But you are right, that´s up to the user's choice. But in case you have it disabled you will just log in as if the plugin was not installed.
About autofill, that´s a real issue, I am working on that. Security has always been against ease of use.
But if you really care about protecting your password, I would recommend it for the back-end.
And if you really, really care about security. Get yourself a certificate. SSL is the ideal solution for security. Because it gives you more than just the fact of protecting data from client to server.
But this plugin works well for that. It is cheaper and easier to use, not to mention that it doesn´t encrypt the whole data transfer (making server response slower) including what you don't need to protect.
And on top of that, you can generate new encryption keys as many times (I recommend it) and as long in bits (better 512 or 1024 if your host is good enough) as you want very easily. FOR FREE!!!
I have found a few good sites with no protection for their admin password, not using SSL. And then their admins surprise when they find their site has been hacked.
I would like to thank you and the rest of the community for their reviews, suggestions, bugs reports, etc. You have helped me a lot.
For next version:
- Encryption keys will be automatically generated frequently, like once or twice a year or as often as the user want.
- Workaround for autofill issue.
- Encryption keys encrypted in database.