We would like to see native authentication options within the browser extension as on Passwordstate Web Portal.
To be more specific, the browser extension should perform the exact same authentication flow as when trying to login to the web portal.
Users within an organization should generally not handle any kind of "Master Passwords" with some very rare exceptions. Instead most (and probably all larger companies) try to create a unified authentication experience with some IDPs like AzureAD.
In our case we integrate using SAML2 with AzureAD, where authentication, SSO, MFA, device compliance check and so on is performed. We do this for all internal applications in our organization and it´s the best suitable and manageable way with a great user acceptance.
Handling master passwords would be a security concern because users could simply store those password in an text file on the desktop f.e. which is practically impossible to control / audit. As we are humans, something like this will happen.
It is also a security concern as this eliminates the MFA / device compliance process in our case.
Also this is not a comfortable way and user acceptance of the browser extension is very limited. In our organization users prefer to login to Passwordstate web portal and copy the credentials they instead of managing a master password.
I understand that changing this behaviour is a lot of work because of existing API architecture and so on, but at least in my opinion this is the most needed feature from all.
Please be aware though that under no circumstances do we send credentials to any third party services, including Have I Been Pwned. Please see there documentation here, for how their API works - https://haveibeenpwned.com/API/v3
fecton.ernst.meinhart got a reaction from Mordecai in Native Authentication options in browser extension
