Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Why aren't Password Managers better?
4 points by peteretep 3 days ago | hide | past | favorite | 4 comments
I've been using a password manager I'm pretty happy with for years, but it still requires too much manual intervention. I still have to think about usernames and passwords, there's some copying and pasting with poorly-behaved sites, etc.

Is there / why isn't there a solution/API that a website to embed a specific request for authentication that the password manager can pick up, and automatically prompt me?






> Is there / why isn't there a solution/API that a website to embed a specific request for authentication that the password manager can pick up, and automatically prompt me?

If your browser's built-in pw manager/pw manager plugin can't fill the login fields automatically now it's likely because of two things:

(a) the site developers deliberately do something to prevent the fields being filled automatically; or

(b) the site developers have written an abomination of a login form.

In either scenario, it seems highly unlikely that said developers would do whatever work is required to support your hypothetical "login API".

I think in the coming years we'll see more sites/services/software supporting https://en.wikipedia.org/wiki/WebAuthn, but again: if the developers (c|w)ouldn't make a login form that can be auto-filled, I doubt their ability/desire to support WebAuthn.


Have never really had problems with keepassx apart from what you mention:

> copying and pasting with poorly-behaved sites

Do find myself doing this with some sites with different subdomains, there's probably a wildcard setting that I haven't seen. Multiple redirects can also be a problem but that's also handled well.

The only real issue I've ever had is firefox as a snap not being able to use the browser extension due to non-standard file locations. This is entirely a snap problem though.

None of this hassle is caused by password managers though, they behave properly when websites follow basic practices.

I wish mutual TLS authentication took off, even with all the issues of cross-device usage it makes a lot of sense.


I've been using LastPass for at least 1 year now.

Before using LastPass I just had a formula to generate passwords so I always memorized them. Until I forgot where I have an account and where not.

That's basically the main reason why I started using a password manager, to remember if I have an account or not.


I agree with the "copying and pasting with poorly-behaved sites", but that's it. And that is mainly the fault of those poorly-behaved sites and/or applications.

I use Bitwarden in Firefox and Android and I experience very little trouble with it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: