error handling shows you the error and offers the ability to reload;
disconnect handling shows you that the page will reload in a few seconds.
it uses exponential backoff with some random sprinkled into it to prevent overwhelming the server once people's clients decide to reconnect.
it's probably okay, but it's incredibly easy to read localStorage from the frontend and get a hold of the secret
would be nice (would it?) to have more proper session tokens I guess but we're not doing that right now
I'm not entirely sure if generating the password on the server is legit like this, but it leads to an incredibly frictionless experience and I'd like to keep it. if possible.
I don't really see a difference compared to password managers generating passwords for you and showing them in plaintext
obviously actual passwords are stored within the manager which requires a master password, but like. do we really need that. the secret isn't shown to the user and it's very long.
too bad the browser secure storage API or whatever isn't ready yet
liquidex