Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
diggan 2 days ago

> and a well constructed one is actually really easy to fall for

It really shouldn't though, and something you need to be personally responsible for. If it's still possible in 2025 for you to fall for phishing attempts, you're missing something, something that starts with a p and ends with a assword manager.

JW_00000 2 days ago | parent | next [-]

You must be joking. When I try to log in on Outlook I get redirected to 'microsoftonline.com' (suspicious), when I log in on Wikipedia it sends me to something called 'wikimedia.org' (typo squatter?). How the hell am I supposed to know whether npmjs.help or rustfoundation.dev are _not_ the official domains of those projects?

diggan 2 days ago | parent [-]

> You must be joking.

You must be joking, are you still not using a password manager at all?

When you create the username+password combo you either do it yourself, then put in the password manager the domain, or you use whatever the password manager infers at the registration page, then that's basically it, for most sites. Then 1% of the websites insist to use signin.example.com for login and signup.example.com for signup, so you add both domains to your password manager, or example.com.

Now whenever you login, you either see a list of accounts (means you're on the right domain) or you don't (which means the domain isn't correct). And before people whine about "autofill doesn't always work", it doesn't matter, the list should (also) show up from the extension modal/popup, so even if autofill doesn't work for that website, you'd be protected, since the list of accounts are empty for wrong domains.

It's really easy, and migrating to a password manager just sucks the first couple of days, every day after that you'd be happy you finally did it.

oguz-ismail 2 days ago | parent | prev [-]

Nah, I can manage my own ass words. I wouldn't trust a third party have access to all of them anyway

autoexec 2 days ago | parent [-]

Having a password manager that doesn't involve having to trust third parties is what keepass is for