Please add the option for “Ask to save password” prompt to function even when BitWarden is locked.
There’s been plenty of times when I login to a website I know isn’t saved in BitWarden and do so forgetting to unlock BitWarden first, which means I’m not promoted to save the password I just used. Would be nice if saving of usernames and passwords could be promoted even when the vault is locked.
This is a great idea! After all, I can’t see any obvious risk about ADDING an account in the vault… the risk is to retrieve login details…
But maybe i’m skipping some things…
One risk that comes to mind for me would be over-writing an existing account. Another would be that, if the app is still able to write new data to your store, that would mean the store is not actually locked and is only inaccessible to the user via GUI.
It doesn’t have to be stored. I think it would suffice if the prompt shows up, then you need to enter your master password, and then the new item is actually stored.
@aksdb That could work and that would be helpful.
+1 for aksdb’s suggestion of a prompt. This would be very helpful for me.
I used roboform for years, and they do what aksdb suggested, just prompt the save if you say yes than you have to enter your master password, it would be a handy feature, I keep forgetting to unlock after I close my browser
Currently Bitwarden does not queue the creation of new site entries while the network is down. If it did, then an additional feature worth adding would be to save new site entries, while Bitwarden is locked, into a queue file, using a public key. Later, when Bitwarden is unlocked, it can migrate the queued data into the normal database.
I realize of course that it’s easy to wish for such things, a lot harder to actually implement then.
This makes starting to use Bitwarden a gross experience, since I have set Chrome to lock the Bitwarden extension on device lock, and I have to remember to unlock Bitwarden before logging in somewhere for the first time with credentials I have memorised so that I receive the prompt to save those credentials. Why does Bitwarden need to be unlocked for this prompt?
It would be great if Bitwarden asks users to save the password without the need to enter the master password. Whenever I create a site, I have to remind myself to save the account in the vault. Sometimes I forget the password that I used for creating the account.
Actually I don’t have votes left but this could be really a nice feature!
Agreed. This was something I didn’t even think about but after leaving LastPass, I realized this was very helpful.
If your password manager allows you to save a password when it’s locked then the password manager was never actually locked.
Adding this feature will put everyone security at risk - locked means locked.
False, there are ways to do it securely, eg requiring the user to enter the master password if they answer “yes” to the prompt.
1Password, for example, has this feature. Sounds like LastPass does too.
I use randomly generated passwords for all the logins. So when I am creating a login account, to create a random password I eventually have to unlock the vault (in browser extension). This could be a potential workaround.
Now that said, It would be great to remind to unlock the vault after creating any new login ids. +1
Now the question becomes… how does a password manager know if you have a password saved for that website if it’s locked?
If the password manager is locked all data is encrypted and there is no way to know. This means those other password managers are not fully encrypting your vault when they “lock” for this feature to work. Just because other password manager can do it doesn’t mean Bitwarden should; security by obscurity is not security at all.
As @mnjm has pointed out you should be using a random password for every account which means you need to unlock your vault anyway. Bitwarden could ask to unlock if it sees a password field so it can check to see if you have an account but all roads lead to you needing to unlock your vault anyway.
No one said it checks to see if you already have that password or that it needs to before you enter your vault master password.
BitWarden, while locked, could “see” you’ve entered a username and password manually (eg a password you created before you used a password manager and not one randomly generated). BitWarden could then prompt “Do you want to save this login to BitWarden?” Selecting Yes would require your master password and then BW could check if the login exists or save the login appropriately.
I’m not sure why you continue to argue against this feature. There is no security risk here, and is only a value added feature. It removes nothing while gaining some quality of life functionality.
Not arguing, trying to follow the logic. You could be asking for one thing but thinking of something else. I’m trying to be helpful, I don’t mean to be rude.
The problem with your example is that if you come across a login page your first instinct should be to open your password manager and have it fill in the password. You’ve moved on from keeping passwords in your head and now use a password manager. If you don’t have an account in your password manager for this website yet you’ll realize this once the vault is unlocked and then can take the steps needed from there.
If you’re entering passwords manually then why have a password manager? You should be opening the vault to have it fill the password to not only make your life easier but to protect you from phishing pages. If you don’t have that login yet you’ll realize this once the vault is unlocked and then add it.
I’m not sure why this is so hard for you to understand. When transitioning to a password manager, you will first have to enter your login information into the password manager. However, if you forget to unlock BitWarden first, you now have to enter the information for that website again manually in BitWarden. That is frustrating.
Since I have posted this feature request over 2 years ago, this has become less of an issue because as you point out, I’m now using the password manager to fill the login, and all my logins are in BitWarden now. However, this was not the case when initially starting to use BitWarden, when your logins are not already in BitWarden so you manually login to a website.
This feature request is obviously not for you. You can move on. But by the number of votes it is definitely useful to others.
I get what you’re saying and it seems you’re understanding what I’m saying somewhat.
To add, the password could be saved or not, the user won’t know for sure until they unlock their vault. Even if you know for sure the password is not in the vault you still need to open the vault to add it. Once unlocked they can autofill or if there is no item they create a new login within the Bitwarden extension.
This part is where many people are getting confused.
They’re manually entering the username and password on the webpage when they should be adding it through the extension. This keeps you from having to do it twice as you have said. This is how you’ll be doing it for every new account, even ones you create after using Bitwarden.
You are creating new accounts through the extension, right? If not, how are you creating the random password?