cross-posted from: https://lemmy.world/post/20572072
Android has had an autofill feature for password managers for years now, but it’s broken and needs to be fixed.
Bitwarden is reasonably consistent, but you have to have recently logged into it. Before I open an app that needs auth, I open bw and unlock my vault. Most applications popup login with bitwarden and it can handle 3 stage logins usually even when the ask for 2fa before password.
I’ve found that bitwarden pops up more consistently if I select the password field instead of the username field.
Before I open an app that needs auth, I open bw and unlock my vault.
What happens when you don’t? I definitely have not had to do that.
I get about a 80% chance of popping the dialogue to fill.
If bitwarden isn’t already authed on my Samsung s24U, sometimes it will not pop the autofill with bitwarden button.
If I have opened and authorized bit warden in the previous few minutes the pop rate is very close to 100%
It’s better on android than Apple. The biggest problem on Android seems to be sites not following standards in identifying their fields which breaks autofill.
On iPhone this same problem exists, but you also have to deal with iCloud sporadically taking over and messing up the workflow, adding fun new ways for it to fail.
You have to be doing something wrong I’ve used Bitwarden and keepass on iOS for a long time with no issues just disable the apple one definitely works better then on my pixel
I tried disabling iCloud Keychain and it disabled every password fill. I can try it again or look at the options again…
Apple does better than the Android experience described in the article, but it also isn’t perfect. There are apps that don’t recognize that you need a password and are difficult to trigger the autofill (especially with a third party manager), and on very rare occasion it fails in the browser, too. It handles multi-page passwords just fine though.
Not trying to measure dicks or whatever, just giving a point of comparison. Without investigating, I wonder if some sites/apps don’t correctly indicate to the browser/OS that they’re passwords and what they’re for. I haven’t had real issues on my Android reader with proton pass, though that isn’t a huge set of apps I use.
I have no specific basis to say so, but I distrust browser-based password managers on the principles of separation of function and mitigating risk. Strong my credentials in a browser just feels hinky, even with a master password. Too obvious of an attack vector. Rather, I use the KeepassDX variant with its MagicKeyboard feature. When I’m presented with a login prompt, I can use the keyboard switcher to launch KeepassDX, unlock my vault, and select the credentials entry. Then I can switch back to the browser (or app) and have MagicKeyboard enter the credentials for me.
It’s a few more taps than just that, but it’s a straightforward workflow that should mitigate leakage from my usual keyboard, clipboard snooping, and any hypothetical attacks against the in-browser vault workflow.
Plus, I know where my credentials are stored, can apply 2FA, and even back up the vault file to offline archives.
It works for me. “Cool story bro,” I guess, is my point.
