Link vault lock/unlock between browser plugin and desktop app

app:browser
app:desktop

#1

I use multiple web browsers simultaneously (Brave, Vivaldi, Edge, Edge Insider, etc.), and it’s irritating to have to unlock my vault on each one individually. I get why the vault is locked when I close a browser, and for cases where I don’t also have the desktop app installed, this is definitely my preferred behavior.

But I do know that on at least some web browsers, extensions are allowed to communicate with native desktop applications. (For example, the MEGA extensions can have the MEGAsync desktop app handle downloads instead of doing it themselves. And the extension continues to inform the user of download progress.)
So, if a user has the Bitwarden desktop application installed, it would be useful to have the browser extensions rely on the desktop’s state for whether or not the vault is unlocked.


#2

Here here. I highly second this. And I would also add that pin code login and theme and settings should also travel across devices. I find it counter intuitive to have to set up pin login in each browser on each device.


#3

I gotta disagree on PIN login for the same reason Microsoft doesn’t do it for Windows: a shared PIN is inherently, and extremely, insecure. That said, I feel physical security keys are secure enough to replace passwords outright, and even more so if you had to use said key on a trusted device. (For example, instead of plugging my Feitian FIDO U2F key into my computer, send a notification to my phone and require PIN or fingerprint, PLUS tapping the key to the NFC reader.)


#4

I don’t see how sync pin from desktop app to browser plugin on the same system should be a security issue. Can’t both the plugin and the app best set up to access the same data files ? As to sharing across the cloud, actually Windows lets you enter a pin and syncs that across the cloud. Any data passing from the bitwarden server to the mobile app would be strongly encrypted, plus the master password would need to be entered first, so that’s probably strong enough security in my case. I don’t think I need to go to those extremes to log into my account to order a pizza at the local pizza place lol