Hi all,
I have set Settings → Account Security → Vault timeout to 500 hours. And yet I get locked out every few hours and certainly after every restart (Windows 11, Brave addon). I find no other setting to this avail. What am I doing wrong?
Do I need to set Lock to Never? (I’d rather avoid that)
… logged out – or locked?
Is your vault timeout action set to “Lock” or “Log out”?
Aside from what @Nail1684 is asking, the browser extension intentionally asks for a password (at least to unlock) every time the browser restarts. The solution to this is to avoid shutting down the browser unless you log off or shut down the machine. Upon restart, you’ll have to supply a password. There are other workarounds, but you may or may not like them.
As the others have pointed out, you have not provided sufficient unambiguous information for your problem to be diagnosed.
However, based on an educated guess about what the issue is, I am providing the following recommendations. Please go to Settings > Account Security in your browser extension, and make the following changes:
With the above configuration, you will still need to enter your “PIN” whenever you restart your browser. This setup is slightly more secure than setting the vault timeout to “Never”, but you vault data will be at risk when an attacker gains access to your device (just like with the “Never” option), if that attacker can guess your PIN in an off-line brute-force attack (with no rate-limiting or maximum number of attempts).
Yes lock, not log. I wonder if I’m the only one getting confused by this choice of naming.
Anyway, I do not wish to do ANYTHING additionally every day I start my computer. What do I need to set to achieve this, or should it really be impossible?
A PIN would defy the point of a lengthy password, at least in my use case.
Aha. And no, you’re not the only one - there even is a dedicated Help Site to the difference of logging in and unlocking: Understand Log In vs. Unlock | Bitwarden
But now just for clarification: does your extension get locked of it’s own every few minutes now (like the title states) - or is it more like your extension gets locked when you close the browser every few hours? (the latter would be expected, the former not)
And not a solution for now and a bit unclear when we will get it, but using passkey unlock (and log in) will come to the (Chromium) browser extensions and that might be both convenient and without concessions regarding security.
PS: I slightly adjusted the title to make more clear you’re talking about “locking” - and not logging out.
Then you would have to set the Timeout to “Never”. And make sure that your computer has extremely strong defenses against unauthorized physical access and malware infection.
It may be helpful if you describe your use-case and your threat model.