Search
Close this search box.
DoD Cyber Security Blogs Bitwarden

The new auto-fill feature on Bitwarden increases phishing resistance.

A new inline auto-fill menu has been added to the Bitwarden open-source password management service andnbsp to address the possibility of malicious form fields stealing user credentials.

When Flashpoint analysts showed that attackers could inject rogue iframes on secure, vulnerable websites or subdomains that were open to hijacking, the problem was brought to light almost a year ago.

In response to the risk at the time, Bitwarden suggested that the iframe auto-fill function should continue to be turned off by default but should still be available for legitimate usage scenarios, such as those for apple .com or eCloud.Com.

A clear warning about the possibility of activating the option in the extension menu would be displayed to users who wanted to enable it.

The Bitwarden team announced a few days later that they would increase security by limiting iframe auto-fills to trusted websites and subdomains from the original domain.

Users can now fill in login information without worrying about giving their private information to phishing agents thanks to the password manager’s new system, which incorporates lessons learned from previous security challenges.

The following safeguards, in particular, now guarantee the auto-fill system’s security:

  • In order to reduce the possibility of malicious websites or iframes automatically filling credentials without the user’s knowledge, Bitwarden will only fill credentials when they choose a form field.
  • When using autofill, users have the choice to password-protect login data, increasing the level of security.
  • To find and close security gaps, most likely those relating to iframes and subdomains, extensive third-party penetration testing was carried out.

The new inline auto-fill feature, which allows keyboard navigation, keeps the menu on top of all other visible elements, repositions it based on page size and scrolling position, and only displays results if the user is logged into the extension, is intended to keep automatic filling simple.

Autofill menu

Users can enable the feature from Bitwarden’s extension icon in&nbsp,” Settings,” where they can set the” Show auto-fill menu on form fields ‘ dropdown options, even though it is turned off by default.

Option

If your web browser’s auto-filling features are enabled by the Bitwarden extension, it is advised to disable them to prevent conflict.

The password manager has a number of auto-fill options, including manual and automatic fill, keyboard shortcuts, and &nbsp.

Additionally, users can specify the trusted URLs they want Bitwarden to automatically fill out for them.

Lean More About DoD Cybersecurity, Cyber Threats and Related Contents

Learn why IDShield offers the best security and value.

www.sentrypc.com

PureVPN - Best VPN and Your Trusted Partner for Internet Freedom

🔥BIG SAVINGS 82% Off PureVPN.🔥 Secure Your Online Privacy Now. LIMITED OFFER!

🔥 SAVE 82% OFF 🔥 on PureVPN! Limited Offer – Enhance Your Digital Security Today.
Click To View Offer on PureVPN Website

NordVPN - Your Passport to Unrestricted Freedom

Embrace Digital Freedom and Security with NordVPN.
🔥Up To 63% Off🔥

Start Today Your Journey to a Safer Internet Today!
Click To View Offer on NordVPN Website

Protect Your Data with DeleteMe the Go-To-Solution

DeleteMe is Your Guardian Against Identity Theft and Online Exposure!
🔥Take 20% Off - Click Here to View Code🔥
Malwarebytes Browser Guard filters out annoying ads and scams while blocking trackers that spy on you.
Malwarebytes for Home | Anti-Malware Premium | Free Trial Download
Try Ultahost - The best place to get secure, inexpensive shared web hosting services!
View deals and specials on Used Macs, Mac hardware, Mac accessories, and more. Shop now!

DoD Cybersecurity protecting your digital world one secure step at a time with DoD Cybersecurity Blogs.
DoDCybersecurityblogs.com | All Rights Reserved | Designed by Omar Solomon

Skip to content