A script-based, small, Open-Source Application written in AutoHotkey that provides keyboard shortcuts to auto-type usernames, passwords and Time-based One-Time Passwords (TOTP) for applications and websites, it borrows the concepts coined by KeePass but with Bitwarden as "backend".
This is the second release (a major rewrite), is not backwards compatible with the first release. It contains multiple improvements and doesn't require external dependencies.
It attempts to fullfil the applicable Top-10 user-requested features of the community:
- Auto-type/Autofill for logging into other desktop apps.
- 2FA when ‘unlocking’1.
- Auto-logout after X minutes.
- Auto-fill TOTP code.
- Bitwarden Windows App - Add Autorun at System Startup.
- Auto-Sync on all platforms2.
- Support Internet Explorer3.
- Autofill shortcut should open login window when vault is locked
- Improve random password generation.
1 Uses an entry with the Authenticator Key.
2 The synchronization is done on schedule.
3 Only IE 11 was tested, use title matching for others.
Wiki details them:
- Auto-Type: with predefined and per-case sequences.
- Supports multiple accounts/windows per site.
- Favicons can be shown to easily distinct between sites.
- Quick 6-digit PIN and 2FA (TOTP) unlocking.
- Universal Window Platform support (Microsoft Store Apps).
- Browser support: instead of insecure extensions.
- TOTP generation: via Clipboard and/or hotkey and/or placeholder.
- Strong Password Generator with entropy indicator.
- Placeholder for smart detection of text input fields.
- Two-Channel Auto-Type Obfuscation: global/per-entry.
- Provides auto-type globally by executable/title/URL.
- Replaces the (intrinsically insecure) browser extension.
- It can use KeePass' TCATO algorithm for extra security.
- Passwords skip Clipboard (thus managers and cloud synchronization).
- Replace Bitwarden application (entries can't be added/edited).
Setup:
- Run the setup, edit the settings.
- Application can be found in the Start Menu.
Portable:
- Place Bitwarden CLI (at least
v1.11.0) in the same directory. - Update the settings (add the path to
bw.exeif not in the same directory or if renamed).
Both:
- Add in Bitwarden login entries, window rules (see format below).
- Optionally, you can specify a custom typing sequence in the
auto-typesequence field (name can be changed in[SEQUENCES]section of settings file).
- By URL:
http://example.comhttps://www.example.com/path/login.html?foo=bar- It follows the "Match Detection" in use by Bitwarden.
- By executable name:
thunderbird.exeapp://thunderbird.exewinapp://thunderbird.exe
- By window class:
app://?class=MozillaDialogClasswinapp://?class=MozillaDialogClass
- By window title (partial match):
Mail Server Passwordapp://Mail Server Passwordwinapp://Mail Server Password
- By window title (exact match):
app://?title=Mail Server Password Requiredwinapp://?title=Mail Server Password Required
Why winapp:// or app://? Both are currently unused. winapp:// is consistent with androidapp:// and iosapp:// currently used. app:// is OS agnostic (an Auto-Type for MacOS/Linux could make use of it). Protocols can be iconified (for example: app://, macapp://, linuxapp:// and winapp://).
- No x86 version:
bw.exeis 64 bits only. - TCATO can fail in specific sites/windows
- Temporarily disable it via tray menu
- Add an exception in Bitwarden (field
tcato, valueoff).
- Some applications might fail to recognize auto-type:
- Use the setup version (recommended).
- Run the portable version as Administrator.
{SmartTab}doesn't work with Chromium-based applications- Normal Tab is sent. For more than one Tab use a custom
auto-typerule.
- Normal Tab is sent. For more than one Tab use a custom
- Wiki !!!
- Internationalization.
- Global entry selection.
- UI for settings (perhaps).
- Checkout the
Wiki. - In Reddit look for the /r/Bitwarden sub.
- User-to-User support in Community Forums.
- GitHub Issues for app-specific problems/bugs.
This is a script-based utility; not a full-fledged, enterprise-ready application (i.e. YMMV).
No monkey business. Given the nature of AutoHotkey, the source code can be found on the executable and be read with any text editor (almost at the end of the file) or better yet, with Resource Hacker; plus, the source script can always be used instead.
- WTFPL
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.