Bitwarden wants to protect users from phishing attacks with new autofill feature

Bitwarden
(Image credit: Bitwarden)

Bitwarden has updated its autofill tool to help prevent users from having their credentials stolen in web page phishing attacks.

The open source password manager will now provide a menu when clicking on login form fields, giving you a list of possible autofill candidates from your vault to choose from. This also means that login fields will no longer be filled in automatically when you first load up a login page. 

In addition, users will now have the option to protect their autofill credentials with an extra password, to make sure they aren't automatically filled by a malicious third party.

Iframes

The change to the autofill function is a response to the disclosed vulnerability in websites that use iframes. 

Iframes allow for one webpage to be embedded within another, useful for inserting ads or video content within a single page. Popular websites such as Apple's and its iCloud cloud storage also use them for login fields.

However, it was found that threat actors could use malicious iframes containing form fields to steal credentials, as autofill would input the credentials straight away into said form fields. 

At the time, Bitwarden responded by saying that the risk was low, and that allowing autofill was a convenience worth having for access popular sites, like those of Apple and iCloud. It also noted that autofill is disabled by default, and a warning is displayed explaining the potential risks when users go to turn it on.

However, soon after it only allowed its autofill function to operate in iframes on trusted domains. And it seems that Bitwarden's new autofill precaution is yet another way to address the concern.

In order to make the new autofill menu user-friendly, it will remain on top of all other elements on a page, and will also reposition itself according to the size of the page and whereabouts form fields appear. Users will also be able to navigate through the list of credentials in the autofill menu using the keyboard in addition to a mouse.

There are various other parameters users can adjust in the autofill settings of their Bitwarden browser extension too.

MORE FROM TECHRADAR PRO

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
Young woman working at a coffee shop with a laptop
Too many passwords, not enough brain space? Here’s how password managers can improve your life
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
Chrome 90 Browser for iOS
Google Chrome might soon use AI to make you a better password
1Password partnership with Oracle Red Bull Racing F1 team
1Password is making it easier to find passwords based on where you are
A hand laying out a password
Security attacks on password managers have soared
Keeper
Let 2025 be the year you upgrade your password security— get 50% off Keeper’s Personal & Family plans
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)