README update to document -pw changes

README.html

@@ -1069,16 +1069,23 @@ options -restrict, -block, -allow for more ways to control client
 access). <em>(Add a line “reg” in the startup file if you wish to use
 this feature.)</em></p>
 <p><strong>-pw</strong> [<em>pwd</em>]. (since 1.72). As an alternative
-to -pin, client access can be controlled with a password set when uxplay
-starts (set it in the .uxplay startup file, where it is stored as
-cleartext.) All users must then know this password. This uses HTTP md5
-Digest authentication, which is now regarded as providing weak security,
-but it is only used to validate the uxplay password, and no user
-credentials are exposed. If <em>pwd</em> is <strong>not</strong>
-specified, a random 4-digit pin code is displayed, and must be entered
-on the client at <strong>each</strong> new connection. <em>Note: -pin
-and -pw are alternatives: if both are specified at startup, the earlier
-of these two options is discarded.</em></p>
+to -pin, client access can be controlled with a password. If a password
+<em>pwd</em> (of length at least six characters) is set when uxplay
+starts (usually set in the startup file, where it is stored as
+cleartext), all users must know this password to connect to UxPlay (the
+client prompts for it). This method uses HTTP md5 Digest authentication,
+which is now regarded as providing weak security, but it is only used to
+validate the uxplay password, and no user credentials are exposed. After
+a successful authentication, the client stores the password, and will
+use it initially for future authentications without prompting, so long
+as the UxPlay deviceID has not changed (this initial authentication will
+fail if the UxPlay password has changed). If <em>pwd</em> is
+<strong>not</strong> specified with the -pw option when UxPlay starts, a
+new random 4-digit pin code is generated and displayed on the UxPlay
+terminal for <strong>each</strong> new connection, and must be entered
+on the client (there are three chances to enter it, before it is
+changed). <em>Note: -pin and -pw are alternatives: if both are specified
+at startup, the earlier of these two options is discarded.</em></p>
 <p><strong>-vsync [x]</strong> (In Mirror mode:) this option
 (<strong>now the default</strong>) uses timestamps to synchronize audio
 with video on the server, with an optional audio delay in (decimal)

README.md

@@ -1064,13 +1064,23 @@ deregisters the corresponding client (see options -restrict, -block,
 the startup file if you wish to use this feature.)*
 
 **-pw** [*pwd*].  (since 1.72). As an alternative to -pin, client access
-can be controlled with a password set when uxplay starts (set it in
-the .uxplay startup file, where it is stored as cleartext.)  All users must
-then know this password.    This uses HTTP md5 Digest authentication,
+can be controlled with a password.   If a password *pwd* (of length at least
+six characters) is set when uxplay
+starts (usually set in the startup file, where it is stored as
+cleartext), all users must know this password to connect to UxPlay
+(the client prompts for it).
+This method uses HTTP md5 Digest authentication,
 which is now regarded as providing weak security, but it is only used to
 validate the uxplay password, and no user credentials are exposed.
-If *pwd* is **not** specified, a random 4-digit pin code is displayed, and must
-be entered on the client at **each** new connection.
+After a successful authentication, the client stores the password, and will use
+it initially for future authentications without prompting, so long as
+the UxPlay deviceID has not changed (this initial authentication will fail
+if the UxPlay password has changed).
+If *pwd* is **not** specified with the -pw option when UxPlay starts, a
+new random 4-digit pin code is generated and displayed on the UxPlay terminal
+for **each** new connection, and must
+be entered on the client (there are three
+chances to enter it, before it is changed).
 _Note: -pin and -pw are alternatives: if both are specified at startup, the
 earlier of these two options is discarded._
 

README.txt

@@ -1083,15 +1083,22 @@ deregisters the corresponding client (see options -restrict, -block,
 the startup file if you wish to use this feature.)*
 
 **-pw** \[*pwd*\]. (since 1.72). As an alternative to -pin, client
-access can be controlled with a password set when uxplay starts (set it
-in the .uxplay startup file, where it is stored as cleartext.) All users
-must then know this password. This uses HTTP md5 Digest authentication,
-which is now regarded as providing weak security, but it is only used to
-validate the uxplay password, and no user credentials are exposed. If
-*pwd* is **not** specified, a random 4-digit pin code is displayed, and
-must be entered on the client at **each** new connection. *Note: -pin
-and -pw are alternatives: if both are specified at startup, the earlier
-of these two options is discarded.*
+access can be controlled with a password. If a password *pwd* (of length
+at least six characters) is set when uxplay starts (usually set in the
+startup file, where it is stored as cleartext), all users must know this
+password to connect to UxPlay (the client prompts for it). This method
+uses HTTP md5 Digest authentication, which is now regarded as providing
+weak security, but it is only used to validate the uxplay password, and
+no user credentials are exposed. After a successful authentication, the
+client stores the password, and will use it initially for future
+authentications without prompting, so long as the UxPlay deviceID has
+not changed (this initial authentication will fail if the UxPlay
+password has changed). If *pwd* is **not** specified with the -pw option
+when UxPlay starts, a new random 4-digit pin code is generated and
+displayed on the UxPlay terminal for **each** new connection, and must
+be entered on the client (there are three chances to enter it, before it
+is changed). *Note: -pin and -pw are alternatives: if both are specified
+at startup, the earlier of these two options is discarded.*
 
 **-vsync \[x\]** (In Mirror mode:) this option (**now the default**)
 uses timestamps to synchronize audio with video on the server, with an