especially when the point of a password manager is to stick a plaintext string into a webpage, which then transmits the plain text to a remote server. passwords are just not a very good solution to keeping secrets.

▲

StilesCrisis 4 hours ago | parent [-]

Never enter your password into a website that doesn't use https.

▲

jonathanlydall 4 hours ago | parent [-]

*over any untrustworthy network.

To fair though, there are very few situations where the network is completely trustworthy, like your home network with no one else on it or a VPN direct to an HTTP server.

	▲	StilesCrisis 4 hours ago \| parent [-]
		My understanding was that if you have a valid https session, you are good. A really really untrustworthy network could MITM your SSL connections and impose itself in front of all of them (Cisco IronPort?) but I think even then your browser will complain unless you've installed a proxy that allows it or a custom root certificate.