A question related to Auto-fill logins using the browser extension

This post might eventually be added to request new feature category, however being a newbie in this community, I would prefer if someone tells me that a solution for my problem already exists.


A quote from the online docs:

The Bitwarden icon in the toolbar of your browser will show the number of logins in your vault that match the current website you are viewing. Selecting the Bitwarden icon will open the Bitwarden popup window, defaulting to the “Current Tab” page. The “Current Tab” page shows a listing of these matching logins.

While this greatly simplifies the login to a website - it presumes that you know the web site’s URL (set in the Current Tab browser page).

My observation is that most people do not remember the URL of the page they want to login to. Instead, they to use the site name (the example below illustrates such a situation, searching for the login name attribute).

image

This is however not the solution I am looking for, because of the semantic of the launch button - click on this button will launch the new instance of the browser with the correct URL, but it would not prefill the username and password.

I agree it is inconvenient to not have the autofill, but you could simply update the URL if it’s incorrect and you shouldn’t have to do it for that site again.

Generally, when adding sites to your fault, adding any part of the URL, even just the root domain, would be enough to get it in the right direction. Subdomains and paths of the URL aren’t really required, but are mostly helpful in limiting that login to websites that have multiple subdomains with different logins. Zendesk is a good example of this. They have a subdomain for each provider who uses it, but the accounts don’t float across the subdomains. So my accounts are tied to the host match pattern so I only see that subdomains login when I’m on it, and not all of the Zendesk logins and have to weed through them to get the correct one.

Thanks for your explanation @Dubz. I believe that you did not address my issue - to “enhance” the search for the Login item, so that the query could be either the URL or the name of that item. Using the name seems more “natural” than URL as there are too many sites that had to twist their URLs to a pretzel in order to be able to avoid the collision with some existing URL.

Did I miss your suggestion, somehow?

I believe you did. If a login item URL matching setup is not matching the site you are on, it will not autofill. This is a very good thing to have, because otherwise you may accidentally misclick or find suspicious phishing pages where it auto filling would capture your credentials and send them off, even if you don’t click a submit button.

For your situation it just seems that you need to copy the domain of the page you are on and put that in the login’s URL field.It should automatically show then and allow for autofill. The name of the login does not need to match. That’s just your way of labeling it, outside of the username. (Ex. one could be “Personal” and another “Business Name”).

It seems that we both failed to understand each other, @Dubz :smile: . I am talking about the process of using Bitwarden by someone why may even know about URL and its matching rules - so I am advocating for the search by item name, in addition / instead by the URL. I depicted a good example: people have a lot easier time by searching for UofM portal than myuofmhealth.org.

Does this make sense to you?

This sounds more like an issue that should be resolved by the user and not make as an exception. There’s a few reasons this is a bad idea, and the main one is phishing attacks like I mentioned before. I could get fakebook.net (example, I don’t know/care if it’s actually available) and trick someone to sign in with their Facebook credentials. If they went by search terms to auto fill, they’d never catch it. Mind you the domain is the only thing that is unique online to the public web.

Also, this could lead to more confusion in the event that someone crosses logins and now no longer knows which one is the right one. They may find the correct one and delete the others if they don’t feel they need it.

Like I said, it’s more of a training issue at this point. If they add logins while on the website, the URI should be populated for them, and they just need the login identifier and password.

Hello, @Dubz, while I enjoy this discussion, I also realized that I failed to properly define the context for it. My own experience with Biwarden includes the period where I spent most of my time in Open Source development where we used Bitwarden as a shared password manager (the current Organization model).

Now, I am sketching the Family model where I plan to use Bitwarden in a mixed mode - where most of the data is used by me (for my business), and some of the data for my family members. In this context, I want to act as an administrator, creating the collection of secure notes and logins for my spouse, who does not really care to know the difference between the value of an URL or an item name.

In using my own collection of Login items, I am fine with using URL as the key. However, when in my spouse’s shoes, I would prefer to search the Login item using Login item’s name (my bank instead of key.com).

The point is: using item name as the search key in the context of the “secure environment” created by Family “administrator”, seems safe enough. In addition, Bitwarden does not support “autologin” - the user always has to click on the login button, after seeing the matched URL

I’m not sure what I’m missing then. If you add the site with the proper URI and settings, it should show when you’re on the website under the dropdown, and they shouldn’t need to search at all for it.

If you’re trying to get autofill to fill automatically, so all they’d have to do is click the login button, this is an experimental feature that can be enabled in the extension settings.

Apart from that, I’m still not quite sure what you’re trying to accomplish here.

I am disappointed at my own inability to explain this use case scenario. Perhaps I am using too many words, trying to ensure that my explanation is clear - and am getting the inverse effect. So, I will use the real example as the illustration:

  1. Created a login item with the name anna's house and URL https://annashouseus.com/ (note that the name is set to the actual service name, while the URL is what it was available to this entity to register with the domain vendor)
  2. Now, a month after, I want to access this website, knowing that I do not remember the URLs so I am searching through BW login items using the real web site name as the key.
  3. When selecting this login item, I would like BW to fill in the fields (in the browser) needed to login to that site - URL, userID and password, with the caveat that I would have to click on the browser displayed Login button in order to get authenticated.

The difference between this use case scenario and all others discussed in BW’s online help is that I do not require that the browser is already “pointed” to the site I want to visit.

How am I doing now, trying to explain this? I am puzzled why is that everyone but me is happy with the BW having to be initially “on the site” that is the target of the authentication.

So it seems to me like you’re also trying to utilize it as a bookmark system in that way. I can’t say it’s a bad thing, I have done the same thing before. I don’t like a cluttered bookmark bar, and half the time don’t even use one. I do very rarely need to go back to an old site that I can only find either in my vault or email. It also helps in a sense that occasionally going through my vault to clear out any junk, I’ll find logins for sites I don’t use/need anymore, and may potentially attempt to log into it and delete the account.

Anyways, back to the initial situation. It seems you want to have a way to click a login item and automatically be both taken to that site, and be logged into that account. This could be convenient, but unfortunately would require a lot of work, as many websites are different in the way they handle logins. Some may even use a captcha system, in which case any form of automated login like that wouldn’t be possible.

The best suggestion for your case that I can offer is to enable the autofill option. According to Bitwarden, this experimental feature fills in the fields with the last used item, so all you’d need to do is click login. I’m not sure if using the login item to launch the page would mark that as the item to fill with, but if not then perhaps this could be pushed to be done for it.

I do know most sites don’t have a captcha on them, but they may also have email and password fields shown separately (like how Google does). I could also opt for an auto-login feature, which would auto fill and simulate clicking on the submit button. This should be optional and toggleable per login item, though.

There’s a lot of ways things can be tweaked as well (ex. auto login an item, but only if it’s the only item you have available for that page), but I don’t want to stretch this out too far.

One of the best bookmark managers is Toby - and it does not handle authentication, so calling “my feature” a bookmark is incorrect. Note also, also implementing my feature would not require a lot of work as all needed elements are already present - including the Launch button (see below):

image

The semantics of the Launch button would have to be changed, so this is the only additional work needed.

I do very rarely need to go back to an old site that …

I am just the opposite - I visit many sites each month (buying staff and using online banking).

In summary, I proposed this idea with the desire to solicit some statements that would indicate how this would not be a good addition to BW; thank you for this discussion @Dubz :smile: