If the Bitwarden desktop app is installed and running in the background, it should be able to communicate with a Firefox (or other) browser extension, so that it is not necessary to unlock the vault after each time the browser is closed. As it is now, even if the vault timeout is set to 1 hour and it was just unlocked a minute ago, once the browser window is closed, then opened again a few seconds after, Bitwarden has already locked. If the Bitwarden desktop app is running anyway in the background (which is optional), it could make itself useful by holding the timeout open, while a browser is closed and reopened (assuming within the time specified).
Further, if a login is launched from the Bitwarden desktop app, it is then neccesary to enter the PIN a second time, once to open the Bitwarden desktop app and then again to unlock the browser extension, even if all that was done in 30 seconds.
And the timeout should not blindly expire once the time is met. Bitwarden should be able to tell that since the last time it was unlocked, another login or form has been filled since and then reset the timeout to the last time of Bitwarden use. Or even better, monitor the computer for idle and as long as it is not idle, keep extending the timeout.
This is something that I loved in Enpass, but sorely miss. I also use multiple browsers, separating for example work from personal sessions.
I use bitwarden via the desktop app and in different browsers on one System, and I always have to log in to each individual app with my masterpassword.
Is it possible to enter the masterpassword only once and then be activated in all browsers and app?
What do you think about that it?
On the pc I am writing from, I have Bitwarden installed four times:
- the official destkop app
- the browser extension in Firefox
- the browser extension in Edge
- the browser extension in Chrome
All four installations act independently as far as locking/unlocking goes, so even if I set the autolock timeout to 4 hours on all of those, I quite frequently have to retype the password because I close and switch browsers.
It would be a way nicer experience if all those installations on the same pc could maintain a single unlock session.
- Unlocking from any should unlock all
- Locking any (manually or via timeout, but not by closing the browser) should lock all
- Opening any browser while the desktop app is unlocked should show the Bitwarden extension as already unlocked
The machinery should be in place since as I understand biometric unlock from desktop browsers, recently implemented, relies on communication between the browser extensions and the desktop app.
By the way I canāt use biometric unlock: my company pc disables Windows Hello by policy, and my home pc does not have a fingerprint scanner or a supported webcam (no infrared and depth capabilities).
I hope lock status of vault between client and extension could be synced everytime Chrome is launched. So that I could really keep the vault unlock until system is rebooted, rather than input password again and again everytime Chrome is restarted.
Feature name
Automatic unlock of browser extension.
Feature function
It would be nice to have the Chrome extensions automatically unlock if the desktop application is present and unlocked - saves a lot of mouse clicks to bring up the extension, then either type the password or hit another button to enable the biometric unlock.
Any ideas if this is being looked into? Original post is 3 years old and itās still being requested to this day.
Iām guessing Iām blissfully unaware of the complexities of implementing this but this is such an obvious QOL/usability improvement.
I wish Bitwarden would recognize that not all of us have the same risk profile and/or have different degrees of risk tolerance.
Personally, Iām fine with a 4 or 6 digit PIN + Yubikey. I prioritize convenience. Iām just a low profile dude that wants to protect my low profile accounts. I donāt manage millions.
Why the extension and the desktop app doesnāt handshake, who knows? Do they dogfood their own product? If I was the CEO of Bitwarden, or even just a QA dude, sign into Windows with Windows Hello, and upon launching your browser, have to immediately sign into Windows Hello again, would think that this is really annoying.
I open the local desktop app to make some changes. Remains unlocked. Go on the web, enter the keyboard shortcut to autofill, got to unlock again. Why so much unnecessary friction? Youāre protecting nothing. Desktop app is unlocked for the person logged in to see. Requiring me to do it all over again for the extension is a pointless exercise.
Background
There are a couple of issues that stem from the current design of Bitwarden.
Desktop, cli and web extensions all have different vaults, so you have to manage login and syncing for them separately. I currently have five different instances (desktop app, two different browsers, bwcli and a linux-kde-krunner)
AutoFill on desktop isnāt working well. There are also requests for other features that are currently complicated.
Writing extensions or separate solutions on top of Bitwarden is currently not very easy. bwcli is usable, but you have to handle too much your self. And, it is very slow, which I donāt think is solvable in current solution.
Suggestion
I would suggest having one service running in the background on the desktop. It would handle unlocking and syncing and have an interface that applications can connect to.
Desktop applications, web extensions and autofill features would only care about presenting, skipping handling of vault and login and syncing.
There are multiple services I can see built on this: autofill, secretservice, kwallet, krunner, web extensions, cli, gui, ssh agent. This would simplify much for the community and other external parties.
An example is KeePassDX, which made it a bit different, and made their desktop client a master (a service) for web extensions, secretservice, ssh and more, but I think a UI-less solution would be more extendable and less messy.
Some thoughts on how I currently would try it out
The interface is probably the hard part to get it right, so discuss this in length, and keep the discussions public.
For interface, I would use something that web extensions can use on all platforms (if it is safe enough), I think that is the most limiting connection. I donāt know if there is a common way to handle this on all platforms.
It would be good if the interface also included a way to start the service.
There may need to be two different web extensions, one complete (current), and one thin.
Please implement this feature. Iād like to have my browsers unlocked if the desktop app is running and unlocked. Itās simple.
Coming from Keepass, itās a feature I really miss.
Running W10.
I run the BW extension in 4 browsers but do not run the desktop app.
I would like the BW unlock/lock to take place in all my browsers when I unlock/lock any one of them.
Seems like all the Bitwarden competitors already do this - why not Bitwarden?
And itās been years since this feature was first requested by many - why the huge delay?
Is it scheduled for implementation?
New user questionā¦
For years BW users have been asking for feature that your pw competitors already offer. For browsers we are running with the BW extension on a given device when we unlock the extension in 1 browser we want it unlocked in all of the browsers. When will BW get it done?
Scenario:
Broswer 1 Edge + Bitwrden extension
Broswer 2 Chrome + Bitwrden extension
It would be nice to have some system-level helper that would manage Bitwarden logins across multiple browsers, so we donāt have to log in multiple times (now we have to login into each browser separately).
BTW AdGuard is using a similar mechanism where paid version have this agent working on the system level and communicating with browser extension across all brosers
At the present time, it is a bit inconvenient for me to have to lock two different apps, or unlock each of them.
If possible, being able to log in once to Desktop, and having those credentials unlock the browser extension would greatly improve convenience. The same can be said for locking the desktop app.
I was wondering if there was any update on this?
Every Password manager that I have used in the past which has come with a desktop app has allowed me to unlock the app which automatically unlocks the browser extensions.
Similar to a few people above, I use different browsers and it can be teadious constantly having to unlock the browser extensions.
I appreciate that this functionallity might not suit everyones needs but even if there was an option to turn the feature on/off, that would be great!
I have used basic password managers that come with AV packages (Kaspersky/Bitwarden) and these give a similar functionality
Newbie from Lastpass here.
First thing I noticed after installing Bitwarden was the lack of cross browser login status sharing.
Iāll try to be patient while evaluating the rest of the product, but I do think that particular feature is a necessity.
Iād also like to see this, but with the addition of the CLI as well.
3 years has passed, seriously??
It is such a shame that this feature does not exist. Since I close my browser too many times a day I canāt quite use the browser app and always have to copy and paste everything through the desktop app.
Can we donate for this feature request to be prioritized?