Teach-in credentials with browser extension

Please help a newbee with his first stony steps! I stumbled the third time while creating a log in item using the browser extension for firefox, this time on community.bitwarden.com/signup so everyone can easily follow my steps.

What is the right procedure? I have learned from the bitwarden blog Two methods for saving a new account login to your Bitwarden vault is that it is best practice to go to the site’s new account form and then make all entries in Bitwarden first, finally autofill the form.

So I created a new log-in item, and the entries for Email, Username, and Password. The web address has been captured automatically. But then, not knowing if the user name was already taken, I typed the intended username into the web form, to check and find a user name. It made no sense to me to pre create a usename which is likely not available, or should I? In the meanwhile the browser extension popup window disappeared due to a timeout, but came back with a click on the bitwarden button. I checked if the web address was still captured, but it was GONE ! So I manually copied the web address from the browser address bar to the bitwarden field and saved the item.

Then I autofilled the web form and after sending it, I was asked via bitwarden popup to save the credentials, what I did.

That way I ended up with 2 login items in bitwarden, the first with my Email address in the Username field, and the user name krizzo missing, the second item with my user name in the Username field, but the Email missing. The order of creation I can tell from the Item history which is visible in the Windows app.

To clear up the mess, I attempted to complete one item and delete the other item, but the Email field is not displayed and not available. So I klicked on “Add field”, but choosing the field label for the standard field of a pre-configured (standard) item is not supported, I guess because “Add field” refers to custom fields only.

It worked to log in, with both versions of the item, because the form is open for both the user name and the Email used as the “user”, and I am at the point to ask:

Is it true this procedure of teaching-in credentials to BW is full of pitfalls?
How get the others along with it?
At which circumstances becomes the captured web address cleared out again?
What is the foolproof procedure, or what are critical things to avoid or to do?
Could the BW developers perhaps provide guides in the user interface, for the workflow?
How can I add my Email to the Email field of the log in item (which is not offered for edit)?

Thanks for help!

The pop-up window does not time out, but it disappears if you click anywhere within the browser window but outside the extension pop-up.

This is a known bug, which will hopefully be fixed soon. There is a work-around that you can use in the meantime: if the website as disappeared, click on a different tab, then return to the original tab, and click the browser extension icon to open the extension).

What autofill method did you use?

If you are going to use the recommended method of creating your login credentials in the browser extension first (and autofilling the account registration forms second), then you should really disable the prompts (go to Settings > Notifications and uncheck the checkboxes for “Ask to add login” and “Ask to update existing login”).

At first glance, it doesn’t seem quite intuitive that the extension would be creating a duplicate entry even if you have enabled the “Ask” prompts — this typically only happens if your browser extension is locked when you get the prompt. However, I believe that Bitwarden creates a new entry when “Ask to add login” is enabled and the website & username don’t match an existing entry; the item created automatically using the “Ask to add login” feature evidently picked up the email address as account username, while your manually created vault item had “krizzo” as the username. Hence the creation of a “duplicate”.

Not sure what you mean. For this registration form, if you wanted to autofill the forum username, you would create a custom field (“Text” field type) with the field label new-account-username (which you can get by right-clicking the username field on the web form, and selecting Bitwarden > Copy custom field name).

Not really, but YMMV.

The bug seems to occur if you close the browser extension window and re-open it a second time while remaining on the same browser tab.

Nothing is foolproof, because fools are so ingenious.

Thanks for your verbous answers

The inline button in the first field of the web form. Any difference to other methods, in this relation?

Following your advise I disabled the “Ask” prompt “Ask to add login” which obviously caused the duplicate. But I keep “Ask to update existing login” for longer because it should not harm and could be useful.

Besides of that it is likely that the browser extension was locked because I’ve set the timeout to a minute. I made it short because I think this is a ‘global’ setting and I want to harden the mobile phone app. It would be helpful to set the lock timeout differently on mobile devices from stationary PC. Is that possible?

You are right, I just noticed, the standard login item has just the username and password fields, and lack from an email field. This minimalism seems to be a shortcoming of the login template, because most of the registration forms require an email address. It would be totally impractical (unworldly) to have to add the email field for every login item manually as a custom field. Really?

If I would start the registration with the web form and fill the email, and re-activate “Ask to add login”, would BW then create an email field? This would speak against the advise to start a registration with BW. I will give it a test. Also the search for an free user name speaks in favour to start with the web form.

BTW “Ask to add login” did not work several times, which I attribute to the assumption that the browser extension was locked from the short timeout of a minute. Agree?

Until now, I was’t so wrong.

Not really, but I wanted to know what you did in case it became necessary for me to attempt to reproduce the issues you were experiencing.

Not necessarily. If the extension is locked, then you should still be prompted to save the login, with the prompt asking you to “Unlock to save this login”.

It is a known limitation that those “Ask” prompts cannot work with 100% reliability, because this functionality requires Bitwarden to inject code into the webpage HTML, and this approach requires many assumptions to be made about the website’s HTML code structure, which are not always going to be valid.

If you encounter a web page for which the “Ask” prompt does not function as intended (e.g., the prompt does not appear), then you can “lose” a password (i.e., the password is changed on the website, but not in your vault item). This (small, but real) risk is the reason why making changes directly in the browser extension is recommended by power-users.

Yes, every Bitwarden app or browser extension has its own timeout settings.

I disagree, because even though some registration forms may require both a username and an email address, the actual login forms seldom require you to enter a username, password and an email address. Thus, it is sufficient for the vault item to store the two pieces of information that will be required during the login process.

Regardless, if you feel differently, here is a Feature Request that you can support (by adding your perspective to the discussion, or by voting for the Feature Request after you have gained voting privileges on the forum):

No, Bitwarden does not create any fields when you use the “Ask to add login” feature. It simply scans the web form for data to populate the existing Username, Password, and Website (URI) fields.

Thank you for this introduction into bitwarden, very helpful to me. I contributed to the feature request already and gave it my vote.