DEV Community

loading...

Discussion on: Passkb: how to reliably and securely bypass password paste blocking

Collapse
phlash909 profile image
Phil Ashby

This is nice :) It would be nicer if both browsers and password managers had common APIs for integrating such tooling, to avoid the human-in-the-loop problem that phishing sites exploit! We are almost there in multiple ways with webauthn in the browser, environment APIs like ssh-agent / keychain / gnome-keyring to hold credentials but only for SSH... close but no cigar :(

FWIW I use KeePassXC which has an auto-type feature that performs a very similar function to passkb, so personally I don't need an integration like this (KeePassXC also has a browser plug-in for FF and Chrome that takes this human out of the loop for getting phished)

Collapse
ignatk profile image
Ignat Korchagin Author

If browsers recognise the fact that blocking password paste is bad, they could just implement a shortcut, similar to Ctrl+v/Cmd+v, which would type text from clipboard (or even inject it directly into DOM). I would just rather have this functionality in the core browser rather than some extension for the reasons described in the article.