hlgitx
(Harold G)
February 7, 2024, 10:32pm
1
I know Bitwarden will autofill, however is there a way to make it login to each website automatically once it has autofilled? On some websites this will happen, but most will not. Thanks for any help.
grb
February 7, 2024, 11:33pm
2
This feature is not available in Bitwarden. You can cast a vote in support of such a feature in the following Feature Request thread:
Add an option to automatically submit login forms when an autofill action is performed. We might want an option to do this globally and/or on specific items. If we have a global option we would then also need an option to override it and disable it for specific logins too since the behavior may not be always desirable in certain situations.
Which websites? This is possibly related to the bug that has been reported here:
opened 11:25PM - 24 Jan 24 UTC
bug
browser
### Steps To Reproduce
1. Navigate to a login form that has separate screens … for username and password entry (for example, https://vault.bitwarden.com/#/login)
2. Ensure that the vault contains a matching login item (with username and password defined).
3. Ensure that the browser extension has the "Auto-fill on page load" _disabled_.
4. Press <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>L</kbd> to auto-fill the username.
5. Press<kbd>Enter</kbd> to submit the username and continue to the next screen for password entry.
### Expected Result
Although this aspect is not the focus of the bug report, the user should ideally\* have to enter their password in the password field, or auto-fill it by again pressing <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>L</kbd>.
Regardless of whether the password field is already populated or not when the user reaches the password screen, the main expectation that is violated by the new behavior is that the user should be required to press the <kbd>Enter</kbd> key, or to click the <kbd>Login with master password</kbd> button to proceed with authentication.
### Actual Result
The user is briefly presented with the password entry form, in which the password value has already been auto-filled.
The major issue is that with no user interaction, the password entry form is automatically submitted after about a second or a fraction of a second. If there is no two-step login requirement for the account, then the authentication is complete and the account opened.
### Screenshots or Videos
_No response_
### Additional Context
Although automatic submission of login forms is a popular [feature request](https://community.bitwarden.com/t/automatically-submit-login-form-on-auto-fill/24), until now, [Bitwarden's position](https://community.bitwarden.com/t/automatically-submit-login-form-on-auto-fill/24/57) has been (IMO rightly) that auto-submission would create security risks. Be that as it may, a user who has disabled "auto-fill on page load" should _never_ experience automatic submission of login forms.
In addition to creating a security risk, auto-submitting the login form deprives the user of the ability to augment their password with a manually typed [password "pepper"](https://passwordbits.com/salting-passwords/) before submitting the login form.
--------------
\*Ideally, auto-fill should prevent filling of form fields that are not visible (to prevent credentials theft by hidden forms injected by third-party scripts). Thus, in the ideal scenario, the user should have to press <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>L</kbd>, then <kbd>Enter</kbd> to submit the username, followed by <kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>L</kbd> and <kbd>Enter</kbd> to submit the password.
### Operating System
Windows
### Operating System Version
Windows 11 version 23H2 (Build 22631.3007)
### Web Browser
Chrome
### Browser Version
_No response_
### Build Version
24.1.1
### Issue Tracking Info
- [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.