Best free password manager

[SpookDroid]

The reliance on DNS for most (all?) password managers seems to me like almost something that could be exploited. However, that's a different topic, and I'm sure I'm just not understanding it properly.

All password managers rely on the address or they wouldn't know which credentials to use, and yes, while those can be spoofed, browsers also notify you if a site connection is secure or not (minimizing the possibility of a spoofed address).

That being said, the autofill option can be disabled or made so that the credentials aren't automatically populated until you activate a key command or click on the autofill suggestion option.

That's also why I love Bitwarden's password generator and history; you can just create a new password for all your accounts regularly and not have to remember any of the complicated, randomly-generated keys.

 

[spARTacus]

I think DHCP normally tells devices what DNS to use, and therefore not out of the possible for a craftly arranged DNS as part of a suspect Wi-Fi hotspot to direct traffic to substitute crafty https webservers that are specifically designed to look and feel realistic. I'd guess that most people wouldn't stop and would proceed to pick credentials (assuming auto fill not enabled) from their password manager if things "appeared" to be half realistic, even if the browser was complaining about potential certificate miss-matches or an irregular certificate issuing authority. Then again, it can't really be as simple as that can it? Surely all the password managers (and Bit Warden) provide a bit more mechanics don't they?