undefined | Better HN

0 pointsvorpalhex2y ago0 comments

Mobile apps, slightly tweaky domain names (which happens normally), much less fancy xss type attacks, plus general data exfil.

0 comments

eviks2y ago

Mobile BW app also wouldn't fill a password for a different domain

kiwijamo2y ago

Can confirm this. Additionally, the Bitwarden app on mobiles also checks the app name (i.e. the 'com.company.appname' not the 'user friendly' name). It takes an extra step to 'force' Bitwarden to use a username/password if the name/domain does not match the name/domain(s) recorded against the username/password which adds a nice bit of friction.

lxgr2y ago

There not even being an extra step is still much safer, no?

1 more reply

j / k navigate · click thread line to collapse