When using a password manager, I could use the browser extension, or I could copy, drag or autotype the username and password. I have looked for an answer, but the information I have come across is always pointing out the risks with one or the other but never comparing them.
My concern is having my password(s) stolen. So is it better to use a browser extension (with the risks of extensions) but have some protection from phishing, or is it better to copy/drag/autotype (and smaller attack surface) but not have the phishing protection.
I should point out that so far while I have received multiple phishing attempts, I have always caught it before entering any details. Of course sooner or later I may miss something.