Leave Browser Add-On unlocked?

Hey
Maybe someone here can answer my question…
If only i have access to my computer, can i leave the Bitwarden Brave browser add-on unlocked, or are there any security issues (hacks) known that target unlocked add-ons?
I am asking because i have compartmentalized my Browsing, and work with different browser profiles, therefore it would be easier if i would not always need to unlock the bitwarden add-on.
Thanks and greets,
Andreas

I would not do that. Granted under normal circumstances only you have access to your computer. What about if theft occurs? Or something similar?

I have mine set to auto-logoff after 15 minutes. That gives me plenty of time to do what I need to do. I prefer to launch the PW manager, log in where I need to, then get out of it.

Hi @Shiftshaper and welcome to the community!

I don’t think there would be any issue other than theft as @bwuser10000 already mentioned. As a compromise solution, could you set up a relatively simple PIN to unlock the extension. This would be better than nothing, but would still allow you to lock the extension.

That is what I do Andreas.
All my security is aimed at preventing a thief from getting access to my computer.
This way allows me to have a really really secure master password that provides maximum protection from an attacker who gets my vault from the cloud but is too difficult to type in.

In 20 years I have never had a computer stolen but I have had online hacks including a password vault stolen from the cloud. If it is stolen i will know about it quickly and I don’t think they will unlock it. I’m more concerned about hacks in the cloud.

Thanks @RogerDodger
I have a PIN set at the moment, but i was wondering if this is even necessary if only
i have access to the computer. So it seems that it isn´t.

@DoctorB @bwuser10000 I also have a very secure masterpassword, but what i am wondering is, if there are known hack attempts that specifically target unlocked add-ons?

Bitwarden would patch any known exploits so the answer has to be no.

But you are right to be concerned, malware on the client is an attack vector of all password managers.
Locked vaults clear out memory so I expect it is easier to attack on unlocked vault but I doubt it will make that much difference. Malware would sit there waiting for you to unlock the vault then it would grab the contents.

There are no publicly known exploits for BitWarden at the moment but Lastpass have had many such attacks so the threat is real.

Thanks for your insights As an extra security feature i got keyscrambler installed, but i am not sure if it works in the add-ons

If you ever get malware on your computer, there is a chance that it would be able to read all your decrypted vault information (and possibly even your master password) directly from the computer memory.

Is there a way to avoid it even if you have the malware? And… is there a difference in your opinion if the browser add-on is locked or not from the security standpoint (with a computer where only i have access)?