all they need to do is get you to install a sketchy browser extension and then anytime you generate a password on ddg they’ve captured it. No man in the middle necessary. Unlike generating a pw with your pw manager, then inserting it with your pw manager or just typing it into the field (which shouldn’t be accessible to extensions on any appropriately coded site).
![TIL that if you search "Password generator, [x] characters, [y] strength" at DuckDuckGo, it will generate a password for you.](https://lemmy.world/pictrs/image/31a5b1e1-4330-4a27-aa88-cc47a25acb05.jpeg){kind=link}
all they need to do is get you to install a sketchy browser extension and then anytime you generate a password on ddg they’ve captured it. No man in the middle necessary. Unlike generating a pw with your pw manager, then inserting it with your pw manager or just typing it into the field (which shouldn’t be accessible to extensions on any appropriately coded site).