Divide the Vault Timeout option (Support different events for lock vs. logout)

x5jyh3 · August 6, 2020, 9:09am

In the settings you can currently have a menu (Vault Timeout) in which you set the time until the Vault Timeout Action (can be set to Lock or Log Out) occurs. This means that it’s either Lock or Log Out.

My request is to have two separate options by having two separate Vault Timeout menus for Lock and Log Out. For example I’d like my system to Lock after 5min and to Log out on System Sleep which would increase the security by requiring 2FA.
Currently I have to choose between 2FA after System Sleep (which leaves the Vault unlocked for quite some time) or locking it after 5min but no 2FA after System Sleep.

This is what it currently looks like: Screenshot from 2020-08-06 10-57-24 (copy)

This is what I would like:
Screenshot from 2020-08-06 10-57-24

Magnus · November 1, 2020, 4:03pm

That seems a good extension proposal.

I was already wondering why e.g. the Android app keeps being logged in even after an android reboot.
At events like an reboot I would want to have the vault being closed (new password login, not only locked).

youngheart80 · December 4, 2020, 6:35pm

I think there was a similar request here: Lock Vault on system lock, logoff or shutdown ONLY. Made a few days after this request.

TumbleTimble · December 4, 2020, 8:53pm

Would love to see this. Really miss this level of granularity.

el613 · December 8, 2020, 8:38pm

This seems like an excellent idea

MoonDogg · January 14, 2021, 4:29pm

+1 would love to have this.

yncx · February 18, 2021, 12:23pm

+1 I’d love to see this added to BW, the current setting forces users to compromise between security and convenience.

Crisp · February 18, 2021, 1:12pm

+1. I’d also like this feature.

Semantically, there are two different questions I would like the application to ask:

“Who are you?” – as verified by the master password. Asked “once in a while” (eg on system wake/power on)
“Are you still you?” – as verified by a pin, or some other low-complexity input. In my mind, this would be a highly intolerant input, where a single wrong character (types at any point) would trigger the “Who are you?” question.

rassawyer · April 23, 2021, 7:30pm

Feature name

Set options for both auto lock, and auto logout, on different time frames

Feature function

Currently, users have the option to select EITHER lock OR logout after a set amount of time.
It would be more ideal, in my use case to implement auto lock after a relatively short period of time, but auto logout after a longer period

as an example. I come back from lunch, and unlock my vault to login to various sites or services. After that, I often do not touch bitwarden for the rest of the day. If I do not remember go specifically logout at the end of the day, the vault remains stored on my device, requiring only the master password to open. In an environment with multiple coworkers sharing an office space, this is not ideal. I would like the vault to lock after a few minutes, which is sufficient for stepping away from my desk to grab coffee, use the restroom, etc, but then logout and require 2fa after a relatively longer period, such that if I forget to logout before leaving for the day, or worse, the weekend, it will logout and secure my vault.

rassawyer · April 26, 2021, 3:01pm

I agree with Magnus, I wish the Android app would require full authentication after reboot. Including 2FA. I have not needed to provide 2FA authentication on my phone since I first setup bitwarden, over a year ago. As my phone is the most likely digital device to be lost or stolen, it seems somewhat backward that it has some of the lowest level of password security.

makapoor · May 21, 2021, 8:10pm

+1

It would also be nice to be able to select multiple options for locking/logoff like 60 minutes OR system lock

Joost_Kolkman · September 15, 2021, 8:41am

+1

Late, but still missing this feature, as it would provide some good extra security