BitWarden is a great alternative to LastPass. I recently switched after “Free LastPass” forced users to choose between PCs and mobile devices on March 16, 2021. I am sure variations of my request have been made many times before, but I have not yet found the answers that I seek. There is one LastPass feature I enjoy that seems missing from BitWarden. LastPass will autofill login username and password without requiring an additional manual step.
- Is there some beta-test version that currently offers this feature?
- If not, is this feature planned by a future release?
- If so, can a timeframe for release of this feature be provided?
Hi Jeffrey! Welcome to the community!
What you seem to describe is the On Page Load Auto-fill functionnality from the Bitwarden Browser Extensions that you can opt-in in the Settings. Have a look at the doc for further details.
Source: Auto-fill Logins in Browser Extensions | Bitwarden Help & Support
Edit: Since it wasn’t clear if you wanted Auto-login (in the title) or Auto-fill (in the description), here’s the feature request.
Thank you for the information, which does answer my questions. I suggest your marketing department target “Free LastPass” users, forced to choose between PCs and mobile devices after March 16, 2021. I also suggest that activating this feature be featured more proximately during installation. I found a more useful reference here.
Most new users to Bitwarden just read the help documentation themselves to learn how to use BW. Or they just ask the friendly folks here on the forums for advice and they read that. Personally, I don’t want the BW team to use limited resources to handhold LastPass users who want to transition to a free product with little or no effort. Reducing unnecessary costs prevents BW from becoming expensive like LastPass.
Go to Settings → Scroll down and go to options — > Enable Autofill on Page load
While this does what it says it does, it does not solve the issue at hand which is to automatically press the login button after filling in the username/password. The user still has to manually do that step even with this setting turned on. There are many times where I want this especially lots of internal work-related websites where I’m constantly wasting time logging into various systems at work that are behind the corporate firewall anyway, or personal sites which I don’t really need that much security (the security of a good password is good enough). Take, for example, this site - why must I have to hit a login button for this site after “autofill”?
I understand your point about Auto Login. It is a distinct feature in LastPass. Auto Fill and Auto Login are dangerous features if they aren’t tied to hardware keys or shorter timeouts (app log out and/or lock workstation). None of the other password managers (including Bitwarden) offer this feature, so I don’t think its fair to single out Bitwarden. If this is a must for you, stick with LastPass. Be mindful of the timeouts though because a hacker takeover has access to all your passwords for a shockingly long time.
Isn’t “distinct feature of LastPass” essentially the same thing as “only LastPass does this”? And why should that stop BitWarden from doing it too?
I would stay with LastPass if they didn’t limit me to only 3 devices (IIRC) or I gotta pay. Besides, I like having my own passwords on my own server in my own house.
As for “oooh that wouldn’t be secure” please allow me to select my own security/comfort level. As it stands BitWarden allows me to set Vault timeout to never - it warns but allows me to do it. And I’m OK with that setting in my house where live alone. I’m willing to accept that risk. I can chose to never clear the clipboard and I could add MFA or not choose to use it. Why can’t I automatically push the login button or not prompt me for master password for say 5 minutes?
There’s nothing stopping Bitwarden from adopting such a feature, but I think there’s wisdom on why such a feature is not common. Is it coincidence that LastPass got hacked a few months ago? Maybe they valued convenience over security and that’s the consequence they face? I don’t support a Never setting nor an Auto Login feature.
What do you perceive as the risk of a Never timeout? I personally lived for decades thinking I could never get hacked and one day it happened. Dealing with Identity theft (myself, spouse, parents), having to freeze everyone’s credit, change all your passwords, embarrassingly explain to my work since I stored work passwords, completely rebuild my PC and forego backups because we couldn’t identify how the computer got hacked, etc. Nobody likes all the hoops you have to go through, but I don’t think having to retype your Master Password is so bad when I think about what my life is now compared to having a little more discipline to prevent/minimize the fallout from the incident. Hey, its your data and everyone has different risk tolerances. I just wanted to share my story and reasoning for not supporting such features. The road to hell is paved with good intentions and sometimes that’s where you end up.