Bitwarden wants to protect users from phishing attacks with new autofill feature

News
By
published

An autofill menu will now appear when you click on a form field

Bitwarden
(Image credit: Bitwarden)

Bitwarden has updated its autofill tool to help prevent users from having their credentials stolen in web page phishing attacks.

The open source password manager will now provide a menu when clicking on login form fields, giving you a list of possible autofill candidates from your vault to choose from. This also means that login fields will no longer be filled in automatically when you first load up a login page. 

In addition, users will now have the option to protect their autofill credentials with an extra password, to make sure they aren't automatically filled by a malicious third party.

Iframes

The change to the autofill function is a response to the disclosed vulnerability in websites that use iframes. 

Iframes allow for one webpage to be embedded within another, useful for inserting ads or video content within a single page. Popular websites such as Apple's and its iCloud cloud storage also use them for login fields.

However, it was found that threat actors could use malicious iframes containing form fields to steal credentials, as autofill would input the credentials straight away into said form fields. 

At the time, Bitwarden responded by saying that the risk was low, and that allowing autofill was a convenience worth having for access popular sites, like those of Apple and iCloud. It also noted that autofill is disabled by default, and a warning is displayed explaining the potential risks when users go to turn it on.

However, soon after it only allowed its autofill function to operate in iframes on trusted domains. And it seems that Bitwarden's new autofill precaution is yet another way to address the concern.

In order to make the new autofill menu user-friendly, it will remain on top of all other elements on a page, and will also reposition itself according to the size of the page and whereabouts form fields appear. Users will also be able to navigate through the list of credentials in the autofill menu using the keyboard in addition to a mouse.

There are various other parameters users can adjust in the autofill settings of their Bitwarden browser extension too.

MORE FROM TECHRADAR PRO

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.