Is this really how password managers extensions work? They inject arbitrary java... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tredre3 8 days ago \| parent \| context \| favorite \| on: Don't use passkeys for encrypting user data Is this really how password managers extensions work? They inject arbitrary javascript in every page you visit? I would have naively thought that there'd be a better and safer API for it, considering that all browsers already have the infrastructure in place to handle login autocomplete.

		help

varjolintu 7 days ago [–]

Yes. This is mandatory for all browser extensions. There's no API behind a separate permission, even if would be the best way to handle this.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact