In light if the phishing attack, I do find it inconvenient that while I have a desktop phone and plugin, many options are just not available from those.
Therefore you must go to the web vault often. This phishing attack showed that’s a nice target.
I propose you offer from all apps/plugins a launch web, where it will then of course go to only the correct URL and perhaps if feasable use your current authentication to authenticate there to avoid entering credentials on the web entirely.
Ah would not have thought to look there. I did notice some settings push you to the site, but not all settings are in menus (like organization). A button in the toolbar would be handy.
I totally missed it in the plugin, and I looked there!