Comment by lxgr
7 hours ago
Does their Firefox extension not inject its own WebAuthN implementation into every visited site on Linux? It does for me on macOS (i.e. it overrides the OS/browser-provided one).
7 hours ago
Does their Firefox extension not inject its own WebAuthN implementation into every visited site on Linux? It does for me on macOS (i.e. it overrides the OS/browser-provided one).
As someone that uses a YubiKey for WebAuthN - I really wish Bitwarden didn't do this. I know I can turn it off, but it's a bad default.
Is this really how password managers extensions work? They inject arbitrary javascript in every page you visit?
I would have naively thought that there'd be a better and safer API for it, considering that all browsers already have the infrastructure in place to handle login autocomplete.