Ask HN: Why aren't Password Managers better?
4 comments
> Is there / why isn't there a solution/API that a website to embed a specific request for authentication that the password manager can pick up, and automatically prompt me?
If your browser's built-in pw manager/pw manager plugin can't fill the login fields automatically now it's likely because of two things:
(a) the site developers deliberately do something to prevent the fields being filled automatically; or
(b) the site developers have written an abomination of a login form.
In either scenario, it seems highly unlikely that said developers would do whatever work is required to support your hypothetical "login API".
I think in the coming years we'll see more sites/services/software supporting https://en.wikipedia.org/wiki/WebAuthn, but again: if the developers (c|w)ouldn't make a login form that can be auto-filled, I doubt their ability/desire to support WebAuthn.
If your browser's built-in pw manager/pw manager plugin can't fill the login fields automatically now it's likely because of two things:
(a) the site developers deliberately do something to prevent the fields being filled automatically; or
(b) the site developers have written an abomination of a login form.
In either scenario, it seems highly unlikely that said developers would do whatever work is required to support your hypothetical "login API".
I think in the coming years we'll see more sites/services/software supporting https://en.wikipedia.org/wiki/WebAuthn, but again: if the developers (c|w)ouldn't make a login form that can be auto-filled, I doubt their ability/desire to support WebAuthn.
Have never really had problems with keepassx apart from what you mention:
> copying and pasting with poorly-behaved sites
Do find myself doing this with some sites with different subdomains, there's probably a wildcard setting that I haven't seen. Multiple redirects can also be a problem but that's also handled well.
The only real issue I've ever had is firefox as a snap not being able to use the browser extension due to non-standard file locations. This is entirely a snap problem though.
None of this hassle is caused by password managers though, they behave properly when websites follow basic practices.
I wish mutual TLS authentication took off, even with all the issues of cross-device usage it makes a lot of sense.
> copying and pasting with poorly-behaved sites
Do find myself doing this with some sites with different subdomains, there's probably a wildcard setting that I haven't seen. Multiple redirects can also be a problem but that's also handled well.
The only real issue I've ever had is firefox as a snap not being able to use the browser extension due to non-standard file locations. This is entirely a snap problem though.
None of this hassle is caused by password managers though, they behave properly when websites follow basic practices.
I wish mutual TLS authentication took off, even with all the issues of cross-device usage it makes a lot of sense.
I've been using LastPass for at least 1 year now.
Before using LastPass I just had a formula to generate passwords so I always memorized them. Until I forgot where I have an account and where not.
That's basically the main reason why I started using a password manager, to remember if I have an account or not.
Before using LastPass I just had a formula to generate passwords so I always memorized them. Until I forgot where I have an account and where not.
That's basically the main reason why I started using a password manager, to remember if I have an account or not.
I agree with the "copying and pasting with poorly-behaved sites", but that's it. And that is mainly the fault of those poorly-behaved sites and/or applications.
I use Bitwarden in Firefox and Android and I experience very little trouble with it.
I use Bitwarden in Firefox and Android and I experience very little trouble with it.
Is there / why isn't there a solution/API that a website to embed a specific request for authentication that the password manager can pick up, and automatically prompt me?