Comment by prmoustache
17 hours ago
> I don't understand how this solves the issue in this case.
I'd say since it is a local only tool, you don't really need to update it constantly provided you are a sane person that don't use a browser extension. It makes it easier to audit and yourself less at risk of having your tool compromised.
It doesn't have to be keypass though, it can be any local password management tool like pass[1] or its guis or simply a local encrypted file.
Why are browser extensions not sane in your opinion?
Browser password manager extensions are like putting a dog door on your reinforced vault door. Giant increase in attack surface.
Quite the contrary, actually: not using a browser extension makes you much more susceptible to phishing attacks, since your password manager won't be able to protect you from copy-pasting credentials into an imposter website.