Manage account from apps

Manage account from apps

Feature function

  • Allow access to common account management features via “not the website.” possible examples managing organization, managing sharing passwords, making payments for service.
  • HTTPS can protect from a 3rd-party interjecting into the content, but it does not protect against compromised servers. Websites are dynamic code and no matter how much care you put into your code, a compromised network could change the code. Mobile and desktop apps are mostly protected from these attack vectors because it would not only require code changes, but deployment and signing the code. A simple hypothetical is someone messed with cloudflare javascript and added some code to skim passwords. Good luck doing that to a desktop app on my computer.

In the end, I really only want to be executing static signed code when accessing Bitwarden.