Ask to save password even when BitWarden is locked

Currently Bitwarden does not queue the creation of new site entries while the network is down. If it did, then an additional feature worth adding would be to save new site entries, while Bitwarden is locked, into a queue file, using a public key. Later, when Bitwarden is unlocked, it can migrate the queued data into the normal database.

I realize of course that it’s easy to wish for such things, a lot harder to actually implement then.

1 Like

This makes starting to use Bitwarden a gross experience, since I have set Chrome to lock the Bitwarden extension on device lock, and I have to remember to unlock Bitwarden before logging in somewhere for the first time with credentials I have memorised so that I receive the prompt to save those credentials. Why does Bitwarden need to be unlocked for this prompt?

It would be great if Bitwarden asks users to save the password without the need to enter the master password. Whenever I create a site, I have to remind myself to save the account in the vault. Sometimes I forget the password that I used for creating the account.

Actually I don’t have votes left but this could be really a nice feature! :+1:

2 Likes

Agreed. This was something I didn’t even think about but after leaving LastPass, I realized this was very helpful.

If your password manager allows you to save a password when it’s locked then the password manager was never actually locked.

Adding this feature will put everyone security at risk - locked means locked.

1 Like

False, there are ways to do it securely, eg requiring the user to enter the master password if they answer “yes” to the prompt.

1Password, for example, has this feature. Sounds like LastPass does too.

I use randomly generated passwords for all the logins. So when I am creating a login account, to create a random password I eventually have to unlock the vault (in browser extension). This could be a potential workaround.

Now that said, It would be great to remind to unlock the vault after creating any new login ids. +1

Now the question becomes… how does a password manager know if you have a password saved for that website if it’s locked?

If the password manager is locked all data is encrypted and there is no way to know. This means those other password managers are not fully encrypting your vault when they “lock” for this feature to work. Just because other password manager can do it doesn’t mean Bitwarden should; security by obscurity is not security at all.

As @mnjm has pointed out you should be using a random password for every account which means you need to unlock your vault anyway. Bitwarden could ask to unlock if it sees a password field so it can check to see if you have an account but all roads lead to you needing to unlock your vault anyway.

1 Like

No one said it checks to see if you already have that password or that it needs to before you enter your vault master password.

BitWarden, while locked, could “see” you’ve entered a username and password manually (eg a password you created before you used a password manager and not one randomly generated). BitWarden could then prompt “Do you want to save this login to BitWarden?” Selecting Yes would require your master password and then BW could check if the login exists or save the login appropriately.

I’m not sure why you continue to argue against this feature. There is no security risk here, and is only a value added feature. It removes nothing while gaining some quality of life functionality.

1 Like

Not arguing, trying to follow the logic. You could be asking for one thing but thinking of something else. I’m trying to be helpful, I don’t mean to be rude.

The problem with your example is that if you come across a login page your first instinct should be to open your password manager and have it fill in the password. You’ve moved on from keeping passwords in your head and now use a password manager. If you don’t have an account in your password manager for this website yet you’ll realize this once the vault is unlocked and then can take the steps needed from there.

If you’re entering passwords manually then why have a password manager? You should be opening the vault to have it fill the password to not only make your life easier but to protect you from phishing pages. If you don’t have that login yet you’ll realize this once the vault is unlocked and then add it.

1 Like

I’m not sure why this is so hard for you to understand. When transitioning to a password manager, you will first have to enter your login information into the password manager. However, if you forget to unlock BitWarden first, you now have to enter the information for that website again manually in BitWarden. That is frustrating.

Since I have posted this feature request over 2 years ago, this has become less of an issue because as you point out, I’m now using the password manager to fill the login, and all my logins are in BitWarden now. However, this was not the case when initially starting to use BitWarden, when your logins are not already in BitWarden so you manually login to a website.

This feature request is obviously not for you. You can move on. But by the number of votes it is definitely useful to others.

1 Like

I get what you’re saying and it seems you’re understanding what I’m saying somewhat.

To add, the password could be saved or not, the user won’t know for sure until they unlock their vault. Even if you know for sure the password is not in the vault you still need to open the vault to add it. Once unlocked they can autofill or if there is no item they create a new login within the Bitwarden extension.

This part is where many people are getting confused.

They’re manually entering the username and password on the webpage when they should be adding it through the extension. This keeps you from having to do it twice as you have said. This is how you’ll be doing it for every new account, even ones you create after using Bitwarden.

You are creating new accounts through the extension, right? If not, how are you creating the random password?

1 Like

Thing is other password managers do this without adding extra risk, by the way described above and honestly that gives a more intuitive experience as you don’t constantly have to think about opening a plugin/vault, it just prompts you or gives you a menu when/where you need it.

You’re implying you need to “open the vault” to generate a password, but other password managers like lastpass just add an icon in the password input field and if you click it you get a menu with the option to generate a new unique password. Then it asks you if you want to save it when you continue and if you’re not logged in to the vault yet it juts prompts you to do so. That just feels more natural to me as it’s more integrated into the actual login/register fields you have to interact with as you browse the web normally and doesn’t require some new routine to not have to type stuff twice.

1 Like

Feature name

  • Password Save in Locked Vault

Feature function

Password managers such as LastPass attempt to save passwords even if the vault is locked. It is a super important feature for a password manager since it is insecure or at least not necessary to login to the password manager anytime the user opens the web browser. On top of that, it is uncomfortable and many users may forget that.
Lacking this feature may cause “security fatigue” or “login fatigue” that leads to not using the automatic vault lock function. So, increases the cybersecurity risks.

1 Like

@Shadow Welcome to the Bitwarden Community!
Is this what you are asking for?

2 Likes

This is a MAJOR item that is preventing me from switching from LastPass to BitWarden. I want and need Bitwarden to prompt any time a password is entered, ESPECIALLY WHEN LOCKED, because it is normally locked. So 99.9% of the time, Bitwarden fails to save my passwords because of this.

@kyferez it’s underway :slight_smile:

3 Likes

This feature is now included in the latest release :sunglasses:

3 Likes