Firefox plugin recent change lock behavior?

Greetings everyone. I’ve noticed a change to the Firefox plugin that gives me a bit of a pause.

I keep my BitWarden vault locked, but logged in. I unlock, use autofill, then lock the vault when needed. In the past couple of weeks, I’ve noticed a difference in behavior:

When I unlock my vault for the first time in a Firefox session, it takes about 2-3 seconds to decrypt my vault upon entering my master password. This is expected based on the number of rounds, etc. I then lock my vault as I continue my session.

The 2nd time I unlock my vault during the same Firefox session, it unlocks immediately after entering my master password. There is no decryption delay. This makes me think that the lock process did not wipe the key from memory as the plugin was able to access it immediately without any decryption delay. If I close Firefox and relaunch, the 2-3 second delay returns for the first unlocking, but disappears for every unlock after.

This is different behavior than two weeks ago when it took 2-3 seconds every time the vault was unlocked. BTW - I’m not using a PIN or any other mechanism other than typing my master password to unlock.

Any thoughts?

I am not certain that I entirely understand everything you are communicating, but yes - I believe this is expected behaviour.

When you login to you account, there can be a pause as your vault db is downloaded and decrypted. But as soon as you lock the vault, it remains stored in encrypted form on your device ready to be used again.it does not matter if you unlock with a PIN, biometrics, or your master password, you skip the download step and BW simply decrypts the contents ready for use.

Perhaps you are unlocking the vault when you are actually expecting a new login instead?

And don’t forget to clear this option if you are wondering why you are prompted for your master password on restart:
Screen Shot 2021-10-11 at 10.09.52 AM

Thanks for the reply.

I only mention the issue because something changed in the most recent Firefox plugin. Prior to the current version, that 2-3 second delay (which I call the decryption delay) occurred EVERY time I unlocked the vault. Now, it only occurs the first time. Subsequent unlocks happen immediately until I close Firefox, which seems to me to be too quick for actual decryption to occur. Thus, my concern.

I do not have a PIN set at all. I always type my master password.

thanks again for your insight.

Right - but it sounds like you were performing a login each time previously. Now it sounds to me like you are simply unlocking the vault. Both can be achieved using your master password. Can you confirm? (BW tells you if you need to login vs. need to unlock.)

Was always performing an unlock, because I have 2FA setup and stay logged in so I don’t have to provide 2nd factor each time I unlock. Also, icon shows red padlock when Firefox launches, so should be logged in all the time.

But you don’t need to require a two-step login each time, either, if your device is trusted. Maybe that’s your issue? But you are right - if you saw the BW icon indicating it was locked, that is pretty clear.

Anyways, I am using FF on Windows, MacOS, and Linux, and I have noticed no such change. Maybe someone else has some ideas? I’m stumped.

One last idea, although it is more for others in the future who read this thread because they are experiencing somewhat similar issues:

Is there any chance you previously had your Vault Timeout settings to Log Out rather than Lock? That would create the behaviour that you experienced (except for the “Bitwarden locked” icon you saw in the FF toolbar).

Thanks again for the followup. I also uninstalled and reinstalled the plugin and the behavior remains. Vault timeout is set for 1 minute and to lock, not log-out.

Thanks for spending the brain cells thinking about the issue!

1 Like

Sorry to beat a dead horse! But if you change you vault Timeout option from Lock to Log Out, does that restore the behaviour you previously experienced? I’m just really curious now! :grin:

No problem. I did change the timeout from Lock to Log Out. That did not restore the previous behavior since I didn’t log out of BW normally.

The whole thing is really just a change in behavior since the previous version of the plugin and I didn’t see anything in the release notes indicating a change. And since unlocking a 2nd time in Firefox doesn’t give me the expected decryption delay, it makes me concerned that it isn’t wiping the vault from memory during a lock anymore. That’s my main concern.

My guess previously was that the delay was not due to decryption time, but rather, the time it took to download the vault from the BW servers, which of course would only be associated with a login event (not unlock event). But your trial indicates that there is no delay associated with a full login relative to an unlock. So yeah, now I am really stumped. I am guessing that something else has changed unrelated to the download and decryption of your vault, given your results to these little experiments.