[posix_me_less]

> you're just adding friction to a process that should be as frictionless as possible, because friction causes people to make bad decisions

Integrating a password manager with a browser is too fragile and risky way of using both. It is best to have them fully separated so they can't communicate. They should communicate exclusively via the user.

The login process should have some friction and should not be fully automated. Adding a secret domain-specific suffix to the password is very little friction for the user a gives obvious benefits: password manager does not know the password, it can't send it to other application (intentionally or by chance), it won't login the user by accident.

[methodsignature]

> Integrating a password manager with a browser is too fragile and risky way of using both. It is best to have them fully separated so they can't communicate. They should communicate exclusively via the user.

Which gets targeted more and why, the user or the password manager?

If you are suggesting that we should be manually entering passwords into sites as copied/observed from our password managers, that removes the anti-phishing benefits of password managers altogether by giving primary control back to the human. If I never type a password again, those hackers sending fake login page links "from my boss" will never gain me. Not so with no direct connection between my password manager and my browser.

[posix_me_less]

You have a point, but I think technical people here are more concerned about buggy or malicious or badly interacting local software than about them falling for such phishing attempts on websites. I may be wrong, and I agree verifying validity of URL is a nice feature. A feature that should be implemented by the browser as well.

[gegtik]

this requires you to only remember one horcrux to add a layer to security, and it survives key rotation. there is a difference.

[SpaethCo]

> Integrating a password manager with a browser is too fragile and risky way of using both. It is best to have them fully separated so they can't communicate. They should communicate exclusively via the user.

Passwords are about proving identity. Using high entropy passwords for greater confidence of user identity is only part of the equation, the user needs to be able to identify the validity of the service as well.

The greatest benefit of an autofill enabled password manager is it handles the task of URL validation before offering up credentials. When you split up that function, now it's back to relying on humans to get everything right on verifying credentials get submitted only to the intended service.

[posix_me_less]

Yes it has benefits but also drawbacks; I don't like the tradeoff. You have to give the password manager too great capabilities to achieve the autovalidation+autofill. Maybe if you check and compile the password manager yourself.

Also automating the process entirely means the login process can happen and succeed (or fail and disclose the password to attacker) without the knowledge of the human.

I don't have time for that, so I just run both browser and password manager isolated and copy and paste the password.