I start to use Bitwarden and enabled the Two Step Login but, this work only when i use directly thr website.
There is no two step login with Chrome BitWarden extension when we close the web brower or after xx minutes of inactivity ?
Can you add this with everyapp please ?
2FA is only used when logging in, not when unlocking your vault. For convenience, the apps and extensions lock your vault after some period of inactivity but they don’t log you off.
I am using Authy here for 2FA and Firefox extension on FFox 72.0.2 and Chrome extension and neither prompts me for the 2FA if in the extension I select logout. Only when I logout of the web interface am I prompted for the 2FA code.
Discovered that in my case I had clicked on remember me. I had to deauthorize all sessions in order to remove that one computer from remembering 2FA.
I find that Lastpass is a bit more user friendly when it comes to 2FA. If you do not click on Trust this Device for 30 days then upon closing the browser (if you have enabled log me out on browser close in their extension) then your 2FA session is ended and you will have to re enter your 2FA code should you login again. As well you will be automatically logged out of LP as well. With BW one has to remember to actually do the logout via the extension in order to end the 2FA session and force the re entering of the 2FA code next session.
So over the weekend I set up my bit warden vault. I am now a Firefox user, and set up the extension for that with a pin code. I also bought a yobiky to lock down my PC when I go away on holiday should I get broken into at home.
I was quite disappointed when I was able to log into my Firefox extension without the yobikey in place just by typing in my pin code.
Am I missing something here or is this definitely a weak link for bit warden to plug as soon as possible?
New user here facing the same problem.
And as someone else has already stated " Manual logout is not the same as vault time-out logout"
Neither lock or Log out options will require a 2FA.
We need a 3rd option for a real logout that requires a 2FA after Timeout (or not…)
Thanks, @gatofelix! I’ve made this thread a ‘support’ thread so your post can be the main feature request thread.
Hi There, thanks for the posts. I have a similar issue that I would like to share and hear from anyone in the community.
Problem: I have my bitwarden extension on Chrome browser and no matter if I set it on log-out after 1min or browser close etc or manually log out or shut down my computer, it never asks for the 2FA.
The only way I can get 2FA to trigger on the chrome extension is if I delete the extension and reinstall it. Then it works for the first login and thereafter never again triggers 2FA.
I have not clicked “remember me” and have also logged out of all sessions using the Webvault.
Is there a known bug where Bitwarden Chrome extension does not prompt 2FA on LOGOUT (as I am aware lockout is not supposed to prompt 2FA)
What I would like to achieve is Bitwarden Chrome extension to ask for my 2FA each time I close my browser (as per the option selected)
Happy to hear from the community, thank you
Actually this is happening with me now.
The extension no longer asks for the 2FA.
I had to disable it…
Clients will only ask for 2FA in the following cases:
- Vault is logged out and not just locked
- Device did not have ‘remember me’ checked when 2FA was initially given
To reset the ‘remember me’ option, you’ll need to deauthorize sessions in your web vault.