Handling of username domain names

Feature name

  • Better handling of login items which have a organization domain name associated with them.

Feature function

I have several items in my vault which are flagging in the Reused Passwords Report. All the items are for accounts which are in our organization’s domain, and while the passwords are the same, the usernames have different variations of the domain, as required by the particular service. For instance:

  • One item has the username @, which is used to sign into a set of specific websites.
  • Another item is <username>, which is used to sign into a different service which requires this form of the username to work properly.
  • Yet another item has the username @, as it requires the fully qualified domain name.

Of course, this is the same account in all instances, so the password is identical, but different services require different forms of the domain, so I need to have multiple items in order for autofill to work. Most of these services are third-party tools, so I don’t have the option of asking the developers to change the behaviour. I figure this is likely a common occurrence for Bitwarden users who are members of an organization which uses Active Directory, and especially so for IT people like myself.

It would be nice if I could get these false positives cleared from my Reused Passwords Report. I see two potential solutions:

  • Include an additional field for URIs to indicate domain name, and whether that domain name is a prefix or a suffix.
  • Include an option to exclude or hide specific items from a report.

Related topics + references

A post was merged into an existing topic: Field References (Ability to set different usernames for different websites using the same password)