cross-posted from: https://lemmy.world/post/20572072
Android has had an autofill feature for password managers for years now, but it’s broken and needs to be fixed.
I have no specific basis to say so, but I distrust browser-based password managers on the principles of separation of function and mitigating risk. Strong my credentials in a browser just feels hinky, even with a master password. Too obvious of an attack vector. Rather, I use the KeepassDX variant with its MagicKeyboard feature. When I’m presented with a login prompt, I can use the keyboard switcher to launch KeepassDX, unlock my vault, and select the credentials entry. Then I can switch back to the browser (or app) and have MagicKeyboard enter the credentials for me.
It’s a few more taps than just that, but it’s a straightforward workflow that should mitigate leakage from my usual keyboard, clipboard snooping, and any hypothetical attacks against the in-browser vault workflow.
Plus, I know where my credentials are stored, can apply 2FA, and even back up the vault file to offline archives.
It works for me. “Cool story bro,” I guess, is my point.