Comment

Comment on Password manager by Amazon

Serinus@lemmy.world ⁨3⁩ ⁨weeks⁩ ago

Bitwarden will only autofill if the domain matches.

Sort:hotnew top

gaylord_fartmaster@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
Right, “maliciously sneak”, as in they’ve either gained access to make changes to the site ditectly, or they’ve found a way to inject their scripts to steal creds.

source
- Serinus@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
  And how is that any different from not having a password manager?
  
  source
  - gaylord_fartmaster@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    
    They don’t even have to be visible to the user and bitwarden will fill them in as soon as the page loads.
    
    I guess you didn’t read most of the comment.
    
    source
    Cocodapuf@lemmy.world ⁨3⁩ ⁨weeks⁩ ago
    No, be did, here’s where the confusion is.
    
    Serinus is asking if the site in question needs to be compromised. In other words, can the attacker compromise a random site to fool your password manager into entering credentials for Gmail.com, or does the attacker have to compromise Gmail.com to do that?
    
    Because those two attacks are very different levels of complexity.
    
    And frankly, if someone compromises the site you’re actually trying to visit, there’s simply no defense against that at all.
    
    source