If the password manager stores the requesting site with the secret, either manually or through TOFU, then it has an opportunity to provide better phishing protection than manual copying.
This is how Android Password Store [1] works, and it regularly triggers a phishing warning (that I have to override with multiple taps) when I'm trying it out by attempting to autofill a password for one app with the password associated with a different app ID.
Granted, I also use it with my Yubikey, because that's what holds the GPG decryption key.
This is how Android Password Store [1] works, and it regularly triggers a phishing warning (that I have to override with multiple taps) when I'm trying it out by attempting to autofill a password for one app with the password associated with a different app ID.
Granted, I also use it with my Yubikey, because that's what holds the GPG decryption key.
[1]: https://github.com/android-password-store/Android-Password-S...