Auto-fill should not fill in new password fields

app:all

#1

I stumbled across this reported issue: https://github.com/bitwarden/browser/issues/842

Original description for reference:

Auto-fill fills in password fields marked as ‘new-password’ with an existing account’s password (eg, <input type="password" autocomplete="new-password"> ).

It should either not touch it, or (offer to) generate a new password that conforms to the field’s requirements ([ maxlength ], [ minlength ] and [ pattern ]). If there are multiple new-password fields on a page, it should be an option to fill in the same new password for each (eg, a second new-password field to ensure it was “typed” correctly).

I couldn’t find an issue for this, but it was also mentioned in a comment on a feature request for disabling auto-fill on certain pages.

I’m creating a corresponding feature request since it was unclear if this falls under an issue or feature request.

I regularly run into this unexpected behavior when changing passwords on sites and I hope it can be addressed. The exact flow that I’m referencing:

-I click “Change Password, etc.” on a website and I am then presented with 1 current password field and 2 new password fields.
-If I use the CTRL+SHIFT+L shortcut or I click on the credentials from the browser extension my current stored password for the site is inserted into all 3 fields.
-I then manually delete the entered password within the 2 New Password fields and right click on one of the fields to use the “Generate Password (Copied)” functionality to insert a new password

As the original poster mentioned in the issue I wholeheartedly agree with this: “It should either not touch it, or (offer to) generate a new password that conforms to the field’s requirements”

As a previous Dashlane user they handled this scenario well where they would only insert the current password into the first field and then there would be a “Generate new password” popup that you could click and it would automatically insert a newly generated password into the two New Password fields.

Overall Bitwarden is very solid but this is one common use case that I use regularly that is more cumbersome than it should be in my opinion!