Hi, Using Booking.com with Bitwarden is a real pain to use for 2 reasons:
1/ Firstly, your account email is not entered in the email field when you select it from Bitwarden addon pop-over or from Bitwarden drop-downlist:
2/ Secondly, when you do not use google/apple/facebook account (I do not like this), Booking.com does not propose to enter a password (it does not propose this sadly), instead it requests you to enter a unique code that Booking.com has sent to you via your email:
so your mailbox gets polluted with these useless Booking.com emails.
Is there a way with Bitwarden to solve one or all of these pains when logging on Booking.com without being forced to use google/apple/facebook accounts? Regards
Copy, paste, delete. Alternatively, you can filter such emails into a specific folder or tagged group and delete them all at once every so often. It’s really easy to create a filter in Gmail, and it’s probably similar for other email services.
Notice that this is simply an easy way for a website to direct account security towards your email and social media accounts, which already have significant investments in protecting and recovering your accounts.
Instead of getting irritated, you might be able to reframe this as a positive:
You can’t leak this account password.
The website can’t leak your password.
The security of your account is dependent on your email account, which you probably want to make as strong as your Bitwarden account in the first place.
As long as your service’s email system, and your email account work well, this works out OK.
ps: I wish my Dell account works like this instead of the 2FA mess they put in recently.
Thanks for your feedback.
When using Bitwarden, I prefer having a password, as going to my email each time is a pain.
Concerning 2FA, Booking.com provides 2FA via an authenticator app, but when you have 2FA enabled: Booking is permanently providing the alternative to send a unique link via email for 2FA!
So Booking.com is allowing 2FA but it has transformed 2FA into 1FA! (the email).
To illustrate this bad security design from Booking.com : here is concretely the email they sent when you have 2FA (so in addition to the unique code they provide by email acting as a password):
It does work yes. As a workaround. But this is manual intervention. I would love to install vault also for some elderly family members and I cannot reasonably tell them or expect them to configure such workarounds. This should have been fixed long time ago.
And btw, just regarding the booking.com problem, my guess is that the problem is somehow linked to non-English computers in which the field does not get labeled as “username” but a translation of the same. OP had a French system I believe.
But again: Chrome, Apple passwords and other solutions are able to catch that field (even in other languages), why does Bitwarden not.
To notify Bitwarden of the issue, please use this form:
Native password autofill functions in browsers and operating systems have much more powerful low-level access and ability to manipulate website behavior than do browser extensions, so they will always have an “unfair” advantage over third-party password managers when it comes to autofilling of web forms.
Yes, generally, the custom field name must match the corresponding form field identifier (i.e., the id, name, aria-label, or placeholder attribute value in HTML code), and will be different for each website. More information about finding the correct custom field name is available here.
