Divide the Vault Timeout option (Support different events for lock vs. logout)

In the settings you can currently have a menu (Vault Timeout) in which you set the time until the Vault Timeout Action (can be set to Lock or Log Out) occurs. This means that it’s either Lock or Log Out.

My request is to have two separate options by having two separate Vault Timeout menus for Lock and Log Out. For example I’d like my system to Lock after 5min and to Log out on System Sleep which would increase the security by requiring 2FA.
Currently I have to choose between 2FA after System Sleep (which leaves the Vault unlocked for quite some time) or locking it after 5min but no 2FA after System Sleep.

This is what it currently looks like:Screenshot from 2020-08-06 10-57-24 (copy)

This is what I would like:
Screenshot from 2020-08-06 10-57-24

That seems a good extension proposal.

I was already wondering why e.g. the Android app keeps being logged in even after an android reboot.
At events like an reboot I would want to have the vault being closed (new password login, not only locked).

1 Like

I think there was a similar request here: Lock Vault on system lock, logoff or shutdown ONLY. Made a few days after this request.

Would love to see this. Really miss this level of granularity.

This seems like an excellent idea

+1 would love to have this.

+1 I’d love to see this added to BW, the current setting forces users to compromise between security and convenience.

+1. I’d also like this feature.

Semantically, there are two different questions I would like the application to ask:

  1. “Who are you?” – as verified by the master password. Asked “once in a while” (eg on system wake/power on)
  2. “Are you still you?” – as verified by a pin, or some other low-complexity input. In my mind, this would be a highly intolerant input, where a single wrong character (types at any point) would trigger the “Who are you?” question.
1 Like

Feature name

Set options for both auto lock, and auto logout, on different time frames

Feature function

Currently, users have the option to select EITHER lock OR logout after a set amount of time.
It would be more ideal, in my use case to implement auto lock after a relatively short period of time, but auto logout after a longer period

as an example. I come back from lunch, and unlock my vault to login to various sites or services. After that, I often do not touch bitwarden for the rest of the day. If I do not remember go specifically logout at the end of the day, the vault remains stored on my device, requiring only the master password to open. In an environment with multiple coworkers sharing an office space, this is not ideal. I would like the vault to lock after a few minutes, which is sufficient for stepping away from my desk to grab coffee, use the restroom, etc, but then logout and require 2fa after a relatively longer period, such that if I forget to logout before leaving for the day, or worse, the weekend, it will logout and secure my vault.

1 Like

I agree with Magnus, I wish the Android app would require full authentication after reboot. Including 2FA. I have not needed to provide 2FA authentication on my phone since I first setup bitwarden, over a year ago. As my phone is the most likely digital device to be lost or stolen, it seems somewhat backward that it has some of the lowest level of password security.


It would also be nice to be able to select multiple options for locking/logoff like 60 minutes OR system lock


Late, but still missing this feature, as it would provide some good extra security

+1, especially useful for phones

Another bump for this, would really appreciate this feature!
When I’m on my laptop I’m happy for my vault to lock after a few minutes and to use my pin, but after 10-15 minutes I’d really like it to logout as well.

+1. It would very useful, to auto lock after a few minutes, but auto logout (and require 2fa) after lock/system wake up/system restart.

+1 To slightly add to this, the ability to Lock with PIN separately from Lock with Master Password.
i.e. Lock with PIN on browser restart, and Lock with Master Password on system lock.

That way when I’m actively using my computer I can use a PIN, and when I’m away the memory is purged. Otherwise it becomes frustrating to use…