Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
Something to keep in mind about not using browser integrations is that you can fall victim to simple keyloggers and clipboard stealers. But using an extension can also be a weakpoint if it autopopulates incorrectly or on a compromised site; but that’s far less common.
But, dear readers, don’t let that dissuade you: even a text file in a veracrypt volume is better than “PurpleElephant1994”
In theory auto-population is way more likely to save you from getting scammed because it won’t do it for a fake site, as the URL doesn’t match. In practice though most people are just going to be annoyed it didn’t work and do it manually anyway before they realize why it didn’t work.
I would dare say PurpleElephant1994 is already much better than most passwords people have been willingly tell me.
I recently found out a family member’s passwords are things like “1100011”, “1111000” and similar variations. It’s like they’re already using binary to give a helping boost to brute-forcing bots.
Autopopulate is probably less likely to mistake I and l or O and 0 in a fake url though.
One second, let me just