Make auto-fill smarter

RickJ · April 21, 2018, 7:34pm

If auto-fill is enabled, it will blindly write into matching fields on a page. This includes fields that are already populated, which can cause serious problems.

As a web site administrator I can edit any user’s account. If I open the edit page for a user, auto-fill replaces the user’s email address with mine, and writes my password into the password-change fields. I will have opened the page to change something else, definitely not these fields. This means I cannot use the auto-fill feature at all, even though for most sites it’s very convenient.

Auto-fill should only ever fill empty fields, fields with content should be left alone. Furthermore, I would prefer that if any candidate field on a page is not empty, then none of the fields should be filled.

Another option could be borrowed from LastPass, which is to only auto-fill pages that are launched directly by BW. Having this as a user-selectable mode of operation would be very good.

imtek · August 26, 2018, 8:28pm

I am having the same kind off issue, username and password fields are filled with my BW credentials for that site.

Steven_Hook · August 27, 2018, 12:23pm

Bitwarden only auto-fills when you click the item in the browser extension?
Isn’t any further auto-fill (on page load, etc) actually a mechanism of the browser and not the Bitwarden plugin?
I have all my auto-fill settings in my browsers disabled. Nothing gets filled in unless I click the login item in the tab tab of the Bitwarden browser extension.

AnonYmouse · August 6, 2019, 3:12am

The current behavior is really bad actually. Bitwarden destructively and blindly overwrites fields such as, New Password, Old Password on several sites under account management.

Also, Bitwarden needs the option to enable/disable on a per site basis?

+1

neubland · August 7, 2019, 2:11pm

Bitwarden not behaving that way breaks the user experience and is never desirable. This should be a priority. I’d argue current behaviour can be described as a bug.

Michel_Brabants · August 8, 2019, 2:09pm

I would argue that it should use the autofill framework of the browser (desktop) where possible. Keepass can do it this way (keepass rpc).

Seth-W · August 9, 2019, 12:17am

Something may have changed here. I was using the Firefox extension yesterday to change a password, and copied the old password to the Notes section, then generated a new password and tried to get it to overwrite the old password. It gave me a big warning. If I could recall the exact keystrokes I’d tell you and we’d know if this covered the OP’s issue.

alien8tive · April 12, 2020, 4:37pm

I suggest an exclusion list for auto-fill sites. Add a list of sites you want to exclude from auto-fill.

rg9400 · April 14, 2020, 11:09pm

+1. This can cause a lot of problems. In absence of a smarter framework, it would be nice to exclude certain credentials from being auto filled where it involves a lot of admin work like editing passwords or API keys

AnonYmouse · July 7, 2020, 9:30pm

I had to completely disable autofill due to this. Has this improved at all since 1st reported, um, 2 years ago?

folkaccordian · February 21, 2021, 5:14pm

No, it hasn’t improved. LastPass refugee. Paid for BitWarden but found the autofill when fields area already filled (eg, a username is remembered) to basically break it.

bw-admin · October 13, 2022, 12:33pm

Hey @folkaccordian, Bitwarden works best when disabling the brower or device’s native capability to manage credentials or insert remembered fields, see more here Get Started with Browser Extensions | Bitwarden Help Center