I don't want certain passwords / urls / logins syncing to phones or portable devices

The WSJ ran an article about a man who stole phones after social engineering or shoulder surfing the pins, and then proceeded to empty the person’s bank accounts.

https://www.wsj.com/tech/personal-tech/he-stole-hundreds-of-iphones-and-looted-peoples-life-savings-he-told-us-how-fbd81ab5?mod=hp_lead_pos7

I’ve long since stopped putting my brokerage and high-balance bank account apps on my phone, but it occurred to me that since the bitwarden app is on the phone someone can see where I have accounts.

I’d like to be able to select certain “high value” passwords, url, and account names to only sync to certain machines and certainly not to my phone, especially when I’m travelling abroad.

I usually remember to turn off face and pin unlocking of bitwarden when I travel, but occasionally I forget. So maybe another related security feature is to force the Master Password when you’re not at home/work.

Online, I encountered a guy who was robbed of his phone, and forced to hand over his phone PIN, which was a “hallowing” experience for him. Maybe next, they would focus on financial app’s PIN, and eventually PWM’s PIN.

One thing one can immediately do is to keep the high-value credentials in an offline PWM, and perhaps keeps that password in BW.

Hi @ThrillScience! One option you may consider is setting the vault timeout action to logout rather than lock - this would always require you to fully log back in using your master password or other decryption method (like SSO with Trusted Devices).

An alternative would be to use your primary account (perhaps a Premium or Families account) with most of your logins, but have a separate free Bitwarden account with just your most high value/sensitive information. The Bitwarden mobile app has account switching available, so you could leave your high value account logged out at all times (for example, setting the timeout to immediately and action to logout) while still having the convenience of biometric unlock for your lower value logins.

Here is some additional information about the differences between Logging in vs. unlocking your vault.

I hope these tips help!

1 Like