I think the fact that password managers can spot incorrect urls better than users is useful. However I've become numbed to this warning flag by those services that seem to have endless different urls that are all legitimate. (Microsoft being a particular offender here).

I can imaging some variant of outlook.microsoft.developer.really.yes.com catching me unawares one day.

Microsoft does seem to know how to do this correctly when they have to, as they offer WebAuthn and there is deliberately no way to tell WebAuthn "I know this is outlook.com but I need live.com credentials". So they will bounce you through the right name to make it work. But you're correct that for phishing this habit of making up new DNS names is a problem, ie it convinces the lay person they have no idea and should just fill in their password wherever it's requested.