@caden_sumner1 The app on the phone is offline. For Android, you can check the app permission on Google Play Store or phone settings. Check out: https://www.bluespace.tech/blog/.... For iOS, you can check app activity in the latest iOS 15 system. Check out: https://www.bluespace.tech/blog/.... It keeps offline all the time even when you're using autofill on the desktop browser extension. - How does the app get the filling information? 1. The extension encodes the filling information into a QR code and shows it on the screen. 2. ID Guard Offline app scans the QR code to get the filling information, WITHOUT Internet access. - How does the app send a password to the extension? ID Guard Offline app launches a mobile browser to run a web app which then sends an encrypted username and password to the extension. It is simple to view the source code of a web app, so anyone can audit the code to see whether it is safe.

@caden_sumner1 Why much safer than other extension password managers? We can make a comparison on the 4 attack surfaces. 1. Internet permission Malicious codes in web pages and bad browser extensions might be able to extract passwords from extension password managers. Check out: https://thehackernews.com/2016/0... Bad employees or hackers who break into the cloud can attack from the cloud side. They might be able to inject bad code into service pages to extract master passwords or encryption keys when a hacked page is loaded by the extension. ID Guard Offline extension is much safer. As we know, it might be impossible to prevent all network attacks. Bad code in web pages or bad browser extensions might still be able to steal the filling password. But it is impossible to grab all passwords because they are staying safe on the smartphone. 2. Persistent storage Lots of programs running on Windows or other desktop OS can access data stored by Chrome, including password databases, cookies, and other important data kept by extension password managers. If a user enables remembering the master password, bad programs can decrypt all passwords just like the extension password manager. If not, the master password is the only obstacle. Though master passwords must be unique, complex, and long, lots of users still use weak passwords or reuse them. And more, master passwords can be recorded by Keyloggers. ID Guard Offline extension does not reveal this attack surface. 3. UI Sean Cassidy demonstrated a Pixel-perfect Phishing technology to steal passwords in his blog, https://www.seancassidy.me/lostp.... Phishing is usually attained by misdirecting users to enter their password into a spoofing UI faked by malicious programs. It is effortless to make a UI clone. Browsers do not offer many UI components for extensions to make them distinct from cloned UI. ID Guard Offline extension has NO account, NO registration, and NO login, so it has NOTHING to be phished. 4. Web DOM This is a unique attack surface of browser extensions. We demonstrated how to steal passwords by manipulating the UI of a password manager with the DOM API in the video at the beginning of the article, https://www.bluespace.tech/blog/.... If there are some proper vulnerabilities that can be used, it might be able to grab passwords with zero-click. When using ID Guard Offline extension, users need to scan the QR code to fill password, so they must know what they are doing. Malicious programs can never attack the filling password without perception.

@caden_sumner1 You can back up your data in encrypted form, and then store it on your USB disk, your other devices, or the private cloud services that you trust. If your phone is lost or stolen, you can restore the backup on your new phone to view and manage your data.