Nice project 🙂
Please consider offer a way for user from other wallets to sign as well. We currently have several way do that :
If you store encrypted seeds on an online database for backup, please consider use more than the password for encoding. People are often using weak password so they can remember it. This is especially important to allow when there's no password recovery mechanism!
To keep a good encryption in the context, Stellar Authenticator ask for an username that is actually used as an extension of the password. This is because the username/password is a very well known paradigm and stay user friendly.
Currently the data are only kept locally. A cloud backup will be added but it will not be a login mechanism. Meaning that even knowing the user+password pair you couldn't access the seeds.
As entry name for the cloud database, it will uses email address which may or may not contains the username. In case backup is requested, the link leading to the encrypted seeds will be send to the email address and needs username+password to be deciphered.
The point of this is offering an encryption that is secure enough in case the encrypted seeds leaks (database crack, email theft, dns attack,...)
One have to think carefully how he is going to handle the private keys. Those may end up representing a lot of money, especially when centralized, giving a high incentive to try an attack. If the cost of a successful attack is under the expected gain you're done.
This sheme have a drawback though: you won't directly login from another browser/device (that's also the feature). You'll have to import a piece of data for syncking devices together.