I want to make BitWarden for Chrome Desktop log out only every two weeks, so I don’t forget the password, but it doesn’t work as I want it to: I set the Account security in Chrome to “Logout” every 336 hours, but when I close and open the browser, it asks me to log in again.
I understand that, in this case, BW logs out on browser restart, but there is an option to keep it logged in forever and not ask for login even on PC restart for months at a time. Why can’t it do the x hours correctly?
This makes it less secure, as instead of logging out every time, I will set it not to log out at all, and that’s it.
Please implement something for this use case.
Thanks.
Staying logged in forever effectively stores your master password on your hard drive. All other mechanisms store it only in RAM. Allowing logins to persist browser restarts would similarly require storing the master password (or more precisely, the “encryption key”) on your hard drive. That is not a good place for it.
Most of us work around this by opening a spare browser window, minimizing it and never using it. This prevents the browser from truly quitting and therefore clearing out its RAM.
Another technique is to set the desktop app to have your desired 2-week timeout and the browser extension to use biometrics to login. Since biometrics in the extension requires the desktop to be logged in, you will get close to your desired behavior.
Regarding forgetting your master password, the best solution is to create an emergency sheet.
Risk acceptance is a very personal thing. You are free to make that risk decision for your own vault.
Hello,
I’ve encountered a similar issue with Bitwarden’s timed logout feature for the Chrome extension. I’ve set up the “Logout after X hours” option (e.g., 336 hours or about two weeks), but it doesn’t work as expected. Every time I restart the browser, I’m prompted to log in again, even though I’ve configured it to stay logged in for the set duration.
It seems like Bitwarden doesn’t track the session timeout properly when the browser restarts, overriding the desired “logout after X hours” behavior. This forces me to either log in manually after each restart or disable the logout feature entirely, which reduces the security of my account.
I understand the need for secure login practices, but it would be great if the feature could function as intended logging me out only after the configured time period. If this issue could be addressed, it would help improve the user experience while maintaining security.