Password entry security for a site

Which of the following two possibilities that BW offers is more secure to insert a password on a site?

  • Copy paste;

  • Autofill.


Autofill would be slightly better but both are just as bad if your computer is infected.

1 Like

Autofill is better for inserting a password. Copy Paste not good as the operating system/apps can see the clipbaord history where the copied text is stored.

1 Like

The OS can see what you autofill too and so can any malware. If the computer is not infected then autofill is better.

1 Like

BW, in some cases, does not work correctly with the autofill, therefore, I have to fall back with the copy / paste (present in BW) to insert the password in a site: I do not think there are other alternatives.

In BW:

Settings → Options → Clear clipboard, I choose 10 sec: should it be safer?

Thanks so much!

The most secure method would be to let the password manager automatically fill in the field, but to have the page and then carefully look at the URL to make sure that it is legit and the manually tell the password manager to fill. If the password manager complain that the site doesn’t match, check even more carefully. The reason to manually do this is so you don’t get a hack where someone figure out how to bypass the password manager’s domain check.

Using the password manager could potentially bypass some keyloggers.

The clipboard method is probably more prone to attack because malware are probably coded to attack the clipboard. Keep in mind that hackers tend to go target with the highest yield. Everyone uses clipboard, but not everyone uses Bitwarden.

If I understand correctly, I connect to the site, then I position the mouse on the user name field, click with the right mouse button and select from the drop-down menu: Biwarden → autofill?

I’m sorry, I’m Italian and I don’t know the English language very well.

Thank you!

Yes, or go to the extension icon and click on the site under login.

1 Like

In fact, in BW: Options - Settings - Enable Autofill On Page Load, it is indicated:

“If a login form is detected, automatically perform an auto-fill when the web page loads. WARNING : This is currently an experimental feature. Use at your own risk”… … and I thought it was convenient to enable this option … :frowning:


It’s fine to enable this option. This was a bug found in LastPass in 2016 that parsed the URL wrong and you could steal passwords from unrelated websites.

If it wasn’t safe then Google Chrome and other browsers wouldn’t default to auto-filling either. Just my two cents.

OK, but if the BW developers have given that indication, is there a reason?

Thanks so much!

Probably legal speak?