[thaumaturgy]

This is not an improvement over just using the click-to-login features of modern password managers.

Modern password managers generate strong random passwords and integrate with login forms in your desktop browser and on your mobile device. There are some exceptions with sites or applications that don't behave well, but as a general rule: you should not ever need to know any of your passwords anyway.

You should be clicking on whatever little icon is attached to login forms so that your password manager can autofill it for you. There shouldn't be an opportunity to add something to a password during login; you're just adding friction to a process that should be as frictionless as possible, because friction causes people to make bad decisions.

If the concern is that someone might be able to access your password manager, you should think harder about what it would mean for someone to have that level of access to your devices or data.

> [What if] your master password (the password to your password manager) is compromised...

Remote access for cloud-sync'd password managers should all have 2FA enabled anyway. You shouldn't be using anything even remotely simple for your master password. Local access to your password manager means you're screwed.

> [What if] someone gained temporary access to your unlocked system (computer or phone) when you stepped away

This is weird. Is this a thing? Are there people with private data in public environments who don't have the presence of mind to take their devices with them in to the bathroom but do have the presence of mind to dick about with their passwords every time they have to sign in to something? I'd pretty comfortably wager there's a much larger real risk from skilled phishing than from somebody in a hoodie rushing over while you're on the can regretting last night's last-minute Taco Bell trip.

[posix_me_less]

> you're just adding friction to a process that should be as frictionless as possible, because friction causes people to make bad decisions

Integrating a password manager with a browser is too fragile and risky way of using both. It is best to have them fully separated so they can't communicate. They should communicate exclusively via the user.

The login process should have some friction and should not be fully automated. Adding a secret domain-specific suffix to the password is very little friction for the user a gives obvious benefits: password manager does not know the password, it can't send it to other application (intentionally or by chance), it won't login the user by accident.

[methodsignature]

> Integrating a password manager with a browser is too fragile and risky way of using both. It is best to have them fully separated so they can't communicate. They should communicate exclusively via the user.

Which gets targeted more and why, the user or the password manager?

If you are suggesting that we should be manually entering passwords into sites as copied/observed from our password managers, that removes the anti-phishing benefits of password managers altogether by giving primary control back to the human. If I never type a password again, those hackers sending fake login page links "from my boss" will never gain me. Not so with no direct connection between my password manager and my browser.

[posix_me_less]

You have a point, but I think technical people here are more concerned about buggy or malicious or badly interacting local software than about them falling for such phishing attempts on websites. I may be wrong, and I agree verifying validity of URL is a nice feature. A feature that should be implemented by the browser as well.

[gegtik]

this requires you to only remember one horcrux to add a layer to security, and it survives key rotation. there is a difference.

[SpaethCo]

> Integrating a password manager with a browser is too fragile and risky way of using both. It is best to have them fully separated so they can't communicate. They should communicate exclusively via the user.

Passwords are about proving identity. Using high entropy passwords for greater confidence of user identity is only part of the equation, the user needs to be able to identify the validity of the service as well.

The greatest benefit of an autofill enabled password manager is it handles the task of URL validation before offering up credentials. When you split up that function, now it's back to relying on humans to get everything right on verifying credentials get submitted only to the intended service.

[posix_me_less]

Yes it has benefits but also drawbacks; I don't like the tradeoff. You have to give the password manager too great capabilities to achieve the autovalidation+autofill. Maybe if you check and compile the password manager yourself.

Also automating the process entirely means the login process can happen and succeed (or fail and disclose the password to attacker) without the knowledge of the human.

I don't have time for that, so I just run both browser and password manager isolated and copy and paste the password.