I think pwpush.com is a great service, but IMO the default expiration settings are way too loose. If a client sends me an e-mail with a link that doesn't expire for 30 days and 10 views, then that's a really large window for an attacker.
Ideally, I'd go for 3 days and 1 view, but that's probably too tight more the general public. Maybe 8 days and 2 views?
Thanks iandunn. I agree as well. For pwpush.com I need to find the right balance between enough but just enough.
In the code, I think I should make it easer to change the defaults in a single place as well.
I'll take a look and post back here. Thanks for logging this.
Awesome, thanks. Another idea would be to set a cookie for the defaults. That way, a frequent user could have their own if they don't like the ones the application has.
Hi @iandunn. I didn't change the defaults on the front page yet but I've added a cookie save options for the defaults like you suggested. Great idea.
I also added a button for viewers to manually delete a password regardless of the view count or age:
FYI I posted about the new features on reddit
Looks great :)
Closing this issue now as the user can save cookie defaults. If I get more requests to lower the page defaults I'll revisit. Thanks for filing @iandunn!