Do not autofill password fields with an existing HTML value

Many configuration pages allow admins to configure a user name and password for external services. For example, on the admin pages of a CMS system, you might be able to configure the user name and password of a mail server.
If this is already configured, the requested HTML page will look something like
User name: [input type=“text” name=“username” value=“admin” /]
Password: [input type=“password” name=“password” value=“xxxxxxxxxxxxxxx” /]

When autofill is enabled, Bitwarden replaces these values with the for the actual login (to the CMS in above example). When Saving the config, the mail user name/password is overwritten, and will no longer work.

A simple workaround for this would be to not autofill a password field that has a non-empty value.

Don’t some sites use dummy values for the username and password fields until the user (or bw) enters data? (Literally “username” (or “email”) and “password” seem fairly common.)


The ones I’ve seen actually use CSS to trick it ( or the HTML placeholder attribute (
Using the value for a password field would not work anyway as the browser will mask this with ***