Bitwarden URI exception, avoid security risk

Hi,
Like all of you, I have Bitwarden password to unlock all my other password.
And like all Bitwarden community members, I also have a Bitwarden Community password, which is different from my Bitwarden password.
How do you prevent security risk of giving your precious Bitwarden login/password when logging into community.bitwarden ? (of course you can pay attention, but good security is when you are not invited to commit a mistake)


This is what Bitwarden if offering, scary. Why is my main Bitwarden password here? (of course I could choose not to have my main Bitwarden password stored into Bitwarden vault. In reality I do not have it here, but my parents are doing this (I guess lots of average users too) and I cannot change this, so I just want to prevent errors from happening by telling them of to modify URI and this example with Bitwarden community is the easiest I could find to share the issue)

I though it would solve the issue: a community.bitwarden.com set as ‘Never’


but it doesn’t :cry:, why?

Hello @Christop !
Setting community.bitwarden.com to never wouldn’t solve it as , the uri vault.bitwarden.com is set to match with base domain by default (i.e it will match any domain with bitwarden.com as base domain).
To avoid bitwarden prompting the vault password on community website , set vault.bitwarden.com to Exact.
You can read more about match detection uri here Using URIs | Bitwarden Help & Support
Cheers

1 Like

Thank you I have changed my setting to Exact and it works now !

So “Default match detection” means match base domain only:
image

This is a strange naming: “base domain” would be more meaningful for this.

Just to add, you don’t need the Community URL in this vault entry at all as, presumably, you have completely different credentials for your forum account. You should have a separate vault entry for your Community login.