[enitihas]

How does a website control autofill if the password manager extension does it?

Some stupid websites do block paste, but one can use an extension to force enable paste everywhere, which IMHO is required for one's sanity.

[creato]

It seems like when websites are just janky and/or non-standard, password managers struggle to understand what fields are username/password fields, or whether it is a login vs. signup vs. password reset form, etc.

To me, installing weird one-off extensions is a far bigger surface area of risk than just using OAuth.