A great thing will be to change extensions working scheme or add new kind of extensions that could works this way: instead of opening the vault with the browser’s extension, the main desktop’s application (for example: Bitwarden’s Windows desktop’s application) take care of the vault management and opens a communication’s channel with the browser’s extension that just take care of things like forms filling and saving new entries.
Keepass can do it with some plugins/extension. Roboform 8 works like this. Sticky Password too. That’s 2 examples but I believe that 1Password may do it also. Maybe more.
I think that it is far easier to care about memory’s safety on the fewer levels possible. If you keep vault into OS, you doesn’t have to look for browsers flaws at the same time as Os’s ones.
At the same time, you avoid having the need for opening the vault in RAM twice to work with the desktop’s client for some purposes that are easier with it, and, with the extension to browse through web. So, it is obvious that it is hardware’s resources saving.
Another advantage of this setup is that it may be useful to improve Bitwarden faster by focusing on actions specific to apps or extensions without the necessity of working the same feature twice. I could also add the fact that Firefox for Android addon would immediately benefits from it by enabling unlocking vault with fingerprints already available with the full app.
Finally, some security experts have wrote that encryption is not safely handle into browsers. It is considered that it is better to avoid browsers extensions to encrypt/decrypt vaults.
24 posts were merged into an existing topic: Login to browser extensions when logging into desktop app and vice versa
33 votes have been moved. 10 votes could not be moved because their users already voted in the other topic.