especially when the point of a password manager is to stick a plaintext string into a webpage, which then transmits the plain text to a remote server. passwords are just not a very good solution to keeping secrets.
especially when the point of a password manager is to stick a plaintext string into a webpage, which then transmits the plain text to a remote server. passwords are just not a very good solution to keeping secrets.
Never enter your password into a website that doesn't use https.
*over any untrustworthy network.
To fair though, there are very few situations where the network is completely trustworthy, like your home network with no one else on it or a VPN direct to an HTTP server.
My understanding was that if you have a valid https session, you are good.
A really really untrustworthy network could MITM your SSL connections and impose itself in front of all of them (Cisco IronPort?) but I think even then your browser will complain unless you've installed a proxy that allows it or a custom root certificate.