As password managers become an essential tool for online security, I am curious to know how what is the best way to use them?
Password managers help us generate and store unique, complex passwords for each online account. However, with the rise of password manager usage, new security concerns have emerged. Browser extensions, while convenient, may introduce new attack surfaces, such as clickjacking. On the other hand, desktop apps provide a more secure environment but may lack the seamless integration of autofill and passkey features.
Browser extensions are convenient: autofill, one-click logins, and passkey handling in-browser. But they add a browser-side attack surface (e.g., clickjacking, malicious scripts, or compromised pages abusing extension UI).
Desktop apps (native Windows/macOS apps) reduce that browser attack surface. They often require manual copy‑paste or a separate helper for filling, and passkey integration on Windows can be harder or unavailable. Passkey support is still in beta in Bitwarden for Windows.
I’ve been using a combination of the web extensions and native apps. I have been under the impression such a web extension does not make me more fingerprint-able. If it does I would be happy to switch to native app only. Or web app but I am under the impression native > web for apps I trust and especially ones which are doing encryption.
Please correct me if I’m wrong on any of that folks!
I have been trying to figure out something myself about passkeys. As I understand it Bitwarden implements them such that they are then hidden behind only one credential (your master password). Isn’t this worse than OTP and normal password where it is locked behind two credentials?
Personally I used to use the browser extensions a lot, but one day I forgot to install the extension on whatever browser I was daily driving and didn’t skip a beat.
For someone like me who understands that keeping your password manager is technically better than using an extension, I was happy to find that I didn’t mind the change, but I think for most people it’s not good. Like, many people have already had to do a lot of work just to get on a password manager. That last thing they need to is accept more friction to use it. So that coupled with the fact that using extensions is still safe means that you probably can’t go wrong either way.
Desktop app for me. I got used to switching from browser to password manager when my main device was an android tablet and I don’t really see a reason to change.
I often will drag the browser window to the left and the PW to the right to make copy/paste easier as autofill isn’t always the smoothest experience.
I would say that this kind of extension does make your browser more finger-printable, because it prints contents on the website. For that reason I use only the desktop app. Please correct me if I am wrong.
