Yeah. That's what I don't want. So how do you prevent someone doing just that? They have Chrome open. They then confirm setup in Firefox using Chrome on the same device.
When pairing a new device (or in this case a new browser), that device doesn't automatically get any keys! When adding a new device, to complete the setup you also have to be able to unlock a password group, for which you need another device that already has keys.
In short, a new device doesn't have the same power as the others from the start, first new keys have to be generated which can only happen if you are able to unlock your passwords.
So just don't setup both the Firefox and Chrome extension and you're golden.
That's pretty interesting. It's a trade-off between remembering a password and making sure you have enough devices. I personally would trust my brain (and a backup piece of paper) more than one of my devices that might die at any moment. I use KeePass, but NoKey seems great.
But wouldn't you agree that your brain + NoKey instead of a piece of paper as a backup would be more secure? And more convenient, as you don't have to type your passwords anymore.
I don't wanna push you, just wanna give you some things to think about. As long as you use strong and unique passwords everywhere you're good.
Also, it's not a big problem if one of your devices dies, as long as you paired enough devices you won't lose any passwords.
In short, a new device doesn't have the same power as the others from the start, first new keys have to be generated which can only happen if you are able to unlock your passwords.
So just don't setup both the Firefox and Chrome extension and you're golden.