Require server authentication each log in

I’m not sure if this have been discussed, when I went through most the the forums and didn’t see anything.

I am self hosting Bitwarden on my Synology nas, using Synolgoy’s reverse proxy. I’ve noticed that when I use the app on my phone even if I am not connected to the internet I can still enter the password and login to Bitwarden, the same goes with the browser extensions.

Here is what I would expect to happen, no matter the platform used every time you are logged out of Bitwarden, you have to re-authenticate with Bitwarden where it is hosted, to login again. Which means if the device losses internet connection it cannot login.

I feel this would be useful if you have to use the purge feature where you log all devices out of Bitwarden. Those devices can’t be fully logged out of if they are not connected to the internet. I know this isn’t a problem if you are logging in through the web browser, but it does pose issues for apps and browser extensions. It leaves the device vulnerable if it is lost, because they can turn off the internet and try passwords all day.

I don’t know if this is possible, but I think it would be a nice added feature.

Awesome password manager though! I was able to get fail2ban setup for bitwarden as well, which gave me enough confidence to open 443 so that I can let my family use bitwarden! I’ve banned all IP’s outside of the US, and routed my public traffic to one of the 4 Ethernet port on my nas, so that should I feel the need all I have to do the pull that Ethernet and stop public traffic while I find out what is going on, and of course stop 443 on my router.



We’ll actually be bringing this feature to the platform soon - there are a few commits on Github already :slight_smile:

You’ll be able to choose whether or not you want your vault to “lock” - which allows entry of master password offline, or to “log out” - which will require a connection and will prompt for any 2-step authentication configured as well.