Curious, do you use a password wallet/manager application, and if so how do you ...

nathancahill · on Oct 20, 2016

I think his point is that running the entire Angular 1.x framework to power a browser extension gives a large attack surface.

gima · on Oct 20, 2016

Yes. And to answer nchelluri's question: Auto-typing, though I believe that's available only on desktop operating systems.

nixos · on Oct 20, 2016

> though I believe that's available only on desktop operating systems.

And on Android (where you set up the password manager as a custom keyboard), and possibly an iPhone

nchelluri · on Oct 20, 2016

Thanks for the clarification.

ploxiln · on Oct 20, 2016

copy/paste. you can't trust password manager browser extensions.

Don't just take my word for it: https://twitter.com/taviso/status/769378052254015488

There were a few high profile ones recently reported by Tavis, but there have been many in the past, and it looks like no brand of password manager has consistently written safe browser extensions. They're written to be slick-looking and convenient, the actual security isn't visible enough to be a sales/popularity boost so it suffers. This very story/issue is another example in the making.

andrewstuart2 · on Oct 20, 2016

GNU password manager for me, which interacts with the clipboard (or lets you do so on your own if you prefer).

The same is true of Keepass for windows, although IIRC you can also let Keepass actually alt-tab to the last window and do the typing for you.

NeutronBoy · on Oct 20, 2016

I use Keepass with auto-type. I know it's not perfect, but I feel better about auto-type than browser extensions.