I am surprised and quite disappointed that this feature is not built into Bitwarden. As a long-time LastPass user, I have become somewhat reliant on this feature because I have many different accounts tied to the same website. Further, the overlay indicates that the password manager correctly identifies which fields require a username/password. Without it, I do not know if Bitwarden even sees the areas to correctly autofill the username and password.
Not only is this feature extremely useful for my needs, but it also streamlines the login experience for less “techy” people. I will definitely be taking this lack of functionality into consideration while I continue to search for a LastPass replacement for me and my family. Hopefully, this feature is implemented soon. I am definitely impressed with Bitwarden so far but this missing feature, among others, is making the decision to switch a tricky one.
Honestly, it’s quite surprising this feature is missing from Bitwarden. I switched to Bitwarden and this feature saved a lot of my time in previous password managers.
Maybe I‘m alone here, but I don‘t really want such a feature as it poses a security risk. Loaded websites might break out of their sanbox and easily compromise the injected code.
I’ve been following this topic for awhile since I also wish for BitWarden to implement a form button for filling passwords, as is practically standard for any modern browser password manager these days. Although with the last couple of posts, I feel the need to chime in.
With all due respect, someone not wanting the feature is irrelevant to the discussion IMO. Whatever type(s) of the feature the BitWarden team decide to implement (true autofill or form button prompt, both ideally,) there’s no reason these can’t be features that the user can disable. If you’re concerned about security implications, then don’t use the feature.
I think at this point, the only real issue is motivation to implement the feature. I seem to recall a while back, someone or some people were working on a branch of the project to complete the feature. Hopefully efforts will be restarted to wrap this up.
To add, of all the password managers out there with an overlay capability, LastPass included, I have not heard of the overlay pop up as being the victim of a confirmed attack in the past.
LastPass has the overlay and to my knowledge I don’t think any of their security incidents in the past 10 years even involved the overlay. Disclaimer I could be wrong since I didn’t do research on this, just stating at face value.
Recent LP abandoner looking for a new home. This feature being “planned” from 2018 is disturbing to say the least. I think I can get past it, but I also am responsible for my parents and spouse who are non-technical. Make it opt in / out, but at least add it… It’s not that JS intensive to scan a page’s DOM looking for input fields.
Hey @tappsters thanks for the feedback, this feature is currently in the ‘research’ phase due to the invasive nature and considerations to cross platform standards. We will share information as updates become available
Thank you for updating us, @bw-admin. Would you mind filling us in on specifics in terms of a timeline for this feature, considering that nearly all major browsers have had this as a feature for quite some time?
Hey @gbcode I appreciate you checking in—as this one is currently in research there are currently no timelines to share, the codebase is also open source, so all pull requests and issues are viewable there as well. The team will continue to review feedback with an eye to cross platform standardization and a focus on user security.
Ok, thank you again for the response. I recall an issue being opened originally about this feature, but it was closed down and moved to this forum so I think we’re just having trouble keeping track of progress. Hoping for further communication from the BitWarden team.
I came here looking for a solution to this as well, but then stumbled upon a reddit comment with a hot-key to cycle through available passwords for a given site:
On Windows: Ctrl + Shift + L.
On macOS: Cmd + Shift + L.
On Linux: Ctrl + Shift + L.
While this is not a solution to this specific request, after mapping this hotkey to my mouse via Command + Left Click using BetterTouchTool on a mac, I now prefer this solution over the icon within the password field as it is non-obtrusive. The lastpass icon, while convenient, would often get in the way over the many years that I used lastpass.
Lastly, bitwarden is available in the right click contextual menu, which is often more convenient that moving the mouse to the upper right corner of the browser to click on the extension icon.
So, the hot key, combined with the auto fill for websites, has met my needs and I no longer yearn for the icon. Hopefully this is helpful to anyone looking for a solution to this.
While this overlay helps and makes filling login data or generating new password is convenient, it need to be implemented correctly, and to not make websites break.
Many websites now show an icon at the right side of the text area, showing that this field is a username (human bust) and a password field (3 bullets), or even some sites allow you to reveal the password (eye icon).
Lastpass used to show its icon behind those icons by the websites, which makes it difficult to click.
There is an icon on the browser’s toolbar, there is a very convenient keyboard shortcut Ctrl+Shift+L to toggle passwords… It’s working properly, it just require the user to switch the habit of using the tool.
I’m sure that Bitwarden team has a good Product Owner, who is assesing the VALUE of planned features vs business requirements vs team capacity vs revenue. And apparently this feature is not maximizing value for company.
If your personal preferences is to have an overlay icon as a “must have” feature, I’m sure there’s plenty of other password managers to choose from, so there is a choice for everyone.
I switched to Bitwarden couple of years ago not because of overlay icon, but because of security audits and premium price - which I’m paying since the beginning for me and my wife.
Sorry not sorry: in my eyes, all of the requests forcing to implement this feature is to have LastPass experience/clone for the price of Bitwarden (or for free).
I don’t agree. Password Managers are not just for IT professionals. I did chose to move to Bitwarden from LP for security reasons. I considered other aspects as well, and I chose Bitwarden and not Dashlane (Dashlane had one essential feature missing). I can work around the missing overlay feature, but my wife will never use keyboard shortcuts or right click menus. Nor shouldn’t she have to (or any other normal users). If Bitwarden wants to be really successful (and why wouldn’t it want to be?) then it also needs to cater to standard users. An overlay icon and better UI / UX is a MUST to attract / keep those users.
Also, I don’t really know how to react to “it professional” argument. Is this s suggestion that only highly skilled JAVA developer or AWS engineer would be able to click on an icon or memorize keyboard shortcut (which I think can be changed via browser setting)?
Also, I - personally - beg to disagree with a sentence “An overlay icon and better UI / UX is a MUST to attract / keep those users”.
Apparently Bitwarden have loyal group of paying users (IT proffesionals), who are somewhat-OK with the current setup. I mean, me for example - I also don’t like much things in Bitwarden and I also believe that UX/UI should be better. But this is not a critical piece for me. So I’m choosing to stay.
Apparently, this is not MUST HAVE for whoever is prioritizing features on roadmap in Bitwarden. Maybe (I’m guessing, I don’t know how it looks like from inside, I don’t work there) there are more business crucial items that occupy devs for a long time and making this thread creeping since couple of years.
I don’t know the exact stack of Bitwarden, but I can imagine it can be pretty overhelming, judging by the number of platforms (standalone apps, mobile apps, webapp, CLI, self-hoster/dockerized, browsers extensions). And I also believe that feature rollouts need to be synced across all of them. This is probably adding additional layer of complexity into already complex system. And believe me, complex IT systems are ALMOST NEVER easy to plan, prioritize, develop and deploy. There is constant battle between commercial, finances, engineers, architects, POs, InfoSec, Compliance and hell knows who else. This is a game of constants trade-off and sacrifices.
This seems like a MUST HAVE for you and other users. But here’s the thing. There is (probably) no such thing as ideal product/service/app. Tradeoffs mentioned above applies also here. So one must choose not the perfect solution, but optimal for him/her, given all the properties. Good - fast - cheap: choose 2.
Is there a possible way to speed deployment of this feature? Again - I’m not working there, so I’m only guessing - but I think somewhat yes. Add more teams of devs. How? Increase the premium price twice. Or times 3. Resources are not for free and companies does not have unlimited pot with gold.
Are you able to pay $20, $30, $40 instead of current… I don’t know even how much is Premium now? $12? Are you able to convince all other paying users to stay on premium after price increase? Are you sure that current retention won’t drop?
All I’m saying is that there is a lot of moving parts in complex software development.
I want to add something: Popup overlay is a invasive method which makes it highly dangerous, BUT there are native capabilities on some platforms. macOS for example provides its native auto fill API to third party devs. This would mean that you could have your fancy stuff while still remaining secure.
Using an overlay in the username / password fields is by now an “industry standard” / “best practice”. LastPass, Dashlane, and 1Password all have them.
I’ve experienced LastPass’ one myself and it’s great to use. A couple of weeks ago they’ve did some UI changes and it looks even better (can’t tell if if works better). Are they perfect? No they aren’t. If you don’t like them, you can disable it (or change how it behaves). That’s what I’d like to see with Bitwarden as well. An optional overlay. It could be on by default (because I’m pretty sure most standard users would love it) but if someone doesn’t like it / thinks it reduces security / causes issues with some websites they use, they could turn it off, and all the other options are still there.
I don’t want to say negative things about the product managers because I don’t know them. I don’t know how much market / UI/UX research they are doing. What I know (one example is the company I work for) that some of them tend to ignore customers or some of the potential customer out there, because they think they know what they want / need. One good way to make them see that some customers disagree are is customer feedback (like this here)
And yes, this would probably be some extra work because of the different platforms out there, but maybe there are not so many differences out there. Chrome and Edge both use Chromium, add-ons might be pretty similar (maybe I’m wrong), and Opera as far as I know can use Chrome add-ons as well. So you have Firefox and Safari that need a separate one. On Android this is not an issue, the keyboard takes over this functionality. I’m not using iOS devices currently, so I don’t know that.
And if they need more income to be able to make this happen, they don’t necessarily need to change the free / 10€ level. Once they create some features that will make the Family Plan to worthwhile for two people as well, some of us will switch to that (I will).
