Your first point doesn't really seem valid when comparing manual to automatic autofill. When I manually autofill, my password manager will show a suggested list of matching passwords. off1ce.com would not suggest my Office password, so I would still be alerted to a phishing site.
dbriles|4 years ago
edit: I think I understand. My first point doesn't show that automatic autofill is better than manual, because both methods will raise red flags. I.e. this isn't a reason to choose automatic over manual autofill. I think this is a fair point.
I do think that both autofill methods have an advantage over simple copy/paste, especially given the XSS discussion in other threads here.