Is it better to use a browser extension for a password manager, or install a standalone program?

I think it’s more of a circular benefit graph than a linear scale of better/worse A lot of password manager standalone programs are built on electron, for example, which has documented security vulnerabilities. A lot of reasonable threat models may consider that an unacceptable risk, though you could mitigate it by running it in a virtual machine By using JS to autofill sites by URL, you are adding an anti-phishing mitigation to your setup, as you won’t unwittingly provide credentials to a fraudulent site …But this same autofill feature can introduce a supply chain risk, if a bad actor manages to hijack the extension & pushes a malicious update… …And every browser extension makes your browser fingerprint more identifiable, thus reducing privacy… … and so on & so forth. There is no ‘better’ or ‘worse’. Dont address this tradeoff in isolation. Begin with a threat model for your situation, compare the pros/cons against each, select the one that better fits