Add option to remember password in browser extension

RickJ · April 10, 2018, 9:41am

I’d like an option for the browser extension to remember (or bypass) the password as well as the login name. This might on the surface sound pointless, but is very useful in combination with 2FA.

The main benefit of 2FA is to prevent someone who has discovered your password from logging in on another machine - they are blocked and you get notified of the attempt. But your own machine is a reasonably trusted environment, and you want to be able to re-login conveniently. If the browser remembers your password, then all you have to do is respond to the 2FA. You actually have one-factor, but it’s the second factor. Given an attacker would first have to know your desktop password, as well as gain access to the machine, you’re not giving much away.

i’ve used this feature on LastPass for years, but I’m strongly inclined to migrate to Bitwarden (on balance I think it’s superior), and it would be great to have this convenience.

kspearrin · April 10, 2018, 12:53pm

You can disable the password from being required by selecting “Never” lock option under settings. There is no 2FA enforcement though, since that currently only happens on login.

RickJ · April 10, 2018, 1:43pm

Ah, but that’s the point. I don’t want to remain always logged in. I’d like the security of the login timing out, but the convenience of re-logging in using just a 2FA response.

It provides a very good balance of security and convenience.

eskela · April 12, 2018, 6:38pm

It feels like it’s same subject as 2FA when ‘unlocking’?
You want to lock BW, but unlock it only with 2FA, not the password.