Hello,
I got this idea last night:
If 2FA is configured, since account security is already reduced when using the browser extension with a master password (2FA only required while setting up the extension initially), not to mention the reduced security when using a numerical pin.
Why not have the option, to require a yubikey tap (if configured), in order to autofill or view a password, when the vault is unlocked?
In a sense this would serve as an additional layer of protection.
Also, if the browser extension files are compromised by a malicious actor, and even if that actor gets a hold of the master password/pin, they wouldn’t be able to use the data without the physical Yubikey.
Let me know what you folks think!