• HubertManne@moist.catsweat.com
    link
    fedilink
    arrow-up
    15
    ·
    5 months ago

    Im not so sure about your number 1. Fine if otherwise they won’t use one but personally I use bitwarden online for unimportant ones and a local keypass for important ones.

    • kevincox
      link
      fedilink
      arrow-up
      11
      ·
      edit-2
      5 months ago

      The reason I say browser password manager is two main reasons:

      1. It is absolutely critical that it checks the domain to prevent phishing.
      2. People already have a browser and are often logged into some sort of sync. It is a small step to use it.

      So yes, if you want to use a different password manager go right ahead, as long as it checks the domain before filling the password.

      • dev_null
        link
        fedilink
        arrow-up
        5
        ·
        5 months ago

        What do you mean a password manager that checks the domain? Isn’t the auto fill based on the domain? I can’t imagine how a password manager could fill a password without checking the domain, it wouldn’t know which password to fill after all. Do any actually exist?

        • kevincox
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          There are some password managers where you need to either manually look up passwords and copy+paste or autotype them or select the correct password from a dropdown. Some of these will come with an optional browser extension which mitigates this but some don’t really tract domain metadata in a concrete way to do this linking.

          Some examples would be Pass which doesn’t have any standard metadata for domain/URL info (although some informal schemes are used by various tools including browser-integration extensions) and KeePass which has the metadata but doesn’t come with a browser extension by default.

          • dev_null
            link
            fedilink
            arrow-up
            3
            ·
            5 months ago

            I see, so you mean manually getting the password out of the manager instead of domain based autofill.