This vulnerability was discovered by security researchers from The Hacker News. The following password managers have affected browser extensions that are based on DOM (Document Object Model):
- 1Password
- Bitwarden
- Dashlane
- Enpass
- iCloud Passwords
- Keeper
- LastPass
- LogMeOnce
- NordPass
- ProtonPass
- RoboForm
I deliberately chose KeePass with no Webbrowser extension and no cloud service that other password managers and password manager services provide to reduce risks.
Webbrowsers are very interconnected tech with non-obvious relations and risks. Having my webbrowser access my password database feels inherently irritating.
Webbrowser’s own password managers with optional sync have the benefit of auto-fill only being offered for the correct domain names. But I’d never store my critical passwords in them.
Having to launch a separate password manager, enter a long master key, and then copy-paste/trigger-auto-type the content from it is cumbersome, but the only way to add a reasonable robust separation.