so i currently dont autofill details.
but im thinking it would be a nice convenience to.
i know PG only approve 1 or 2 extensions on browsers, but how about the bitwarden app on phone?
i assume that can autofill.
is there a security/privacy risk to autofill vs not autofill?
what do u peeps do?
I think auto-fill has some benefit but it has to be actively be noticed by you, the user:
Lets say you have a website, lets call it
wallet.com. Your auto-fill will work but if I sent you a malicious link to steal your password at a link that looks like
wallet but is actually
waliet with a capital “i” as in
walIet.com, you might not catch it and copy paste it anyway, negating the benefit. In previously seen attacks, Cyrillic characters were usually used for this.
So it should be more secure.
The flip side is that you have also increased attack surface. You have now additional code running, in the form of your addon that theoretically, malicious actors could use, should they find vulnerable code in the installed addon, or in the interface between the addon and browser.
In the end, it is a matter of convenience. You wont be immune from phising attacks anyway just because you have an addon.
k so id be happy to only enable the app autofill on android and not the desktop addon. Assuming u need the browser addon to make the autofill work.