Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
hunter2_ 4 days ago

I agree, and this is arguably the best reason to use a password manager (with the next being lack of reuse which automatically occurs if you use generated passwords, and then the next being strength if you use generated passwords).

I generally recommend Google's to any Android users, since it suggests your saved password not only based on domain in Chrome browser, but also based on registered appID for native apps, to extend your point. I'm not sure if third party password managers do this, although perhaps it's possible for anti-monopoly reasons?

mcjiggerlog 4 days ago | parent | next [-]

I actually also received this phishing email, also read it while half-asleep after a 6 week break and clicked on it. Luckily I was saved by exactly this - no password suggestion made me double check the domain.

hunter2_ 3 days ago | parent [-]

Nice. It's basically a TOFU system (unfortunately disguised).

peaseagee 4 days ago | parent | prev | next [-]

I use Bitwarden on Android and on web and it is aware of app IDs and (usually) correctly maps them. If it's missing, you can force the mapping [yes this is moderately dangerous] and report it to Bitwarden so other users get the benefit.

tracker1 4 days ago | parent | prev [-]

I'm a pretty big fan of BitWarden/VaultWarden myself... though relatively recently something changed on my Android phone in that the password fills aren't working from inside my browser, I have to copy/paste from the app, which is not only irritating but potentially less safe.

Dayshine 4 days ago | parent [-]

Consider adding the widget/action to your quick actions: then to don't need to copy paste at least

hunter2_ 4 days ago | parent [-]

For those of us unfamiliar, can you describe the resulting UI pattern? Do you give focus to the password field and then tap a button at the top of the notification shade which automatically types (or gives a choice, if multiple are saved) whatever the password manager has for that site? I'm slightly surprised that something running in that context would know what site the browser has open.

tracker1 4 days ago | parent | next [-]

It appears to work... I wasn't even really aware I could add such a thing until the GP comment. I also managed to get the integrated use working... apparently there's now a separate config option for "chrome integration" and "brave integration" etc.

sunaookami 3 days ago | parent | prev [-]

It reads the browser URL through an accessibility service.