I am the admin for a web application and the Bitwarden browser extension keeps autofilling my login information on other users’ profile configuration screens. I have the Bitwarden entry configured with a URI set to “Never” and the full address of the user administration page where this happens (e.g., Asbury Park Press NJ | Jersey Shore & New Jersey News). However, my credentials still get autofilled there. How do I stop this from happening?
This response is not going to solve your problem, but I have a few questions (since no one here will be able to actually reproduce your problem without being able to log in as an admin at APP!).
When you’re on the userdetails.asp page, does your Bitwarden badge (icon) show a count (e.g., 1 or larger)?
Also, for @dwbit: When the matching option is set to Never, what method is actually used to determine if the URI matches (i.e., does it “Never” autofill if the URI match is exact, matches the host, base, etc.?)?
In this context, does “item” refer to the Login item, or to the specified URI? For example, if I configure two different URIs for a Login item, with the first URI’s matching option set to Base domain and the second URI’s matching option set to Never, are you saying that the second item will override the first, preventing any URI from ever matching, as long as a single URI has been set to “Never”?
Can this be a solution/work-around for you? When you need to log in as admin, you can use the keyboard shortcut, and you presumably would not apply the autofill keyboard shortcut while on on other users’ profile configuration screens.
Fresh extension install in Firefox 104:
With the same settings (autofill enabled in Options, preferred login set to autofill, other three logins set to not autofill, and URI on preferred login for the user admin page set to Never), I have the same experience as in Chrome: my preferred login autofills on the user admin page.
@dwbit I think the documentation is wrong or misleading, as the word “item” evidently refers to the URI itself, not to the Login item within which the URI has been saved. Which brings me back to my original question: in order to determine whether a URI that has been set to “Never” match should be excluded from autofill, does the app require the URI to match exactly, or only to the base domain, to the host, or to the start of the URI for the current page in the browser?
In the screenshot, the URL is for the host us2.concursolutions.com, but in your original post, you said the problem occured at https://us.app.com/admin/userdetails.asp. Which of these two URLs actually shows in the address bar when you are on a user profile configuration screen?
@WildWanderer - Your screenshot shows that you have multiple URIs entered in the login item that is autofilling. To troubleshoot which one is causing the autofill, set the match option for ALL of them to Never, and then it should no longer autofill. One by one, set each URI back to the original matching rule to figure out which URI is causing the match and autofill.