Auto-type/Autofill for logging into other desktop apps

I using Bitwarden Has 3 year long, but I hope can be support Autofill Username & Password for Desktop Application. Such as Telegram, Genshin impact, Honkai:Star Rail and so on.
Just like KeePassXC Software:
屏幕截图(8)

As mentioned above, someone has created an autotype thing for Bitwarden. Yes it is not official but it works very well and I use it frequently. IF you want to use the most recent algorithim update, you have to manually update the cli package thats been included as it hasnt been changed in this tool but it WORKS

2 Likes

+1 without any hope
Over 5 years of waiting and no real progress…

Auto-Type is one of my most used features of KeePass as a sysadmin. It just works almost everywhere (RDP, consoles, nested connections, remote support solutions…) and is certainly more secure than copy and paste. :expressionless:

2 Likes

Positively do not recommend any 3rd party middle man working with your passwords, ever. Just deal with the extra 10 seconds of work it is to manually copy/paste.

This goes beyond a little extra work, though. Any time a password gets on your clipboard it is immediately available to any application on your system. Additionally, there’s the possibility of accidentally pasting it into a location where you really don’t want to. I’ve seen it happen numerous times, and that is only getting worse as more and more applications decide that disabling the “copy” function is, somehow, a security feature.

Copying and pasting passwords is bad juju; we should be doing what we can to avoid it.

1 Like

This is a must-have feature. I had to switch to Bitwarden from Keepass for some reasons and this is ‘pain in the ass’ in comparison to auto-type feature from Keepass (not saying about custom macros like {PICKCHAR})

The only viable solution now is to type the password manually, which simply isn’t doable given the length of the random passwords these days.
Having to do that all day long resulted in us moving to a lot simpler passwords for a lot of systems that should be better secured.

Having to type them, especially over remote connections, exposes them to a lot of different keylogger opportunities. Which results in even worse security.

Also the request is not to copy the user/passwords to the clipboard, which is exactly what does not work for these application.

Whatever the solution is to this problem is gonna carry some implications, either bitwarden performs the keystrokes or users start using simple passwords again and start bypassing bitwarden altogether.
It’s a choice between two evils, having a basic solution,that right now isn’t being implemented because of security concerns, creates bigger and worse security concerns in the end.

Hi folks - thanks for all the chatter and discussion here. Bitwarden now has a dedicated autofill team that will review our autofill implementation at large, including auto-type. The autofill team is focusing on the proof-of-concept on the overlay with the next priority for the team being research into auto-type. The research will be to look at a solution that can broadly support all desktop applications and the nuances in how they implement login.

15 Likes

Hi. It’s essential for me that Bitwarden enables me to autofill passwords for desktop apps such as Zoom and Skype. Can this be added to the list of Feature requests please.

When can we expect a solution to the desktop issue, as the OP was dated over 6yrs ago.

1 Like

This is absolutely awesome! Can you link a github issue to this so we can keep being informed? :slight_smile: Have a good one!

Unfortunately, @Haui, FRs aren’t tracked on GitHub. Solely when a PR for this is created shall we be able to automatically subscribe to completion.

Has worked great for me for years and this is one of the features blocking my users from dropping Roboform for BW (and so us rolling this out as MSP.)

Works great for Quickbooks, RDP sessions, bunch of websites that use “Basic Auth” login popups, etc. and others I’m not remembering rn.

Yeah, it fails occasionaly but works way more often than not and for us is a deal breaker.

Just realized this is a SIX year old feature request. Now definitely scratching my head…

1 Like

That’s great to hear! However it took Bitwarden 5 years to begin looking into implementing such a core and widely used feature that has been out there. My company is starting to pilot Bitwarden and as many have mentioned around here (for 5 years) I don’t feel comfortable in moving to a tool that doesn’t provide efficiency but instead makes the user life more difficult. Not to mention not being able to customize the shortcuts.
We use the Auto-type feature many times/day for both Remote Desktop and Web Apps. Especially useful when you have a VM console session inside of a Remote Desktop for which Copy and Paste doesn’t work but Auto-type does the trick.
It seems there are both free and Premium users (like our company) requesting this feature. Will Bitwarden always take that long to improve its product based on valuable Customer-provided feedback?

@gtran Hi Mrs. Tran: I was thankful to see your response to this request and specifically that it outlines how the BitWarden team acknowledges that this is a much desired feature for its userbase. So much so that there is a dedicated team to address this.

It has been over three months since your post, however. Could we get an update? I do not see it on the Bitwarden Roadmap yet, either. When do you think desktop autofill support might be added there?

We will update this thread when the team begins development of the feature (as will the roadmap). The team is right now focused on releasing an initial version of the inline auto-fill menu and improvements there as well as migrating the browser extension from Manifest v2 to Manifest v3 before end-of-life from Chrome (our most used device). As any software developer knows, timelines can be very inaccurate, depending on how current initiatives go, so we will let our community know once the work has actually started. Thank you for your continued support!

2 Likes

Can I confirm that your implementation of Auto-Type will be to replicate how KeePass implements it, using Alt+Tab, followed by the credentials?

The auto-type sequence should be customisable so that you can add any custom keystrokes or entries in the BW fields as necessary.

It works so well in KeePass and is compatible with so many different scenarios, all of which have been outlined many times in the above comments over the past 6 years.

For the Linux users looking for this feature, my (unofficial) Bitwarden client - Goldwarden - has now released on FlatHub as a flatpak. It supports system wide auto-type (at least on Gnome and KDE on Wayland). Of course, it is open source and you can inspect every released builds CI pipeline.

Since the flatpak is fairly new, expect some bugs here and there, but they’ll be fixed over time (if you report them) :wink: Also, some external setup is required to get global shortcut detection to work, until “global hotkeys” are available on more desktop environments. Just check the wiki on instructions.

Hope this helps some of you!

(Also, looking forward to the official client getting this!)

1 Like

Thank you for offering this — I hope that it encourages Bitwarden to accelerate incorporation of some of these features into the official clients!

Some questions:

  • I was expecting to see (but did not see) a disclaimer to the effect “use at your own risk, and not without frequently backing up your vault contents — using this client has the potential to corrupt your vault database.” Does the absence of language to such effect suggest that you have a high degree of confidence (certainty, even?) that the risk of database corruption is no higher when using this client than when using the official clients?

  • I see that the releases also include “stripped-down” and “untested” builds for Windows and macOS. Does “stripped-down” refer only to the new Goldwarden feature set, or are some native features from the official Desktop client also stripped? And do you feel comfortable making any pronouncements with regards to the risk of vault corruption associated with these “untested” releases?

Thanks for the questions!

  • I was expecting to see (but did not see) a disclaimer to the effect “use at your own risk, and not without frequently backing up your vault contents — using this client has the potential to corrupt your vault database.” Does the absence of language to such effect suggest that you have a high degree of confidence (certainty, even?) that the risk of database corruption is no higher when using this client than when using the official clients?

Of course, as with any unofficial software it’s at your own risk. That being said, except for if you add ssh keys through goldwarden, no modification is being done to your vault, the client is read only. Thus, for auto-type, there is no way for it to corrupt your vault.
Even for SSH keys, Bitwarden has a fairly strict and structured API. The worst that could happen - if there is such a bug - is a new undecryptable note instead of an SSH key note being added to your vault. You could in that case simply delete it from another client.

In a KeePass database this would be different, since you always overwrite and sync entire vaults. This is not the case in Bitwarden.

I see that the releases also include “stripped-down” and “untested” builds for Windows and macOS. Does “stripped-down” refer only to the new Gladwarden feature set, or are some native features from the official Desktop client also stripped? And do you feel comfortable making any pronouncements with regards to the risk of vault corruption associated with these “untested” releases?

The Windows and Mac builds are work-in-progress, but since I don’t actively use those platforms, it’s somewhat slow moving. SSH-agent support, regular CLI access, and environment variable injection for other CLI tools should work.

Browser-biometrics integration theoretically works, but is not that useful, because
the official desktop clients already support that on mac and windows.

Aside from that, “pinentry” has not been implemented on mac and windows, and “biometrics” has only been implemented on mac (touchid). Autotype is not available on either platform. Since I don’t use the platforms at the moment, I’m not sure I’ll invest the effort on building out the featureset, but pull-requests are of course always welcome :wink:

or are some native features from the official Desktop client also stripped?

By the way, this is not based on the official desktop client in any way, it’s a completely separate codebase. It’s not a full bitwarden client, it really just serves to implement the (to me) useful but missing features such as autotype and ssh-agent support. You can use it in conjunction with the regular desktop client.

2 Likes