I have used Bitwarden for several years, but this problem started more recently. I have seen similar posts in past, but none of the solutions work.
I set the vault time out in the Chrome extension settings to various periods. At present 16hrs. But that does not work. Every time I click on the BW icon, it requires a Master Password.
What I have tried:
- Resync using BW directions.
- Uninstalled and re-installed extension
- Cleared all Chrome data.
- Tried numerous settings. Only one that seemed to work was “Never” which I don’t wish to use.
Tested on Firefox and Edge and have same results. Vault time-out is ignored.
My wife has BW too. I haven’t tested extensively, but she says she has to keep entering Master Password too.
I have had to type in that password dozens of time today
How do I resolve this?
HOLD ON. All of a sudden the last few times I used BW to log in, it didn’t ask for the Master Password. Mayb the res-sync worked but took some time to come into effect??? Let’s see how things go tomorrow.
Sounds like the re-sync worked. As a rule, I always modify my main settings via the main website (vault.bitwarden.com) rather than via extensions / plug-ins / app. After logging in the website, go to Settings > Options to find the various settings.
Actually no, the reason it was working, was that I had forgotten to change back to a specific time-out after having tried it on “Never”. I have now reset via Chrome extension to 4hrs. Will try from website too.
Result not good Back to requiring Master Password for every log-in. This with time-out set to 4hrs from both extension and website.
Hi @Freeagent is this happening during a single session in Chrome, or when exiting and coming back to Chrome? More specifics on web and browser extension timeouts here.
I have tested this by closing down browser and then restarting it. That is what I usually do and have done for years. Memory (not always good) tells me that in past I could do this without having to keep entering the Master Password. But your link says otherwise (although wording is not entirely clear)
Web and Browser Extension Timeouts
Due to the web vault and browser extension depending on your web browser, there are unique “timeout” scenarios to consider:
If you refresh your browser (
CMD/CTRL + R), your web vault will lock. (only when viewing web vault?) Refreshing will not affect a browser extension.
If you close your browser tab, you will be logged out of your web vault. Closing a single tab will not affect a browser extension.
If you quit your browser, you will be logged out of both your web vault and browser extension. This is what is happening
If you’re using a browser extension, you can bypass this by enabling the Unlock with PIN option and unchecking the Lock with master password on browser restart checkbox.
"you can bypass “this” - what is “this”?
Regarding use of pin described above. I tried checking Unlock with Pin, but see no option to uncheck lock with master password on restart. If I purposely Lock the account, then I can re-open using the pin. But still need master password for every log-in.
I am not getting anywhere with this
The checkbox for ‘lock with master password on browser restart’ should be directly below the PIN field.
If you are choosing this, please keep in mind:
If you turn off the Lock with master password on restart option, the Bitwarden application may not fully purge sensitive data from application memory when entering a locked state. If you are concerned about your device’s local memory being compromised, you should keep the Lock with master password on restart option turned on.
More information here.
OK thanks - That allowed me to get the pin to work. But after reading the warnings, not so sure it is a good idea!
I don’t recall having this Master Password problem in the past on Bitwarden or Lastpass. Something has changed, but not sure where or what!
It seems that the recent update has reset some users’ local settings, and the Lock With Master Password on Browser Restart is one of them. I am guessing that for the vast majority of people with this issue, they had the option unchecked, and then after the update it got reset back to the default value (enabled), suddenly causing a password prompt anytime the BW client was restarted.
I noticed that my cell phone had Bitwarden vault set to Never. I somehow thought all would be the same if I set the time-out on the web version. But I guess not. Presumably each browser can also be set differently?
I have decided to go with Never on computers too, to avoid having to keep entering the Master password. Not much different from setting time out to some specific time seeing computers are at home and I would want to set the time out for all day anyway. Computers are turned off at night and require passwrds when turning on. We also don’t put our sensitive sites in Bitwarden (banks, investments etc)
I went to set my wife’s Chrome to “Never”, but found her Chrome extension was set to “On Browser Restart”. She had entered the Master Password first thing this morning, but now she can access and log in to websites by just clicking on the B shield. Even if Chrome has been closed and re-opened. Her Web vault is set to custom and 16hrs.
Now, that is what I have been trying to achieve! Will have to see if that works on my computer or find out why not.
OK, I just checked and with same setting as my wife has, I still get asked for the Master Password every time Chrome has been re-started.
Looks like I am getting nowhere (
Maybe I should give up
@Freeagent Glad you brought this up, it was driving me nuts as well.
@dwbit Personally I don’t see how it’s any less safe - if your account or PC is compromised, then it doesn’t matter whether you’re unlocking with a pin or your master password, because at some point you data is being stored in local memory anyway.
Correct me if I’m not interpreting this correctly.
However, what I think is a much better solution is to be able to control Lock with master password separately from the Lock with PIN, as they serve different purposes.
i.e. Lock with PIN on browser restart, and lock with master password on system lock.
That way when I’m actively using my computer I can use a PIN, and when I’m away the memory is purged.