Other password/passkey managers display a dropdown list of autofill suggestions when you click on a text field such as a username or password, even if they’re locked. Only after you choose one does it ask for credentials to unlock it (e.g. biometrics, a master password, etc.).
However, with Bitwarden, if you click on a text field and Bitwarden is locked, it’ll just ask you to unlock it.
Here’s a screenshot showing the a built-in browser password/passkey manager and Bitwarden. Both are locked. The built in one will ask for a PIN after you choose an autofill suggestion.
I wish that Bitwarden worked more like other password/passkey managers in that it displays autofill suggestions even while locked, and only requires unlocking after one is chosen.
Such password managers store the necessary information (e.g., website addresses and usernames) in plaintext, which security-conscious users consider an unacceptable vulnerability. If the vault data are leaked or stolen (from either the server or from your local devices), then the attackers will know where all of your accounts are, and what username you use. This opens you up to all sorts of risks, including social engineering or phishing attacks (leveraging the known information to appear credible), targeted brute force attacks (against any high-value accounts found in your vault, such as cryptocurrency wallets), or even blackmail (if there are any embarrassing or unsavory websites stored in your vault).
The 2022 Lastpass breach was a big scandal in large part because their vault database contained website and other account data in an unencrypted (plaintext) form, putting their users at risk, and leading to a loss of a half-billion dollars’ worth of cryptocurrency.
Because Bitwarden prioritizes vault security (sometimes requiring compromises in convenience), all vault data (including website addresses and usernames) remain fully encrypted and unavailable for display until the vault is unlocked. Thus, I don’t see any prospects for implementation of this feature request.
