Android: No more "Lock: Never"

Hi,

I have just set up a new Pixel 9 Pro XL with 2024.8.0 (18985), and I’m surprised I can’t set the app to “Lock: Never” anymore.

During setup of the phone, where I needed to login to 50+ apps, I’ve been logged out multiplke times, and even when it’s ‘only’ locked I need to press “login with biometrics” as an extra step instead of this being the default.

This is a massive hit to usability, and it requires me to unlock or even re-login when I just want to quickly fill a password.

I sure hope this is a bug…?

Hello, Frank,

This was filed as a bug and closed out for the non-native Android app. For the new native app, you may want to file a bug at:

@koehntopp To me that sounds like a massive gain in security. I never even understood, who would set up one or even four hours as lock-time, let alone “never”. So I hope it’s not a bug, but a security enhancement. :wink:

Hey there! I’m having some trouble reproducing the issue on my device.

Can you clarify for me if you are a member of an enterprise organization?

Also, please note that we do have a fix for the biometrics not being prompted automatically that will be included in the next beta release.

1 Like

Each person has their own use for BW. To you, one hour may be a security issue. To someone else, it’s their SOP. Making a blanket statement means not understanding how someone else may use a program.

The OP clearly stated he was setting up a new phone. He doesn’t want to login in repeatedly. Seems like a perfect use of a longer “stay logged in” time.

Of course, everyone must decide for themselves.

But the security issue doesn’t depend on “opinions”. Having a vault unlocked for longer periods of times is not recommended (unencrypted in memory…). For my taste, it is far too convenient for a person who doesn’t understand the security implications (PS: I don’t mean you or OP - I mean it in general here, for all people who start with Bitwarden e.g.), to set it to “never”, so that I often thought, “never” shouldn’t be an option at all.

The timeout time works as “after last use, stay unlocked for XX time”. 4 hours after the last use of the vault still being unlocked is not enough for the set up of a new phone? :thinking:

Hi Micah,

turns out I’m an idiot - I did not see that the box can be scrolled (to my defense, there is no visible scroll bar).

Consider it solved.

Please allow me to follow my own personal threat model, I am fully aware of what I’m doing.

Okay, then I cancel the planned inspection at your home. :man_shrugging:

Glad the issue is cleared up! :sweat_smile: