Store input field ID along with login and password

Original Github issue: [Request] Store input field ID along with login and password · Issue #519 · bitwarden/clients · GitHub

There are number of reported issues that complain about bitwarden auto-filling incorrect fields. For example,

  1. Login credentials auto-filled in wrong input boxes in Amazon site · Issue #442 · bitwarden/clients · GitHub
  2. Autofills incorrect fields on TD Easyweb site · Issue #317 · bitwarden/clients · GitHub

Recently I ran into an issue due to this. Bitwarden has my router’s admin credential. When I logged in, bitwarden autofilled all the configuration fields like WAN password, Wifi SSID, Wifi password. I had to disable bitwarden for router configuration page as a work around.

You commented here,

This would be pretty difficult to distinguish. Right now we assume any password field is what you want to autofill.

What if when storing password and login for a page, bitwarden also stores the input field id? This way bitwarden will never get confused about the fields.

A similar work around is already documented here,

in case you didn’t know, there is a solution/workaround…use the Custom Fields feature to add a field called “login:AccessCard” and put the username or card number there. Then leave the “username” field in the vault entry BLANK. Works fine.

As it must be obvious, it is difficult and cumbersome to pick field id from browser’s element inspector and make entries manually. But bitwarden can do this job automatically when it saves login for a new page.

This will also fix following issue, where bitwarden auto fills new account form unnecessarily along with login form,

To summarize, every username and password entry must have an optional input id field. When saving new logins, bitwarden should also save field id from which it read username and password.

The problem is that websites change all the time. So the next time Facebook changes their login form, it’s very likely ids for those fields also change.

Sure. But in that case bitwarden can fallback to the current algorithm. What I propose is

  1. Save input id with username and password
  2. When attempting auto-fill, find and fill input fields with matching ids
  3. If matching ids are not found then
    1. assume any password field is what you want to autofill
    2. When user clicks login button, offer to update entry in bitwarden, which will update input ids. This is what bitwarden already does, it offers to save logins. The only difference is this time it is also updating ids.

Let me know what you think.