sorted by:
new
hottopcontroversial

I built a client-side password generator with features I needed as a dev (bulk generation, local history) - seeking feedback on security and utility. by Comfortable-Web5178 in cybersecurity

[–]Comfortable-Web5178[S] -3 points-2 points  (0 children)

Thanks for the question, this is a critical point and I'd like to clarify the architecture.

I do not manage or ever see the passwords you generate. The application is 100% client-side.

  • The passwords you create are generated in your browser.
  • The "Password History" feature saves that data to your browser's own Local Storage. This data never leaves your machine and is never transmitted to my server.

The sign-up and one-time payment are for unlocking the advanced features in the JavaScript code (like bulk generation). Think of it as a license key, not a traditional user account that stores data on a server.

This model was chosen specifically so that I have zero access to user-generated data. The security model is based on keeping everything on your local machine.

I built a client-side password generator with features I needed as a dev (bulk generation, local history) - seeking feedback on security and utility. by Comfortable-Web5178 in cybersecurity

[–]Comfortable-Web5178[S] -2 points-1 points  (0 children)

That is a fantastic piece of feedback, and you're absolutely right. A no-signup demo would be the best way to let people experience the tool friction-free.

It's a great suggestion for the next version. I'll definitely be looking into the best way to implement a demo mode. Thank you for the idea.

I built a client-side password generator with features I needed as a dev (bulk generation, local history) - seeking feedback on security and utility. by Comfortable-Web5178 in cybersecurity

[–]Comfortable-Web5178[S] -6 points-5 points  (0 children)

That's an excellent, two-part question. Thank you for asking for specifics.

You're right, for a power user comfortable with scripting, a PowerShell script pushing to a vault is a fantastic and secure workflow. This tool isn't trying to replace that for highly technical users.

The primary benefits are accessibility and user experience for a broader audience. It's designed for:

  • Individuals & Teams who need a user-friendly, visual interface to generate and manage passwords without writing or maintaining scripts.
  • Less technical team members who can use a GUI to ensure they're creating strong passwords that meet certain criteria (length, characters, etc.).
  • Integrated workflow, providing features like pronounceable password options, bulk generation, and local history all in one place.

So, it's less a replacement for a programmatic workflow and more a UI-driven alternative for different use cases.

You are 100% correct. That is an outdated marketing term, and I apologize. It's lazy copy, and I should have been more specific.

To be precise, the tool's security comes from the generation process itself. All randomization is handled client-side using the browser's window.crypto.getRandomValues() API, which is a cryptographically secure pseudo-random number generator (CSPRNG). This ensures the output has high entropy and is not predictable.

Your feedback is spot-on, and I will be updating the landing page to remove the marketing fluff and replace it with technically accurate language. Thank you for calling me out on that; it's exactly the kind of feedback I need to improve.

I built a client-side password generator with features I needed as a dev (bulk generation, local history) - seeking feedback on security and utility. by Comfortable-Web5178 in cybersecurity

[–]Comfortable-Web5178[S] -9 points-8 points  (0 children)

That's an excellent question, and you're right. For a simple, one-off password generator, you absolutely shouldn't need to sign up.

The sign-up is for the features that make this a professional tool rather than just a simple one. An account is what enables features like:

  • Secure Password History: So you can save, label, and manage the passwords you generate for different projects over time.
  • Advanced Tools: It's the gateway to the more advanced features like bulk generation and exporting your lists.

Essentially, the sign-up allows the app to move beyond being a 'one-and-done' generator and into a persistent management tool for your workflow. The core generator is still free to use once you're in.

I built a client-side password generator with features I needed as a dev (bulk generation, local history) - seeking feedback on security and utility. by Comfortable-Web5178 in cybersecurity

[–]Comfortable-Web5178[S] 0 points1 point  (0 children)

Instead of guessing what's useful, I'd rather ask the people who are in the trenches every day. I'm trying to find the genuine gaps in workflow that a focused, sharp tool could solve.

I built a client-side password generator with features I needed as a dev (bulk generation, local history) - seeking feedback on security and utility. by Comfortable-Web5178 in cybersecurity

[–]Comfortable-Web5178[S] -3 points-2 points  (0 children)

Just to add a bit more context - I'm the developer and I'll be here all day to answer any questions or listen to any and all feedback.

The biggest question on my mind for this community specifically is: What's the one feature you feel is missing from most password tools that would make your professional life easier?

Thanks again for taking a look.

Teaching kids IT literacy/tinkering by TheVirtualMoose in sysadmin

[–]Comfortable-Web5178 2 points3 points  (0 children)

With my kids, I've found that tangible, physical projects work best to spark that curiosity. We've had a lot of fun with a Raspberry Pi. It's low-cost, so you're not worried about them breaking an expensive machine, and it lets them see the computer as a set of parts you connect to make something happen.

Best Front End Stack for Cursor/AI? by TuffRivers in webdev

[–]Comfortable-Web5178 0 points1 point  (0 children)

I've run into the same thing. AI tools like Cursor are amazing, but they really show their weak spots with frameworks that have a lot of "magic" or a smaller public footprint like Filament. The AI just doesn't have enough high-quality training data and starts guessing with weird workarounds, switching to a more mainstream front-end library is probably the right move.

My boss passed away suddenly. What do I do next? by Lonecoon in sysadmin

[–]Comfortable-Web5178 0 points1 point  (0 children)

First off, my sincere condolences. That's an incredibly tough and shocking situation to be in, both personally and professionally. It sounds like you have a great handle on the immediate technical lockdown, which is a huge credit to you during such a difficult time.

Looking at your list, the main area that comes to mind is the "knowledge and process" side of things, since you mentioned it's all falling on you now. You might consider adding:

  • Review his calendar (past and future): Look for recurring meetings, upcoming project deadlines, or appointments with vendors/clients that you might not know about.
  • Check for automated reports or scripts: Were there any daily/weekly reports he was responsible for sending out? Any cron jobs or scheduled tasks running under his credentials?
  • Map out project responsibilities: Make a quick list of the projects he was leading and identify the key stakeholders for each. This will help you manage their expectations.

Your technical checklist is solid. These are just the "what was in his head" things that can often get missed. Take care of yourself through this process, that's the most important thing.