The problem
In this thread, I’m questioning the entire behaviour of the browser extension.
I think of the browser as the first line of attack, and so I have no trust in it.
When opening the vault from the extension… the entire vault is there, readily available.
Everything is possible: reading all passwords from all accounts is easy task.
Why is that so?
I think the extension should not have full access to the full vault.
Feature idea
Let’s imagine an alternative behaviour for the broswer extension:
- Cold start: the extension connects to the desktop app.
It requests a limited copy of the vault that does not contains passwords.
(only usernames + URIs) - When auto-filling: the extension requests the desktop app for an access to this specific set of credentials .
- Confirmation: the desktop app shows a confirmation popup:
“The browser {Chrome} wants access to your {website.com} password. [YES] [NO]” - When approving: the desktop app transmits ONLY the requested password/otp, and nothing else.
Advantages
- Full control over which passwords are allowed to get ouf of the vault, and when.
- Mostly safe vault, even if the browser is compromised.
- Easy login, no need to have the master password anywhere near the browser.