The challenge is preserving ability for content to control all pixels; without it, the content ecosystem ends up developing single-purpose, generally crappy apps, which isn't necessarily a better thing either...
I'm not sure it is the only solution either - what about "secure attention key" type ways to get the system's attention (in this case the browser's), bypassing any content interception? For example, what if there was a key combo guaranteed to always bring in the browser UI, and typing that key combo was necessary before inputting any password field?
Alternatively, the reliance on browser password management could provide some security if it can be trusted to always work...
Those are some good ideas too - "only solution" was a bit hyperbolic - but I do think our options are limited, especially on mobile.
The Secure Attention Key is interesting, but would need the user to know you press it. And on mobile, it would probably need to be a dedicated button on the device, since I could just fake the on screen keyboard too.
Password manager auto-fill failing would clue a savvy user that something was wrong, but I suspect many would just assume it's a glitch and manually enter their credentials.
I saw an reply in another thread suggesting customizable browser background images for the UI bar, which a website would have no way of replicating. In my opinion that's probably the best approach, although it might mean throwing away the ability for sites to set the background color of the UI to match their theme (arguably losing nothing of value :).
With the use of gesture controls and swipe-up menus and "soft keys", etc, why not put in something like the "pie control" apps on Android, where the OS controls one part and the app controls another?
Consider a semi-configurable universal menu with a well defined access method, where you always can back out of the app, and in the case of browsers also have guaranteed access to switching tabs and accessing options, etc.
This gives me an idea... Even in fullscreen, I believe hovering the mouse near the top of the screen will also bring back some controls into view, but temporarily... So there's already some kind of "peek mode" for the controls... Entering this mode while typing a password in a standard password input field might make sense!
The challenge is preserving ability for content to control all pixels; without it, the content ecosystem ends up developing single-purpose, generally crappy apps, which isn't necessarily a better thing either...
I'm not sure it is the only solution either - what about "secure attention key" type ways to get the system's attention (in this case the browser's), bypassing any content interception? For example, what if there was a key combo guaranteed to always bring in the browser UI, and typing that key combo was necessary before inputting any password field?
Alternatively, the reliance on browser password management could provide some security if it can be trusted to always work...