When changing passwords in sites and apps, the update password feature is unreliable. The primary failure mode is that the new password gets generated in the new password field, but Bitwarden doesn’t detect the update, or the user fails to notice the update dialog when on the web interface, or there simply is no element available in iOS to save the updated password. Once the password is submitted to the field, there is no way to copy the string out to save into bitwarden.
To avoid this failure, there should be an option to initiate the password update in Bitwarden, save the new password, and autofill old and new passwords to the update form.
Please explain in detail what you have in mind (i.e., exactly how this option would work, and how the user would interact with it).
Currently, Bitwarden already does have “an option to initiate the password update in Bitwarden”. It works like this:
Navigate to the password change form on the website.
Open the browser extension window (if your browser extension is not already unlocked, also unlock it).
Open the relevant login item to its Edit screen.
Click the (“Generate password”) icon located inside the password field.
Click Use this password, then click Save.
Autofill the new password into the password change form.
Submit the password change form.
If you are proposing a feature different from the above, then please provide a detail explanation of your proposal. If the above procedure works for your purposes, please advise so that I can close this thread.
3.5 copy the old password to the clipboard
6.5 paste the old password into the old password field on the form.
Sometimes autofill will overwrite the old password so I tend to refresh it just-in-time. If the clipboard clears itself too fast, there is also a “password history” link on the “view item” page.
First I will focus on my experience with the iOS app, since that’s where my primary interactions are. I recognize that it’s possible to do a password update in Bitwarden, then transfer that into a web form or app that’s asking for an update. My point is that, as you kindly detailed, the process is at least 7 steps. And on a mobile device, switching between apps is sometimes an unpredictable experience due to how phones might manage memory. But even if it’s a best case scenario, the number of steps could be reduced. Currently I don’t even see an inline (on the web page) “Generate Password” option in the iOS app. So adding that will get it up to speed with the desktop browser UI. Perhaps it can be added in the keyboard banner along with the autofill and the key icon.
Now for the desktop browser, I see an inline “Generate Password” button attached to many password fields, so Bitwarden is detecting password fields and providing features there. I think the best way to implement a simplified password update experience would be to add or modifiy that feature to offer “Save to current login” so a user could use autofill to populate the old password directly from the integrated features, then when clicking on the next password field perform the “Save to current login” where Bitwarden would then update the saved password for the same account it just autopopulated from in the previous field. Currently I am only presented with the option to add a new login when using the inline generate password, and with testing I see that every time I do this I do indeed get a new unique entry in the Bitwarden database for the same web site.
One confounding behavior in this would be how Bitwarden will autopopulate the “Old Password” field and the “New Password” fields when using the standard autopopulate. This makes it so you have to manually delete the contents of two field before accessing the generate features.
Also remember that many accounts have password rules (Min length, max length, character type minimums, allowable characters), so generating the password in the Bitwarden app/plugin could result in generating a password and saving it multiple times before getting a password that is satisfactory for the validation rules. Especially since Bitwarden does not allow for partial special character sets. If an inline generation feature exists, a user could (if the web page provides) get immediate feedback on the generated password before actually saving it to the database record in Bitwarden.
If this must be limited in that way, I would say the mobile app is in most need of a better feature set for password generation. I can open a separate request for the improvement on the desktop browser feature upgrades I mentioned.
@RawChickenBeast I understood, you want not only an inline generator (for mobile - for the browser extension it’s already there), but a whole kind of “password change method/function” to make it more easy to change existing (stored) passwords, right?
Could you please explain what you mean by “first” in the title? I’m rather confused, if you only want to change your first password (whatever that would be) or if it would be the first password change method ever since the launch of Bitwarden… or what is it supposed to mean?
At this point I would use a different title. Maybe “Inline generation and saving updated passwords”.
And keep in mind that even though the inline password generator is in the extension, it is not useful because there is no way to copy the password out except to save as a new login record (missing the username no less), and Bitwarden doesn’t always ask to save the updated password (in my experience it rarely does if ever). So the shortest path to using the extension inline generator for updates still requires copy and pasting passwords between login records and deleting the unnecessary new record.
The intent was to indicate making the change first in Bitwarden, then use that to populate the password update fields on the page. I asked for that because I was thinking of my workaround which was to do basically what you described, though I considered that a manual process. If an inline password generator that works for saving updates is implemented, that would be even better.
It doesn’t have to be limited to a single app, if you are proposing a specific feature that would function the same way in more than one app.
It wasn’t completely clear what new feature you were proposing for the browser extension, and whether or not it would bear any resemblance to what you’ve requested for the mobile app.
Given the lack of clarity, it may be best to try to start by fully clarifying what you are proposing for the mobile app, and then perhaps start a separate feature request for the browser extension.
(“Generate password”) icon located inside the password field.