Time-delay for vault export

Feature Requests Password Manager
,
1

Time-delay for vault export

Feature function

Feature description

  • You now have a setting “[✓] require [DURATION] timeout for vault export”.
  • When you click export you now get a notification “You can export in [DURATION]. Leave bitwarden open.”
  • You get the same notification when you try to change the setting.
  • After the duration you can export your vault like normal.

Benefits

  • If someone else has access to your computer for two minutes with a locked vault then they can’t immediately export your entire vault.
  • It’s also much harder to force someone to export their vault.
  • There may be some trick around it, reading the files off memory or something, but that’s much harder to pull off.

Related topics + references

  • I think almost all pharmacies and banks use time-delay vaults. Sometimes a bitwarden vault controls keys controlling very valuable assets.
  • Someone raised this topic 3 years ago but it was mixed up with a separate feature request, plus I figure
    new discussion is due: Time-Based Delay Exporting and Passphrase Option/Two Factor Confirmation
  • https://amperite.com/blog/time-delay-relays-in-burglar-alarm-systems/
  • https://www.aaalocksmiths.co.za/time-delay-locks/
2

I get what you are wanting. However; BW is a zero knowledge storage method and the vault MUST be open to even access it let alone export it. I see where your suggestion was to leave it open in order to transfer at some designated time in the future. I would never do that. BW has an immediate lock for those times you need to leave a computer unattended. By locking the vault you are NOT logging out, merely locking it with a strong PIN (mine is alpha-numeric) code. That alpha-numeric code can be somewhat long. I use 6 digits but it could be longer. If someone were to sit at my computer and start attempting to hack in by guessing my alpha-numeric PIN the software gives them “5” attempts and then the BW vault is automatically completely logged out. You are not going to guess my random 6 digit alpha-numeric PIN in 5 attempts unless you are the luckiest person on the planet.

I feel this feature can abate your fears and is very easy to employ. My .02

1 Like
3

I do typically use the quick-lock but occasionally forget, and if I’m sharing my computer with someone on a task it’s a bit rude to grab my computer and lock BW before I go to the bathroom or something. A timeout feature wouldn’t need to be verified server-side or do anything fancy to provide a decent security increase.