Improve Lock and Log Out Settings

Feature name

Give user more control over Lock and Logout behaviors.

Feature function

I don’t like that refreshing the page in the web vault locks the vault. It would be great if we had more control over when the vault gets locked and logged out.

Some suggested settings to add:

  • Lock Vault when Vault has been unlocked for (textbox for number of minutes) minutes.
  • Lock Vault when computer has been idle for (textbox for number of minutes) minutes.
  • (for web vault) Lock Vault when Vault’s browser tab is closed or refreshed (yes/no)
  • (for browser extensions) Lock Vault when browser is closed (yes/no)
  • Lock Vault when Windows session is locked (yes/no)
  • Lock Vault when Windows session is logged out (yes/no)
  • (repeat all the above settings for “LogOut”)

I agree, it’s annoying.
Another possible solution would be doing it like Lastpass: When you open the vault from the extension, a web-vault like page opens, but it’s actually the extension working as a fully-featured web vault, and also only requiring you to be logged in inside the extension, which can be set to “Never” expire.

I cannot get the lockout timer to work reliably. For example, setting it to four hours, close browser and I must login with master password again. Sometimes it works correctly, but mostly it’s a fail. I’ve set it to the never-lock mode, but am not comfortable with that. But having to enter my long, difficult master-password every time I start it up is nonsense.

I’m surprised this doesn’t have more votes. Having to log in every single time you open the web vault and every time you refresh it gets incredibly annoying, and coming from LastPass it’s downright one of the worst parts of the transition. If the browser extension did absolutely everything, including all the password/email checking tools and all the settings, then it would be fine but since you have to use the web vault for those tasks it’s a constant annoyance. I agree that a feature to allow the browser extension to unlock the vault would be good, otherwise just making an option to logout after the browser closes rather than when the tab refreshes would be so much more useful.

1 Like

Also coming from Lastpass, I evaluate Bitwarden as replacement.
One thing that annoys me is a poor choice of vault lock options. I was used to rely on LP idle time logout option. When I leave my computer after all day work, I lock it and I can be sure that 15 min later (my LP timeout setting) LP will logout form my vault. BW only has fixed timers, which are useless. It even doesn’t have a fixed timer, which will cover my working hours, like 8 hours or so.
I currently put it on browser restart, but I regularly forget to close the browser at the end of my work, so it is a security flaw. I only use Firefox as a browser.
This is unfortunately a serious deal breaker for me.
This topic should get more upvotes, it is really important for day to day use.

I believe that is a Firefox API limitation or something - i.e. that on computer sleep/log-out the Firefox fault will not automatically lock if you didn’t close the browser. And I agree it’s quite a deal-breaker!

This is probably the big thing I miss from Last Pass. I regularly open and close browsers, so having my vault lock every time is tedious. The only alternative is to select “never” which is significantly less secure than keeping the vault unlocked throughout a browser restart.

Yes, I also proposed another feature that I miss a lot from LP, that is Trusted Devices:

I agree it’s so annoying to type anything when you close and start your browser again (when you trust your PC).

I like this suggestion - I’ve found the browser extension in Chrome a bit frustrating - it needs an easy lock button.

Currently you have to open the extension, click settings, scroll down, click lock.

You can always use a keyboard shortcut, too :metal:

1 Like

yes please on this!

This is an issue that is a deal buster for me. When you fix this issue you can expect a donation from me, but not until. I want to be able to log in and have Bitwarden autofill all my account passwords until I LOG OUT. I see absolutely no sense in being “logged-in” and still having to enter my primary password every time I go to my browser and need a password on an account.

How would you intend to make a donation? Others have not found a way to do that:

As long as you are logged in you do not have to enter your primary password every time you go to your browser:
Option #1: You do not close your browser.
Option #2: You use a PIN after having closed the browser or locked the system.
Option #3: You use biometrics after having closed the browser or locked the system.

1 Like

5 posts were split to a new topic: Does the web vault sync automatically?