Bitwarden: Amazon Login and Basic Authentication

You took our article about Bitwarden as a password manager as an example, but now you have the problem that on some websites either no password or the wrong password is suggested? That can happen, that’s where the pitfalls of everyday life hit.

We will give you a few examples that can help you to get a grip on similar problems. We already recommended in the first article to set the URL detection to “Server”, so that at least subdomains are distinguished. Otherwise Bitwarden will see blog1.wordpress.com and blog2.wordpress.com as the same address and will reveal the password. Which, by the way, Safari also does – only there it can not be turned off.

Bitwarden: Distinguish Amazon logins (private/affiliate)

Now there are situations where we can not distinguish with a subdomain but have to make do differently. At Amazon, for example, all logins always go through

https://www.amazon.de/ap/signin

This is not very helpful if we have a normal account and an affiliate account for example. So how should the password manager distinguish the URL?

For this we use the “Starts with” setting for URI detection (just go to the account entry in Bitwarden and then to “Edit”. For an affiliate account we use the beginning of the address there namely.

https://www.amazon.de/ap/signin?openid.return_to

Since only affiliate account login addresses start like this because after logging in you are redirected back to the affiliate page, Bitwarden will recognize them from now on by the parameter. So we just lengthened the address a little bit and so it’s now distinguishable from non-affiliate accounts.

Bitwarden: Set up two-step Amazon login

For private login we use the same trick: here the URL is

https://www.amazon.de/ap/signin?openid.pape.max_auth_age

with the “Starts with” option. But since the login process is two-step (put in name, enter, next page, enter password) we need to define one more address, this one is

https://www.amazon.de/ap/signin

with the option “Exact”.

But we still have a problem: Bitwarden recognizes a field for the username only if there is one for the password below it. And just that is not the case with this Amazon login, which is spread over two pages.

But there is a trick: we use the Inspect function of the browser and look at the name of the field: ap_email.

For this we create a custom field with our username.

Now the following happens: with the two-step login Bitwarden now finds the field for the username, because we have now defined it manually. It will be filled in automatically. Then after click on continue comes the password field, which is now regularly recognized and filled in. As long as Amazon does not change the name of the first username field, everything works like clockwork. Otherwise, you just look again how the field is called, should something have changed.

Bitwarden: Basic Authentication with the same URL

The same procedure we use if you have for example a firewall in front of your blog and this first requires a login before the actual login to WordPress can take place. Both name/password combinations have the same URL, namely

https://example.com/wp-admin

So we have to fill in the first two fields correctly (Basic Auth) to get to the WordPress login.

Therefore, we simply create Custom Fields for the first two fields in Bitwarden. We also checked here with an Inspect tool of a browser to see what the fields are called. In our case simply n and p. Therefore we create a “Text” and a “Hidden” field in Bitwarden and both logins run through automatically.

It may happen that Bitwarden asks you if you want to save the password. But just click away, everything should already be complete – just check it by logging in and out several times.