Actual password managers (eg not my old excel sheet) protect you against url doppelgänger and related phishing attacks, as well as incidentally discourage password reuse. 1Password can even now warn you if you try to paste into the wrong website (https://support.1password.com/browser-autofill-security/)

>Vibecoding a password manager might be the worst idea ever.

I mean I'm just spitballing here, but not convinced this is true.

From a formal security theory perspective certainly, but practically...nobody with half an ounce of skill is going to spend their time breaking one individual's custom solution that almost certainly just contains their hn password. That's if you can even get to it - selfhosted password managers are usually on LAN/behind vpn.

Risk profile wise the thing could be a god damn plain text .txt on a LAN network drive and still outperform a Lastpass.com that by definition has a giant hack-me sign on it's back.

The crypto part barely moves the needles here

[dead]