Viewing a single comment thread. View all comments

OppositeCode t1_j1gxe32 wrote

Yes, unless you are logged in your vault won't be decrypted. I assume you mean something similar to this?

Correct me if I'm wrong, but I assume the website match should be done locally otherwise it would be encrypted.

Browser extensions are a weak point but it also prevents everyday people from getting phished. As if the domain is not matching, you won't be able to fill your information (since it won't show).

As always, if you don't trust cloud you can either self host or use a local password manager.


scruffles360 t1_j1gymq9 wrote

That may be similar. When you go to a login page and LastPass tells you you have 4 accounts on that site.. it gets that information using the unencrypted URLs. It doesn’t log you into your vault unless you try to use one of them. (There are settings to leave you logged in, but they discourage that).

I’m going to have to do some research and see what’s out there.


OppositeCode t1_j1gz5yx wrote

I'm not a developer so it would be your best bet to ask in different subreddits such as: r/privacy r/PrivacyGuides r/Bitwarden