[porridgeraisin]

I agree with your overarching point.

But, how exactly does being able to install a keylogger on someone's computer mean you can also break memory integrity and steal data from the browser's memory?

From what I know, windows keylogger "services" were very popular some 10 years ago and hence the banks rushing to "fix" it.

[xp84]

Also, keyloggers don’t have to be in software (for a desktop, I suppose). You can buy one that simply plugs in between keyboard and computer. In this way, I can sympathize with the onscreen idea, however it’s criminal to not at least include a password field that is detectable by all password managers so that it “just works” for them.

(And also criminal to have a password max, short of like 1MB — even then the only reason for the limit is to slightly reduce the harm of some kind of weird DDOS against your login endpoint - whenever I see a password max I always assume this site is so dumbly implemented that they aren’t hashing my password but storing it in plaintext or reversible encrypting it.)

[bakugo]

> But, how exactly does being able to install a keylogger on someone's computer mean you can also break memory integrity and steal data from the browser's memory?

On Windows at least, any process can read any other process' memory as long as it's running under the same user.