I’ve recently turned to Bitwarden in the hope of finding a way to secure passwords effectively, but I’d like to point out two black spots that caught my eye.
Firstly, when the browser extension is unlocked, all passwords are accessible in clear text. It’d be nice asking the pin code again to reveal the contents of each credential. I mean, on Firefox native password manager, you have to enter your master password each time you want to see something, which is more secure.
Someone with access to your machine could quietly copy everything,unless you lock it immediately…Which brings me to my second question/suggestion.
Iif the application is locked, it’s still connected, so why can’t we fill in the identification forms with the extension locked?
For this reason, you need to prevent others from accessing your unlocked vault. Bitwarden users typically set the “Vault Timeout” option to a short interval (15 min or less, depending on the environment in which you use your machine). It is also advisable to lock your computers and mobile devices when they must be left unattended.
Not sure what you mean by “connected”, but it seems that you have misunderstood what locking and unlocking does. As long as you don’t log out, your Bitwarden app has access to a locally cached copy of the vault data (and can therefore display the vault contents even if you are disconnected from the internet). The local vault cache is stored encrypted, so that your passwords are protected even if someone gets access to your device. Unlocking your client app causes it to read the cached vault data, decrypt these data, and store the decrypted vault data in volatile memory. Conversely, locking your client app causes it to purge the decrypted vault data from your device memory.
Thus, while in the locked state, the Bitwarden client app (e.g., the browser extension) does not have access to the decrypted vault contents. As a result, Bitwarden cannot autofill any forms while locked.