What I would like to see is the ability to define the auto lock period with an additional option to disable it entirely (as previous behaviour).
Our PCs are set to auto lock after five minutes of inactivity, I don’t need the web vault to have an additional setting. I have a 20+ character password for my web vault which I use frequently during the day and having it lock every 15 minutes makes no sense if my PC locks within five minutes of me no longer using it.
Setting a forced 15 minute lock of the web vault may tempt people to use shorter, easier passwords for their vault. To me, this is a good example of where what seems like a good idea actually leads to worse practice.
Slightly off topic but related, this is why the National Institute for Standards and Technology have changed the recommended guidelines for passwords. They now suggest that users should no longer have to regularly change passwords and shouldn’t be required to use complex passwords but instead should be encouraged to use long phrases. These changes come from the fact that although a complex password seems like a good idea, in reality it makes it harder for people to remember so they write them down! The same with having to constantly change passwords. I know with Bitwarden we can have the best of both worlds but the vast majority of people don’t use password managers.
I advise people to start with a simple password they will easily remember and then make small incremental additions and later changes about once a month. It gives you time to become very familiar with it, and in a very short time it can be quite long.
Add spaces and random Diceware words, add familiar numbers, later change out numbers and letters out for others that look or sound similar.
Only make changes when you’re very familiar with the pass phrase and your fingers type it without you even thinking. For me this is usually about a week but I still only upgrade it every month or two.
I have however developed a nasty habit of saying the phrase in my head while typing it, which is ok, but sometimes when I’m busy and rushing and stressed I catch myself whispering it while I type it which is obviously not a good idea.
I don’t know if any of this is good or bad or helpful - but it seems to work well for me. My password is very unrecognisable.
I like using the randomness of the dice element of Diceware in the process.