upvote

points

by worble22 hours ago |
comments
upvoteby FreePalestine19 hours ago|
next
[-]
That is the problem, syncing isn't the most trivial problem especially for non technical folks. User experience is far superior in a fully managed solution.
reply
upvoteby aborsy21 hours ago|
prev|
[-]
How is the quality of browser extensions compared to Bitwarden?
reply
upvoteby worble21 hours ago|
parent|
next
[-]
I don't have any points of comparison since I've never used Bitwarden, but it works well enough for my purposes. It'll match the url, offer to autofill (sometimes those multiflow sites like Microsoft will trip it up, but you can always just right click -> enter username/password for a site and that'll work), and it does TOTP filling too.
reply
upvoteby prmoustache17 hours ago|
parent|
prev|
[-]
You don't use a browser extension if you are serious about security anyway.
reply
upvoteby TheDong9 hours ago|
parent|
next
[-]
You do use the browser extension because it's a strong anti-phishing defense.

If someone links me to "rnicrosoft.com" with a perfectly cloned login page, my eyes might not notice that it's a phishing link, but my browser extension will refuse to autofill, and that will cause me to notice.

Phishing is one of the most common attacks, and also one of the easiest to fall for, so I think using the browser extension is on-net more secure even though it does increase your attack surface some.

I know proper 2fa, like webauthn/fido/yubikeys, also solves this (though totp 2fa does not), but a lot of the sites I use do not support a security key. If all my sites supported webauthn, I think avoiding the browser extension would be defensible.

reply
upvoteby prmoustache7 hours ago|
parent|
[-]
Not having an account for every single damn website + only login from websites you actually entered without following a link goes a long way to avoid that.

Sure there may be existence of typosquatting here and there but they tend to be much easier to spot vs the phising url using unicode variants.

reply
upvoteby gck116 hours ago|
parent|
prev|
next
[-]
How do you autofill from your db then?
reply
upvoteby prmoustache15 hours ago|
parent|
[-]
I don't autofill. It may be less user friendly but it is not that big of a deal.
reply
upvoteby nathanmills12 hours ago|
parent|
[-]
I don't save browser cookies for obvious privacy reasons and it's absolutely a big deal to not need to pull up some program and copy paste my login details constantly for every site.
reply
upvoteby prmoustache8 hours ago|
parent|
next
[-]
I try to limit my account creation to the minimum. HN is one of the few, for the better or for the worse as sometimes I just think I should nuke it and stop wasting time commenting.
reply
upvoteby eipi10_hn11 hours ago|
parent|
prev|
[-]
I usually just use another profile for the stuff that I clear cookies when closing the profile. The other profiles I just use for a limited of sites that need logging in, each site is in its own container and I don't browse other sites on those profiles.

If I ever need to fill the login, I just do any of these:

- KeepassXC has auto-type feature, so I just choose the needed one and let it auto-type - I enable the extension only when I need to log in and choose the one I need to fill (not auto-fill, but only fill when I click on the account from the extension pop-up dashboard).

reply
upvoteby nextlevelwizard9 hours ago|
parent|
prev|
[-]
I guess I better just use same password everywhere then…
reply