This is just a suggestion:
When clicking on ‘Log out’ I would prefer it to be immediate rather than requiring a confirmation.
It is better to be ‘safe than sorry’ and in an emergency you might want to sign out ASAP ?
One has already had to click on the User icon and then there is the second step of (usually) choosing: ‘Lock now’ or ‘Log off’
So, aren’t two steps enough?
A more flexible option might be to give each user a parameter to choose
two steps or three?
@ritester Welcome to the forum!
What type of emergency do you envision in which locking the vault would not provide sufficient security?
FYI, you can lock the browser extension in a single step by setting up a keyboard shortcut for this purpose. In addition, best practice is to set a vault timeout that is as short as possible.
When facing an emergency, one of the first tenants is to not make things worse. A similar emergency could be that your master password is misbehaving. In that case, logout is the worst thing you can do and a “are you sure” becomes a decent reflection moment.
Also, if you select “logout” in chrome, it only logs out that one extension. Firefox, Edge, and the desktop app will all still be logged in, so the “logout” control is not as effective as one might presume.
For the general “Danger, Will Robinson” threat case, you might consider a more simpler response, such as disconnecting your Internet connection or powering down your device. Both of which offer a broader defense while requiring less thinking during a time when emotional responses are likely to rule.