How about a password for in-browser credentials manager? For example how about one letter password? How would it affect browser behaviour against these scripts?
Why not use a hot-key to fill in the visible on-screen username/password boxes on-demand with your approval?
I use KeePass, it sits in an encrypted file container which I usually mount read-only and doesn't integrate with a browser at all. KeePass runs in sandboxie with no internet access but with direct access to it's database (within the encrypted file container). I've honestly no idea why people use cloud based or browser integrated password managers. Ease of use > privacy/security for the majority of people I guess. I'd recommend everyone use a password manager, but one that's permanently offline and seperated from any internet facing application.
Enpass doesn't auto-fill. Also: https://www.ghacks.net/2017/12/31/how-web-trackers-exploit-password-managers/
Password managers that don't auto-fill are definitely a bonus; but such specific content blocking is mostly useless here. Yes you can blacklist specific ad domains that are using this to gain information on users, but all third parties (legitimate or compromised) could extract this information too. When it comes to something as important as a password manager, relying on blacklists is never a good idea. My take is that if your password manager has a browser addon, then your passwords are compromised as soon as your browser is compromised. Your internet browser is your most public facing and vulnerable software, and the majority of updates for every browser include fixes for critical and exploitable security issues. Keep password managers seperate from internet facing applications and take the small hit when it comes to ease of use.
Yes correct, it's probably not a good idea. But I'm personally also getting a bit fed up having to manually copy and paste usernames/passwords from KeePass to the browser. It does have an auto-fill option but I never got it to work. But none of the big password managers are good enough for me, and no way I would trust an extension to auto-fill passwords.
