HackerTrans
TopNewTrendsCommentsPastAskShowJobs

password-app

no profile record

Submissions

Harvard Study: 36% of AI Agent Usage Is Productivity, Account Management Is #2

thepassword.app
2 points·by password-app·قبل 7 أشهر·0 comments

[untitled]

1 points·by password-app·قبل 9 أشهر·0 comments

comments

password-app
·قبل 7 أشهر·discuss
Browser automation finally works reliably enough for most tasks. Vision models have gotten good enough that AI agents can navigate dynamic websites without breaking on every UI change.

I've been using this for automated password rotation after breach notifications. The agent handles navigation while credentials are injected locally—LLM sees the page but never actual password values. When 2FA is required, OTP extraction happens via local regex, not AI.

~89% success rate on standard sites. Turns 6+ hours of tedious credential rotation into 40 minutes of supervision.

The gap between Google's research and "AI that saves me time today" is closing fast.

https://thepassword.app (Mac app I built for this)
password-app
·قبل 7 أشهر·discuss
Congrats on shipping v1. The "sense-think-act" architecture is exactly what's needed for agentic workflows.

Re: the login handling discussion upthread—I've been using browser-use for automated password rotation (breach response use case). Two patterns that might be relevant to Vibium's roadmap:

Credential injection: Instead of putting passwords in the prompt, pass them via a sensitive_data parameter. The agent calls enter_password() without the value ever appearing in LLM context. Solves the "blast radius" concern several people raised.

Deterministic 2FA handling: When email verification is required, open Gmail in a new tab, but extract OTPs with local regex—not AI. The LLM orchestrates navigation; code extraction stays local. Handles ~90% of email 2FA automatically.

These patterns should work with any browser automation framework. Built a Mac app around this: https://thepassword.app

Would love to see Vibium add first-class support for credential injection in the API—it's the missing piece for any security-sensitive automation.
password-app
·قبل 7 أشهر·discuss
This is exactly the right approach for sensitive data + LLMs. We use a similar pattern for password automation:

- Credentials never flow through LLM context - Agent triggers actions via callbacks - Passwords injected at the last mile, invisible to the model

The key insight: you can get all the benefits of AI agents without exposing sensitive data to the model. Client-side execution + careful context isolation makes this possible.

For anyone building AI agents that handle PII/credentials, this WASM approach is worth studying.
password-app
·قبل 7 أشهر·discuss
Formal verification for AI is fascinating, but the real challenge is runtime verification of AI agents.

Example: AI browser agents can be exploited via prompt injection (even Google's new "User Alignment Critic" only catches 90% of attacks).

For password management, we solved this with zero-knowledge architecture - the AI navigates websites but never sees credentials. Credentials stay in local Keychain, AI just clicks buttons.

Formal verification would be amazing for proving these isolation guarantees. Has anyone worked on verifying AI agent sandboxes?
password-app
·قبل 7 أشهر·discuss
Impressive image quality improvements. Meanwhile, AI agents just crossed a milestone: Simular's Agent S hit 72.6% on OSWorld (human-level is 72.36%).

We're seeing AI get better at both creative tasks (images) and operational tasks (clicking through websites).

For anyone building AI agents: the security model is still the hard part. Prompt injection remains unsolved even with dedicated security LLMs.
password-app
·قبل 7 أشهر·discuss
This is why I'm skeptical of any app claiming "super secure" without open-source verification.

The real lesson: assume every service will eventually leak something. Use unique passwords everywhere, enable 2FA, and rotate credentials after breaches.

The tedious part is the rotation. I've seen people skip it because manually changing 50+ passwords is brutal. Automation helps but needs to be done securely (local-only, zero-knowledge).
password-app
·قبل 7 أشهر·discuss
Google discontinuing this is unfortunate timing given the recent breach surge (700Credit, SoundCloud, LinkedIn leak).

Alternatives: haveibeenpwned.com (free), 1Password Watchtower, Bitwarden breach reports.

The harder part isn't knowing about breaches—it's actually rotating passwords afterward. Most people know they should but don't because it's tedious.

Automated rotation tools are emerging but need careful security architecture (local-only, zero-knowledge) to avoid creating new attack vectors.
password-app
·قبل 7 أشهر·discuss
[flagged]
password-app
·قبل 7 أشهر·discuss
This is a great example of why AI automation needs careful oversight. When AI gets things wrong in high-visibility contexts like this, it erodes trust.

The same principle applies to password management - automating password changes across dozens of sites is powerful, but you need transparency and control over what the AI is doing. Users should be able to monitor the automation in real-time and intervene if needed.

Building trust in AI-powered tools requires showing your work, not just delivering results.
password-app
·قبل 7 أشهر·discuss
The concurrency aspect is interesting - we're building password automation and one of the pain points is that most sites have rate limiting / bot detection that gets triggered if you try to parallelize password changes too aggressively.

Sequential execution with realistic timing delays is actually necessary for our use case. But I can see how other agent applications would benefit from true concurrency.

Are you handling session isolation between concurrent agents? That seems like it would be critical for avoiding state pollution.
password-app
·قبل 7 أشهر·discuss
Nice work on the human-in-the-loop approach. We're using a similar pattern for password automation - the AI handles the tedious clicking through password change flows, but the user explicitly selects which accounts to update.

The challenge we've found is balancing automation with user control. Too much automation and users get nervous (especially with credentials), too little and you're just a fancy macro. The "approve then execute" pattern seems to hit the sweet spot.

Curious how you're handling error recovery when the agent gets stuck?
password-app
·قبل 7 أشهر·discuss
Working on The Password App (https://thepassword.app) - an AI-powered macOS desktop app that automatically rotates your passwords across websites.

The problem: most people have 100+ accounts with weak/reused passwords. Changing them manually is tedious, so nobody does it.

The solution: import a CSV from your existing password manager (1Password, LastPass, Bitwarden), select which accounts to update, and the app uses browser automation with Gemini 2.5 Flash to navigate to each site's password change page and update them in parallel. Exports a CSV with the new passwords to import back.

Key technical choices: - browser-use library for AI-driven browser automation (handles dynamic sites better than Selenium) - Local-only architecture: passwords never leave your machine, no cloud sync, everything stays in memory and is cleared after use - Electron + Python: React frontend with a Python agent for browser automation via stdio IPC - OpenRouter for LLM access (Gemini for navigation, Grok for validation)

Security was the most important and the hardest constraint. Passwords can't be logged, can't be sent to the LLM context, and can't persist on disk. Custom fork of browser-use to inject credentials via secure parameters invisible to the AI agent.

Currently at v0.38 with code signing and notarization for macOS. Working on improving success rates - the main challenges are 2FA requirements and anti-bot detection (Cloudflare, reCAPTCHA).

Would love feedback from anyone in the security/password management space.
password-app
·قبل 7 أشهر·discuss
This is a great approach. We took a similar philosophy building password automation - the AI agent never sees actual passwords.

Credentials are injected through a separate secure channel while the agent only sees placeholders like "[PASSWORD]". The AI handles navigation and form detection, but sensitive data flows through an isolated path.

For anyone building AI tools that touch PII: separating the "thinking" layer from the "data" layer is essential. Your LLM should never need to see the actual sensitive values to do its job.
password-app
·قبل 9 أشهر·discuss
all the AI chrome extensions are now unnecessary
password-app
·قبل 9 أشهر·discuss
I’m working on an app which will change your passwords automatically! It will read your current passwords, log in to the website, then update it to a more secure password. Sign up for the waitlist: https://thepassword.app! Once the app is ready, I’ll contact you and see if you’re interested in trying it out.

A little bit of background on why I decided to build this app, I saw that Chrome’s Password Checkup tools shows I have 77 passwords that I need to change for several reasons. Some passwords are compromised and available in some corner of the dark web, or I’ve reused some passwords (I used the same password a lot back in college) or they’re just plain weak passwords. Since there were so many, I focused on the most important sites and started to change the passwords, but I quickly got tired. It was the same repetitive actions - log in, go to the change password screen, have Google suggest a password, make sure it’s stored, then move to the next. I wished there was a way to automate this digital labor of keeping my accounts secure. That’s when I started exploring a solution for this problem - what if there was a way to automatically rotate my passwords to something more secure? Better yet, what if that solution could rotate my passwords every 3 months? Even better, what if I could just delete accounts in websites that I don’t care about anymore, so that removes the need of even having to manage the password?

Some traits of the Password Manager Pro app: (1) It’s a desktop application (macOS only to start) using electron (2) Deploys agents to navigate a local browser in headless mode to update your passwords (3) All of your passwords stay on your laptop - they are never sent to the cloud (4) Passwords are hidden from the AI agents through masking techniques (5) All of the updated passwords are downloaded as a .csv so you can upload them back to your password manager and use them

Again, I’m looking for interested people to join the waitlist:https://thepassword.app. You can also contact me at [email protected] for any questions or comments about it.

If done right, this app can provide instant peace of mind for users who care about security but don’t have the time to properly enforce it.