Hi,
I use the bitwarden Android and chrome extension and what I’ve experienced is after the app automatically logs me out, it never asks me again to go through 2FA while logging in.
Thanks,
Huzefa
The app doesn’t log you out, it locks your vault.
2FA is asked only when logging in, which is done only once per device unless you explicitly log out.
I think both features lock-out and log-out should be merged into a single feature of auto-log out after a certain point of time with an option of ‘Remember Device’. This way there is 2FA authentication happening everytime you log in unless the device is remembered, rather than the vault staying in a limbo mode of being remembered by your email-id and you just login using the Master Key.
I mean the whole point of 2FA comes into picture only if you login. If you’re never changing devices that you use, 2FA is basically happening only once in the entire lifetime uptill you own the devices, unless you remember logging yourself out everytime you use bitwarden.
Logging out destroys data on your device, when you log back in you need to re-download all your vault which incurs network traffic and is not a fast operation.
Locking your vault protects your data but it’s still on your device, so you only need to download the diffs when re-accessing your vault.
I don’t think merging the two features would be a good idea.
1 Like
I think I understand that now clearly. When you say locking still keeps the data in your device that means the data is still stored in an encrypted format on the device. correct?
I have some definitions here:
That is something still pending to be implemented i believe. So does that mean as of now the data resides unencrypted on the device with a potential of being stolen if hacked?
I believe locking encrypts your data. To be confirmed by @kspearrin