Right now the browser extension for PC is horribly insecure. Mostly because one can’t trust the whole database unlocking for a PC.
Especially in Windows as there is no real memory protection between applications, or it’s nearly useless. For instance I have a script that just modifies explorer.exe memory area and changes it’s WndProc function on the fly, Windows defender has never catched my script.
I would like a following scheme:
- Browser extension gets only usernames and URLs by default
- When it requests a password, it should get it from the mobile application.
- Mobile application could be made to prompt to send the password to the device (PC).
This way if one catches a virus in the PC it won’t compromise whole password database.
Thank you for considering.