• kevincox
    link
    fedilink
    arrow-up
    11
    ·
    edit-2
    6 months ago

    The reason I say browser password manager is two main reasons:

    1. It is absolutely critical that it checks the domain to prevent phishing.
    2. People already have a browser and are often logged into some sort of sync. It is a small step to use it.

    So yes, if you want to use a different password manager go right ahead, as long as it checks the domain before filling the password.

    • dev_null
      link
      fedilink
      arrow-up
      5
      ·
      6 months ago

      What do you mean a password manager that checks the domain? Isn’t the auto fill based on the domain? I can’t imagine how a password manager could fill a password without checking the domain, it wouldn’t know which password to fill after all. Do any actually exist?

      • kevincox
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        There are some password managers where you need to either manually look up passwords and copy+paste or autotype them or select the correct password from a dropdown. Some of these will come with an optional browser extension which mitigates this but some don’t really tract domain metadata in a concrete way to do this linking.

        Some examples would be Pass which doesn’t have any standard metadata for domain/URL info (although some informal schemes are used by various tools including browser-integration extensions) and KeePass which has the metadata but doesn’t come with a browser extension by default.

        • dev_null
          link
          fedilink
          arrow-up
          3
          ·
          6 months ago

          I see, so you mean manually getting the password out of the manager instead of domain based autofill.