•  kevincox   ( @kevincox@lemmy.ml ) 
    63 months ago

    The reason I say browser password manager is two main reasons:

    1. It is absolutely critical that it checks the domain to prevent phishing.
    2. People already have a browser and are often logged into some sort of sync. It is a small step to use it.

    So yes, if you want to use a different password manager go right ahead, as long as it checks the domain before filling the password.

    •  dev_null   ( @dev_null@lemmy.ml ) 
      43 months ago

      What do you mean a password manager that checks the domain? Isn’t the auto fill based on the domain? I can’t imagine how a password manager could fill a password without checking the domain, it wouldn’t know which password to fill after all. Do any actually exist?

      •  kevincox   ( @kevincox@lemmy.ml ) 
        23 months ago

        There are some password managers where you need to either manually look up passwords and copy+paste or autotype them or select the correct password from a dropdown. Some of these will come with an optional browser extension which mitigates this but some don’t really tract domain metadata in a concrete way to do this linking.

        Some examples would be Pass which doesn’t have any standard metadata for domain/URL info (although some informal schemes are used by various tools including browser-integration extensions) and KeePass which has the metadata but doesn’t come with a browser extension by default.