Recent bug - Browser extension changes itself from timed Log Out to Lock

I just started seeing this recently. I always have the extension set to always log me out (never lock). However, as soon as I use autofill to log into a website, the extension changes to Lock.

I just tested twice, and sure enough it’s changed itself back to Lock again after each test.

This is on Brave, on both Windows and Ubuntu.

This just started within the past couple of weeks. What’s going on?

Seems to be a known issue:


The way I reproduce it is to simply autofill a website’s name/password page. Just doing that switches it to Lock.

I would suggest reporting your experiences in that Github thread.

This is happening on two computers but not consistently. The setting under Vault Timeout Action keeps reverting to Lock (unwanted) as opposed to Log Out.

Is there a glitch in the extension at the moment and/or is there a way to ensure this setting “sticks”?

This just started happening within the last couple of days or so.

Help is appreciated!

@Whats_Next I moved your post into this thread. Please read through the posts above for answers to your questions.

Folks, this is a MAJOR security flaw in my opinion! Still doing this - autofill a UN/PW combo and the browser extension locks itself instead of logging out.

Not only does it not behave the way it’s configured (to log out), it changes the settings that I preconfigured (to have it log out).

This is a major flaw and I’m not happy about this. Bitwarden team please advise when this will be fixed.

Hello all - apologies for the inconvenience of this known issue. The recommendation is a manual log out until the bug is fixed.

Thank you. I’m happy with the workaround; I’m most relieved to know that it’s a recognized issue that will be addressed. Thanks!!

1 Like

My issue is similar,

after a few minutes the vault timeout reverts to fifteen minutes regardless of whatever I set it at.

I am also repeatedly logged out of accounts when I switch tabs.

Thanks for the update.

Is there an ETA for the fix? This is quite a serious issue as it overrides 2FA and I’m surprised it hasn’t been addressed already.

1 Like


I believe this is a quite serious issue that should be fixed asap, as there is no way to enforce 2FA on the browser extension.

Is there any update on the ETA?

I have to say I’m a little surprised that this bug hasn’t been squashed by now. Usually BW is all over these things.

Not just because of the seriousness of it, but also the fact that they don’t have to create anything new - they just need to undo the change that broke this (since it didn’t start to exhibit this behavior until recently).

I am glad that I am not the only one with this issue, well sort of glad.

I haven’t figured out why it happens but on my Android phone and the Browser extension (on Vivaldi) my Log-Out setting changes to Lock when the session times out.

I am replying here for a few reasons:

(1) To show that there are others out there with this issue
(2) To further express that this issue it is very concerning to me as I use 2FA, which is not required when it just Locks rather than Logs Out, so my BitWarden account is not as safe as I would like if my phone or Laptop ‘goes missing’.
(3) To hopefully get an update when the issue is resolved.

Is it still doing this? I haven’t noticed it lately, though I haven’t been paying attention to it.