[justusthane]

> I believe the point the article is making is that any browser extension to auto fill is inherently insecure for architectural reasons.

No, that is not what the article said. The article said that password managers that insert elements into the webpage are insecure. You don’t need need to do that to autofill passwords.

[paulryanrogers]

Can extensions auto fill without content scripts?

[justusthane]

I don't think the Bitwarden extension uses content scripts—at least, it doesn't insert any elements into the webpage, which seemed to be the main issue that the article was bringing up.

Just to be clear, when I say autofill I'm not suggesting that it fills in passwords with zero interaction, but when you're on a website that Bitwarden has a password for, it shows a little flag on the extension icon, and you can click on it to fill the password.