Security News > 2024 > February > Bitwarden’s new auto-fill option adds phishing resistance
The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields.
A few days later, the Bitwarden team announced they would add another layer of safety, allowing iframe auto-fills only on trusted sites and subdomains from the origin domain.
In terms of the user experience, the new inline auto-fill feature was designed to keep auto-filling an easy process by keeping the menu on top of all other visible elements, repositioning it based on page size and scrolling position, allowing keyboard navigation, and only displaying results if the user is logged into the extension.
To avoid conflict, it is recommended to turn off auto-filling features on your web browser if it's enabled on the Bitwarden extension.
The password manager features multiple auto-fill options that include keyboard shortcuts, a dedicated context-menu, auto-fill on page load, and manual auto-fill.
Users can also set specific parameters for the trusted URLs they want Bitwarden to provide the auto-fill option.