People who don't use something which integrates with the browser. People who run into the (uncommon but noticeable) edge cases where the password manager decides to not auto fill the password.
When it doesn’t work I get. I run into that from time to time.
But I don’t think normal users want ones that don’t sync or integrate with the browser. I believe you can turn both off for Safari but that defeats the whole purpose in my mind.
I do! And way more than I would like, because for some reason it's "modern" to have a login flow that first requests your email, and then you have to click next for it to request your password...
Not even gonna go into detail about all the other cases like websites that have such bad field identification that the password manager has no clue where to put the username/email or 99% of sites that don't have autocomplete="one-time-code" on the 2FA field so now you have to copy paste the 2fa.
Plus all the android buggyness where the auto-complete from the password manager just doesn't show up at all so you have to switch apps and copy/paste the credentials manually... when it works (and doesn't clear the fields as you swap between apps... I swear built-in chrome windows is a mistake).
> And way more than I would like, because for some reason it's "modern" to have a login flow that first requests your email, and then you have to click next for it to request your password...
There's a reason for that, and it's not because of 'trendy', it's because the backend will examine the email address and decide which password authentication mechanism the user chose: FB/Google/etc, or authenticator app, or plain old password, or some third-party SSO provider, etc.
Keepassxc's desktop browser extension allows you to specify the username and password boxes. Even if they are on separate pages. It's really a painless 15 second process.
I have to do it on my bank's website every few months.
I suppose the reason is because the Bitwarden option is cross platform and I don't want to sync two password managers.
However when using Bitwarden the recent guidance is to turn off autofill[1] but even with it enabled it sometimes breaks hence my “seldom” caveat.
I am heavily biased to prefer passkeys but as with magiclinks before them saw the rollout was badly botched. Specifically with regards to supporting multiple keys and revocation[2][3]. The standard supports correct implementation but don't require it; meaning most current rollouts are half baked and will remain that way.
Ctrl-C and Ctrl-V work consistently on Windows + Linux. For Android, almost same experience with KeePassDroid that shows notifications to Ctrl-C the user and the password.
I’d prefer my passwords, foundational identity documents, and other sensitive information are as separate as possible from the place where I execute untrusted remote code a bazillion times a day. Making it programmatically available is the opposite of separate.
Me, every time another site annoyingly breaks autofill, sometimes even intentionally ("Password managers not allowed! Make sure to memorize your password, but still use at least 5 special characters and include at least 3 titles of ABBA songs!!").
Here’s my workflow, and I consider it superior to both of the above.
Go to site, Safari offers to autofill, give TouchID/FaceID, get asked for a 2 factor code.
Sent via SMS/email? Safari offers to autofill for me. TOTP style? Safari offers to autofill for me.
Easy peasy.
Passkeys are even easier as there is no second step and waiting for SMS/email.