[latexr]

> "human validation of domains" : not sure what you mean here but I think it's a theoretical problem, not a real one.

It’s a very real and not theoretical problem. For example, someone sends you a link to a Google Doc. You open it and the page looks exactly like the real deal, but the domain is `signin.googledocs.com` or `login.googgle.com`. Even a technical user could not be paying attention and be fooled by that, manually entering their email and password. Because a password manager would only auto-fill your password on the correct domain, you have an extra reason to be suspicious and note something is amiss.

[AlbertCory]

You missed the part where I said not to click on URLs people send.

[latexr]

But you do realise non-technical people (i.e. most of the world) will click those links, don’t you? Password managers have a convenient and secure solution to the problem and you’re offering an alternative which requires teaching and convincing everyone to act differently in a very specific situation to prevent a situation that rarely happens but is potentially catastrophic when it does.

[AlbertCory]

Everyone in the world is not reading Hacker News.

[latexr]

Exactly. Which is why it’s a good thing password managers exists. It means people don’t need to read specific advise about not clicking links, which is their purpose, on tech forums.

[AlbertCory]

"people don't need to read"

Any less sophisticated user needs to be told that. If you go to some classes for new computer users, I'm pretty sure that'll be in the first hour.

Anyhow, HN readers don't fall in that group.