alt Hacker NewsIntegration points increase the risk of compromise. For that reason, I never use the desktop browser extensions for my password manager. When password managers were starting to become popular there was one that had security issues with the browser integration so I decided to just avoid those entirely. On iOS, I'm more comfortable with the integration so I use it, but I'm wary of it.
Replies
WhyNotHugo • today at 5:27 PM
In theory the browser integration shouldn’t leak anything beyond the credentials being used, even if compromised.
When you use autofill, the native application will prompt to disclose credentials to the extension. At that point, only those credentials go over the wire. Others remain inaccessible to the extension.
The problem is that the UX with a browser extension is so much better.