[AnIdiotOnTheNet]

You assume that any malware that is in a position to log keyboard and clipboard events is somehow not in a position to do things like install its own trusted certificate, perform dll injection, or otherwise intercept the password anyway. Not to mention that with all the other things it has access to it might not need said password to fuck up your life.

Its a poor argument for choosing browser extensions over cut & paste because the circumstances where it has an advantage are incredibly specific.

[Latty]

> Its a poor argument for choosing browser extensions over cut & paste because the circumstances where it has an advantage are incredibly specific.

I agree that malware that has that power could do something else, but the parent post incorrectly asserted that the specific attack of keylogging would work, which it doesn't. I wasn't arguing that as the reason to use them over copy/paste.

The main thing extensions save you from is phishing attacks because they verify the origin of the page is correct for the entry, which is a really common attack and a hard thing for humans to verify consistently, and doesn't require any malware on your machine.

[selykg]

Of course, but in the case that the app is not actually "attacking" you, and is instead just poorly written and/or poorly thought out you're reducing your risk.

A lot of time you can attribute compromises to ignorance rather than malice.

So an app that is stupidly logging the clipboard and doing dumb things with that data, rather than being a malicious app.

Not much can help you if an app on your machine is in a position of power.