Bit of promo material on the chrome extension: https://blockchain.info/wallet/chrome-extension
Note to self: learn to proof read.
Great job, you are an amazing developer because you listen.
Excellent - will be using it this week and a tip is coming your way
Good to head, don't worry about the tip though.
How exactly is it implemented? What strength does the mnemonic provide (bits etc)? I assume you are using the electrum seed encoding (interactive en/decoder at brainwallet)?
It is almost the same encoding as electrum but with the addition of a checkum and version byte. https://github.com/blockchain/My-Wallet/blob/master/mnemonic.js
the entropy provided will be the same as the password itself, the mnemonic will grow or shrink depending on the length of the password.
My concern is that there is an addition of another way to decrypt my wallet (or worse, my password itself).
It recovers the password itself.
if someone finds a way to extricate the mnemonic in the future?
Thinking out loud... To generate the mnemonic the password is extracted out of the private closure object using the getMainPassword() function (Line 1621 wallet.js). If you can extract the password then there is no point generating the mnemonic. But if the mnemonic is removed the getMainPassword() function can probably be removed as well.
Really the getMainPassword() should be changed not actually return the password but just confirm the user has typed it in recently. Then a separate modal dialog should be used to request the password for the mnemonic, that way it is being typed directly rather than being extract out of memory and is effectively permanently disabled if not actually using that feature.
BUG REPORT: After autologout the extension will send you to the website, meaning that you are no longer using the extension JS after that.
BUG REPORT: When signing up for SMS, two verifications messages are sent, with different OTP.
Are automatic dropbox backups no longer available?
First two should be fixed. Automatic dropbox backups should still be available, might first require doing a manual backup if the login has expired.