Not a strong defense, but it helps.

But it's also why sites that don't work well with a password manager are actively setting their users up to be phished.

Same with every site that uses sketchy domains, or worse redirects you to xyz.auth0.com to sign in.