{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihjpyscpjawcg2v55c4cq5rpsxkykgs6ctyom32sxk5i4lstbdxya",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mlohvzxwwqn2"
  },
  "path": "/t/is-it-better-to-use-a-browser-extension-for-a-password-manager-or-install-a-standalone-program/37854#post_3",
  "publishedAt": "2026-05-12T18:01:55.000Z",
  "site": "https://discuss.privacyguides.net",
  "tags": [
    "documented security vulnerabilities",
    "adding an anti-phishing mitigation"
  ],
  "textContent": "I think it’s more of a circular benefit graph than a linear scale of better/worse\n\nA lot of password manager standalone programs are built on electron, for example, which has documented security vulnerabilities. A lot of reasonable threat models may consider that an unacceptable risk, though you could mitigate it by running it in a virtual machine\n\nBy using JS to autofill sites by URL, you are adding an anti-phishing mitigation to your setup, as you won’t unwittingly provide credentials to a fraudulent site\n\n…But this same autofill feature can introduce a supply chain risk, if a bad actor manages to hijack the extension & pushes a malicious update…\n\n…And every browser extension makes your browser fingerprint more identifiable, thus reducing privacy…\n\n… and so on & so forth. There is no ‘better’ or ‘worse’. Dont address this tradeoff in isolation. Begin with a threat model for your situation, compare the pros/cons against each, select the one that better fits",
  "title": "Is it better to use a browser extension for a password manager, or install a standalone program?"
}