Safari extension copying in wrong password

I’m having an issue with the Safari extension. When on a site, I open the extension and it correctly shows the relevant login. I click the login to auto-fill the username and password on the site.

However, the string it copies into the password field is wrong. I know it’s wrong because a) the login fails, and b) the number of characters is incorrect. I can only see the characters as anonymised “bullets” so I don’t actually know what it is copying.

If I then repeat the above but manually copy the password from the login, it all works.

This only happens for some websites and not others. But for the websites it does happen for, it happens consistently.

Anyone have this happen to them? Is it a known bug?

Not a known bug as far as I recall -but if you want to see what is pasted, you can use the browser inspection tool to change the ‘password’ text type to ‘plaintext’ to see what is autofilled.

Usually changing something like this:
input id=“passwordField” type=“password” name=“passwordField” value="" autocomplete=“off”

To this:
input id=“passwordField” type=“plaintext” name=“passwordField” value="" autocomplete=“off”

1 Like

I think I figured it out. When importing my 1Password data into Bitwarden, for some logins, it has created a custom field called “Password” that contained the old password (I have since changed it).

When doing the auto-fill using the extension, it is using the value from this custom field rather than the standard password field. When viewing the login detail in Bitwarden, you have to scroll right down to see this custom field.

I would have assumed it would prioritise the standard password field over any custom field when auto-filling?

Anyway, problem solved it seems.

Thanks

Prioritising custom fields makes sense - the existence of a custom field implies that the standard username/password fields are insufficient for that particular login. I have a few accounts like that where I’ve had to add a username or password as a custom entry. Off the top of my head, Three.co.uk requires the username be added to a custom field otherwise it won’t complete.

I disagree. I think the standard password field should autofill unless specified otherwise. To that point, I could have multiple custom password fields - which one would it choose to autofill in that scenario?

Also genuinely curious, it what scenario would the standard password field be insufficient for a particular login?

Yes, it should - but that is completely reliant upon the website being coded in a particular way. If the login form doesn’t use typical names for the username and password fields then how can Bitwarden possibly know that it should enter your login credentials? That is exactly what the custom field feature overcomes.

In my example of Three.co.uk, the username field is actually called “MSISDN”. The only way to have Bitwarden populate that is to set up a custom field, in which case it works great.