Maybe I’m missing something obvious, but using bitwarden as my daily driver has caused a serious security issue. With Roboform, on restart I login and it sticks throughout the duration of the machine being on. With bitwarden, it only seems to store forever or I have to constantly type in the master password. This is too inconvenient and causes a security issue. I work all day from home and don’t want the unnecessary nuisance of typing in a long password every single time. With Roboform, if someone steals my machine, they don’t get my passwords when they boot up, with Bitwarden, they have everything. Is this a setting buried somewhere obvious that I’m missing? If not, what possible reason could there be to NOT implement such a useful feature?
Overall I really like bitwarden and will stay with it. On the phone, it’s so much better than roboform. On the desktop, I do miss the Roboform toolbar and added security for my use case but the sales and retention tactics just got to be too much.
Not looking to pick fights with fanbois, I’m a fan too, just hoping for a solution.
Take a look at these options and adjust them to your liking:
For details see here:
And to give you an example here are the settings I use at home in the Google Chrome extension and am very happy with:
Vault Timeout: On System Lock
Vault Timeout Action: Lock
Unlock with PIN: Activated, but Lock with master password on browser restart being deactivated
Although I am at home I try to always lock my system when I leave my desk.
Before the pandemic (and probably after it will hopefully be gone in a decade or so) I used to have and intend to keep on using these settings [edit:] in the office (<— Sorry, I forgot to finish that sentence as it was intended.)
Vault Timeout: 5 minutes. So the difference was/will be that I had/have to use the PIN again after these 5 minutes.
Unlock with PIN: Activated. Lock with master password on browser restart also activated.
I guess I should have mentioned I did try these settings, minus using the pin, and it doesn’t quite work. Regardless of what settings I use, I’m forced to constantly enter master password. I don’t keep browsers open after using them but do use them throughout the day. Maybe I’ll just have to learn to keep them open.
Still think the feature should be implemented, I mean why not?
That is the reason why you have to re-enter the master password. Closing the browser “overwrites” any other settings. Therefore: Try the PIN.
There are however already some feature requests to make the Bitwarden extension get through a browser restart.
When setting the PIN uncheck the “Lock with master password on browser restart”.
When you close and reopen your browser Bitwarden will ask for your PIN instead of your master password.
That is correct.
So now you “only” have to type in the PIN.
Thanks everyone. I guess it’s confirmed I’ll need to interact with Bitwarden with a password or PIN. That’s fine, I still think a lot of people would appreciate an additional option like I described Roboform offers. It’s not a deal breaker as I have the password set to never expire, it’s just a security concern if something out of the ordinary happens.