Notice very recently that when opening the BW browser extension Firefox) it is maybe 1/3rd the size (vertically) as it was prior. Pretty small and more challenging to navigate/scroll through. Why has this automatically changed? I did nothing to change it myself.
Also, on some sites, in addition to the configured login entry, I see maybe 4-6 more that have no relation. example: Fidelity…I get my correct login entry, plus it shows my Netgear router login, two different American Airlines logins and my Paypal login. These logins share nothing in common, so why do they all appear under Fidelity?
When this has been reported previously, it was caused by “fingerprinting resistance” tactics employed by the browser (i.e., queries to the browser about the size of the browser window returns dimensions that are much smaller than the actual dimensions, to thwart browser fingerprinting). Because Bitwarden scales the extension viewport to be commensurate with the size of the browser window, this can result in a small size for the extension. The work-around is to dig into your browser settings and disable the fingerprinting resistance.
Does this number (4-6 entries) match the number shown in the badge counter overlaid on the browser extension icon?
If so, open one of the irrelevant entries for editing, and examine the URI list. Post a screenshot here if it doesn’t contain private information. Most likely, a copy of the Fidelity URL ended up saved in the wrong item, somehow.
Yes it matches. None of the mismatched logins have URI’s that even come close to matching the Fidelity URL. Also, each of the 6 logins linked to Fidelity all have two URI’s saved in BW.
And, one of the non-Fidelity logins, Paypal, also shows the same 6 when I pull that up!
Does disabling the fingerprint resistance pose any sort of security weakness? I currently use Windows Hello fingerprint to access Windows at logon?
It would help if you could post a screenshot of the URI listings shown on the Edit screen of one of the mismatched items (crop out or obscure anything that is private or sensitive).
The “fingerprint resistance” I mentioned above has nothing to do with actual fingerprints. It is a technique for tracking your activities across different websites (usually used for serving targeted ads). Typically not a security risk, but definitely a privacy risk.
As you can see here, its the Fidelity site but pulls up an American Airlines login with two URI’s. It also pulls up my Paypal login, another American login and my Netgear router login (in addition to the two valid Fidelity logins).
Odd. Just to be sure, can you please copy/paste the first URI, the one that is cut-off after uri=%2FI in your screenshot. I just want to check that it doesn’t say something like uri=%2FIDELITY.COM (!). Again, check to make sure there is not sensitive information before posting.
In addition, can you go into Settings > Options and let me know what your setting is for “Default URI match detection”?
Unfortunately, it seems that there is something unusual going on with your particular set-up. This is not normal behavior, and I have never seen it before.
Just to figure out whether it is something related specifically to Firefox, could you try installing the browser extension for a different browser, and see if it happens there, too? In addition, if you have another computer, could you check if it happens when using a different device?
I would also recommend opening a support ticket by contacting tech support.
Sometimes it just easier to recreate the login vs invest a ton of time to fix it. besides, it’s not a problem for me, I know which login to use - lol!. But agree BW should still look into it.
If it’s a bug (which it looks like for now), it seems to be an esoteric one that is hard to reproduce (and therefore hard to locate and fix). So you may be instrumental in getting this fixed — contacting support may allow them to collect additional information that could aid in the diagnosis of this issue.
You bring up an interesting idea though: If you delete and recreate one of the misbehaving vault items (either one of the items that brings up irrelevant matches, or one of the irrelevant matching items), does the problem go away? If you want to continue participating in the troubleshooting process (with Tech Support), try this for one or two login items, but not all (so that the problem can still be reproduced).
They identified the issue. I had blended my custom domains in one box rather than separate them individually, so they all identified as each other. Fixed!
Glad you figured it out, and thanks for the update. To make sure I understand, you are talking about the definition of Custom Equivalent Domains in the Account Settings? That’s an interesting failure mode — had me stumped, for sure!
Yes. Instead of using a different box for each domain, I mistakenly added all of them into one, effectively telling BW that Fidelity and American airlines were the same
