[bittercynic]

I generally agree that you should let the user use the facilities they're used to, but if you have a habit of copying and pasting credentials you'll be more vulnerable to phishing.

Firefox and Chrome's built-in password management tools would never accidentally enter your credentials on a lookalike site, but you very well might.

[sbuttgereit]

That's all great, but then there are the times when they don't offer to copy the credentials where they should. Maybe the "correct" URL was too narrowly defined to be useful, or was taken from the setup context and is otherwise wrong for regular usage.... maybe the site changed their authentication process... etc. In the end, all of this tends to defeat the very resistance to the manual entry impulse you describe. If these password manager entry systems worked more flawlessly, your point would carry more weight... but having to defeat the protection your assertion relies upon is commonplace enough in legitimate purposes that it may well be nullified at all times.

In the end, as long as a site is going to use username/password authentication there will always be the need to educate users about what to expect sans the aid of tools.

[mox1]

And both of those built-in password management tools are actively targeted by credential harvesting malware.

[indymike]

> I generally agree that you should let the user use the facilities they're used to, but if you have a habit of copying and pasting credentials you'll be more vulnerable to phishing

This is like advising that glass sidelights be installed next to the vault door.

[PH95VuimJjqBqy]

> but if you have a habit of copying and pasting credentials you'll be more vulnerable to phishing.

non-sequitur.

getting phished results in the decision to enter the credentials. The mechanism for doing so is irrelevant to that decision.

[xboxnolifes]

Different security problem, not one that I have.