alt Hacker NewsDoes their Firefox extension not inject its own WebAuthN implementation into every visited site on Linux? It does for me on macOS (i.e. it overrides the OS/browser-provided one).
Replies
tredre3 • yesterday at 11:27 PM
Is this really how password managers extensions work? They inject arbitrary javascript in every page you visit?
I would have naively thought that there'd be a better and safer API for it, considering that all browsers already have the infrastructure in place to handle login autocomplete.
As someone that uses a YubiKey for WebAuthN - I really wish Bitwarden didn't do this. I know I can turn it off, but it's a bad default.