I don't understand why so many password managers go through so much trouble to implement auto-fill. This one has an interesting approach that seems to be slightly less intrusive than what, say, Lastpass is doing but I still don't really see the value outweighing the cost.
Yes, auto-fill - if implemented well - can add some convenience for the user but it usually adds a significant amount of complexity to the codebase and comes with some challenges regarding security. In fact, LastPass' autofill feature is/was the root cause of some very scary vulnerabilities[1].
Copy&paste is simple, broadly understood and supported in much the same way on every single platform. And in my experience, it's really not that much slower than auto-fill.
It seems to me that most password managers these days are to tick off a list of features rather than focussing on security and usability. Mind you, Secret 2 is definitely not the best example for this - I actually quite like the clean look and simple user interface. Still, it seems like most people nowadays are judging the value of a password manager by the number of features rather than, say, security.
<shameless-plug>Padlock[2] is a minimalist, open source password manager without auto-fill, browser-integration or any other 'advanced' features. We believe that when it comes to features, less is often more, and it seems there is plenty of people agree with us.</shameless-plug>
Yes, auto-fill - if implemented well - can add some convenience for the user but it usually adds a significant amount of complexity to the codebase and comes with some challenges regarding security. In fact, LastPass' autofill feature is/was the root cause of some very scary vulnerabilities[1].
Copy&paste is simple, broadly understood and supported in much the same way on every single platform. And in my experience, it's really not that much slower than auto-fill.
It seems to me that most password managers these days are to tick off a list of features rather than focussing on security and usability. Mind you, Secret 2 is definitely not the best example for this - I actually quite like the clean look and simple user interface. Still, it seems like most people nowadays are judging the value of a password manager by the number of features rather than, say, security.
<shameless-plug>Padlock[2] is a minimalist, open source password manager without auto-fill, browser-integration or any other 'advanced' features. We believe that when it comes to features, less is often more, and it seems there is plenty of people agree with us.</shameless-plug>
[1]http://www.martinvigo.com/even-the-lastpass-will-be-stolen-d...
[2]https://padlock.io