If you can sufficiently articulate how you think Bitwarden could “automatically” (or semi-automatically) track the equivalency of “name.dom1” and “name.dom2,” you may want to consider adding a Feature Request so others can benefit from it as well.
Another approach, which can be done in the extension is to add the second URL to existing vault entry.
They do, for common well-known names. If you have additions you feel would benefit many others, submit a PR as suggested in this conversation.
That said, I would much rather Bitwarden err on the side of caution. There is much risk if Bitwarden were to add a credential-stealing look-alike website to the global “equivalent domains” list.
You’re right, I didn’t think about it. – This is fishing in its purest form. My proposal can be sent to the Wiki in the Fishing section
Each user must evaluate the risks themselves and add copy sites independently.
The problem is that the user does not know that he has a login for the copy. Maybe AutoFill isn’t needed. But there should be some kind of notification about the presence of a login.
It turns out that the most valuable thing in this topic is your advice.
@serega_da And I would suggest to make clear, if you
want a search field for all login items to search and autofill (even those that have nothing to do with the current domain = are not an autofill suggestion for your current domain) → and then the phishing topic would be there again…
In principle, the title roughly reflects this topic. Without a picture, it’s difficult to understand what the author of that topic wants to say. For me, with picture it’s clear right away. You can choose to transfer it or not.
Is it worth cleaning the first message?
The internet is all about reducing the number of clicks. If you need to leave the page and open the main window of BW to search, it’s a bad idea. It’s a lot of unnecessary clicks. The search should be in the input fields.
But more importantly, we need BW’s reaction to the presence of a similar password. We don’t want to expose it immediately for security and to combat Fishing.
Manually searching for a similar password (and I might not remember if it exists) is also a disadvantage. I might have created an old password 10 years ago. I can’t search for it manually for the rest of my life.
only in the middle of the topic, there were some competent authors who knew how to make a Copy-Past of a screen image. And my picture is no better. The requests to duplicate (not to invent anything new) the search have been around for almost two years. Simply repeat the search field.
Therefore, this topic should be trimmed not to the search field, rather than the automatic search for passwords without AutoFill or clicks. However, it is desirable to have separate buttons for copying the login and password separately.
I guess Google isn’t sleeping either. And Fishing sites don’t last long – they are monitored and blocked at the CDN level. BW does not need to take on the role of overseer of the Internet. More problems for users. Fishing is more difficult to find than real sites with copies on different domains.
Take KINOGO, substitute any domain and you will not miss. There is no Fishing and no bank cards.
BW should not hide part of its database from the user.
They do not. The Global equivalent domains can be found here. You can exclude those you do not want to be considered equivalent, and you can add your own to the list.
No ! We’ve already figured out these possibilities. They exist. However, I’m referring to cases where a login was created many years ago. The forum has moved to a different domain. The user may not remember/ that they already have an old login. To add the old domain to the new one, need to find it. By hand. This is the work of BW
