BitWarden Security Lapse

Ive noticed quite an obvious security lapse in BitWarden, and had to resort to going back to LastPass, I hope I missed an option or something because I would prefer to use BitWarden.

When using last pass, regardless if you are logged in or not, Lastpass requires you to enter your master password before autofilling any password.

in Lastpass if you are logged in and you go through all your saved logins and want to copy or view a password you have to enter tour password to get access.

In BitWarden they have a lock immediately option which doesn’t always work, if you unlock and leave your computer, someone else can jump on and copy any password you have saved there without a master password/pin request.

This was really surprising to me and I think its quite a laps in security.

Is there an option I have missed or something?


I’m not sure what you mean. If you unlock BW then leave your computer then of course someone could access it - the same way they could access your email or your personal files.

If you’re leaving your computer, you should lock BW and lock your computer. Even if you just lock your computer, that should be sufficient until you return to it.

“If you unlock BW then leave your computer then of course someone could access it - the same way they could access your email or your personal files.”

If you unlock LastPass and leave your computer then when someone else tries to access it and use one of your logins LastPass re-prompts for a password as a security precaution.

In LasPass logging in allows you to see all your available sites you have logins saved for, but if someone then tries to log in to one of them it re-prompts for a password, so you know even if you accidentally leave it on its secure.

How does LastPass know you have left your computer? It must utilise some form of timer.

BitWarden already has the functionality to lock itself. Have a look in Settings.

LastPass doesn’t know you left your computer, whenever you want to log in to a new item (or see a password for a particular item) it prompts for master password, it doesn’t log you out, it can be turned off if it is something you don’t want it to do, but the option is there.

BitWarden does have a function to lock itself, but I found it glitchy and didn’t always work properly, it was not a good replacement.

BitWarden has a wide variety of locking options. I’ve never had an issue with them either in Windows, macOS, or Linux. They work perfectly well for me.

Thats Great, if you like it I have no issues with that.

Ive noticed this feature is the third highest requested feature It seems other people who have experienced LastPass password re-prompt find it highly desirable as well.

The lack of the password re-prompt feature that LastPass has, unfortunately make BitWarden un-secure for me, as much as I like its other security features, this one is a deal breaker for me, if it just had that password re-prompt feature it would be perfect.

If you have found a bug in BitWarden, please report it on GitHub:

This is an option in LP, not a standard that applies to everyone. I do not have this set in my LP account, so I can view or copy a password without entering my master password. The same with autofilling.

1 Like

Sorry I’m late to the party. Just noticed this post was almost a year ago. I just joined today. I don’t know why it was at the top of my feed. I wasn’t searching for anything.

Computers are mysterious things. Nobody understands their mysteries fully :smiley:

No need to apologise, I found reading this old discussion interesting.