undefined | Better HN

0 pointscookiecaper8y ago0 comments

Please understand that browser integration is the Achilles' Heel of password managers. While you get the convenience of autofill, you're also bringing access to your password database into the browser's attack surface. Bugs in the browser sandbox or improper extension implementations can allow rogue sites to get the goods. There have been multiple instances of major password manager extensions leaking secrets just in the last year.

Copying and pasting may be annoying, but it's much safer, especially if you use a program that will autoclear your clipboard for you (KeePass 2 does this after 12 seconds by default).

0 comments

2 comments · 1 top-level

andrew37268y ago· 1 in thread

I agree that browser integration is troublesome. To circumvent having to use a browser extension I use rofi-pass[0] which is a external script (using rofi/dmenu and pass), so no browser integration. But it features autofill which is extremely convenient.

[0] https://github.com/carnager/rofi-pass

likeclockwork8y ago

Also using rofi-pass, really it's better than browser integration. Especially if you bind it to a hotkey.

j / k navigate · click thread line to collapse