Custom and longer lock time

There should be option to enter custom lock timeout, eg. 8 hours or 24 minutes.
Similar github request:

I felt the same and suggested an PR at https://github.com/bitwarden/browser/issues/449
Could someone give me any feedback for the code?

This would be nice, the default options, it should give user the choice of custom time out timing too.
It’s kind of annoying to have to keep login in everyday, unless you set it to never. Hope this get implemented

1 Like

Commenting, since this sounds basically what I would like.

The only thing I miss from LastPass is the ability to set a longer abount of time for locking the password manager. This being something like 24 hours, 7 days, 30 days, etc. That way I can set it to a comfortable timespan, especially for my home computer. For a work computer, it’s fine for every browser restart, but for personal, I’d like to have it be longer, but not “never” (which is currently what I have it set to).

Four hours is far too short. I want it to at least last 8 hours so I don’t need to log in twice in a typical work day.

Ideally the timeout period would be configurable to whatever the user wants.

I would probably set it to 7 days, personally. But right now I’m stuck with either 4 hours (way too short), restart browser (which I do relatively frequently, as I run Firefox betas and they update a lot), or never, which permanently stores my key and is insecure.

You don’t update your browser multiple times a day though, do you? On browser restart works well for me as I open it in the morning and don’t close it until I’m done for the day.

No, usually firefox updates betas 3-4 times per week. It’s definitely a painpoint, trying to migrate from Lastpass.

There are a bunch of these “paper cut” painpoints, each one pretty minor, but they all add up.

I would like to see an option added to keep unlocked for 8 or 12 hours in the browser plugin.

This would get us through the entire work day.

3 Likes

don’t really see a point in this.

why not use the option lock “On System Lock”?
as long as you are working on your computer the database would be unlocked. then, if you leave your place you should lock your system anyways else there would be no advantage of a secure password manager.

in case you are annoyed by unlocking both your system and BW I see no reason for a protected password manager since you are confident enough of your systems protection

By your logic none of the existing time based unlocks should exist. It should only be lock on system lock and never lock.

If you don’t need the feature, don’t use it. Don’t s**t on other people’s requests because it’s not something you’d find useful.

1 Like

I think a better solution would be making it fully custom. I see no reason why it shouldn’t allow me to enter whatever number of hours I want.

3 Likes

I was just discussing the use of this request.

If I understand you correctly, you are looking for a solution to unlock your database only once a work day. why not use lock “on browser restart”. that way you also do not have to unlock your BW when you have locked your system. but you lose one layer of security.

I s**h on this idea, because it provides no point of security and misuses BW just as an online synced open textfile (a modern way of post-its on monitor).

Long term time-based unlocks just reduce the security-level to about zero and I lose control over the exact time my database is about to lock. Additionally if the system will not be locked whilst leaving my workplace the database is open to everyone for the left time until locking.

looking at the gain side: you have set the timer to 8h expecting an 8h-work-day:

  • either you will work less, then “lock on browser restart” would be perfectly fine asuming you’ll shut down your pc at the and of your day or at least close your browser
  • or you will work longer, then you have to unlock your database a second time, just because you set your timer to a very long imprecise time in the future. and with everyother required unlock you will do it again.

I don’t shut down my machine, so my browser never shuts down.

Comparing this to a synced open text file is ridiculous. It’s not like my passwords are sitting on Dropbox unencrypted.

Keepass (which I migrated from) lets you specify in minutes exactly how long before the application locks. If someone is smart enough to use a password manager they’re probably smart enough to set a timeout for locking that works for their use case, while maintaining security.

You’re arguing as if I don’t lock my machine when leaving my desk. I do, so your argument about reducing security to zero is inaccurate.

Again, if you don’t like the feature [request] you don’t have to use it. It isn’t mandatory. I don’t have to justify my use case to you if you’re not the one doing the work to implement the change.

2 Likes

Feature name

Additional vault timeout options

Feature function

The existing options I can see in the Firefox extension range from immediately to 4 hours, then on browser restart & never.

I don’t tend to close my browsers & don’t restart my laptop often for weeks.

Perhaps some additional options could be added for longer timeouts? Eg 1 day, 1 week, 1 month. Alternatively user defined.

Thanks!

I would personally prefer a 16 hour and 8 hour one as one would cover a regular day (without sleep), the other a typical workday :slight_smile:

I would highly appreciate additional or custom vault timeout options.

Coming from lastpass, the 30 day authentication on my vault + master password requirements on entries of my choice worked well for me.

The longest time to keep vault unlocked (aside from never timeout), is 4 hours. I would like to see an 8 hour and/or 24 hour timeout be available on the dropdown menu.

1 Like

Related feature requests. Some of these should probably be merged together into single feature request:

Combined @cho-m - I think the common umbrella of ‘extend the hours and/or make a custom timeout’ is clear :+1:

To build on what powersst said, I wish I could setup the Bitwarden app to unlock by a pin code, but every 30 days or so require my master password to unlock, like Lastpass allowed me to do. It’s easier for me to memorize a 6-digit pin than my master password, but it would be a problem if Bitwarden were that easily accessible all the time, and then something were to happen like I lose my phone, or a friend/family member/etc manages to figure out my pin and has access to my vault on-the-sly whenever I’m not looking or aware.