Panic Button: Deauthorize Sessions From Any App

Just a single easy to access button that will lock all instances of BW that are associated with a specific account regardless of location, device, app etc.

@opensourcefan Welcome to the forum!

If you log in to the Web Vault app, there is an option to de-authorize all sessions, which will cause all connected clients apps to log out.

Yes, appreciate the suggestion. I am aware of that option, however I think deauthorizing might be too extreme as well as inconvenient. I’m assuming most of us use apps or extensions vs the main site so a simple lock button on what we are already using would be super handy.

Just FYI, “deauthorize” essentially just means “log out”, nothing extreme. And locking the vault may not provide sufficient protection if an attacker already has possession of one of your devices (which is what I’ve assumed your use-case is). If the vault is locked using a PIN, the attacker would fairly easily be able to brute-force the PIN if the vault is locked but not logged out.

1 Like

Yup. Agreed. “Panic Button” is equivalent to deauthorizing all devices on most services and is of value. I use it routinely when I do a password change, for example. Where I would support the OP’s suggestion is to extend the deauthorizing option to all Bitwarden apps.

1 Like

Makes sense. My specific use case was weird, nothing more than family borrowing a computer. Wouldn’t expect any brute force anything and would’ve like to prevent having to MFA into all my devices again.

My use case may be limited and weird for a feature request though. It is what I wanted to do at that specific time but wasn’t able to.

Would a family account solve that? Or, using the Send feature for one-time access to a vault item?

No, don’t need to provide any access, want to remove the possibility of any inadvertent access.

FaceID/biometrics doesn’t accomplish this? If my kids are using my phone or laptop, they can’t access Bitwarden. The other option is a guest account on your laptop which will keep your kids completely out of your walled garden and confined to their own.

I’m not talking about keeping kids out, and I don’t have biometrics on my PC’s.

I’ll delete this feature request and move on.

Why delete it? You already have 2 votes.

Based on the replies it appears to be a dumb idea.

I don’t have permissions to delete it anyhow so I guess it’s staying.

Not a dumb idea. I would welcome being able to deauthorize all sessions from any of the Bitwarden instances - desktop software, browser extension, etc.

@opensourcefan
perhaps a workaround could be to set the timeout value? and set timeout action to lock.

To add the ability to force a logout of all devices from the app in case of loss/theft of mobile phone.

At the moment, it is possible to “Deauthorise sessions” via the desktop login but not through the app. However, this feature is not easy to find on the desktop version.

To be able to secure the account remotely from a mobile phone would enhance the security for all users.

It is in the web vault under settings >> My Account >> Danger Zone >> Deauthorise sessions.

https://vault.bitwarden.com/#/settings/account

The web vault is accessible without needing any installed software, so a great place to respond to emergencies.

Whilst the feature you describe is in the web vault, it is not available in the Android app. It is also not particularly visible in the web vault.

My original suggestion was to include this feature in the app.

I’ve merged some related threads and modified the topic title (was: “Panic Button - Lock All Instances of BW”).