Prompt users to enter master password periodically [configurable time + max time]

It would be great, if the app would ask users who have set a pin to enter the master password periodically. So that all users would remember the master password.

You can already set it to need the master password when the browser is closed when setting up the PIN. So every time you fully close the browser or restart your computer you’ll need to enter your master password.

2 Likes

So, every few months?

Do you not close your browser or restart your computer for months?

Firefox and Chrome only get updates about once a month, even then, rarely have critical updates. My wife just wait until Chrome’s update symbol is red, which can be a long time if no critical security updates. Computers run 24/7, only rebooting for critical updates. At one point Windows Updates was having all kinds of issues, so I didn’t update/reboot for nearly 6 months. Lots of reports of data loss and blue screens.

I did enough rebooting with Win95 for a life time. It was a miracle to make it 24 hours. Ironically, it only takes about 10 seconds to boot these days.

I have to enter my password every time my browser restarts - is that not the function you are looking for?

1 Like

One solution is to not use the PIN. Have the extension lock after so many minutes and once you got the master password remembered then use the PIN.

Another option is to write down the master password and keep it somewhere safe. Maybe also share another copy with someone you trust. You should be doing this anyway as there is no resetting the master password if you forget it.

I have family that will never remember their master password so I have it in my vault and written down at the their home and hide it. Their Bitwarden is set to never lock but they know where to find the master password if they need it which is very rare. Maybe this is approach you can take?

Let’s say I login with my fingerprint on my mobile app and pin on my PC always. Shouldn’t BW prompt me at least once to enter the master password so I won’t forget it.

2 Likes

ah OK i see, yes that makes sense

1 Like

I almost filed a duplicate issue. I think editing the body of this feature request with some more explanation and context would be helpful.

Subject: Help user remember password with re-prompt when PIN, Face ID, fingerprint enabled

Feature name

  • Help user remember password by periodically prompting for the bitwarden password when Face ID, fingerprint, PIN etc are enabled in their clients

Feature function

  • What will the feature do? Prompt the user to enter the vault password periodically
  • Why is this useful? It is easy to forget your vault password when PIN, Face ID or fingerprint unlock is used because you might go weeks or months without entering those passwords. In a similar way Android and iOS require the you to enter your password/PIN when you start your phone and disable fingerprint and Face ID.
1 Like

Feature name

  • Periodic Master Password reminder dialog for users with Biometric login

Feature function

  • Currently an user to unlock the BitWarden using biometrics only on Android & Windows without ever entering master password if the remained logged in.
  • This feature should periodically ask for Master password from a user and disable biometrics until the master password is entered correctly.

Related topics + references

  • Aegis 2FA app already does this. They first implemented this with a 2 week reminder period. It was later changed to 30 days.

This feature actually solves two product needs if the time between password prompts is user configurable. The second is to increase security by requiring the password to be entered eg. daily (a LastPass feature). See also Option for Max period of time between PW unlock

2 Likes

Thank you for your post!

Feature name

  • Option for Max period of time between PW unlocks

Feature function

  • An option after enabling biometric unlocks or PIN unlocks for prompting the unlocking of the account with the master password.
  • The option would be the max period of time from the last unlock with the master password.
  • During that period, if the master password is used again it reserts the timeframe.

Coming from LastPass, I miss this feature. I used biometrics but required master password to unlock once every 24 hours. Everyone will have their own convenience vs risk tolerance.

To consolidate votes, this could possibly be merged with Prompt users to enter master password periodically.

1 Like

HI
Im new to Bitwarden and would love to know how exactly can I set this please? Could you help by letting me know. I would be very grateful.

I would like to enter the master password every time i restart my browser.

If you can, Thank you in advance. Much appreciated.

Case

This might be what you’re looking for, start the video at 25:10 https://youtu.be/30QqIeb1Pu4?t=1511

1 Like

Really appreciate the time and effort to reply. Thank you man.