Auto-save generated passwords

Are there any updates for this after 3 months since this request? When I register for page such as Ebay, Bitwarden did not offer to save the new login entry. I have to add it myself manually. Any suggestions?

Some sites(banking sites) doesn’t allow right click /control +v. So using bitwarden, there’s no possibility to change the generated password. So the auto-fill generated password in the highlighted box is a much needed feature.

This is an amazing feature, especially when coupled with emptying the ‚clipboard‘. I actually didn’t know about it and has to trigger a reset letter from my bank after I had pasted a password and forgot that it wouldn’t remain available long to paste it somewhere else too. It was me being stupid and having to generate multiple passwords since I couldn’t customize the characters in the generator to match the ones allowed by my bank, but had I known, I would’ve been able to retrieve the last generated password.
Maybe it would make sense to make this option a little more prominent, since it’s the only one hidden behind those 3 dots and might as well put it somewhere else or change that icon to something that looks like a log/history.

How is anyone able to use Bitwarden without this basic essential feature? Have any Bitwarden users ever actually tried using LastPass? I want to love Bitwarden, but the experience of signing up for a website makes it hard to love.

Yeah it’s a bit sad seeing no activity from admins on this thread, this feature is a must. I thought there is only one thing keeping me from using bitwarden but there are definitely many more things…
Please add this!

I thnk the generator feature is brilliant. Much better than in last pass.
However I think it would be useful if you could have a button to use the generated password to create a new vault entry.

(Scenario - I’m browsing a new web site, it asks me to create an account Inc password, so I start the process, hop to Bitwarden for a secure new password, copy it, go back to the site to finish setting up.
Now I have to return to Bitwarden create a new entry and paste the generated password and URI into the new vault entry.
A button to create a new entry containing at least the new password would be useful.

Yes.

If anything goes wrong while creating the login then that leaves one in a difficult situation. Lastpass is computer software and therefore it will go wrong from time to tiime. The approach in Bitwarden guards against that possibility. It is up to people to decide which approach suits them best.

It took me a few days to get used to the way Bitwarden works, but I appreciate it as it is a better approach than the “don’t worry your pretty little head about it” approach of some other password managers.

Having recently moved from Lastpass to Bitwarden, I’ve been astonished to find that it never autosaves, or offers to autosave, a new item when I create an account on a new site. It doesn’t seem to just be some particular sites, as it didn’t happen even when I created an account here, at community.bitwarden.com.

This means that users have to remember to manually create a new item, whilst they still have the details available, and then they run into the problem discussed here, where the browser extension loses the information if you switch away to copy and paste the details without saving first. Persist Bitwarden UI and maintain entered data [Previously- Unsaved changes are lost when move to another item] - #38 by doveman

So fixing these two problems is urgent, IMO, as they create a significant risk of users losing their login details, which is clearly not a good thing to happen with a password manager.

EDIT: I’m using Opera browser on Windows 10.

I came here looking for answers to this issue. After reading this thread, I’m still confused.

A longtime Lastpass user, I’m new to Bitwarden. I’ve been very impressed, but disappointed with my interpretation of what has been discussed here, which, at least for me, could be a game changer.

I’m a residential user. I have the clipboard option set to “never”, Every one of the “disable” options are unchecked. The only thing I have selected is "enable autofill on page load.

All things being equal, I would prefer to use Bitwarden, but I now find that I don’t know if the compromise of not being prompted to add credentials for a site, whether the credentials are new, or added to the login fields manually, or copied to those fields by some other source, is worth the inconvenience.

Can someone please explain to me what I assume is the security issue compelling this decision? and why Lastpass has no problem with it? Or am I not correctly understanding this threads information?

Hi @bituser - welcome!

Sometimes autosaving can be a bit hit and miss with some non-standard user registration forms, but for me the autosave works the majority of the time. Bitwarden is very new software, compared to the big competitors out there, so they are still playing catch-up, I think, to make sure autosave works on every site out there.

What a lot of long-time Bitwarden users do is avoid autosaving altogether. What works best for me when I visit a new website is:

1. Press the + button to add a new entry in Bitwarden BEFORE you fill in the registration for a login and new password.

2. Enter the login you would like to use (e.g., your email address).

3. Generate a random password with the generator function for the login item.

4. Set the folder you want to use, and add any notes you need, etc. and then save the entry in Bitwarden.

5. Now just click the newly saved entry to autofill your new username and password in the registration form and you are done.

I know this is a very different process to what one might do in Lastpass, but it is very efficient and quick if you are open to a new method. These steps also work well for updating passwords. Hope it works for you.

Hi David H,

Thanks for responding. So it’s not a security issue, but simply accepting that sometimes you’ll have to go the manual method, given the individual site conditions.

According to my description, do I have the correct settings for the autosave prompt?

I am not sure what I described is the “manual method” as you end up typing in the same info either way - the way I suggest changes the order a bit to make it more efficient.

Regarding your settings, there is no right or wrong - it all depends on how much risk you are willing to accept for the added convenience. For me, I am pretty similar to your settings, except that I do clear the clipboard after 1 minute.

re; the settings, I just wanted know if I had the optimal settings combination of enaled/disabled in order for me to expect the best chance of getting the autosave prompt.

I just installed Bitwarden on my phone. Coordinating the two has given me a better sense of how things work.

Hopefully in the future, as you said, they will make the requested accommodations.

+1 I really feel this pain… I suggested this to the devs years ago and they didn’t seem to grasp my point of view.

It’s bad enough that the extension regularly fails to notice when I’ve just registered on a site and offer to save it.

But how often does anyone actually click “generate a password” without any intent on ever needing or using that password in the future…

And probably biggest annoyance comes when you eventually do need to retrieve a generated password from the generated password history, it auto generates a new pass and sticks it in the history every time you open it… so imagine you you have some guess that it’s probably the 6-8th one in the list, you try 6th nope, try 7th which is now the 8th nope… try 8th which is now the 10th one in the list.

I know bitwarden’s main goal has been about increased security and easier password sharing with people/teams but that’s a lot of brain juice being spent to try to solve the an issue that never should have existed had the extension actually saved it or offered to save it when I hit the register button.

The least they can do is make it easier for us to remedy the extensions fault by recording the website that passwords were generated on…

I’ve yet to hear any argument or reason against this or why it would be a bad thing…

edit: sorry didn’t mean to reply on you theotherp

Yes completely agree, if you’re not going to do auto-save, at least add the URL to the generator history page.

There could be an on/off toggle for the function, but including the URL makes it so much easier if an entry isn’t saved properly.

Thank you!

I strongly agree with this. The password should only be saved to the history if and when a user either clicks Select or Copy Password, not every time that the generator page is visited or refreshed!

Thanks for the tip.
How many days of history are kept?

This feels too close to this discussion to be a separate enhancement request, but I as a user I really want reassurance that my nice secure random password isn’t going to get “lost” in the time between when submit it on a web page and when it’s saved (and synced) in my password manager.

I had imagined implementing this as a kind of persistent record where a newly-generated password is saved any time it’s “released” into potential use, and from which the password is deleted only after that password is saved in a “normal” password record, or with explicit user confirmation (or following some other user-selected policy). Conceptually, it’s a little like a write-ahead log.

So, a password might be saved to the log when it’s (e.g.)

1. Copied to clipboard
2. Filled into web page field
3. Displayed in cleartext to the user (probably?)

Saving a new item (with a password field) or editing an existing pass item’s password field would trigger a check of the log, and the matching password would be deleted after the main database write has completed. (This is 99.9% here to protect against the case where there’s no attempt to save it at all, but might as well also cover the 0.1% where the save fails).

If a password in the log isn’t saved to a real record:

1. It should be retained until there’s a clear OK from the user to delete it, and
2. There should be some UI method of informing the user (within a timeframe and context that gives them some chance of knowing what’s going on) that a password was generated and (potentially) used but not saved, and giving them tools to either save it or confirm that it should be deleted.

I would add that storing a large or infinite history of generated passwords doesn’t fully provide this: Especially when many systems penalize wrong guesses, getting a list of 500 semi-recently-generated passwords and knowing that somewhere amongst them is the correct one is only barely better than it just being gone. I think relatively-timely interaction with the user, while they still know what the generated password was for and whether or not they actually used it, is important, and retaining some context information (what client was being used? For a browser extension, what was the URL? Was the user creating or editing a record, and if so which one?) might be as well.

In most cases, feature requests tend to take quite a while to get implemented, even after they have made it onto the Roadmap (which the present feature request has not, nearly five years after the original suggestion was posted). Thus, for anybody who is still having issues with “lost” passwords, I would strongly recommend that you adopt/adapt the approach that had been suggested by David H above, since this method will guarantee that you never lose another password. I personally use the following variation of the method described previously:

0. Disable Ask to add login.

1. When you’re on a website’s account registration screen, before typing anything into the web form, open the Bitwarden browser extension — all of the steps below (except the last one) are performed in the browser extension.

2. Click Add a login or , which opens the vault item creation form and prefills the correct URL.

3. Enter the desired username in the username field, and click the generate button () in the password field, which takes you to the password generator.

4. Click the “Select” button (top right) in the password generator, which transfers the generated password to the login item.

5. Click the “Save” button (top right) to save the newly created login item — because the password is now saved in the vault, it is impossible to lose it.

6. Scroll down and click the Auto-fill button, which will transfer the username and password from the vault to the website’s account creation form.

7. Submit the account creation form.

The above may not be what you’re used to, but it is the same amount of work (or less) than using the auto-save (Ask to save login) feature, and it prevents password loss 100% of the time. Thus, if you’re currently frustrated by loss of passwords due to failed auto-save attempts, you might as well give this approach a try while you’re waiting for Bitwarden to improve the robustness of their auto-save algorithms.

This is exactly what I came here to ask about.

Lastpass failed me in this regard, and at the time I simply could not believe that a password manager could be so careless with persisting its users’ data even when it suggested that data itself.

It’s very disheartening to hear that there seems to be no proper persistence strategy here in Bitwarden either. Hearing this as a new user (as of today), I’m immediately filled with doubt about choosing this as an alternative to Lastpass — I simply need to know that the developers of the security product I use understand these things. You must persist generated passwords before releasing them to the application/user. Doing anything else is basically relying on that the detection of signup/password changes is 100% accurate, which is absurd, and, if this thread is to believed, far from reality.

Password suggestions are simply not safe if this is not done properly.