alt Hacker NewsPrecisely. 1Password's browser integration would have noticed a domain mismatch and refused to autofill the password -- but in a panic, Kurt apparently opened 1Password and then copied/pasted the credentials manually.
Replies
sergiotapia • yesterday at 10:52 PM
This is how they got my Steam account credentials, although I realized the stupid shit I did the second I clicked submit form, and reset my password to random 32 characters using bitwarden. Me! Someone who is deeply technical AND paranoid.
The key here is the hacker must create the most incisive, scary email that will short circuit your higher brain functions and get you to log in.
I should have realized the fact that bitwarden did not autofill and take that as a sign.
➕ show 2 replies
Which is why a properly working password manager is not a strong defense against phishing.