Comment by cataflam

3 months ago

I mostly agree and I do use one.

You only need read the whole thread however to see reasons why this would sometimes not be enough: sometimes the password manager does not auto-fill, so the user can think it's one of those cases, or they're on mobile and they don't have the extension there, or...

As a matter of fact, he does use one, that didn't save him, see: https://news.ycombinator.com/item?id=45175125

14 comments

cataflam

Reply
eviks  3 months ago

> sometimes the password manager does not auto-fill

So pick one that does? That's like its top 2 feature

> he does use one

He doesn't since he has no autofill installed, so loses the key security+ convenience benefit of automatch

  • acdha  3 months ago

    > So pick one that does? That's like its top 2 feature

    Still doesn’t work 100% of the time, because half of the companies on earth demote their developer time to breaking 1995-level forms. That’s why every popular password manager has a way to fill passwords for other domains, why people learn to use that feature, and why phishers have learned to convince people to use that feature.

    WebAuthn prevents phishing. Password managers reduce it. This is the difference between being bulletproof like Superman or a guy in a vest.

    • vinterson  3 months ago

      Given recent vuln of password manager extensions on desktop leaking passwords to malicious sites, I have disabled autofill on desktop... And autofill didn't work for me on ycombinator on mobile... Autofill is too unreliable.

    • eviks  3 months ago

      You don't need 100%, just a high enough frequency that you wouldn't get used to dismissing the fail on auto pilot. Perfect shouldn't be the enemy of the good?

    • sunaookami  3 months ago

      Then good password managers will still show you only the logins for that domain. If the login is on another domain then you would have saved it anyways when first logging in/registering and if the site moved then you can get suspicious and check carefully first.

      5 replies →

  • y1n0  3 months ago

    He didn't say it didn't have the autofill feature, he said sometimes it doesn't work. I've experienced this pretty routinely with two different managers.