As a newbie, I would recommend that BW follow the online design convention that means a username (email address)
Problem: Android app, Firefox and Chrome browser and extension, by default remember a users email address.
The browser extension and android app remember the users email address on a persistent basis, even when a device is rebooted.
The online convention is to give account holders the option to remember a user name (email address), BW breaks this by not giving user a choice NOT to remember the username (email name), this is poor operational security be design
Solution: Follow app, browser and extension design convention that ensures users have to opt-in for their username/email address to be remembered
Observations: Even when I use an incognito/private browser session, the BW extension remembers the username/email address and does so in a way that makes it appear impossible to remove the username/email address
For the Android app, the only way to remove the persistent retention of the username/email address is to deleted the app cache and data or uninstall app
There is merit in remembering this log in data, but that should be based upon explicit opt-in user choice.
I consider the balance between security and user convenience is wrong, persistent no choice pre-populating of user login data for a ‘keys to the kingdom’ password manager should end asap and BW should arrange for it’s next security audit to address and analyse these practices
Apologies if this request is duplicated, I have only just come to realise that BW persistently remembers the username/email address across various platforms