I find that the browser extension timeout is dangerous for use at work. Without an “on idle” option I could be constantly having to login due to a short timeout or walk away from my computer and anyone else could access because of a long timeout.
@Dan_Van_Malsen Welcome to the Bitwarden Community!
Is this what you are asking for?
Alternatively, you can lock your computer when you walk away from your computer by pressing Win+L if it’s Windows.
I suppose. In LastPass I can say “lock me out of LastPass if I haven’t used the computer for 1 minute or I shut down my browser.” I would like to be able to do something similar with Bitwarden.
You can certainly set Bitwarden to logout when you shutdown the browser, either wilth a full login or a PIN when you restart the browser.
I have never investigated how the timeout options work in detail, but there are some short ones.
Bitwarden already has this.
Go to Settings, then under Vault Timeout you can set it to 1 minute or Browser Restart.
You can even set a PIN or Biometric unlock so you don’t have to enter your master password all the time.
So when it says “1 minute”, for example, it is referring to 1 minute of idle time? It does not appear to work that way for me. A minute goes by and I’m logged out even though I’m using the computer.
It’s 1 minute since you last used Bitwarden. You can have it set to unlock with a PIN if you find entering your master password too much.
Don’t forget you can set it to lock on system lock so when you close the lid of a laptop or when you lock your computer it locks too. And Bitwarden already has the option to lock when you quit the browser.
1 Like
Also coming from Lastpass, I evaluate Bitwarden as replacement.
One thing that annoys me is a poor choice of vault lock options. I was used to rely on LP idle time logout option. When I leave my computer after all day work, I lock it and I can be sure that 15 min later (my LP timeout setting) LP will logout form my vault. BW only has fixed timers, which are useless. It even doesn’t have a fixed timer, which will cover my working hours, like 8 hours or so.
I currently put it on browser restart, but I regularly forget to close the browser at the end of my work, so it is a security flaw. I only use Firefox as a browser.
This is unfortunately a serious deal breaker for me.
This topic should get more upvotes, it is really important for day to day use.
@ dangostylver
Timeout since you used BW is useless. You don’t use BW every minute or so, just when filling up passwords. It should detect browser usage in general, not BW usage.
1 Like
Identical problem here and also migrating from lastpass. BW never times out regardless of the timeout setting.
I would like to see the option of ‘Never’ be eliminated from the timeout list. Using this as a work resource, ‘never’ seems like a security risk. From an organisation vault, it would be nice to have some control over what our users can select.
This is definitely what is needed. Having a timeout period based on the extension use doesn’t make much sense considering the on-demand nature of a password manager. How often are you entering passwords? I would say most people go hours without entering a password while staying active in the browser. A timeout period based on browser activity makes much more sense.