WIcheese

Not sure this is the same issue so I'll create a new one- but potentially related: on Windows, 1.3.2 and the new 1.4.0 draft release are both not encrypting passwords...

This extension is the only viable way for end-to-end encrypted services which previously derived keys from user passwords to go passwordless without giving up end-to-end encryption.

This is not what passkeys were meant for... they are supposed to be protected by hardware and non-exportable - and if the keys are escrowed (non-device-bound passkeys), they are escrowed...

@erayd > Remember also that many browserpass users _are in fact using a hardware token for decryption_; the assertion that the private key is sitting in system memory is not...