Add an option to always log in after a system restart

I have a PIN to have easy access when I am working with my system.
I also have 2FA enabled with my Yubikey.

Currently, after switching off and on my laptop, I do not need to log in. So the 2FA is kind of useless.
I would like to be prompted for my master password and Yubikey when I access Bitwarden the first time after starting my laptop.

Or can that be achieved by the current configuration options?

Thanks
Jan van Veldhuizen

Hello Jan - yes, if I understand your request properly, you can achieve this through the current configuration options.

In Settings, under they Security heading, set the Vault Timeout to On Browser Restart and set the Vault Timeout Action option to Logout. Just be sure that you did not enable the option to Remember your device when you authenticated with your second factor and it should prompt you to re-enter your 2FA info each time.

Does that satisfy your needs?

Thanks for your reply, but no, it does not.
With this configuration I have to login with 2FA every time when I start the browser, which is many times per day. What I would like is to login again after I start my machine. So first time I need a website password in the morning.
So next to ‘at browser restart’ Bitwarden should give the option ‘at system restart’.

1 Like

For the browser extensions, the encryption key is held in memory attached to the browser process. To hold that key when the browser closes, it would need to be written to disk as far as I am aware. Something to take note of, and avoiding the writing of the key to disk is why we choose the more secure default of wiping the key (and locking/logging out) when the browser process is ended.

There are apps that will actually keep your browser process running when it is ‘closed’ - so Bitwarden can remain unlocked until you reboot your computer, which may be helpful in this scenario and prevent the need to write your keys to disk.

I agree. I want to be able to do 2FA after my computer has restarted but not necessarily every time I restart my browser. I think a good solution would be if we could have multiple layers of “timeout events” and be able to choose different decisions (log out vs locked) for each of those layers (i.e. - “Log out” after system restart/system lock for one layer, and “lock” after browser restart).

2 Likes

We should have an option to secure devices (full log out) just by restarting the device (phone/laptop)

Especially if cops/customs/unfriendly govts, get physically access and can use your biometrics to unlock.

This allows for the convenience of biometrics when in a non-hostile situation, but also provides security when biometrics can be forced by officials (biometrics are not protected by 4th amendment in the US)

This is such a simple feature to implement and the security benefits are massive.

2 Likes