Is it good idea to keep Bitwarden opened in my browser?

Hello, I have one question regarding Bitwarden: I keep sensitive information in my Bitwarden including credit card details and etc and I have configured settings so that Bitwarden is always opened in my browser, it never gets locked or signed out no browser restart or after some time… I use it only here in my PC at my home where only my wife has access to this computer, which I don’t hide anything from her and obviously I trust. She also doesn’t use my browser at all, she has her own profile of Chrome. Personally me, I don’t go on any shady websites, I usually visit my browser game, maybe Facebook and very rarely some other new websites, but I still have to ask: Is it safe to keep my Bitwarden opened like that? For example, if I get virus in my browser (very unlikely, but let’s assume, I get it), is it possible that this virus can also penetrate in Bitwarden and retrieve my sensitive information? I also have saved my credit card details in my Chrome, but it seems more secured, it doesn’t show me my last 3 digits of cards until I enter PIN code of my Windows, unlike Bitwarden that shows me those 3 digits by clicking “view” button inside Bitwarden. What you folks would advise me, leave it like it is, or always let Bitwarden lock in my browser for more safety? Another reason I don’t want to lock is because, when Bitwarden is locked it doesn’t save information on new websites, until you unlock it. I also have Bitwarden in my android phone and in my work PC, but there it gets locked automatically. I would appreciate people’s advice.

Things can change. That’s it why so many people are getting divorced or separate.
Why not use settings like this?

image

You start the browser, you unlock Bitwarden and it is open till you close the browser or lock your computer, but then you only need your PIN.

I would recommend having separate profiles for YOU on your computer, not just one for your wife. I don’t know your internet browsing habits. In my case I spend time going to several websites where I must log in with credentials provided by BW. That use case has a private separate profile where the BW extension is in use. The browser collects zero cookies, history, etc… After visiting each BW accessed site I click on the browser home button and before going to another site I know that the browser is fresh and history, cookies, etc… are not cross contaminating with the previously visited site during that session.
Over half the time I am reading around and learning things at sites where I am NOT logged in. During that part of my internet experience I open a different browser “default” profile instance where BW is not available at all. Using FF Quantum, as you likely know already, the entire profile history of a profile is stored in a unique place and ONLY that profile can see the contents of its “package”.

Generally, I don’t leave the BW browser profile open at the same time the “default” browser is in operation. As a minimum I PIN lock the BW instance before launching the default instance. I am not super worried about this because my Linux system is pretty well locked down via advanced tunneling so nobody is going to jump on my connection along the path!

I don’t have issue where I need to hide information from my spouse. And as I said she has different Chrome profile and she uses her own Bitwarden extension with her account there. My main question was, if it’s safe to leave Bitwarden opened all the time and if it’s possible that virus that for example can penetrate in browser will be able to penetrate in Bitwarden too and read or steal my sensitive information like credit card. I could use lock like Peter suggested, but will it make sure that if virus is in browser, it won’t be able to penetrate in Bitwarden? Especially, if I open it when I open my browser?Another downside of that is that I will need to unlock it with PIN manually every time if I want Bitwarden save information about new websites or if I want to use Bitwarden.

Not everytime. Only after you re-started the browser or [edit] unlocked [/edit] the computer.

Ok, will try those settings. Thank you.

Well, on every system startup, Bitwarden requires my masterpassword to enter for unlocking, even if I set PIN code there. My masterpassword is big and complex and I’m not feeling comfortable to enter it every day. I guess, I’ll go back to without locking Bitwarden.

dean0919,

BW will only require the master password if you are logging out unless you are forgetting to “unclick” the option to use master password when the browser opens.

As you set your PIN you will see an option “Lock with master password on browser restart”, which is ticked by default. You have to untick that option if you want to avoid using the master password every time. This means BW will be logged in BUT locked to your PIN. ANYTIME you log out of BW the PIN settings are erased and you must reset them when you log in. You can stay logged in basically forever and of course the PIN settings are device specific. As mentioned above I use a private unique FF instance/profile so the sites visited under the default FF profile have little to no attack surface since they are not “privy” to the private profile. When I posted that above it was not that I thought you were not trusting your wife or hiding stuff from her. Separate profiles create security by reducing attack surface. Trying to help only.

3 Likes

Okay, thanks, I will untick that settings and use PIN then.

1 Like