Currently logging into BW browser addon has the account Email Address saved. Logging out of the BW browser plugin should empty Email Address form field and require both email and password to be entered when logging back in.
Logging out of the browser plugin should also logout any BW browser tabs you have open, vice versa.
I wouldnât want that forced upon a user. If it was an option and you wanted it, ok. For me, I wouldnât want to key that info every time I log out. I am a person that logs out of my browser at the close of a session, as opposed to simply locking BW. I keep my email account âsolidâ with U2F only access so exposing the email accountâs address doesnât concern me.
Not something Iâd personally want, but I figure a âRemember Meâ-esque checkbox either on the login page or in the settings wouldnât hurt.
An option to remember the Email after log in
Currently the add-on and desktop apps stores the Email field of the last successful log in with no way to opt out or even clearing the field. The feature would give the choice whether the add-on remembers the Email or not.
This could either be a Remember Email checkbox like the web vault or an option in the settings to not store the Email.
This choice would allow for more privacy and security, if one is using the add-on on a shared computer or using a unique Email for the password manager. It also gives the user more agency and seems like an option that should be there by default
Thanks @Nat! 2 are for forgetting the email in the login screen, and 2 are for removing the email from the extension UI. Iâll group them.
Can anyone provide some sort of ETA for the implementation of this feature or a decision of whether this is going to be addressed at all? This issue was opened in 2019, so it doesnât appear to be a high priority concern for developers. This is an essential security feature. Now that LastPass is no longer really free, Bitwarden is undoubtedly going to receive a big influx of users. Not having this feature might turn off some people towards other password manager alternatives. Since this is a relatively easy feature to implement, Iâd suggest bumping this up in the priority queue.
I agree that hiding the email address when logging in should at least be optional. It is less secure to have it filled out automatically if you log all the way out.
As a newbie, I would recommend that BW follow the online design convention that means a username (email address)
Problem: Android app, Firefox and Chrome browser and extension, by default remember a users email address.
The browser extension and android app remember the users email address on a persistent basis, even when a device is rebooted.
The online convention is to give account holders the option to remember a user name (email address), BW breaks this by not giving user a choice NOT to remember the username (email name), this is poor operational security be design
Solution: Follow app, browser and extension design convention that ensures users have to opt-in for their username/email address to be remembered
Observations: Even when I use an incognito/private browser session, the BW extension remembers the username/email address and does so in a way that makes it appear impossible to remove the username/email address
For the Android app, the only way to remove the persistent retention of the username/email address is to deleted the app cache and data or uninstall app
There is merit in remembering this log in data, but that should be based upon explicit opt-in user choice.
I consider the balance between security and user convenience is wrong, persistent no choice pre-populating of user login data for a âkeys to the kingdomâ password manager should end asap and BW should arrange for itâs next security audit to address and analyse these practices
Apologies if this request is duplicated, I have only just come to realise that BW persistently remembers the username/email address across various platforms