Hello BW community,
for some reason, I have to enter my master password every 3 to 6 months even though the Vault Timeout Action is on Lock - not Log Out. I experience this Log Out behavior on all my devices.
This is very inconvenient because when I am on the road and Bitwarden is asking me for the master password, I could be lost.
Can you provide more information about what type of device, operating system, and browser (if applicable) you are using, as well as what specific Bitwarden app or Bitwarden browser extension (including version number) that this behavior is occurring on?
And to double-check, since the tags used for new forum topics can be confusing: could you confirm that you are not using a self-hosted Bitwarden server?
It is also known that Bitwarden logs you out on some occasions, especially after server’s update. Generally, you need to be able to recollect your master password and have access to 2FA to more or less guarantee access to your vault.
Accessing BW using Passkey is coming down the pipe, so that solution might work for you In the long run.
Firefox iOS Browser: 122.0 (64-bit)
Firefox iOS Bitwarden Extension: Version 2024.1.1, Server version: 2024.1.2
Bitwarden iOS App: 2024.0.1 (5828)
I do not self-host. I use the Personal Free package.
This could be the cause. I also thought about it since the log outs are only happening occasionally without any specific cause from my user side.
I think this is the most likely explanation for @patwarden’s issues. However, in my own experience, my Bitwarden client apps and browser extensions very rarely get logged out as a result of Bitwarden server maintenance (at most once a year). Perhaps there is some factor that determines whether a client app/extension is logged out or not during such server-side resets (e.g., it may depend on whether the app/extension is unlocked or open), which may explain why this happens at a much lower frequency for me.
Another possible explanation is that when you make changes to the account security settings in the Web Vault (e.g., updating your KDF settings or changing your master password), then all of your Bitwarden client apps and extensions will be logged out the next time that they are opened while your device is on the internet; when this happens, you will be required to log in again with your master password. Note that if your client app is not running or not connected to the internet when you make the Account Settings changes, then there could be a (possibly long) delay between the account change and the prompt to log in with master password. Perhaps this is why it seems that “the log outs are only happening occasionally without any specific cause from my user side.”
@patwarden Next time this happens, please check whether the master password prompt says “Verify Identity” or “Log in”, and whether the button says Unlock or Log in with master password. If the above hypotheses are accurate, then the prompt should say “Log in”, and the button should be labeled Log in with master password.
If you have difficulty remembering your Master Password, I’d be concerned (if it was me).
That’s one of the reasons I have my browser extensions set to Log Out after some short period of time; it forces me to reenter the master password regularly thus helping to ingrain it in my memory.
But that’s me.
The same thing is true if you set your Vault Timeout Action to “Lock” (as long as you don’t enable locking with PIN or biometrics). This is the approach that I use.
Logging out only serves to purge the encrypted vault data from Bitwarden’s local cache (and to remove the protected encryption key from memory). If your master password is uncrackable, and if your device opsec is reasonably strong, then logging out is generally overkill.