Settings < Autofill < Click items to autofill from Vault

Of course it's not under Settings -> Appearance where the similar "Show quick copy actions on vault" option is. Why should an option that only affects the UI be in "appearance".

Because it barely changes the appearance at all? The actual effect of that setting is to change the behavior of the button to be autofill. The only visual change is that the small "Fill" button is removed.

It fundamentally changes the appearance of the UI, what are you talking about?

These are screenshots from the extension, before and after checking that autofill box. The only visual change is the missing "Fill" button, because now clicking on the item itself preforms the fill action. The rest of the UI looks exactly the same.

https://imgur.com/a/ji3EAKw

It's not mandatory, it's a default. I asked the help docs team to update the FAQ to include that there is an opt-out option under account settings.

Where's the option? I don't see it.

The documentation now says "Users who opt-out from their account settings, to which an option will be added, are excluded" so it appears that there isn't an option yet but that they will add it later.

It's not mandatory, it's a default. I asked the help docs team to update the FAQ to include that there is an opt-out option under account settings.

You are using present tense, but there is not an opt-out option right now, and zero reasonably accesible documentation about it exists.

Rolling out such a significant change with just a few days advance notification shows an incredible level of incompetence.

Yea. This article needs to be updated if that is the case. There isn't even a hint that this is possible. And there are very valid reasons to not turn it on as these comments have shown.

instructions on how? I need to walk through family members to do this.

Same here. I have a 77 year old father who has had a stroke who is not going to be able to wrap his head around the notion of 2FA. It's a bridge too far. Not going to happen. He's just going to get confused and give up when faced with crap he doesn't understand (that's literally how it works with him). I've seem him break into tears because he couldn't figure out some mobile phone UX. Kind of heartbreaking to watch that happen. That's what strokes do to people. Stuff like this doesn't help people like that.

I'm thinking the built in browser password manager might be a safer, more usable option for him at this point. It's probably what I'll have to recommend when this inevitably blows up in a few months.

2FA is a hurdle for normal users. I've had to support 2FA for our Google workspace account for some of my non technical colleagues. It's a PITA almost 100% of them needed me to unblock their account at some point. Absolutely terrible UX. Most users aren't compatible with this stuff. That's why all the big companies are pushing for passkeys now. I don't think that actually fixes the problem and just moves it instead.

But I get it. Bitwarden wants to appeal to corporate IT managers so they can sell expensive enterprise licenses because IT managers are most of their paying customers. And for that they need to sacrifice UX. Because IT managers like liability even less than service providers (like Bitwarden). They'll make their users jump through hoops one hundred percent of the time if it reduces their exposure to their mistakes. So sacrificing UX for that is a small sacrifice. But it is a sacrifice that buys ass coverage for Bitwarden and IT managers. At the cost of users.

Although currently Bitwarden Passkey is completely broken on Android.

I switched to other providers because of this.

You can turn this feature off under settings.

The "new" CEO has been at the helm since 2019. Long before the mentioned funding in 2022.

We don't really have a HQ since we are a 100% remote company.

Source: I am the Bitwarden founder.

Can you maybe touch a bit on the intended relationship between you and the VC? Are there plans to do aggressive monetization of Bitwarden?

As a long time user, I'm a bit concerned as well.

Bitwarden has had VC investors for years, long before the mentioned 2022 funding. I think our track record to date shows how we operate in this relationship. We specifically choose partners that align with our vision, not just anyone that comes off the street wanting to throw money at us (though there are many). Our health as a company afford us this luxury.

Bitwarden is and has been monetized since the beginning. There are no plans to change how we monetize our products. It's working well for us.

Then why raise an additional $100m?

To grow faster. To be able to fund new projects that could be of higher value to people willing to pay extra.

You know, how you don't just save all of your life for a house - but get a mortgage and enjoy a house now, not in 50 years.

But if I had tonnes of cash, I wouldn't get a mortgage.

Thanks, then this all seems to be much ado about nothing. Cheers!

that or check back in a year when the founder will say, "... the realaties of the market..."

You could ask them, you’re replying to the founder right now, after all.

I know. I've watched this cycle repeat time and time again. 'We would never' (six to twelve months pass) 'Well never say never'.

No company will eever say that thereyare plans for aggresive monetezation. They will always say everything stays the same - open-source mindset etc.

Until 2 years later there is a license and pricing change. One that will make it 10 times more expensive - or the free/open-source version will be crippled.

And the UI will suck because they've made it an Electron app so they can have a universal platform...

The clients are fully FOSS, and there is a FOSS server reference application, too. What could go wrong? (Famous last words Inc.)

FWIW: I've been using this application for the past years. I pay 12 USD or so a year, though I self-host. I just pay as a thank you since I still use the FOSS client, and the price is very reasonable.

1Password is hardly even a competitor as it is a completely different price range, and different product. It isn't FOSS at all, there's a vendor lock-in (in contrast to Bitwarden), and it is 3x as expensive at the very least. They're miles apart.

And 1Password does not propose self-hosting anymore, which is why I am stuck to version 7 for my personal vault. At work, we use Bitwarden self-hosted solution. I could even use an encrypted text file to store my passwords if there were no self-hosting solution anywhere. It gives you an idea at how much I do not want my infos to be on the Internet somewhere.

Hey man, thank you for creating Bitwarden.

I'm just a normal tech-lover guy who works in the marketing field. I have made my family & 2 agencies switch to Bitwarden and they all love it.

I have stored more than 400 passwords and more than 30 debit + credit cards in it. Though I don't need a paid plan but I'm paying $10 per year just to support the developers.

Just want to echo other comments, thanks so much for bitwarden I've been using it for years and it has changed my family's life. Even managed to get my aging parents to use it instead of their paper notebook

Thanks for an excellent product. I'm a long term paid subscriber, and very happy with Bitwarden :-)

I have been self-hosting for a few years now with zero complaints. Keep doing what you’re doing, and thank you.

Thanks, awesome product! Happy user for many years.

Thank you for a great product. Carry on.

AC, or alternating current, is a type of power. Usually available as a wall plug in your house.

DC, or direct current, is another type. For example a battery. Or in this case, PoE.

Criticisms from this article:

>Bitwarden does not warn about this risk…… Bitwarden takes little effort in communicating the risks of choosing a short low-entropy PIN. Currently there is very little information to be found about the PIN in Bitwarden documentation

Bitwarden's help docs on using PINs: https://bitwarden.com/help/unlock-with-pin/.

>Warning: Using a PIN can weaken the level of encryption that protects your application's local vault database. If you are worried about attack vectors that involve your device's local data being compromised, you may want to reconsider the convenience of using a PIN.

They just need to put that notice in the software, when you try to enable a pin.

The Bitwarden docs warn users about the exact risk this article talks about. https://bitwarden.com/help/unlock-with-pin/

Browser extension updates are still rolling out

Re point #2 - You can set a max access count to 1.

Oh! Right! I think this is a ripple effect of #1 for me, this is how I see the panel for creation a message: https://i.imgur.com/IBVinx4.png

So Firefox put my account password there automatically, and color coded that, but also did this for Max Access Count. And to be frank I filtered out that field when I was looking for relative option to solve #2 problem.

What about an option to expire the message X hours or days after the first access?

So that if one forgets to save / make-use-of the secret thing, and accidentally reload the browser tab, or power off the computer -- it'll still be there, an hour later. But not a week later.

Or if you share the message with a tech illiterate person, who doesn't realize what "expires after first access" means. Then, instead, you can say to him/her: "After you've read my message, you need to use it within two days, thereafter it disappears automatically". And it won't matter if he or she accidentally reloads the browser tab (with the message in it -- trying to access it for a 2nd time), or leaves for lunch and powers off the computer and wants to continue handling your message, after lunch.

(Could be combined with expiring the message after Y days, without any access.)