so its safe to have it enable??

Yes, it's safe to use now!

@@teachmecyber but the warning is still there...

This is one of the great benefits of open source!.. there's a problem, someone will fix it!

I've found your mileage can vary with auto fill depending on your setup and the password manager. It's gotten better but some apps or sites can be troublesome. Thanks for the feedback!

I've heard similar tactics from others as well. It's a pretty cool way to do it. You could still use autofill to make it a bit easier and then add your manual character at the end. It's a cool little hack!

Partially storing your password and not auto filling is good advice if you use a password manager. This content creator is just advertising. His videos just explain how convenient it is to use password managers. There are always dangerous exposures if you store your passwords anywhere. The different password managers just have varying amounts of risk. Your practice of storing a partial password and adding something you remember is the best practice which ensures that your full password is never available anywhere.

So It's like salting the data? Interesting. How much salt do you add? Is it a nonsense string? There is also always the possibility that a password is stored in a server as plain text instead of as the hashed value.

@@xileets - It's up to you how many character(s) you want to add. In my case I add my driver license number.

An edge case that hopefully stays minimal! Hopefully this gets Bitwarden to push a fix as well to close this out.

I would go for Bitwarden or Dashlane. I value firms that focus on their key products.

Don't go for Lastpass, like me.. I gather BitWarden doesn't have "monitoring of dark web" and other features you get with Lastpass Premium. but that would be "user chose to gave it up" type thing anyway before a attack happened.

bitwarden or KeePassX, dont use anything from Nord

What would you like to see for it?

Check out this link. Your options might be limited here depending how you set it up. bitwarden.com/help/forgot-master-password/

Always good to be aware of the risks!

It's a bit like the Android vs Apple argument. Other password managers have a more streamlined interface and are easier to use but don't have as much customization, like Apple. Bitwarden isn't the best looking but it has most of the features and a lot more customization.

That's what I thought as well. I think having the autofill function is more beneficial than not as it prevents from phishing attacks since it won't autofill. Maybe someone could clarify this.

Well the good news is that Bitwarden fixed the flaw, so it won't happen automatically now when autofill is enabled. When you are using the manual autofill, BW will warn you if there is an untrusted that would get filled.

@@teachmecyber So should we still disable auto-fill? Or is it ok to use now?

@@teachmecyber please answer So should we still disable auto-fill? Or is it ok to use now?

All good to use now!

@@teachmecyber I from Brasil. Gostei do seu vídeo. Agora fiquei com medo de usar. Isso vale pra qqr navegador? Existe algum ajuste que não carregue esse ?

Thankfully this is a minor issue and one that has since been patched!

@@teachmecyber so now I don't need to check, if it's unchecked?

Correct, it will be off by default and Bitwarden fixed the underlying issue

@@teachmecyber thanks :) I appreciate your reply

I see it as an oversight in the code. They didn't account for different s they could be sitting on the main web page. This has been fixed now thankfully!

Thanks for watching!

That's a tried and true method. One benefit of the autofill (with user interaction) is that it can help you detect phishing sites. If you click on a link and it prompts for a login, your password manager will look for the URL. If it's not something it recognizes, there's no password to put in.

I just drag'n'drop .... Doesn't go to clipboard that way

That's a good approach.

They recently released a full fix for this