A great thing will be to change extensions working scheme or add new kind of extensions that could works this way: instead of opening the vault with the browser’s extension, the main desktop’s application (for example: Bitwarden’s Windows desktop’s application) take care of the vault management and opens a communication’s channel with the browser’s extension that just take care of things like forms filling and saving new entries.
Keepass can do it with some plugins/extension. Roboform 8 works like this. Sticky Password too. That’s 2 examples but I believe that 1Password may do it also. Maybe more.
I think that it is far easier to care about memory’s safety on the fewer levels possible. If you keep vault into OS, you doesn’t have to look for browsers flaws at the same time as Os’s ones.
At the same time, you avoid having the need for opening the vault in RAM twice to work with the desktop’s client for some purposes that are easier with it, and, with the extension to browse through web. So, it is obvious that it is hardware’s resources saving.
Another advantage of this setup is that it may be useful to improve Bitwarden faster by focusing on actions specific to apps or extensions without the necessity of working the same feature twice. I could also add the fact that Firefox for Android addon would immediately benefits from it by enabling unlocking vault with fingerprints already available with the full app.
Finally, some security experts have wrote that encryption is not safely handle into browsers. It is considered that it is better to avoid browsers extensions to encrypt/decrypt vaults.
Fingerprint Support (All Platforms) - To do not re-prompt the master password all the time
Not only from a security-perspective, but also from a usability-perspective, this seems much better. I’ve used keepass this way and it’s a much nicer user-experience. I also wondered why I have to authenticate again after I logged into the desktop already. I’m an it-person, so I know how it works, but from a user-perspective, I’ve identitified myself already, why do I have to do it over and over? Wasn’t it clear it was me?
Of couse, I don’t mind reauthenticating to bitwarden as it’s the main keeper of the passwords, but not in every application that I would like to use it …
So, I’m a big supporter of this.
Off topic a bit, but the usability of keepass needs to drastically improve for family-usage. I bought a family- and premium-bitwarden license, but I can’t see bitwarden currently being used by my family to the usability-issues, although I like its architecture and opensource/security-perspective. So, I hope it will improve. I’ll probably switch to Lastpass untill then.
I agree with you. My point is that this is the type of improvement that most common people won’t fully understand. For that reason, it will be hard to gain votes for this request and see it realized. I already wrote to Kyle Spearrin to explain my point, but I haven’t got an answer… I will try to ask him what he think about it soon.
By now, if you know a way to promote this thread, I’ll be really interested to know.
I don’t think that requiring the desktop app to be installed would be a great benefit.
Some users, mainly in corporate environment, are not allowed to install arbitrary executables on their computer. I’m currently in one of those environments, and I can use BW because it just takes the form of a browser extension which my company doesn’t enforce any control on.
Though, I do feel like allowing the desktop app and the extension to talk if they’re both installed would be very nice. That would allow to unlock once and use both apps for example.
There are already some feature requests related to this, see:
Also, I’m out of votes but I do support the idea
Same with me! I switched to “Bitwarden” because I’m able to only use the browser extension at work. I’m not allowed to install any software on my laptop at work. That’s why I’m not able to use “Sticky Password”. Because I need to have the desktop app installed to use the browser extension.
“1Password” has got 2 browser extensions - the legacy extension needs the desktop app to be installed and the new extension is able to work without desktop app.
At home I’m using the Bitwarden desktop app and the browser extension for Vivaldi. I would love to only have to unlock one instance to unlock the other instance too. Actually I have to unlock the desktop app and the browser extension.
Very nice idea!
Maybe having an extension that allows 2 working methods: one standalone and one attached to main application if detected and/or chosen. Roboform’s Firefox add-on works this way. Or making 2 different extensions, but it will add complexity in my opinion.
I still believe that it isn’t efficient to open the database twice, but at the same time, I agree with you that it’s also important to be able to work with the extension alone.