User blog comment:LadyAlys/HabitRPG Unofficial User Data Display/@comment-24234477-20140330171812/@comment-58.7.40.72-20140331080028

The form is back, and I've fixed the bug that was causing problems when it was used. Thanks again for explaining to me how useful it was to you.

I'm afraid I'm not going implement cookies for storing your API token, not even on an opt-in basis, because they aren't secure enough (neither is HTML5 Web Storage which someone else was asking about recently for the same reason). There are certain kinds of attacks (e.g., DNS spoofing, cross-site scripting) which can allow people to read data stored in cookies and Web Storage, and so they are not recommended for saving authentication information. I do realise that this is inconvenient, and I am sorry about that, but I'm not willing to take the risk that this tool could assist in your account being broken into, even if you had the choice to opt-in to cookie storage.

What I recommend instead is using a password manager such as KeePass. It is highly regarded and considered to be very secure, and could be used for all your website passwords. Another option (less secure but perhaps more convenient) is to use the password saving feature that exists in many browsers (e.g., for Firefox); I don't recommend that from a security perspective but it certainly is convenient.

Is it possible to add a "damage received" stat to the quest progress?

An interesting suggestion! I'm already considering building a feature that would estimate how much damage you would take if you did no more dailies today, although I'm not yet sure exactly how possible/reliable that would be. If I can do that, then also including damage that would be done by the boss would be a very easy addition. I'll add it to the list of possible future features. Thanks!