[addon] autofilling is delayed+unreliable

Autofilling in latest (2023 10.2) Firefox addon is delayed by 1.5s after page is already loaded. Seeing the typing animation is enough delay/visual confirmation.

Also if I open the page in background tab, wait for it to load then switch over to that tap then the autofilling does nothing!

I’ve moved your post to the Ask the Community section of the forum, since it contains two unrelated comments, and no clear proposal for a new feature.

Auto-fill on page load does require the browser tab to be in focus, so this is known/expected behavior. Here is another thread on that topic:

 

However, the delay in the automatic auto-fill is not something I can test on my end (because I do not enable auto-fill on page load, for security reasons), so maybe other users will be able to confirm whether or not this behavior is reproducible.

Anyone else for the slow autofilling?

// Why do you think autofill is bad security, if it checks for correct domain?

I didn’t say “autofill” was bad for security, only automatic autofill (i.e., “autofill on page load”).

First, if you have set up URI matching to only check for the “correct domain”, then Bitwarden will attempt to autofill your password on every page that you visit within that domain. Even legitimate domains host third-part scripts on many of their web pages, to provide advertising or tracking services. It is easy for such scripts to inject invisible form fields into the web pages, which could trick Bitwarden into autofilling your credentials and allow the password and email to be harvested by the these third-party services. For this reason, I don’t want Bitwarden to autofill unless I’m actually on the login form for the website in question.

Also, legitimate websites can get compromised, so I prefer to have the opportunity to inspect the login form before autofilling my login credentials. Because a script can harvest your credentials as soon as they are autofilled (even before submitting the form), I prefer to only autofill on demand — e.g., using the Ctrl+Shift+L keyboard shortcut.

Good thinking!
There is a middle ground, autofill on exact path match, like test.com/login
this will even prevent autofill on demand on invalid page (mistyped shortcut e.g. )