Auto-fill Logins in Browser Extensions
tip
If your browser extension is having issues auto-filling usernames and passwords for a particular site, using linked custom fields can force an auto-fill.
Additionally, basic authentication prompts work a little differently than regular auto-fills. For more information, see Basic Auth Prompts.
Bitwarden browser extensions have a unique Tab view, which automatically detects the URI (for example, google.com) of the page in the open browser tab and finds any vault items with corresponding URIs. If you are unfamiliar with using URIs, we recommend reading this article.
When a vault item has a corresponding URI, the Bitwarden icon will overlay a badge counter reporting the number of items found for that web page (pictured below).
tip
If you want, you can hide the badge counter using a the Show badge counter toggle in the Settings → Options menu.
Selecting the vault item inside the Tab view will auto-fill login information to the detected input fields. In cases where a web page or service has multiple items with relevant URIs, Bitwarden will always auto-fill the last-used login.
note
Currently unavailable in the Safari browser extension.
Without opening your browser extension, you can right-click on the username or password input field and use the Bitwarden → Auto-fill option. If your vault is locked when you attempt this, a new tab will open prompting you to unlock. Once unlocked, the browser extension will automatically proceed with auto-filling your credentials.
Browser extensions will warn users before using this method to auto-fill an untrusted iframe or on an HTTP site when HTTPS is expected based on that item's saved URI(s).
Bitwarden browser extensions provide a set of keyboard shortcuts (also known as hot keys) to auto-fill login information. If your vault is locked when you attempt this, a new tab will open prompting you to unlock. Once unlocked, the browser extension will automatically proceed with auto-filling your credentials.
Browser extensions will warn users before using this method to auto-fill an untrusted iframe or on an HTTP site when HTTPS is expected based on that item's saved URI(s).
To auto-fill login information, use the following default shortcuts. If there are multiple logins with the detected URI, the last-used login will be used for the auto-fill operation. You can cycle through multiple logins by repeatedly using the keyboard shortcut:
On Windows:
Ctrl + Shift + LOn macOS:
Cmd + Shift + LOn Linux:
Ctrl + Shift + L
tip
If a login uses the Bitwarden authenticator for TOTPs, using the Cmd/Ctrl + Shift + L will automatically copy your TOTP to your clipboard after auto-filling. All you have to do is Cmd/Ctrl + V to paste!
If any given shortcut doesn't work, it might be because another app on your device is already registered to use it. For example, the auto-fill shortcut on Windows is commonly claimed by the AMD Radeon Adrenaline software (AMD graphic drivers) and therefore cannot be used by Bitwarden. In these instances, you should free up the shortcut or configure Bitwarden to use a different shortcut.
Configuring the keyboard shortcuts used by a Bitwarden browser extension differs based on which browser you are using. To access the configuration menu:
In Chrome, enter
chrome://extensions/shortcutsin the address bar.In Chromium-based browsers such as Brave, substitute
chromefor the relevant browser name (for example,brave://extensions/shortcuts).In Firefox, enter
about:addonsin the address bar, select the Gear icon next to Manage Your Extensions, and select Manage Extension Shortcuts from the dropdown.
Some browsers, including Safari and legacy Edge do not currently support changing the default keyboard shortcuts for extensions.
warning
This feature is disabled by default because, while generally safe, compromised or untrusted websites could take advantage of this to steal credentials.
Browser extensions will not allow auto-fill on page load for untrusted iframes and will warn users before auto-filling on an HTTP site when HTTPS is expected based on that item's saved URI(s).
Auto-fill on page load is an opt-in feature (see the following Warning) offered by Bitwarden browser extensions. Auto-fill on page load will auto-fill login information when a web page corresponding to a login's URI value loads. Once enabled, you can set the default behavior (on for all items or off for items).
To enable this feature, navigate to Settings → Auto-fill in your browser extension, check on the Auto-fill on page load checkbox, and choose your default behavior. Once enabled and the default behavior is set, you can additionally specify auto-fill on page load behavior for each individual login:
Using this convention, you can setup your browser extension to, for example:
Auto-fill on page load for only a select few items (off by default for all items and manually turned on for select items).
Auto-fill on page for all but a select few items (on by default for all items and manually turned off for select items).
You can auto-fill items manually that don't have saved URIs by opening them in the Vaults view, and selecting the Auto-fill button.
Browser extensions will warn users before using this method to auto-fill an untrusted iframe or on an HTTP site when HTTPS is expected based on that item's saved URI(s).
If you use Bitwarden authenticator, Bitwarden will automatically copy a login's TOTP code to the clipboard when the login is auto-filled by any of the above methods.
tip
Automatic TOTP copying can be turned off using Settings → Options → Copy TOTP automatically, which will be on by default. Additionally, use the nearby Clear clipboard option to set an interval with which to clear copied values.
Browser Extensions will quietly disable auto-fill on page load for untrusted iframes and will warn users about the iframe if they trigger auto-fill manually using a keyboard shortcut, the context menu, or directly from the browser extension.
"Untrusted" iframes are defined as those for which the src="" value does not match a URI for the login item, as dictated by a globally-set or item-specific match detection behavior.