In the Github issue, this feature is more than just disabling an auto-fill – we need the “Never URLs” feature (a blacklist, basically) of locations which never prompt to save logins, nor auto-fill. My specific comment there was:
“In LastPass these are called “Never URLs” just for reference - I as well need these for my work internally at my company. Besides websites that might cause performance issues, we have endpoints which are accessed without using Bitwarden (think RSA tokens) so wish to avoid “do you want to add this website?” every login to select domains and IP wildcards (https://10.12.*/, etc.)”
I have many work intranet sites that are RSA token logins and get annoyed when I’m prompted to save credentials for them, I can’t blacklist the sites and domains.
Also will be good to disable autofill on page load if password field has attribute autocomplete=“off” or autocomplete=“new-password”.
Some business applications have forms with password fields and autocomplete attribute prevents from automatic filling passwords by browsers.
But unfortunately it not work in case of bitwarden.
I like autofill on page load feature, but disabled it because it put my password everywhere in type=“password” inputs, high risk to post if accidentally. No way from user or site developer side to prevent it.
Specific use case; many banking sites use 2 separate pages for authentication where the second may be 'select first and third number`. If the page tags these fields as password, each one if filled with the whole password.
I’d like to flag this issue too. I’ve tried setting these ‘select’ inputs to a blank as a custom field but that doesn’t work. Autofill actually slows down logging with these fields and it would be good if they could be identified and left blank.
+1 for this, my business allows me to change passwords for my customers, so when I visit a customer’s page in my account manager, my login details are filled in. It would be great to be able to disable this by URL.
This is a HUGE PITA with my home router. It has lots of login fields for my Dynamic DNS provider and other settings in the router. I would like to store my passwords for the router in Bitwarden, but for the router’s site, I’d like it to never fill in any username and password fields.
Yes, this screwed me up huge, and wasted hours of my time because I saved a page in woocommerce > authorize.net gateway, and It autofilled the transaction id, and disabled checkout of a client site for a weekend. Had no idea this happened. Cost us both a lot of time and money.
uggggg… NEED to be able to disable auto-fill per url.
Yes. Auto-fill of credentials wreaks havoc when administering systems that use system accounts for things like LDAP or active directory binding. Change a setting on the same config page and all of a sudden, nobody can log in.
This is a problem for me with rundeck. We have a lot of rundeck jobs that have an unmasked password field and these were being filled in with my password. This is problematic enough if someone is standing over my shoulder. Worse yet, it would be really easy to submit the job with that password and then everyone can see it. I had to disable autofill globally to prevent this.
This is still a hot TO DO, even though the autofill-feature is in beta, this should be an important feature. Maybe this can use the same list as ‘Never save’, which will be one less list to maintain?
Yes. I’ve had to turn off autocomplete completely because it is so over zealous, overwriting entire profile Details on certain sites.
Now when navigating to a website I have to select it 2x from the extension. Once to go to the website, then again to fill it. On Safari with Pinned Tab autofill still broken, I have to then copy and paste user name and then PW individually. Would love a more simplified workflow/experience.
Hi, I would like to add to add my 2 cents in as far a being able to prevent specific websites from being auto filled. I know it a beta feature so I have high hopes that something to this effect will be added on in the near future. For now I perioidically search my password vault to make sure it hasnt saved any sign in info on the sites I consider too risky to have them autofill.