cross-posted from: https://lemmy.world/post/20572072

Android has had an autofill feature for password managers for years now, but it’s broken and needs to be fixed.

  • SolidGrue
    link
    English
    102 months ago

    I have no specific basis to say so, but I distrust browser-based password managers on the principles of separation of function and mitigating risk. Strong my credentials in a browser just feels hinky, even with a master password. Too obvious of an attack vector. Rather, I use the KeepassDX variant with its MagicKeyboard feature. When I’m presented with a login prompt, I can use the keyboard switcher to launch KeepassDX, unlock my vault, and select the credentials entry. Then I can switch back to the browser (or app) and have MagicKeyboard enter the credentials for me.

    It’s a few more taps than just that, but it’s a straightforward workflow that should mitigate leakage from my usual keyboard, clipboard snooping, and any hypothetical attacks against the in-browser vault workflow.

    Plus, I know where my credentials are stored, can apply 2FA, and even back up the vault file to offline archives.

    It works for me. “Cool story bro,” I guess, is my point.

    • @[email protected]M
      link
      fedilink
      English
      42 months ago

      Yeah, keepassDX works great. The keyboard function makes up for the 10% finicky apps where autofill cannot work for some reason. I have found only one app where copy-paste is blocked. This works for 99.99% of use cases.