Autofill doesn't always work for every site. So, now you're having to store in your mind where it works and where it doesn't. By disabling it, it forces you to go the extra step (command-shift-L) every time.
Autofill doesn't always work for every site. So, now you're having to store in your mind where it works and where it doesn't. By disabling it, it forces you to go the extra step (command-shift-L) every time.
Autofill and the hotkey use the same mechanism, and neither is going to work on a phishing site.
You're right. The point is that hotkey makes me think and observe more. Again, I don't have to remember if the site previous worked with autofill, or not.
Sure. Except this is a story about the user manually copying the credential into a phishing site after the password manager didn’t fill it in.
Whether that’s via a hotkey or not seems totally irrelevant.
It doesn't seem irrelevant to me at all. Security these days isn't just one action, it is a multitude of actions and steps and thought processes.
By removing the expectation that my password manager is going to autofill something, I'm now making the conscious decision to always try to fill it myself.
This makes me think more about what I'm doing, and prevents me from making nearly as many mistakes. I don't let my guard down to let the tools do all the work for me. I have to think: ok, I'll autofill things now, realize that it isn't working, and then look more closely at why it wasn't working as I expected.
I won't just blindly copy/paste my credentials into the site because whoops, I think it might have worked previously.