[paulryanrogers]

> 4. Browser support: KeePassXC-Browser. Allows you to autofill your username / password / TOTP from your KeePassXC application to Chrome / Firefox.

I believe the point the article is making is that any browser extension to auto fill is inherently insecure for architectural reasons.

I find it odd someone so serious about password managers would recommend KeePassX which hasn't seen a release since 2016. Perhaps they meant the KeePassXC fork.

[justusthane]

> I believe the point the article is making is that any browser extension to auto fill is inherently insecure for architectural reasons.

No, that is not what the article said. The article said that password managers that insert elements into the webpage are insecure. You don’t need need to do that to autofill passwords.

[paulryanrogers]

Can extensions auto fill without content scripts?

[justusthane]

I don't think the Bitwarden extension uses content scripts—at least, it doesn't insert any elements into the webpage, which seemed to be the main issue that the article was bringing up.

Just to be clear, when I say autofill I'm not suggesting that it fills in passwords with zero interaction, but when you're on a website that Bitwarden has a password for, it shows a little flag on the extension icon, and you can click on it to fill the password.

[Dedime]

I should probably just switch to using the autotype functionality built in, though much of my security concerns are allayed by the fact that KeePassXC prompts me in the application each time a website requests to use a password.