cross-posted from: https://lemmy.world/post/20572072

Android has had an autofill feature for password managers for years now, but it’s broken and needs to be fixed.

11 points

Apple does better than the Android experience described in the article, but it also isn’t perfect. There are apps that don’t recognize that you need a password and are difficult to trigger the autofill (especially with a third party manager), and on very rare occasion it fails in the browser, too. It handles multi-page passwords just fine though.

Not trying to measure dicks or whatever, just giving a point of comparison. Without investigating, I wonder if some sites/apps don’t correctly indicate to the browser/OS that they’re passwords and what they’re for. I haven’t had real issues on my Android reader with proton pass, though that isn’t a huge set of apps I use.

permalink
report
reply
6 points

You nailed it, rhe problem is largely apps not respecting lots of stuff.

permalink
report
parent
reply
3 points

Can’t change the default match pattern that iOS uses or add apps to the URI match in Bitwarden iOS. Makes for a few extra clicks on some apps and sites.

permalink
report
parent
reply
34 points

Bitwarden is reasonably consistent, but you have to have recently logged into it. Before I open an app that needs auth, I open bw and unlock my vault. Most applications popup login with bitwarden and it can handle 3 stage logins usually even when the ask for 2fa before password.

permalink
report
reply
1 point

Before I open an app that needs auth, I open bw and unlock my vault.

What happens when you don’t? I definitely have not had to do that.

permalink
report
parent
reply
2 points

It won’t automatically suggest the right logins in your keyboard. There will be a chip with “Unlock your vault” or something like that.

permalink
report
parent
reply
4 points

I get about a 80% chance of popping the dialogue to fill.

If bitwarden isn’t already authed on my Samsung s24U, sometimes it will not pop the autofill with bitwarden button.

If I have opened and authorized bit warden in the previous few minutes the pop rate is very close to 100%

permalink
report
parent
reply
6 points

I’ve found that bitwarden pops up more consistently if I select the password field instead of the username field.

permalink
report
parent
reply
3 points

also true!

I suspect I just need to set it not to relock the vault for a day and just auth it in the am and also set it not to sleep for power.

But those two things aren’t really how I want things to be either.

permalink
report
parent
reply
10 points

I have no specific basis to say so, but I distrust browser-based password managers on the principles of separation of function and mitigating risk. Strong my credentials in a browser just feels hinky, even with a master password. Too obvious of an attack vector. Rather, I use the KeepassDX variant with its MagicKeyboard feature. When I’m presented with a login prompt, I can use the keyboard switcher to launch KeepassDX, unlock my vault, and select the credentials entry. Then I can switch back to the browser (or app) and have MagicKeyboard enter the credentials for me.

It’s a few more taps than just that, but it’s a straightforward workflow that should mitigate leakage from my usual keyboard, clipboard snooping, and any hypothetical attacks against the in-browser vault workflow.

Plus, I know where my credentials are stored, can apply 2FA, and even back up the vault file to offline archives.

It works for me. “Cool story bro,” I guess, is my point.

permalink
report
reply
4 points

KeePass and the Magikeyboard is my favorite go to combo too.

permalink
report
parent
reply
4 points

Yeah, keepassDX works great. The keyboard function makes up for the 10% finicky apps where autofill cannot work for some reason. I have found only one app where copy-paste is blocked. This works for 99.99% of use cases.

permalink
report
parent
reply
22 points
*
Deleted by creator
permalink
report
reply
9 points

That’s quite unfortunate to hear. I use Bitwarden along with Gboard and very rarely run into issues - I believe most password managers have a quick settings toggle that you can add into your notification drawer to maybe get around this? From what I know though, these generally use the Accessibility framework to function, and thus will heavily depend on your password manager - it also gives a lot more access to those apps than the built in autofill framework.

Conversely I remember Bitwarden’s autofill support on iOS being quirky when I last used it (which to be fair, has been a while - I’m sure its improved since then). IIRC it pretty much always worked in Safari (and Safari Web Views within apps), but the actual applications themselves wouldn’t always give me the autofill prompt.

For me though, regardless of the platform it still is far more worth using a password manager and unique passwords per-site than to use a single password (or even a handful) across sites. I hope autofill support improves for those that it doesn’t work well with.

permalink
report
reply

Android

!android@lemdro.id

Create post

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it’s in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it’s not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website’s name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don’t post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities
Lemmy App List
Chat and More

Community stats

  • 2K

    Monthly active users

  • 1.3K

    Posts

  • 8.2K

    Comments