Bitwarden doesn't work with many financial (bank) sites

New user here. Trying - like many others - migrate from LastPass to Bitwarden. What I’ve found with Bitwarden is that it doesn’t work with alot of sites. The big ones are Citi, tdbank, and PNC so far. By “doesn’t work” I mean that either it doesn’t recognize that you have signed in to the site and prompt to save the creds - example is citi and PNC - basically preventing you from using BW to access the site.

The other issue is that it cannot fill the creds for a site like TD Bank. If you attempt to use it to login to TD Bank, it will paste the user and pass, but TD clears the user name and then says you need to enter the user name.

Bitwarden prompted to save the TD Bank login, but will not fill the user and pass when you try to go to the site from within Bitwarden. When you log in to PNC, BW doesn’t prompt to save the site. Oddly, when signing off the site, BW then prompts to save the creds. When returning to the site from within BW, it doesn’t fill the creds. You have to click to go to the site, and then click to fill - a big deviation from how LastPass works.

The issues are seen from within Firefox 85.0.2 and Chrome 88.0.4324.190

It seems odd that Bitwarden doesn’t work with sites like the ones I mentioned since they are probably pretty commonly accessed. I could see having to “report” an issue if they were obscure web sites, but I’ve got to believe that others have the same issue.

I tried using BW a few years ago, and went with LastPass - I don’t remember the details why, but probably had similar issues back then. I’d like to send LastPass packing, but it not working with the sites I use most frequently will be a killer.

Welcome!

We are actively working to improve this feature. There is an issue tracker with a form to report websites that aren’t autofilling correctly here:

Please feel free to submit any/all sites that aren’t behaving as you’d expect.

2 Likes

I am able to login to https://online.citi.com/ without issue. Is the issue saving to the entry? Does it work if you correct the bitwarden entry directly?

In the case of Citi… I manually added it, and then manually added the user and password. When returning to the site by launching it from Bitwarden, it goes to the site, and then you have to go back to Bitwarden, and click on the site name to get it to fill the fields. These are both a big change from how Lastpass works. There’s the option to auto fill on page load - and it says it’s “experimental” but that’s not really what I’m expecting. Lastpass has that too where it will fill the fields immediately after launching, but can be set that it won’t autofill if you just browse to the site manually.

The other issue - besides the pita factor - with manually creating the entries is that there’s some sites that the user name and pass are called something else at the site, and Lastpass still stores and fills them, but actually stores the login data as “Fields” relating to what’s on the login page, which you may not know unless you start tearing into the page source like the example below. I keep mentioning Lastpass because it’s what I’m used to, but I do want to send them packing. FWIW, I did pay for LP premium for several years when it was cheap, and you had to in order to use the mobile app. I’ll have no issue paying BW for premium, but it’s got to work, and cause me less issues than the upcoming LP restriction of not having mobile device access.

FWIW Lastpass’s autofill (when using Chrome) over the last year or so was not always smooth. For some reason it worked for about a year for me, then totally stopped working (after I went to a newer version of Lastpass). Usually new versions fix bugs. On my end it created one (and I don’t think I was ever given a way to correct it except to make sure I had the latest version). I just mention this to point out that Lastpass doesn’t seem to have this totally functional either.

1 Like

I don’t think adding a site doesn’t work the same way as Last Pass. The tutorial video indicated that instead of logging in and expect Bitwarden to log in, the proper method appears to be to click on Bitwarden and click on add site, which will populate it with the necessary URL and then you would enter the user name and password. This is definitely less intuitive than using Last Pass, but I don’t regularly add sites, so I decided that this is not an issue to manually add the site.

In Last Pass, I notice that the feature works a lot of time and sometimes it doesn’t work. It seems to be affected by updates, which Logmein will update again to fix. As a result, I usually end up adding the entry manually any way.

2 Likes

That may be the case, but it does not mean that either bit of software is better or worse then the other, it just means that they work differently.

Bank websites are produced by Banksters, generally a useless shower of incompetents. I don’t necessarily blame those producing the sites, it is more likely that they are only obeying orders. These sites can cause great frustration, but I use Bitwarden to store passwords and other stuff to access the sites all of the various banks and other financial institutions that I use. I have had to do some fine-tuning of each login to make them work, but the fact that I had to do that fine-tuning is the fault of Banksters and not Bitwarden.

1 Like

Try Ctrl + Shift + L.

That might be as this is not Lastpass. It is Bitwarden! :smiley:

Don’t despair! Over time you will adjust and learn.

It does! Just in a different way than Lastpass. If you live in the UK and never have left the country you probably are used to driving on the left. If finally you have the chance to see other parts of the world you will notice: They are not driving the way you are used to. Instead most of them are driving on the right. If you crash as you follow your old habits it is not their fault as they did not adjust to what you know. So if you switch over to something new do not expect it to be like the old thing you left.

3 Likes

While Bitwarden does autofill the information BDO online banking, once I hit ENTER an error shows

image .

I dont experience the same error when using Enpass though. I’ve tried this on all my browsers on MacOS BigSur–Chrome, Firefox,Edge.

Same as TD Bank. See below. As has been clearly explained as a result of my posts, BitWarden does things differently. Different than LastPass, Different than RoboForm. Different than Firefox Lockwise. And on many bank sites - another you’ve shown - different than manually typing the user and password. That at least gets you logged in.

As I explained, I - as many others are - am trying to find an alternative to LastPass. From BitWarden’s help page “When a Vault item has a corresponding URI, the Bitwarden icon will overlay a notification bubble reporting the number of Vault items for that web page” Sorry, it doesn’t do that on many of the pages - banks for example - that one would be most likely to use it for, The other issue that I tried pointing out - again from BitWarden help “Simply clicking on the Vault item inside the Browser Extension will auto-fill login information to the detected input fields” It’s kind inconsistent at that.

Suggesting that over time I’ll adjust isn’t realistic when I’ve apparently misunderstood what BitWarden is. Silly me thought it was for safely storing creds and autofilling them when needed,

Given the description on the BitWarden home page, I’m mistaken about the second part. It’s for storing and sharing. Nothing about filling. LP home page says autofill. RF home page says autofill.

BTW: I have driven in the UK. It’s not that hard to do. I found that drivers there are very polite. It’s routine for many living in GB, and Ireland to travel to other EU countries. The position of friends and co-workers in the UK is that other countries do not drive on the right side of the road. They drive on the wrong side of the road.

That’s what Bitwarden does. As it happens I logged-in to three financial sites this morning. The credentials for those three sites are stored in Bitwarden and I have no idea what they are (though I can look them up if I want to).

Two of those sites were no problem to setup, I can use any of the available methods, but I generally do Control Shift L. One of them was a bit of a pain and I had to fine-tune it. Logging into that one involves pressing Ctrl Shift L twice, re-arranging some numbers in dropdown boxes a little and the usual ridiculous SMS via a phone contraption.

Now I would love it if I didn’t have to bother my pretty little head with fine-tuning things, but the fault that I have to do that is the fault of banksters not Bitwarden. If banksters were interested in the security of my money they would allow me to use my (far more secure) security keys, rather than ridiculous nonsense with insecure phone contraptions and passwords (one of them of limited length and only allowing letters and digits).

1 Like

I have a similar issue with bitwarden and etrade on and older android. 6.0.1 I believe it has to do with the different user interface between the mobile app and the browser app. This may be complicated by the fact that the browser accesses us.etrade.com and the mobile app cm.etrade.mobilpro.activity.
When I allow bitwarden to fill in the password I get an invalid password response from etrade. If I instead use the copy password function then paste the password into the mobile app I can sucessfully log in. My hypothesis is that bitwarden is putting something extra into the password field with autofill.
I can’t prove this, as etrade does not offer the option of showing a visible password. A possibility might be that it is putting the login name in the password field, but this is speculation.

Any updates on the resolution? Bitwarden is still not working with my bank.

Have you talked to your bank and asked them to use standard solutions instead ?

2 Likes

Bitwarden can’t do anything about the system your bank decides to use. Have you asked them why they don’t allow customers to use the most secure form of authentication there is?

2 Likes

Does this mean Bitwarden requires something different? As i mentioned in a post above, i dont get the same error when using Enpass and 1password (during trial).

To clarify, the error is when i do autofill on the browser.

Already added my bank’s URL to the report tracker file.

Re-tried autofill using the Bitwarden extension icon, Context Menu and Keyboard short Cut on Chrome, Edge, Firefox. All errors.

Password managers are not the most secure form of authentication in existence, and most definitely not the ones that make your data available online.

Password managers are just safer than using simple passwords and repeating them, assuming you are properly protecting your vault.

Until recently, most banks were thinking that using a password manager is a security vulnerability, reason why they could negate any sort of insurance for your money in case of a security breach, as long as they knew that you were storing your credentials in one.

Arguably, it is a security vulnerability, and it highly depends on the type of security your bank is implementing and how much benefit a password manager could bring as opposed of not using one for that specific bank security implementation.

@ikabupini There can be various reasons why this is not working, for example a script which ensures that attackers can’t use something similar to Bitwarden’s auto-fill, which is not that advanced compared to the likes of 1password. For banks, anything interacting with the page outside of the user can be seen as a threat. This kind of security measure can be something simple to extremely complex, but more often than not, I’ve seen that it’s mostly monitoring user interaction with the fields. Therefore, if you type something in the field then autofill, this issue could be avoided for some banks.

Just tried your suggestion but autofilling using Bitwarden still doesn’t work. My current password manager, Enpass still works. This is the only thing that’s stopping me from completely moving to Bitwarden.

@ikabupini I took a look at the bank you mentioned and I see that it has an event that removes the password when the password field is focused. Because Bitwarden fills the field and focuses it, the site’s script automatically removes the password from the field. In this situation, it is not a security feature but a not so well engineered site.

Using custom fields doesn’t seem to fix this issue. However, using the shortcut CTRL + SHIFT + L to autofill your credentials seems to be a workaround for it on desktop using the extension in the browser. Does that fix your issue?