Ive noticed quite an obvious security lapse in BitWarden, and had to resort to going back to LastPass, I hope I missed an option or something because I would prefer to use BitWarden.
When using last pass, regardless if you are logged in or not, Lastpass requires you to enter your master password before autofilling any password.
in Lastpass if you are logged in and you go through all your saved logins and want to copy or view a password you have to enter tour password to get access.
In BitWarden they have a lock immediately option which doesn’t always work, if you unlock and leave your computer, someone else can jump on and copy any password you have saved there without a master password/pin request.
This was really surprising to me and I think its quite a laps in security.
“If you unlock BW then leave your computer then of course someone could access it - the same way they could access your email or your personal files.”
If you unlock LastPass and leave your computer then when someone else tries to access it and use one of your logins LastPass re-prompts for a password as a security precaution.
In LasPass logging in allows you to see all your available sites you have logins saved for, but if someone then tries to log in to one of them it re-prompts for a password, so you know even if you accidentally leave it on its secure.
LastPass doesn’t know you left your computer, whenever you want to log in to a new item (or see a password for a particular item) it prompts for master password, it doesn’t log you out, it can be turned off if it is something you don’t want it to do, but the option is there.
BitWarden does have a function to lock itself, but I found it glitchy and didn’t always work properly, it was not a good replacement.
The lack of the password re-prompt feature that LastPass has, unfortunately make BitWarden un-secure for me, as much as I like its other security features, this one is a deal breaker for me, if it just had that password re-prompt feature it would be perfect.
This is an option in LP, not a standard that applies to everyone. I do not have this set in my LP account, so I can view or copy a password without entering my master password. The same with autofilling.