You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that if I login to my Firefox account on a brand new device (or brand new Firefox profile), the SimpleLogin extension automatically logs in to SimpleLogin too.
I understand this is convenient, but I wonder if it is a security risk?
If someone manages to compromise my Firefox account, then they also automatically get access to SimpleLogin via the extension.
FWIW, other extensions don't do this (e.g., Bitwarden); they are logged out and explicitly require logging in before granting access.
The text was updated successfully, but these errors were encountered:
I agree, I think that API keys should be saved in local storage. I think this is currently happening because all settings are saved in sync storage. It should be fairly simple to move just the API values to local storage, but this may require users to re-input their API keys. What do you think about this @nguyenkims?
I noticed that if I login to my Firefox account on a brand new device (or brand new Firefox profile), the SimpleLogin extension automatically logs in to SimpleLogin too.
I understand this is convenient, but I wonder if it is a security risk?
If someone manages to compromise my Firefox account, then they also automatically get access to SimpleLogin via the extension.
FWIW, other extensions don't do this (e.g., Bitwarden); they are logged out and explicitly require logging in before granting access.
The text was updated successfully, but these errors were encountered: