Hearing a lot of concerns about changing UI. I get it. You like how URLs are now. But we're in a sad state for security: hard to enter correctly, people don't check when they should, and easy to make convincing spoofs. We shouldn't accept the status quo just bc change feels hard.https://twitter.com/__apf__/status/1037057121961967616 …
Don't make the user try to figure out if it's the site they think it is or the one you think is legitimate. Tell them they've never been there before, block pw entry behind big red warning.