It’s not just navigating the pwd mgr; it’s also all the 2FA. Or do you integrate the two? If so, why? The whole point of 2FA is to be separate from one’s passwords for greater security.
It’s integrated for convenience and suits my threat model. 2FA for the password manager is separate though. Isn’t the whole point of 2FA to secure your account even if an attacker get their hands on your login info? Keeping it separate is just another layer of protection, no?
Each website must request and be granted by the user that explicit permission. Barring that, a bad actor would have to physically access your computer to install a keylogger (or I suppose one could be installed through a phishy attachment). Clipboard-stealing isn’t anywhere near as big of an issue as cookie-/session-stealing.
Just add exceptions for the sites you login to. You already have a user account on their site, deleting cookies at the end of each session won’t do much for these sites anyway.
That’s very annoying
Meh, not really. It only takes a few extra seconds and keytaps to logon with a password manager.
Accidentally closing the browser when not done however, that’s annoying
It’s not just navigating the pwd mgr; it’s also all the 2FA. Or do you integrate the two? If so, why? The whole point of 2FA is to be separate from one’s passwords for greater security.
I have the same, but I have a hardware key.
Log in with the password manager and then tap my key.
It’s integrated for convenience and suits my threat model. 2FA for the password manager is separate though. Isn’t the whole point of 2FA to secure your account even if an attacker get their hands on your login info? Keeping it separate is just another layer of protection, no?
I have a password database that is secure and offline.
Why the hell would I want my browser to store my passwords/session data?
Do you get autofill?
Hell no.
Copy, paste. Done.
aint there stuff that can read your clipboard?
Each website must request and be granted by the user that explicit permission. Barring that, a bad actor would have to physically access your computer to install a keylogger (or I suppose one could be installed through a phishy attachment). Clipboard-stealing isn’t anywhere near as big of an issue as cookie-/session-stealing.
good to know
it’s a couple clicks on Proton Pass. takes 6 seconds.
minor inconveniences are the cost of privacy and security.
Just add exceptions for the sites you login to. You already have a user account on their site, deleting cookies at the end of each session won’t do much for these sites anyway.
Is cross domain tracking resolved?