Comment by lxgr
11 hours ago
Does their Firefox extension not inject its own WebAuthN implementation into every visited site on Linux? It does for me on macOS (i.e. it overrides the OS/browser-provided one).
11 hours ago
Does their Firefox extension not inject its own WebAuthN implementation into every visited site on Linux? It does for me on macOS (i.e. it overrides the OS/browser-provided one).
Is this really how password managers extensions work? They inject arbitrary javascript in every page you visit?
I would have naively thought that there'd be a better and safer API for it, considering that all browsers already have the infrastructure in place to handle login autocomplete.
As someone that uses a YubiKey for WebAuthN - I really wish Bitwarden didn't do this. I know I can turn it off, but it's a bad default.