Comment on Password manager by Amazon
6nk06@sh.itjust.works 1 day agoPassword managers check the URL before giving its data. A human being can be fooled into giving it to a fake web site.
Comment on Password manager by Amazon
6nk06@sh.itjust.works 1 day agoPassword managers check the URL before giving its data. A human being can be fooled into giving it to a fake web site.
MentalEdge@sopuli.xyz 1 day ago
Except they can be fooled too.
Bitwarden warns against using autofill on load for that very reason, as then simply loading a malicious page might cause it to provide passwords to such a site.
Darkassassin07@lemmy.ca 1 day ago
You’ve always got the human element, bypassing security features; but extra little hurdles like a password manager refusing to autofill an unknown url is at least one more opportunity for the user to recognize that something’s wrong and back away.
Serinus@lemmy.world 1 day ago
Wait, what? How does autofill get fooled?
gaylord_fartmaster@lemmy.world 19 hours ago
Someone manages to maliciously sneak username and password fields onto a site that store what is entered as soon as it’s typed. They don’t even have to be visible to the user and bitwarden will fill them in as soon as the page loads.
Serinus@lemmy.world 19 hours ago
Bitwarden will only autofill if the domain matches.
lmmarsano@lemmynsfw.com 19 hours ago
Makes it harder: when I go to the wrong website, the manager simply doesn’t suggest credentials (it does not have) for it. That causes me to wonder why.
Without a password manager, a user is never prompted to wonder. They’d simply not notice.