cross-posted from: https://lemmy.world/post/20572072

Android has had an autofill feature for password managers for years now, but it’s broken and needs to be fixed.

  • linearchaos@lemmy.world
    link
    fedilink
    English
    arrow-up
    34
    ·
    2 months ago

    Bitwarden is reasonably consistent, but you have to have recently logged into it. Before I open an app that needs auth, I open bw and unlock my vault. Most applications popup login with bitwarden and it can handle 3 stage logins usually even when the ask for 2fa before password.

      • linearchaos@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        also true!

        I suspect I just need to set it not to relock the vault for a day and just auth it in the am and also set it not to sleep for power.

        But those two things aren’t really how I want things to be either.

    • SatyrSack@feddit.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      Before I open an app that needs auth, I open bw and unlock my vault.

      What happens when you don’t? I definitely have not had to do that.

      • linearchaos@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        2 months ago

        I get about a 80% chance of popping the dialogue to fill.

        If bitwarden isn’t already authed on my Samsung s24U, sometimes it will not pop the autofill with bitwarden button.

        If I have opened and authorized bit warden in the previous few minutes the pop rate is very close to 100%

      • G020B@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 months ago

        It won’t automatically suggest the right logins in your keyboard. There will be a chip with “Unlock your vault” or something like that.

  • Pulptastic@midwest.social
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    2
    ·
    2 months ago

    It’s better on android than Apple. The biggest problem on Android seems to be sites not following standards in identifying their fields which breaks autofill.

    On iPhone this same problem exists, but you also have to deal with iCloud sporadically taking over and messing up the workflow, adding fun new ways for it to fail.

    • histic@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      You have to be doing something wrong I’ve used Bitwarden and keepass on iOS for a long time with no issues just disable the apple one definitely works better then on my pixel

  • conciselyverbose@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    11
    ·
    2 months ago

    Apple does better than the Android experience described in the article, but it also isn’t perfect. There are apps that don’t recognize that you need a password and are difficult to trigger the autofill (especially with a third party manager), and on very rare occasion it fails in the browser, too. It handles multi-page passwords just fine though.

    Not trying to measure dicks or whatever, just giving a point of comparison. Without investigating, I wonder if some sites/apps don’t correctly indicate to the browser/OS that they’re passwords and what they’re for. I haven’t had real issues on my Android reader with proton pass, though that isn’t a huge set of apps I use.

    • badlotus@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      Can’t change the default match pattern that iOS uses or add apps to the URI match in Bitwarden iOS. Makes for a few extra clicks on some apps and sites.

  • SolidGrue@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    1
    ·
    2 months ago

    I have no specific basis to say so, but I distrust browser-based password managers on the principles of separation of function and mitigating risk. Strong my credentials in a browser just feels hinky, even with a master password. Too obvious of an attack vector. Rather, I use the KeepassDX variant with its MagicKeyboard feature. When I’m presented with a login prompt, I can use the keyboard switcher to launch KeepassDX, unlock my vault, and select the credentials entry. Then I can switch back to the browser (or app) and have MagicKeyboard enter the credentials for me.

    It’s a few more taps than just that, but it’s a straightforward workflow that should mitigate leakage from my usual keyboard, clipboard snooping, and any hypothetical attacks against the in-browser vault workflow.

    Plus, I know where my credentials are stored, can apply 2FA, and even back up the vault file to offline archives.

    It works for me. “Cool story bro,” I guess, is my point.

    • limerod@reddthat.comM
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 months ago

      Yeah, keepassDX works great. The keyboard function makes up for the 10% finicky apps where autofill cannot work for some reason. I have found only one app where copy-paste is blocked. This works for 99.99% of use cases.

  • kratoz29@lemm.ee
    link
    fedilink
    English
    arrow-up
    10
    ·
    2 months ago

    Yeah, I agree using Bitwarden in Android can be a mess, but I find it works pretty well with Firefox, now that I mention it, why do people get the Bitwarden extension if the app already works well?

    I have access to an iOS device (girlfriend’s) and I see it works well and I have never heard her complaining…

  • Russ@bitforged.space
    link
    fedilink
    English
    arrow-up
    9
    ·
    2 months ago

    That’s quite unfortunate to hear. I use Bitwarden along with Gboard and very rarely run into issues - I believe most password managers have a quick settings toggle that you can add into your notification drawer to maybe get around this? From what I know though, these generally use the Accessibility framework to function, and thus will heavily depend on your password manager - it also gives a lot more access to those apps than the built in autofill framework.

    Conversely I remember Bitwarden’s autofill support on iOS being quirky when I last used it (which to be fair, has been a while - I’m sure its improved since then). IIRC it pretty much always worked in Safari (and Safari Web Views within apps), but the actual applications themselves wouldn’t always give me the autofill prompt.

    For me though, regardless of the platform it still is far more worth using a password manager and unique passwords per-site than to use a single password (or even a handful) across sites. I hope autofill support improves for those that it doesn’t work well with.

  • scrchngwsl@feddit.uk
    link
    fedilink
    English
    arrow-up
    9
    ·
    2 months ago

    Autofill is total shit I agree, but I’ve been copying and pasting from my password manager for over a decade and it’s been fine. I get that autofill would be much less friction, but I really don’t mind copying and pasting.

    • Scolding7300@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      If the pw manager has a “last accessed” sort by default for quick access, it makes it so much better (especially when only the username or password are filled)

    • Monkey With A Shell@lemmy.socdojo.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Indeed, I don’t particularly even want it to auto fill unless I give it the OK to do so, even if that’s as simple as a PIN.

      I’ve got things worked up with bitwarden to a point where I can put in a short pin to unlock it after a timeout (usually set to 15 minutes) and it will pretty well always work so long as the fields for where the user/pass go are found cleanly.

  • keyez@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    2 months ago

    My experience has gotten much better in the last several years. Now across apps, Firefox and whatever it’s more often than not it autofills or brings up bitwwrden just fine. It’s becoming the minority now when I encounter issues

  • smeg@feddit.uk
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 months ago

    Why Google allows apps to block a system service from inputting information is beyond my understanding, but it’s absolutely infuriating, and just discourages the use of these tools.

    This is the really annoying bit

  • PetteriPano@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    2 months ago

    I’ve recently switched from Firefox’ vault to bitwarden.

    I’d say it works 50% of the time. On desktop Firefox it just doesn’t manage to autofill things some days and I end up copy-pasting my credentials.

    On mobile is happy to present me with suggested logins for a page. If I have one, pick or generate one, then it’s all dandy. If I decide I’d rather not, then there’s no way out of that view. I end up force-killing Firefox mobile. Maybe the app works better than the browser extension.

  • d0ntpan1c@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    2 months ago

    FWIW some of the problems are on website/app developers. Not sure on specifics on the app side, but with websites if the dev doesn’t use semantic html input elements with the correct type attribute to denote the password form, autofill won’t work (since neither android or the password manager know its time to do stuff)

    Nothing wrong with username/password on different screens (one at a time is good for several accessibility-minded reasons) but again, there are some best practices to follow which allow screen readers and password managers to still act as you would expect.

    I’d assume android app dev is similar.

    That said… I do think it’s gotten a bit clunkier at times in ways I dont recall being problematic in the past. I use 1password and heliboard or floris board and while those keyboards seem to bug out a bit, sometimes the bigger problem seems to be that android isn’t always telling 1password enough info to find the right account. Idk how apps “inform” the password manager (maybe via url’s in a metadata file or maybe passwors managers have ro keep theor own internal db?), but apps that use web wrappers (specifically the old and/or shitty ones) report their url as http://localhost since the wrapper just renders a local page in a web view. that’ll wreck a password managers day real quick.

    Idk if Android is worse than iOS here, not that it is a reason for google to punt on improving it. iOS has its own autofill quirks thay can be just as annoying. Esp constantly asking if you want to use your app or apple keychain without a way to just pick a default…

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      Idk how apps “inform” the password manager (maybe via url’s in a metadata file or maybe passwors managers have ro keep theor own internal db?),

      no idea about 1password, but bitwarden uses the package name (unique to each app), prepended with a special url scheme

    • JustAnotherKay@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      It works really well.

      Like 90% of the time, yeah. There are some websites/apps where it will fuck up and I have to go open the pass app and tap the credentials I need. Still the best option in my opinion, and it only takes a second to go grab the credentials out of the app

  • Pika@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    2 months ago

    my issue with androids password manager feature is the main site I use it on is Firefox, but Firefoxes autofill for password manager is in a constant fight with keepass on who shows, and there’s no menu to tell it which one I want to use so I have to leave the field join the field till it shows or manually copy from the manager. It’s so obnoxious