Hello @dolt , i had posted a similar request as yours recently .You can look at it here - A security feature to identify phishing websites
One of the question that arose to me was , that the passphrase could also be spoofed by the attacker by fetching it through bitwarden’s official website if they are clever enough to do so.
The passphrase could ofcourse make the phishing attempt difficult and also in some circumstances prevent users from logging into self hosted instances of BW having similar domain names.
Some more clever way of implementing it could be developed.
Cheers 