End user onboarding and UI: browser extension onboarding nudges to guide users on key features of the browser extension upon initial installation
End user onboarding and UI: logging into the browser extension post-account creation on web to accelerate browser extension setup
End user onboarding and UI: post-account creation, guide users to download the browser extension, pin the browser extension, and understand how to generate passwords, save logins, and autofill.
Improving performance load times for extension and autofill
Access Intelligence Limited Preview: New Risk Insights dashboard that allows organizations to roll-up credentials into applications, categorize the criticality and risk of applications, and send guided alerts to end users to update weak, reused, or exposed passwords. Reach out to [Sales] (https://bitwarden.com/contact-sales/) to enable your organization for Access Intelligence.
Policies: Expansion to individual vault policy that will allow creation of default collections, called My items, for enterprise users to have a personal space to save business items to
Collection permissions: Edit item permission will now include the ability for users to delete items from collections. If you prefer to restrict deletion of items to users with the Manage collection permission, organization owners will have access to a new setting, Limit item deletion to users with the Manage collection permission.
Policies: new enterprise policy that allows organizations to disable use of credit card item type
Policies: expansion to Vault Timeout policy to separate lock and logout actions
Policies: new policy to set default match URI detection policy for autofill
Reporting: improving performance load times for large organizations
Collections: Improving performance load times for large organizations
Transparency
Items listed on the roadmap are active, in-development initiatives from the Bitwarden product and engineering team. As the Bitwarden team releases new features, this roadmap will be updated as a living document so that the Bitwarden community will know what new items are in progress as well as items likely to be released near-term.
Any dates provided by Bitwarden team members on any initiatives are targets and will be continually revised as the team gets closer to release. As with all features, the top priority is ensuring security and product stability.
Previous releases
You can also review previous release notes to learn more about recently launched features.
Posting a feature request Start here to learn how to post a feature request.
Can someone explain what this means? My first reaction is that it sounds like it may create a new attack surface for the browser extension…
Shared state refers to both shared login state and shared unlock state. That is, logging into your web vault, will log you into your browser extension, and vice versa, and, unlocking/locking one of them would unlock/lock both.
Yes, this requires a new IPC layer at large (currently being built), a new transport layer encryption (Most likely Noise), and new ways to determine trust. I.e
“How does the web vault (locally) know it’s talking to the browser before handing over secrets”
“How does the browser extension know it’s talking to the web vault (locally) before handing over secrets”
Passive sniffing, or secrets being swapped to disk is prevented by the transport layer encryption. The interesting part here is trust. (I don’t know the current progress on trust, so I won’t comment on that).
Of course, as always, this is covered by regular audits, is open source, and reviewed internally for security issues before releasing.
The most critical scenario is being able to log into the browser extension from the web, given that most users start with account creation on the web and the goal is to accelerate onboarding to the browser extension. For now, this may be limited to new users post-account creation. This is still in early technical research.
OK, thanks for the additional information. Having the Web Vault login automatically authenticate the browser extension would be a useful work-around to the delayed (or abandoned?) implementation of passkey login for the browser extensions.
However, forcing the browser extension to log out whenever the Web Vault logs out (which I think is what was implied by @Quexten’s “vice versa” comment above) does not seem to serve any useful purpose.
Where’s passkey exporting that has been talked about?
How about vault entry sorting by type, date, whatever? seems like there was some interest too considering the poll
Any plans to add “security dashboard” type of stuff to apps/extensions? most of the competition include this, and BW has this only in the web vault
There’s more i could ask about but considering it’s a confirmed roadmap I’m just asking about stuff that had some traction from BW itself from what I’ve seen
@gtran I note that Desktop (MacOS) auto-type of passwords is listed in the roadmap above. Can someone from Bitwarden advise when this will make it into a final release?
to learn how to post a feature request.