Don't lock browser extension every time

Hi there,

Newbie here, giving Bitwarden a test run to see if it could be a good choice for me.
There is one issue that could be a deal breaker for me:

When I have logged in in Bitwarden—both the desktop application, and the Firefox extension—things work fine.

But every time I have closed FireFox, and then open it again, the Bitwarden extension is locked, asking for the master password again.
I have a habit of frequently closing all open FF windows, and starting a new instance, so this is really annoying.

I can’t understand why it behaves like this, since I still have the desktop application running and open. So Bitwarden should know that it is safe to have the Firefox extension unlocked when starting a new instance of FF.

Password managers like Dahlane will not ask for the master password every time you open Firefox as long as the desktop application is running.

Is this something under consideration, or is there perhaps already a setting for this I have overlooked?

T.i.a.!

(Windows 10, Firefox 69.0.2)

I am pretty sure it is because the desktop app and extension are completely independent on each other and unaware of the other one existence.

Have tried to go to options? There are some nice ones to choose from:

1 Like

Hey, that’s great. Thanks @KlausDevWalker !

I did go through and checked all the settings.
But that were the settings as presented in the desktop application. I now see that that option is only to be found in the browser app, and the two seem completely invisible to each other.

Ideally I would like to be able to set the auto-lock to either ‘at computer restart’, or to something like the length of a working day, or e.g. 24 hours.
But for now I will set it to the maximum allowed period of 4 hours, that’s a compromise which will make me proceed with the road test. :wink:

Thanks again.

1 Like

I have a suggestion for an improvement on this.

I experienced that even while I had set the timer to 4 hours, it was not respected, and again I had to unlock Bitwarden every time I restarted Firefox. So some frustration roared it’s ugly head again.

Then I found the culprit was that I had briefly checked out the PIN feature, and then disabled that again.

But, the PIN option pane also has a checkbox for ‘lock with master password on browser restart’.
And even while you have the PIN feature disabled, that—then hidden—setting is overruling the main timer setting.
I think that setting behind PIN shouldn’t have any effect when PIN is disabled?

edit,
It looks like I am experiencing an actual bug here.
I can not get the 4 hour timer to be respected at all anymore.
Bitwarden’s ff plugin will lock every time ff is closed.

1 Like

Now that you said that, I tried on my Vivaldi (Chromium-based) browser. It happened just like you described: you close the browser and when you open it, voilá, extension blocked again… Really weird at least…

There is already a thread:

1 Like

Just curious, since there is ‘Dev’ in your alias, are you one of the developers that might pick this up and see if it can get solved?

If, not, are Bitwarden developers reading and responding to what goes on on this forum?

There are no “bitwarden developers”, from what I can tell the entire thing is owned and developed by one heroically overworked dude, Kyle Spearrin.

He looks to be personally responsible for the backend server, all the browser addons, the web vault, the Mac and Windows desktop programs, and he probably admins the forum too. What he probably doesn’t do is sleep.

1 Like

Wow.
Stay healthy, Kyle!

1 Like

Guys, from a security aspect what you are requesting doesn’t make sense.
Closing the browser should end any open session through it.
I don’t think I would want someone to be able to unlock BitWarden just by opening the browser on my PC.
It’s already high risk that it remembers the password (so it’s just two clicks to unlock) and boom all your passwords, notes and 2FA tokens are available… Not great…
It defies the point for security, you might as well have a text file on your desktop with all the passwords.

It makes perfect sense for all situations where the pc is not in a public, or easy accessible location.

I think I am able to decide on the risks myself, depending on where I use the computer, and how critical the passwords I have trusted Bitwarden with are.

1 Like

Exactly. Here is the use pattern I want.

  1. I come to work. I scan my finger to unlock my computer, then scan my finger to unlock Bitwarden. (Or type in my passphrase, as BW sadly doesn’t support biometrics yet.)
  2. Bitwarden remains unlocked for the entire work day, locking shortly after I leave to go home, ~9 hours later.

Honestly, making the lock timeout configurable and persisting across browser restarts would pretty much fix this problem for me. The max is 4 hours and that’s annoyingly short.

1 Like

Agreed, let’s hope @kspearrin reads and agreas :wink:

1 Like

This is too annoying and a deal breaker for me.
I uninstalled Bitwarden and am back to Dashlane.