[ishtanbul]

Bitwarden uses manual autofill which is nice. You hit ctrl shift L to fill

[Saris]

I wish it wasn't such a weird key combo though, it would be nice to do it with 1 hand.

[mackrevinack]

i use keepassxc and have auto-type it set to alt+x which is very quick to execute with either hand. you can even just use your thumb to hit both keys at the same time!

[fomine3]

I tend to forget that Shift and Ctrl is placed also on right side. (unless the keyboard is < 65%)

[pbhjpbhj]

Use AutoHotKey to change it?

[purplecats]

yeah i have it autofill (its a feature now) but it doesnt auto login. so i built an extension that waits for it to fill it in and then performs some safety checks and then logs in.

finally the bliss i had with lastpass before i was forced to move to bitwarden.

[joenathanone]

Can I get me some of that extension?

https://i.pinimg.com/originals/cb/14/5d/cb145d466f1958ec101f...

[purplecats]

here you go https://hastebin.com/cezuyehaxo.js

[rvz]

Well it still recognises to autofill in the password on a different subdomain as shown in the PoC by default, which is not good at all.

To Downvoters: So in the PoC [0] with the default settings the author is completely wrong about their findings? even if you 'manually' autofill in the fields?

So you are saying that the password DOESN'T get extracted out of Bitwarden from a different subdomain than where the login data was stored on by default then?

[0] https://marektoth.com/blog/password-managers-autofill/

[joshuaavalon]

There is a setting in URL of the password called "Match Detection"[1]. You can change it to "Host" if don't want it to match subdomain.

[1]: https://bitwarden.com/help/article/uri-match-detection/#matc...

[ViViDboarder]

> by default

This is the point parent and the source article are making. Not whether or not it’s possible to be configured more securely.