Pull Up Past Password

My wife has 2 credit cards from Comenity (J Crew and Victoria’s Secret). The J Crew site doesn’t properly fill the username/password. Instead, I have to manually copy the password and paste it. I was prompted today to update the password, and when I clicked update, it updated the Victoria’s Secret password instead.

With LastPass, I had the option to pull up past passwords. Is that option not available with Bitwarden?

i was able to find it. The password history is barely noticeable at the bottom of the entry.

Glad you found the password history link.

If you post the login URLs for the two Comenity cards, I could check if there is a way to configure your settings to prevent the VS credentials from matching on the J Crew site and vice versa.

@grb thanks for looking into it.

J Crew: Manage your account
Victoria’s Secret: Manage your account

I was able to get auto-fill to work on both sites without interfering with each other, using the following settings:

J. Crew:

URI1: https://d.comenity.net/ac/jcrew/public/home
Match Detection: Exact

URI2: https://d.comenity.net/as/authorization.oauth2
Match Detection: Starts with

Linked Custom Field (linked to Username): userNameSignInV2_input

Linked Custom Field (linked to Password): passwordSignInV2_input

Victoria’s Secret:

URI1: https://c.comenity.net/ac/victoriassecret/public/home
Match Detection: Exact

URI2: https://c.comenity.net/as/authorization.oauth2
Match Detection: Starts with

Linked Custom Field (linked to Username): userNameSignInV2_input

Linked Custom Field (linked to Password): passwordSignInV2_input

1 Like

@grb Thanks! That worked!

Why is it so difficult with Bitwarden to recognize this? I never had an issue with LastPass with it. Just seems odd that BW can’t recognize it without customized settings.

The issue with the the two accounts getting mixed up would probably happen at LastPass as well, because even if they allow for match detection rules (do they?) — which are necessary here, because the two sites are on the same domain — there is an additional complicating factor in that the login form is actually hosted in an iframe, which has a different URL (albeit in the same domain).

The inability to recognize the username and password fields is due to the nonstandard id/name attributes coded in the HTML. Assuming that LastPass would be able to detect and correctly identify these fields, they either have a more complete set of field detection rules than Bitwarden does, or perhaps they also have a way of reading nearby text labels and base their detection off of those.

Bitwarden does have a pair of Google Forms where they are collecting information about specific examples of autofill failures in the browser extensions and in the mobile apps, for the purpose of improving their algorithms.