I have used Bitwarden for several years, but this problem started more recently. I have seen similar posts in past, but none of the solutions work.
I set the vault time out in the Chrome extension settings to various periods. At present 16hrs. But that does not work. Every time I click on the BW icon, it requires a Master Password.
What I have tried:
Resync using BW directions.
Uninstalled and re-installed extension
Cleared all Chrome data.
Tried numerous settings. Only one that seemed to work was āNeverā which I donāt wish to use.
Tested on Firefox and Edge and have same results. Vault time-out is ignored.
My wife has BW too. I havenāt tested extensively, but she says she has to keep entering Master Password too.
I have had to type in that password dozens of time today
How do I resolve this?
HOLD ON. All of a sudden the last few times I used BW to log in, it didnāt ask for the Master Password. Mayb the res-sync worked but took some time to come into effect??? Letās see how things go tomorrow.
Sounds like the re-sync worked. As a rule, I always modify my main settings via the main website (vault.bitwarden.com) rather than via extensions / plug-ins / app. After logging in the website, go to Settings > Options to find the various settings.
Actually no, the reason it was working, was that I had forgotten to change back to a specific time-out after having tried it on āNeverā. I have now reset via Chrome extension to 4hrs. Will try from website too.
Result not good Back to requiring Master Password for every log-in. This with time-out set to 4hrs from both extension and website.
Hi @Freeagent is this happening during a single session in Chrome, or when exiting and coming back to Chrome? More specifics on web and browser extension timeouts here.
I have tested this by closing down browser and then restarting it. That is what I usually do and have done for years. Memory (not always good) tells me that in past I could do this without having to keep entering the Master Password. But your link says otherwise (although wording is not entirely clear)
Due to the web vault and browser extension depending on your web browser, there are unique ātimeoutā scenarios to consider:
If you refresh your browser (CMD/CTRL + R), your web vault will lock. (only when viewing web vault?) Refreshing will not affect a browser extension.
If you close your browser tab, you will be logged out of your web vault. Closing a single tab will not affect a browser extension.
If you quit your browser, you will be logged out of both your web vault and browser extension. This is what is happening
ī„Tip
If youāre using a browser extension, you can bypass this by enabling the Unlock with PIN option and unchecking the Lock with master password on browser restart checkbox.
"you can bypass āthisā - what is āthisā?
Regarding use of pin described above. I tried checking Unlock with Pin, but see no option to unchecklock with master password on restart. If I purposely Lock the account, then I can re-open using the pin. But still need master password for every log-in.
If you turn off the Lock with master password on restart option, the Bitwarden application may not fully purge sensitive data from application memory when entering a locked state. If you are concerned about your deviceās local memory being compromised, you should keep the Lock with master password on restart option turned on.
OK thanks - That allowed me to get the pin to work. But after reading the warnings, not so sure it is a good idea!
I donāt recall having this Master Password problem in the past on Bitwarden or Lastpass. Something has changed, but not sure where or what!
It seems that the recent update has reset some usersā local settings, and the Lock With Master Password on Browser Restart is one of them. I am guessing that for the vast majority of people with this issue, they had the option unchecked, and then after the update it got reset back to the default value (enabled), suddenly causing a password prompt anytime the BW client was restarted.
I noticed that my cell phone had Bitwarden vault set to Never. I somehow thought all would be the same if I set the time-out on the web version. But I guess not. Presumably each browser can also be set differently?
I have decided to go with Never on computers too, to avoid having to keep entering the Master password. Not much different from setting time out to some specific time seeing computers are at home and I would want to set the time out for all day anyway. Computers are turned off at night and require passwrds when turning on. We also donāt put our sensitive sites in Bitwarden (banks, investments etc)
I went to set my wifeās Chrome to āNeverā, but found her Chrome extension was set to āOn Browser Restartā. She had entered the Master Password first thing this morning, but now she can access and log in to websites by just clicking on the B shield. Even if Chrome has been closed and re-opened. Her Web vault is set to custom and 16hrs.
Now, that is what I have been trying to achieve! Will have to see if that works on my computer or find out why not.
OK, I just checked and with same setting as my wife has, I still get asked for the Master Password every time Chrome has been re-started.
@Freeagent Glad you brought this up, it was driving me nuts as well.
@bw-admin Personally I donāt see how itās any less safe - if your account or PC is compromised, then it doesnāt matter whether youāre unlocking with a pin or your master password, because at some point you data is being stored in local memory anyway.
Correct me if Iām not interpreting this correctly.
However, what I think is a much better solution is to be able to control Lock with master password separately from the Lock with PIN, as they serve different purposes.
i.e. Lock with PIN on browser restart, and lock with master password on system lock.
That way when Iām actively using my computer I can use a PIN, and when Iām away the memory is purged.
