I stumbled across this reported issue: Auto-fill should not fill in password fields marked as `new-password` · Issue #842 · bitwarden/clients · GitHub
Original description for reference:
Auto-fill fills in password fields marked as ‘new-password’ with an existing account’s password (eg,
<input type="password" autocomplete="new-password">
).It should either not touch it, or (offer to) generate a new password that conforms to the field’s requirements ([
maxlength
], [minlength
] and [pattern
]). If there are multiplenew-password
fields on a page, it should be an option to fill in the same new password for each (eg, a secondnew-password
field to ensure it was “typed” correctly).I couldn’t find an issue for this, but it was also mentioned in a comment on a feature request for disabling auto-fill on certain pages.
I’m creating a corresponding feature request since it was unclear if this falls under an issue or feature request.
I regularly run into this unexpected behavior when changing passwords on sites and I hope it can be addressed. The exact flow that I’m referencing:
-I click “Change Password, etc.” on a website and I am then presented with 1 current password field and 2 new password fields.
-If I use the CTRL+SHIFT+L shortcut or I click on the credentials from the browser extension my current stored password for the site is inserted into all 3 fields.
-I then manually delete the entered password within the 2 New Password fields and right click on one of the fields to use the “Generate Password (Copied)” functionality to insert a new password
As the original poster mentioned in the issue I wholeheartedly agree with this: “It should either not touch it, or (offer to) generate a new password that conforms to the field’s requirements”
As a previous Dashlane user they handled this scenario well where they would only insert the current password into the first field and then there would be a “Generate new password” popup that you could click and it would automatically insert a newly generated password into the two New Password fields.
Overall Bitwarden is very solid but this is one common use case that I use regularly that is more cumbersome than it should be in my opinion!