Auto-type/Autofill for logging into other desktop apps

@LM77 and @Sc0ttjm Did you also vote for this feature (at tot of this posting)?

Yes I did, thanks

Yes, I did too!

For me this feature would be very important too. I’m using a lot of the tools @OLLI_S already mentioned and it’s really annoying copying the credentials by hand. Additionally this is less secure as the credentials are copied to the clipboard.

This would be a great feature that I am missing, especially since the iPad version of bitwarden does this and it’s a lifesaver.

IMHO this is a feature that must be implemented in the Bitwarden Desktop App.

Via the desktop app Users should be able to select an application and Bitwarden stores the fill file fill path (path and name of the EXE file) as new URL in the selected entry. This way users have one entry in Bitwarden that can be used to log into the website and also to log into the desktop application.

Logging into the application can be done via two ways:

1. Auto-Type Sequence (where Bitwarden types {USERNAME}{TAB}{PASSWORD}{ENTER})
2. Recognition of the fields (where Bitwarden stores the name of the “Username” and “Password” fields and fills them automatically).

Ad 1.
This way is discussed above and works like in KeePass.
When the Auto-Type hotkey is pressed, Bitwarden detects the currently active window and checks, if there is a password entry for this process (EXE and file path) available.
Detecting the application by window title (like KeePass is doing it) is less secure.

Ad 2.
I can not remember what password manager worked like this (but I think it was Roboform).
Here users clicked a button in the password manager and then selected the field “username” directly in the target application where they wanted to log in (same for the password field).
While selecting the fields, the fields where the mouse was over was marked with a red frame, so users could see if the correct field was selected.
The password manager stored the technical names (or IDs) of these fields so it was able to fill the fields directly next time.
Many many (really many) years ago I used a tool where I could select any element in an other application and the tool showed me some technical information about the selected element (name, width, height, etc). It was a tool that I used besides my programming IDE and I think it was called GUI-Spy.

These are just my thoughts how such a feature could be implemented.
Now it is up to you to implement the best solution for users (that is easy to use).

Excellent description, @OLLI_S.
Now the guys from Bitwarden just have to implement it.

And two and a half years later… Tick, tock, tick, tock.
3rd most requested feature, and it’s still in backlog…?
That’s just sad.

New and fancy features the team comes up with is nice and all, but shouldn’t requested features from the actual users of your product count higher?

And I totally agree that if the API way only works on applications that actually implement the Windows Cred API you can might as well just drop the whole feature and just tell us that straight up.

Turned out pretty negative this one, still love BitWarden, use it everyday, but this is a feature that’s sorely missed.
Please consider giving this some real attention.

It’s 100% on our intended to-do list. The goal was to evaluate what options would be available with new password management APIs but not necessarily limit the scope to just those applications.

Absolutely more to come on this!

Hi!

I just created an account to vote for this feature. That’s the only reason why i didn’t move from KeePass to Bitwarden.

Regards
Richard

Just one more aspect for this feature.

Users should add the file path and the file name of the application as a new URI entry, like:
C:\Program Files (x86)\Steam\steam.exe

Bitwarden should identify running processes by the name of the exe file and not by the window title.
Identifying an application by the window title is a potential security risk!

Some years ago I coded a simple application that demonstrates that this is a potential security risk.
My application had a visible window and the fields “username” and “password” (both fields were at the y-coordinate -100, so they were there but not visible).

I coded a function that accepts a text to display in the application title bar as parameter.
In the function I changed the caption of the application title bar to the specified text.
Then I focussed the field “username” and sent the key press Ctrl+Alt+A (the hotkey to execute the auto-type sequence in KeePass).
Then I checked if the fields “Username” and “Password” are empty and if at least one field is filled, I wrote the text that is shown in the application title bar, the username and the password to a large text field (separated by tabs).
If there was no data in both fields, then I wrote "No passwords found for ".

My application called this function with some common services used by users (like Facebook, Xing, LinkedIn, etc) and if there were entries in KeePass stored, then I also received the username and the password in the edit field.

I must admit that I am a bad programmer and that my tool is just a POC (prove of concept) but it worked (at least in 2011).
A good hacker would do this with an invisible window (or a window with 1x1 pixels in size) and send the data to a web server.

But this should show that identifying processes by window title could be abused.
I know that KeePass identifies the applications by their window title, but you should make it better!

@tgreer Tell me if you need the source code of the application (a Delphi/Lazarus application).

I too am presently using KeePass and holding back migrating to Bitwarden due to lack of Auto-Type feature. Looks like LastPass has Auto-Type feature similar to KeePass - see https://support.logmeininc.com/lastpass/help/use-the-lastpass-desktop-app-for-windows-lp010124

This would be handy!

@tgreer do you think I will be able to get a refund, i just purchased the family version but i wouldn’t of bothered if I knew auto-type and finger print for chrome browser is not implemented, does any one here know which password manager has auto-type?

I am quite shocked this was asked for in 2018 and it’s still not been done lol

Kind Regards

Hi Richard, our customer success team can help you out with any payment questions at https://bitwarden.com/contact

We will have TouchID/Windows Hello for browser extensions in late December or early January based on our progress, but autotype for desktop has not begun development at this time.

@tgreer cheers, also can you tell me why the browser extension says, I don’t have the premium version, I thought the family version included the premium version, good to hear about the windows hello for the browser version, I guess i will come back in another 2 years and see if you started the implementation for auto-type

… It won’t be 2 years, I promise!

For your premium subscription, if you logged in before upgrading, you’ll just want to log out/back in to get a full refreshed set of data from the server that includes your premium status.

Moved from LastPxxx about a year ago, like all that is Bitwarden except…I’m MSP with over 100 servers I use with VPN and Microsoft Remote Desktop. I need an app that will work with my VPN clients and RDP. LastPxxx has the feature, but its klunky, impossible to use with over 2,000 passwords and never worked right. It hasn’t been feature improved in years (Typical MO for LogMxx). Trialing RoboFxxx and it seems to work smooooooth with desktop apps, as it was created 50 years go (sic) before the World Wide Web. I’ll keep checking back and go premium when its ready. Thanks for the great product and keep up the good work.

Yes Auto-type in the same vein as KeepaXX would be great. Using something like
Two-Channel Auto-Type Obfuscation to get around keyloggers should be the goal.

That is the only thing really holding back full implementation of Bitwarden in the community. I want to migrate over numerous users to premium accounts, but I cannot truly recommend Bitwarden without this type of Auto-type feature. That feature would make Bitwarden even more secure.

Our company will change password manager before next summer, and this is must-have feature. Hopefully this is implemented before then!