> Password managers are phishing resistant. The browser plugin will not offer to autocomplete passwords on an identical-looking punycode domain.
True … but the reaction to this by the vast majority of users is to go "stupid password manager autofill not working again", and copy and paste their password out of the pw manager and paste it straight into the phishing site…
Well, IME this tends to happen on "let's be super secure and disable or otherwise break the login fields" sites, so I'm not sure these people will bother implementing actually useful security measures.
True … but the reaction to this by the vast majority of users is to go "stupid password manager autofill not working again", and copy and paste their password out of the pw manager and paste it straight into the phishing site…