Social login

Curious to know if there’s a plan to integrate social login for sites. You can think of this as a reminder to check which login was used by highlighting a particular box (eg: login with Google).

There’s a lot of people who’ll benefit from this feature. Check this thread for use cases:
https://news.ycombinator.com/item?id=23684554

1 Like

I would also like this feature. I can never remember which account I used.
Capture

2 Likes

Here is a good way to handle this in the current implementation:

Create a login and enter the username as “(use XXXX login)” and do not populate the password. If you have more than one account (e.g. Google, etc.), you can add that info in the username as well (see my example below). This way the browser icon shows that there is a login entry available when visiting the site which reminds you which social login to use, but you don’t risk filling the credentials.

(Someone else will need to comment on whether it is possible to actually highlight the specific social login button, that’s outside my tecnical realm.)

4 Likes

Yes, I would really appreciate this as I have so many different social accounts and now even LinkedIn and GitHub have come on board, and then there’s just plain old Microsoft and Google. I also have multiple accounts on the same site that have been connected to different socials like Zoom for work and personal. This would really help me out and I think it should get more votes.

I am neutral on whether support should be added for social logins, but their use seems to partially undermine the benefits of a password manager.
I use a password manager so that I keep control of all my login credentials. Using a third party to manage some of your credentials leads to unnecessary privacy and security compromises, especially when that third party is a social media company. This may make sense if the alternative is password re-use, but that shouldn’t be the case for most BitWarden users.
That said, I have come across some websites where this is the only option. I guess the website doesn’t want to manage user logins and our data is more valuable if it can be linked to a social media identity.

2 Likes

I also have found many more downsides that upsides to using any “social” logins, especially if you use a password manager like Bitwarden.

Similar to you, I experienced finding 1 service that required a social login. My solution was to use a different service and send a polite email to the owner of that service explaining why I chose not to use their service.

2 Likes

Support for login with Google, Facebook, Twitter, etc.

Some sites allow for logging in with Google’s, Facebook’s or Twitter’s login instead of a username or password. I like to use Google login so there is one less password for me to remember. I run into the following question: Did I create an account with a username or use Google to login? If Bitwarden has the username and password, then I immediately know the answer. If Bitwarden does not, then I am not sure if I forgot to add the username to Bitwarden or if I used Google.

Please track which websites I have logged in using Google, Facebook or Twitter. Please have Bitwarden automatically click on the Google login button if that is the case for this website.

João,

Isn’t your argument against using Google also and argument against using Bitwarden too? Let me change your here’s why paragraph…

Although it might sound like a good idea to login with Bitwarden, there is one big problem by doing so. Let’s say you are using Bitwarden to login. Imagine that one day your Bitwarden account gets hacked (which is possible) and with that you not only lost access to your Bitwarden account but also to all other accounts you used with Bitwarden.

So, in the end, Bitwarden does not appear to be any safer than using Google to login. They both have passwords and once hacked then the attacker gains access to all accounts.

2 Likes

I think this is a great idea. There are some logins that are of little importance and I like the convenience of being able to sign in with Apple. I do the same thing and look to see if I have it in Bitwarden to try and remember if I created a userid/password or used “sign in with”. I’ve also toyed with created bogus entries and the userid is “APPLE”.

This feature was recently requested, so I am going to merge the two threads to combine the votes and increase exposure/support.

Hi, I’d like to make a suggestion for this password manager that I see all password managers lacking at the moment:

Nowadays a lot of websites allow loggin in with google/apple/github/… account, but I often forget which one I used for a website that I don’t use very often (did I use google on Quora? What did I use on Reddit?).

Please think about adding a way to store this info in the Bitwarden password store! So I can use the Bitwarden browser plugin on all websites again, and on ones with separate login it works as before, and on websites with Google/Apple/… login it just says: [Sitename] [You used your Google Account to connect].

Please think about this feature, I really miss it :slight_smile:

Kind regards,
Dennis

Why did i not think of that. thank you!

I would very much like to see this feature implemented into the app.

Just to add my 2 cents, I think even the most minimal version of this feature would be helpful. In my mind that would be creating a dropdown to show which login system was used (since the total number is still pretty small at this point) and hide the password and OTP fields. When viewing an entry, it should show the icon of the login system and the username (if any) that the user entered. No automation is needed.

A nicer version of this feature would allow you to designate any password entry as a 3rd-party login provider instead of just listing well-known providers. Other entries would be allowed to link to the 3rd-party login entry, simplifying the process of getting the credentials for the provider if necessary.

Nicer still would be a feature to just automatically click the right button and fill out any necessary login forms, but that would probably add a ton of implementation cost so I can see why it wouldn’t be a priority.

Something I’d like to see that’s outside the scope of BitWarden is sites and apps should detect when you’re already logged in with a supported third-party account and clearly indicate in the UI which account(s) are already signed in, leaving the other options just for cases where a user has multiple accounts with the same site.

Of course in an ideal world there would be APIs for all this stuff that bypass the password UIs entirely and handle everything in a uniform, reliable way without bothering the user. Microsoft has some kickass support for that kind of thing in its own products, so I’ve seen what it’s like. I suspect it will be a long time before there’s an open system in place that’s widely adopted, since for example Google has had integrated account management in Android for years, but even today most apps don’t take advantage of it.