DoD Cyber Security Blogs Bitwarden

The new auto-fill feature on Bitwarden increases phishing resistance.

A new inline auto-fill menu has been added to the Bitwarden open-source password management service andnbsp to address the possibility of malicious form fields stealing user credentials.

When Flashpoint analysts showed that attackers could inject rogue iframes on secure, vulnerable websites or subdomains that were open to hijacking, the problem was brought to light almost a year ago.

In response to the risk at the time, Bitwarden suggested that the iframe auto-fill function should continue to be turned off by default but should still be available for legitimate usage scenarios, such as those for apple .com or eCloud.Com.

A clear warning about the possibility of activating the option in the extension menu would be displayed to users who wanted to enable it.

The Bitwarden team announced a few days later that they would increase security by limiting iframe auto-fills to trusted websites and subdomains from the original domain.

Users can now fill in login information without worrying about giving their private information to phishing agents thanks to the password manager’s new system, which incorporates lessons learned from previous security challenges.

The following safeguards, in particular, now guarantee the auto-fill system’s security:

  • In order to reduce the possibility of malicious websites or iframes automatically filling credentials without the user’s knowledge, Bitwarden will only fill credentials when they choose a form field.
  • When using autofill, users have the choice to password-protect login data, increasing the level of security.
  • To find and close security gaps, most likely those relating to iframes and subdomains, extensive third-party penetration testing was carried out.

The new inline auto-fill feature, which allows keyboard navigation, keeps the menu on top of all other visible elements, repositions it based on page size and scrolling position, and only displays results if the user is logged into the extension, is intended to keep automatic filling simple.

Autofill menu

Users can enable the feature from Bitwarden’s extension icon in&nbsp,” Settings,” where they can set the” Show auto-fill menu on form fields ‘ dropdown options, even though it is turned off by default.

Option

If your web browser’s auto-filling features are enabled by the Bitwarden extension, it is advised to disable them to prevent conflict.

The password manager has a number of auto-fill options, including manual and automatic fill, keyboard shortcuts, and &nbsp.

Additionally, users can specify the trusted URLs they want Bitwarden to automatically fill out for them.

Skip to content