This definitely sounds like an overhang from the RoboForm import in the past. If you’re cleaning these entries up as you find them, I’d expect to see the issue completely disappear over time. I doubt you’ll have any further occurrences. The only time a custom field is automatically created is during an import.
I had a quick look at the source code for the report, and it only checks for the password-field.
If you are positive you don’t have any duplicates or actual re-used password, then thet shouldn’t turn up in the report.
Are you possibly part of an organization (families, teams, enterprise)? The organization report retrieves all ciphers of the organizations and compares them. Possible the duplicates are not coming from your individual vault, but from an organization vault.
Figured it out. After changing all the accounts that were confirmed as sharing a password, I was left with a list of maybe 20 accounts. Then I noticed a pattern in the remaining accounts. Each was part of a “pair” related to a single service - there are two “variations” that use the same password. Examples are:
Protonmail and Proton VPN
Wall St Journal and WSJ+
Paypal and Xoom (a paypal service)
So now my question is…is there a way to configure BW so it doesn’t flag these “sibling” accounts that share the same password as reused? The alternative would be to delete one,but this doesn’t seem an ideal solution.
Maybe BW could add a tickbox within an account record to indicate it has a sibling account and therefore it doesn’t get counted as reused?
It’s not necessarily “better”, it’s just an alternative approach to achieve the same goal. There may be some subtle differences between the two methods that would make one better than the other in some scenarios, but it’s too early in the morning so I can’t think of any examples off the top of my head right now…
Edited to Add: One difference is the the domain rules only work for matching on Base domain, so if you have a need for setting the URI match detection options to anything else, then you should use the method of adding multiple URLs to the login item (and to answer your question about which of the URLs Bitwarden will go to when you use the “Launch” button, it is always the top entry).