In the settings you can currently have a menu (Vault Timeout) in which you set the time until the Vault Timeout Action (can be set to Lock or Log Out) occurs. This means that it’s either Lock or Log Out.
My request is to have two separate options by having two separate Vault Timeout menus for Lock and Log Out. For example I’d like my system to Lock after 5min and to Log out on System Sleep which would increase the security by requiring 2FA.
Currently I have to choose between 2FA after System Sleep (which leaves the Vault unlocked for quite some time) or locking it after 5min but no 2FA after System Sleep.
I was already wondering why e.g. the Android app keeps being logged in even after an android reboot.
At events like an reboot I would want to have the vault being closed (new password login, not only locked).
Semantically, there are two different questions I would like the application to ask:
“Who are you?” – as verified by the master password. Asked “once in a while” (eg on system wake/power on)
“Are you still you?” – as verified by a pin, or some other low-complexity input. In my mind, this would be a highly intolerant input, where a single wrong character (types at any point) would trigger the “Who are you?” question.
Set options for both auto lock, and auto logout, on different time frames
Feature function
Currently, users have the option to select EITHER lock OR logout after a set amount of time.
It would be more ideal, in my use case to implement auto lock after a relatively short period of time, but auto logout after a longer period
as an example. I come back from lunch, and unlock my vault to login to various sites or services. After that, I often do not touch bitwarden for the rest of the day. If I do not remember go specifically logout at the end of the day, the vault remains stored on my device, requiring only the master password to open. In an environment with multiple coworkers sharing an office space, this is not ideal. I would like the vault to lock after a few minutes, which is sufficient for stepping away from my desk to grab coffee, use the restroom, etc, but then logout and require 2fa after a relatively longer period, such that if I forget to logout before leaving for the day, or worse, the weekend, it will logout and secure my vault.
I agree with Magnus, I wish the Android app would require full authentication after reboot. Including 2FA. I have not needed to provide 2FA authentication on my phone since I first setup bitwarden, over a year ago. As my phone is the most likely digital device to be lost or stolen, it seems somewhat backward that it has some of the lowest level of password security.
Another bump for this, would really appreciate this feature!
When I’m on my laptop I’m happy for my vault to lock after a few minutes and to use my pin, but after 10-15 minutes I’d really like it to logout as well.
+1 To slightly add to this, the ability to Lock with PIN separately from Lock with Master Password.
i.e. Lock with PIN on browser restart, and Lock with Master Password on system lock.
That way when I’m actively using my computer I can use a PIN, and when I’m away the memory is purged. Otherwise it becomes frustrating to use…