Advice Request Bitwarden - Newbie needs help

Please provide comments and solutions that are helpful to the author of this topic.

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
Is that setting for all sites, or possible to set per site?

"Auto-fill on page load is an experimental and opt-in feature offered by Bitwarden browser extensions. Auto-fill on page load will auto-fill login information when a web page corresponding to a login's URI value loads. Once enabled, you can set the default behavior (on for all items or off for items).
To enable this feature, navigate to SettingsOptions in your browser extension, select the Auto-fill on page load option, and choose your default behavior. Once enabled and the default behavior is set, you can additionally specify auto-fill on page load behavior for each individual login:

Using this convention, you can setup your browser extension to, for example:
  • Auto-fill on page load for only a select few items (off by default for all items and manually turned on for select items).
  • Auto-fill on page for all but a select few items (on by default for all items and manually turned off for select items).

Warning​

This feature is marked experimental and is disabled by default because, while generally safe, attackers with fake websites could take advantage of this to steal credentials."
 

Attachments

  • BW autofill page load.PNG
    BW autofill page load.PNG
    239.9 KB · Views: 77

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
Bitwarden seems to be a good password manager. But is there an option in it to store your database locally on disk not in the cloud.

"On your local machine​

Data that is stored on your computer/device is encrypted and only decrypted when you unlock your vault. Decrypted data is stored in memory only and is never written to persistent storage. Encrypted data is stored in the following locations at rest:

Desktop app​

  • Windows
    • Standard installation: %AppData%\Bitwarden
    • Microsoft Store installation: %LocalAppData%\Packages\8bitSolutionsLLC.bitwardendesktop_h4e712dmw3xyy\LocalCache\Roaming\Bitwarden
    • Portable: .\bitwarden-appdata
  • macOS
    • Standard installations: ~/Library/Application Support/Bitwarden
    • Mac App Store: ~/Library/Containers/com.bitwarden.desktop/Data/Library/Application Support/Bitwarden
  • Linux
    • Standard installations: ~/.config/Bitwarden
    • Snap: ~/snap/bitwarden/current/.config/Bitwarden""

 

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
5,999
"Auto-fill on page load is an experimental and opt-in feature offered by Bitwarden browser extensions. Auto-fill on page load will auto-fill login information when a web page corresponding to a login's URI value loads. Once enabled, you can set the default behavior (on for all items or off for items).
To enable this feature, navigate to SettingsOptions in your browser extension, select the Auto-fill on page load option, and choose your default behavior. Once enabled and the default behavior is set, you can additionally specify auto-fill on page load behavior for each individual login:

Using this convention, you can setup your browser extension to, for example:
  • Auto-fill on page load for only a select few items (off by default for all items and manually turned on for select items).
  • Auto-fill on page for all but a select few items (on by default for all items and manually turned off for select items).

Warning​

This feature is marked experimental and is disabled by default because, while generally safe, attackers with fake websites could take advantage of this to steal credentials."

Yup, tried it. But it's a hit-or-miss thing. Tried many times opening websites, and it sometimes works, say more of a miss thing
 
  • Like
Reactions: cryogent

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
5,999
Instead of using a password made up of a long string of unmemorable alpha-numeric charecters try using a passphrase such as "MalwareTipsisFullofGeeks", how could you forget that?!!

Opinions can vary on the comparative ease of cracking PINs and passwords, the old adage was that the longer it is the better.

Your passphrase uses only alphabets. I just thought of a passphrase which uses alphabets, numbers and special characters like

1+1Not=TwO

You can create a longer passphrase using the above approach or similar

:D
 

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
Your passphrase uses only alphabets. I just thought of a passphrase which uses alphabets, numbers and special characters like

1+1Not=TwO

You can create a longer passphrase using the above approach or similar

:D
Sure, I just used it as an example.
 

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
Yup, tried it. But it's a hit-or-miss thing. Tried many times opening websites, and it sometimes works, say more of a miss thing
It says that this feature is experimental so some error/failures should be expected. additionally, its not thought to be a good thing to use the browser extension of password managers.


 
  • Like
Reactions: HarborFront

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
5,999
It says that this feature is experimental so some error/failures should be expected. additionally, its not thought to be a good thing to use the browser extension of password managers.



From the article you linked. If don't use the PM extension can autofill if just use the PM desktop app?

Actually, like BW, from the extension you can lock the vault and unlock with PIN/biometrics or use 2FA so it's safe to use the PM's extension

🙄
 
Last edited:
  • Like
Reactions: cryogent

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
5,999
Learning to use BW and KeePassXC. Can someone tells me what happens when you have 2 or more PMs.

Assuming you set to autofill a website like malwaretips.com in both the PMs what would happen when you open malwaretips.com? Which PM takes the precedence in autofilling?

Or it's not a good practice to set the same website for both PMs i.e. to use different PM to open different website

Thanks
 
Last edited:

HarborFront

Level 71
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
5,999

"On your local machine​

Data that is stored on your computer/device is encrypted and only decrypted when you unlock your vault. Decrypted data is stored in memory only and is never written to persistent storage. Encrypted data is stored in the following locations at rest:

Desktop app​

  • Windows
    • Standard installation: %AppData%\Bitwarden
    • Microsoft Store installation: %LocalAppData%\Packages\8bitSolutionsLLC.bitwardendesktop_h4e712dmw3xyy\LocalCache\Roaming\Bitwarden
    • Portable: .\bitwarden-appdata
  • macOS
    • Standard installations: ~/Library/Application Support/Bitwarden
    • Mac App Store: ~/Library/Containers/com.bitwarden.desktop/Data/Library/Application Support/Bitwarden
  • Linux
    • Standard installations: ~/.config/Bitwarden
    • Snap: ~/snap/bitwarden/current/.config/Bitwarden""


Can the at rest vault be pointed and moved to, say an external USB flash drive/SSD? This is to prevent malware infection and a dead PC/laptop

If yes, how to do it? Or I need to self-host and store the vault externally?

Thanks
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top