Panic Button - Lock All Instances of BW

Just a single easy to access button that will lock all instances of BW that are associated with a specific account regardless of location, device, app etc.

@opensourcefan Welcome to the forum!

If you log in to the Web Vault app, there is an option to de-authorize all sessions, which will cause all connected clients apps to log out.

Yes, appreciate the suggestion. I am aware of that option, however I think deauthorizing might be too extreme as well as inconvenient. I’m assuming most of us use apps or extensions vs the main site so a simple lock button on what we are already using would be super handy.

Just FYI, “deauthorize” essentially just means “log out”, nothing extreme. And locking the vault may not provide sufficient protection if an attacker already has possession of one of your devices (which is what I’ve assumed your use-case is). If the vault is locked using a PIN, the attacker would fairly easily be able to brute-force the PIN if the vault is locked but not logged out.

1 Like

Yup. Agreed. “Panic Button” is equivalent to deauthorizing all devices on most services and is of value. I use it routinely when I do a password change, for example. Where I would support the OP’s suggestion is to extend the deauthorizing option to all Bitwarden apps.

1 Like

Makes sense. My specific use case was weird, nothing more than family borrowing a computer. Wouldn’t expect any brute force anything and would’ve like to prevent having to MFA into all my devices again.

My use case may be limited and weird for a feature request though. It is what I wanted to do at that specific time but wasn’t able to.

Would a family account solve that? Or, using the Send feature for one-time access to a vault item?

No, don’t need to provide any access, want to remove the possibility of any inadvertent access.

FaceID/biometrics doesn’t accomplish this? If my kids are using my phone or laptop, they can’t access Bitwarden. The other option is a guest account on your laptop which will keep your kids completely out of your walled garden and confined to their own.

I’m not talking about keeping kids out, and I don’t have biometrics on my PC’s.

I’ll delete this feature request and move on.

Why delete it? You already have 2 votes.

Based on the replies it appears to be a dumb idea.

I don’t have permissions to delete it anyhow so I guess it’s staying.

Not a dumb idea. I would welcome being able to deauthorize all sessions from any of the Bitwarden instances - desktop software, browser extension, etc.

perhaps a workaround could be to set the timeout value? and set timeout action to lock.