "cute" and us techies love crap like that, all Joe User knows is .com. When he tries to come back to the site tomorrow, he'll type in "getvault.com" or (more likely) "get vault" or "getvault", end up somewhere else, and never use your service again.<p>HTH.
KeyPassX and MiniKeyPass are working well enough here, plus they are open source software that one can install on his or her computer or iPhone.<p>I keep my database on Dropbox for availability on multiple devices.
Neat, but SuperGenPass does this better- has a bookmarklet with configurable salt, and it's based off the domain name, not the service, so you can't get into ambiguities (Gmail, GMail, gmail?)<p><a href="http://supergenpass.com/" rel="nofollow">http://supergenpass.com/</a><p>That said, the options for disallowed characters is nice.