I did a quick search and Google and couldn’t find an answer to this.
I am using Edge Browser and Firefox on Windows 11 and when I right click to enter a password into a field (I have auto fill disabled), and the vault is locked it gives me the option to unlock/login. So I do that then after a successful login the password field is populated, with what I am not sure, but it is never the right password.
Seems odd that it’s populating it when I have it turned off, even more odd that it does so before I have had the opportunity to select the correct account credentials.
If you look in the middle of your screenshot, you can see that you are telling Bitwarden to (manually) auto-fill the credentials for the current page. Thus, it shouldn’t be a surprise that Bitwarden is auto-filling the login form after you unlock. What you have disabled is (most likely) the option to automatically auto-fill as soon has the web page has been opened (“Auto-fill on page load”).
If you want to choose which set of credentials to use (e.g., if you have saved multiple login accounts for the same website), then you should unlock the vault first. When the vault is locked, all of the vault data are encrypted, so the Bitwarden shell extension (context menu) has no way of knowing what vault items you may have that match the current web page.
Unless you hate keyboard shortcuts, the easiest workflow is to forget about the context menu, and instead use the keyboard shortcut Ctrl+Shift+L. If your vault is locked, it will ask you to unlock. After the vault is unlocked, it will autofill the most recently used set of credentials. If those are not the ones that you want, just hit Ctrl+Shift+L again to cycle through the credentials available for that webpage.
Well, it was a surprise, obviosuly, lol. I have multiple credentials for most sites I go to, so the behaviour I would expect from an intuitive UX perspective, would be for it to only do what I requested from that menu option that I clicked on; namely “Unlock your vault”. It does this but then selects one of the credentials and enters it without my input. I suspect it probably just selects the most recent one(?).
I completely understand that until the vault is unlocked the shell cannot know about any of the credentials, but if the menu option is “Unlock your vault” I don’t think it is much of a stretch to only expect it to do that and nothing else.
Now that I know that I cannot use that menu option I will avoid it, but it seems like extra work to click on there, find it’s locked, not click to unlock it, then click on the extension icon and unlock it from there, before going back to try again at filling the credentials (I guess I can then do it from the extension drop down.
I am terrible at remembering shortcut keys, I like GUIs That’s why I am a big proponent of intuitive UX design.
Thanks for the prompt help, I realise you are not an employee and so your help is very much appreciated.
I will have a look at adding a suggested change (or at least a switch option to the settings) for the behaviour of this menu item.
I think the way to think about that context menu is that it gives you access to four different commands that can only be fulfilled when the vault is unlocked (autofill, copy password, copy username, and copy TOTP). If the vault is locked, it asks you to unlock and then attempts to fulfill the selected command. If the vault is unlocked it gives you options to select among your available credentials. If the behavior of the context menu was as you suggested (only unlock and not perform the command), then you would have to repeat the right-click and drilling down to Bitwarden > Auto-fill > MyAccount to perform the auto-fill; this is identical to the workflow required if you have multiple accounts and the credential that was auto-filled upon unlock is not the one you want. Thus, other than some initial confusion, there is no UX penalty for someone who has multiple accounts on the same website. Conversely, for users who only have a single account per website (whom I would venture to guess are in the majority), forcing them to go through the context menu twice if they want to autofill when the vault is locked would be twice the work that they do in the current design.
Allow me to offer some other tips (which may or may not be helpful to you). If you want to know whether your vault is locked (before drilling down into the context menu), you can just glance at the Bitwarden browser extension icon (usually found in the top right corner of your browser) — it will show a padlock when locked. Also, if you don’t like keyboard shortcuts, you can left-click directly on the Bitwarden icon to open the extension pop-up. If your vault is locked, you will be prompted to unlock it. If your vault is unlocked, you will see a set of “cards” for each of the login accounts available for the current website — just click on the one you want, and it will auto-fill the login form.
Finally, none of the above should be construed to imply that I disagree with your opinion that Bitwarden’s UX is sometimes counterintuitive. That is actually one area where some significant improvements can be made. However, since you are apparently new to Bitwarden (welcome, by the way!), I would advise that you spend a few months getting used to the interface and learning the workflows before offering suggestions on UX design. Doing so will allow you to better differentiate between what is truly a UX problem, and what is simply a workflow that happens to be different from what you may be used to from elsewhere (especially if you are coming from a different password manager). In addition, it will give you a better perspective from which to offer your recommendations.
Appreciate your suggestions. While I am new to BitWarden, I actually do a lot of work with SaaS and
other online businesses on improving automation and removing friction in their UI/general user experience. So newbie in one frame of reference, and old hat in another.
I do agree that it does, on the whole, pay to get more hours as “pilot in command” before making suggestions to the “chief pilot” (so to speak lol), but sometimes that can ignore the gains to be had with making life easier for new users. Once you are experience and you work around the shortcomings then you can easily forget how much easier a process can be (or lose time/interest in making the suggestions). The early days are often when a customer is most engaged and interested in providing feedback.
My suggested work around would be that once the vault is unlocked the client side code can easily do a quick check before filling the field, and fill it in if there is only one and not if there are more than one (or have a setting option that lets you choose the behaviour default in the extension).
In the end it’s a minor quirk that I will get used to (but never be happy about lol). I personally don’t like the added muscle memory step of having to check for the icon before I right click a field to fill it, especially when 95%+ of the time it’s redundant.
My previous password manager had plenty of UI issues (I am sure you can guess which one based on the timing of me appearing here lol), so far I am super happy with BitWarden but for a few quirks that trip me up from both a “what I am used to” as well as a “what makes sense to me” perspective.
Again thanks for taking the time… the support I have had so far has certainly been much better so far!