Latest Floor Browser (aka Mozilla Firefox based on Firefox ESR with some tweaks)
Latest Firefox Extension
Windows 10 22H2
For no reason it stops working with biometrics and pin code and makes me type in master password to login. This is a serious flaw as this makes you more vulnerable to something like a key logger that could capture your master password! This flaw needs fixed I have had to turn off locking and just leave it unlocked as it’s safer than having it log out and making me enter in master password all the time!
I figured it out for some reason the security settings are being reset when extension updates as Floorp on work laptop and personal desktop both floorp and firefox both have the same thing happen.
That checkbox got enabled on all of the extension on latest update. Windows work laptop and my home personal PC both in Firefox.
Another problem is the desktop app will no longer launch minimized it’s always open full screen and I have to minimize it. To fix this I had to regedit the startup for Bitwarden desktop and add after the app starts -minimized and now it will open at startup minimized.
DUO 2FA won’t protect against an infostealer exfiltrating the local encrypted vault cache from disk. This is one of the most, if not the most, probable attack vectors against a vault cache protected with a weak pin that survives client restarts.
If it’s a work PC it will probably have antimalware tools, but they are not invulnerable. And if it was a laptop that can be lost or stolen, then the risk increases.
Any kind of access to the local disk contents by a bad actor means serious trouble with a weak pin that, I repeat, survives client restarts.
I wouldn’t uncheck that Require master password on restart if my pin’s strength wasn’t comparable with my master password’s.
