… I only thought, that this is a general (good) advice, regardless of whether we would have a partial or full list in the generator history.
… and I consider that as also true - and so it would be true with a partial generator history also… (though I understand the point, that one shouldn’t feel too safe even with a full generator history)
But, these points all don’t speak against being a bit more on the safe side with having a full generator history, and that’s why I used the “confused” smiley.
Though @DenBesten’s suggestion would add another layer/complexity to the generator – if there was a partial list, to still be able to access the full list is a very good idea I could totally live with.
The point I was making was that even with a full history, password loss is possible unless one adopts best practices of storing the password in the vault before submitting it using the web form. It follows that for users who do adopt this best practice, having a full generator history does not add any advantage.
Understood, agreed - and disagreed also. As I’m not a robot, the day may come that I don’t store it in the vault before, against my own policy. Then, I’m glad about the full history.
PS: And, as I see it, that’s exactly the (second) safety net of a full generator history I appreciate. Of course, there’s never 100% safety.
IMO, it would be better to support a FR that enforces the recommended work flow (and prevents password submission before storage in the vault).
I am also not a robot — but for myself, I find this scenario highly unlikely. I don’t use the inline autofill pop-ups, so I would need to either drill down into the right-click context menu (Bitwarden > Generate password (copied)), or use two separate keyboard shortcuts (Ctrl+Shift+9 & Ctrl+V), or go through a 4-step process of opening the browser extension window, navigating to the generator, copying the password, and pasting it. As I never use any of these methods, they would all feel very unfamiliar & wrong to me, and I doubt that I would go through any of these steps “by mistake”.
And as I also don’t use the options “Ask to add/update existing login”, if I were to use any of the above password generation methods against my better judgement, I would subsequently need to manually create a login item, then paste the generated password (along with the username and URL), type in a name for the new login item, and save the item. I would think that at some point during this whole process, there would be red flags and warning bells alerting me to the fact that I have deviated from the usual password creation procedure.
Probably a good idea. But from experience, I’m a bit sceptical, that such “forced mechanisms” would not stir some “feelings of paternalism”…
Well, that’s an interesting revelation!
Thanks for the detailed explanation. I use less keyboard shortcuts and more of the inline menu (though not the inline generator up until now) - everything else, I do more or less the same (and obviously agree to it!). – My point is, though: not every user is that well versed in every function of Bitwarden… and probably those could need an additional safety net more than you and me… (BTW, as far as I’m in favor of a full generator history – I’m indeed not sure, if I ever really needed it in the last two years)
It would also help to list if the user manually generated the password or if BW did it as a suggestion. Recently, something happened that caused a new login record to not be saved in my vault. When I went to the password generator history I couldn’t tell the password I manually generated apart from the 7 others that the BW auto-generated and suggested to use. It took two days to get into the account because I got locked out for too many failed login attempts while trying each generated password.
I go into BW, create a new login, then click the button to generate a password. That’s manual generation.
On some web pages, BW will display a dropdown underneath a password box suggesting a password that it has generated without me asking. I think that’s a feature to make it easier to create accounts, but it ends up flooding the generator history with entries I did not ask for.
Do you also click Use this password in the Generator, and then click Save in the new login screen?
If you use this work flow (which you should), then the generated password will also be saved in the item-specific password history, which you can access by opening the saved login item and clicking “Password History” (in the “Item History” section at the bottom of the page).
This feature request proposes that such unused passwords either be eliminated from the global generator history, or be hidden from view (through use of some type of filter).
I think what you are suggesting is that the generator history should include some information to identify the context in which each generated password was created (e.g., generator tool, password edit, keyboard shortcut, context menu, or pop-up suggestion). I think that is not a bad proposal, but it may be outside the scope of this feature request (which is just about trimming the list of passwords displayed in the generator history).
I do use Use This Password. But in the issue I had, the entry had not been saved.
I was going to open a new topic for my request, but searched first like I’ve been taught. However, maybe the thread is not close enough and my request does warrant its own topic.
I’ve re-opened the 2018 feature request on this topic (originally titled “Only store password history when a new password is selected or copied”), merged the recent thread (“Generated passwords / passphrases: only list and store copied / “used” one’s in the generator history”), and modified the thread title to encompass the two key implementation suggestions — either discarding or hiding unused passwords (new title: “Generator history should omit/hide generated passwords that were never used (copied, saved, etc.)”).
The OP originally also suggested saving URLs in the generator history, but as each feature request topic should be limited to a single proposal, any discussion or voting on the URL suggestion should be relocated to the separate feature request topic “Save URL in password generation history”.
I second that. Its so confusing to identify which password I generated and used since it generates so many passwords even while making some configuration changes. Many a times I had to again do a password reset.
I was reading comments and I saw someone wrote what if a user writes the generated password on a paper and a pen. Its a edge case. Even less than 1% of BW users would be generating passwords and then writing on a paper and pen.
Most people copy/fill the generated password. So I think the generator history should show the ones that were copied / filled and not just any/all passwords even the ones that get created while you open the generator page or move back and forth to check generator history. @Nail1684
Imagine you clear the history and you go back, you land to generator page and you go back to history, it shows 1 password generator. Come on man I did not intend to generate this password!
It’s really annoying, and not a well thought out feature.
The auto-fill in gets called. It Generators a password. You refresh the page. A new one gets generated. If you click on it, and something breaks and a new login isn’t saved to your BitWarden Vault, but it did succeed updated your password or crearting an account on the website, now you have a state mis-match between the website and BitWarden.
When this happens to me, I Open BitWarden, go to the generator, and as soon as I open the generator ANOTHER NEW ONE IS GENERATED. So I go into generator history, and I have a list that is like, 7 auto-passwords long and I have no idea which of the seven was used by the auto-fill-in.
Even just having the History of the Generator track if a generated password was created by the auto-fill-in or not would help a lot, because right now it’s a mess. The feature causes more grief than it problems it solves, at least for me the inline auto generator is a purely negative, frustrating experience.
@AlexCaswen Your new suggestion fell outside the scope of the feature request topic in which you had posted, so I have moved your comment into this thread, which is a more relevant feature request.
@AlexCaswen has articulated exactly the flow that frustrates me about the current state of the auto-generated password features in BW. With the password autofill enabled (there’s another feature request thread to allow disabling it), and with the password generator auto-generating passwords when it’s opened, the history gets very crowded with passwords that cannot be distinguished by anything other than time.
My flow tends to auto-generate even more passwords, since I prefer to check the generation settings for each password generated (some poorly-coded sites have small password length limits or don’t allow certain characters, requiring adjustments for that site, then adjustments the next time I want to generate a strong password for a well-coded site). Here’s my version of the flow:
Opening the password generator to check my settings before generating a password auto-generates a password
Changing any generating setting auto-generates a password
I copy the password to the clipboard
Returning to the website, clicking on the password field to paste my copied password auto-generates a password
I create an account
If this fails, possibly because I forgot to enable third-party javascript for this site, I need to click on the password input again to paste my password and try again, which auto-generates a password
Some of the time, maybe around 25%, BW does not offer to save the new account, so I need to go find the generated password in history
On opening the password generator, a new password is auto-generated
Finally I can try to find the password I used, among the 5+ passwords all auto-generated within a minute or two of each other
If I guessed wrong, then I’ll have to go back to the password generator, with even more auto-generated passwords added in the process
This only happens sometimes, but it’s very clunky and irritating when it does. Distinguishing passwords in the generator history with data like whether it was auto-generated, whether it was copied/autofilled, etc, would help a lot in this case, alongside other improvements that are out of scope of this feature request (like disabling password auto-generation).
Well, I can’t edit my post anymore, but I had meant to refer to filtering out auto-generated and/or unused/uncopied passwords, rather than annotating them in the list, since that’s a separate feature request.
— but for myself, I find this scenario highly unlikely. I don’t use the inline autofill pop-ups, so I would need to either drill down into the right-click context menu (Bitwarden > Generate password (copied)), or use 
and warning bells 
alerting me to the fact that I have deviated from the usual password creation procedure.
