Port all webclient-only settings to the mobile/desktop apps

Whilst I very much prefer Bitwarden over something like KeePass, something that has kept bugging me ever since switching is the fact that I need to use the webclient every now and then.
There is abosuletely no guarantee that the javascript delivered to the user’s browser hasn’t been a malicious version that steals the masterpassword at some point. I understand why it’s there from a useabillity standpoint but client-side encryption really shouldn’t be done in the browser, especially not if it’s used to manage all of your passwords.

We could argue about the security of client-side encryption through javascript in the browser but ultimately I just wish there was an option to avoid it altogheter. Currently there are quite a few features that are only exposed through the webclient forcing you to use it at some point. such as:

  • changing the masterpassword, key derivation
  • setting up 2FA

It’d be great if these (and all the other tools and settings) were available in the mobile/desktop clients.