this post was submitted on 24 Jun 2024
441 points (98.0% liked)

Asklemmy

44151 readers
1120 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] kevincox@lemmy.ml 11 points 6 months ago* (last edited 6 months ago) (1 children)

The reason I say browser password manager is two main reasons:

  1. It is absolutely critical that it checks the domain to prevent phishing.
  2. People already have a browser and are often logged into some sort of sync. It is a small step to use it.

So yes, if you want to use a different password manager go right ahead, as long as it checks the domain before filling the password.

[โ€“] dev_null@lemmy.ml 4 points 6 months ago (2 children)

What do you mean a password manager that checks the domain? Isn't the auto fill based on the domain? I can't imagine how a password manager could fill a password without checking the domain, it wouldn't know which password to fill after all. Do any actually exist?

[โ€“] kevincox@lemmy.ml 2 points 6 months ago (1 children)

There are some password managers where you need to either manually look up passwords and copy+paste or autotype them or select the correct password from a dropdown. Some of these will come with an optional browser extension which mitigates this but some don't really tract domain metadata in a concrete way to do this linking.

Some examples would be Pass which doesn't have any standard metadata for domain/URL info (although some informal schemes are used by various tools including browser-integration extensions) and KeePass which has the metadata but doesn't come with a browser extension by default.

[โ€“] dev_null@lemmy.ml 3 points 6 months ago

I see, so you mean manually getting the password out of the manager instead of domain based autofill.

I was a bit confused on this to. Are their ones that constantly spam all your passwords at every opportunity???