Wand

Wand is used to store passwords so that users don't have to enter them manually whenever a site asks for username and password. It's highly dependant on a UI for it's job, but the core module contains storage code and interaction with document and forms.

Security

The wand code contains sensitive data and therefore we either encrypt it or obscurify it but since it's data that must exist on a web page during a submit, it's not top secret. The easiest way to extract a forgotten password is to initiate a submit but abort it before the page has loaded. Then use a javascript url (or bookmarklet) to output the contents of password fields.

Future improvements

Storing a possword shouldn't block the page load. This way we ask people to store data before the server has verified that the data was correct.