Right now the browser extension for PC is horribly insecure. Mostly because one can’t trust the whole database unlocking for a PC.

Especially in Windows as there is no real memory protection between applications, or it’s nearly useless. For instance I have a script that just modifies explorer.exe memory area and changes it’s WndProc function on the fly, Windows defender has never catched my script.

I would like a following scheme:

1. Browser extension gets only usernames and URLs by default
2. When it requests a password, it should get it from the mobile application.
3. Mobile application could be made to prompt to send the password to the device (PC).

This way if one catches a virus in the PC it won’t compromise whole password database.

Thank you for considering.