Understanding how unlocking works; unlocking with security key (yubikey)

I would like to understand how getting a vault and unlocking works.

I am not sure if i understand it correctly, but I currently understand it like this:

  • To get the password vault, one has to log in, for one which needs the master password and optionally 2FA, like a yubikey, or TOTP, for example.
  • Then the app (browser, mobile) puts the vault into its cache somehow, which then is accessible offline.
  • One can “lock” the vault, making it still accessible offline and without 2FA
  • For unlocking, one can unlock it via the master password or via a PIN
  • Logging out essentially means clearing the offline cache, and one has to log in again.
  • If one wants to always enfore 2FA, one needs to log out, this is not possible offline only.

So, first I would like to just ask if I am understanding the above correctly.

The following would be nice:

  • Being able to unlock via more methods, like using a security key or TOTP
  • Being able to enforce 2FA offline as well (not sure how well this works from a security standpoint because offline, one can tamper with the clock and therefore with TOTP and other 2FA options, I guess…?)

I have found the following posts about this:

Are there any recommendations, setups, updates, news, or just general knowledge things that you can tell me about?

@zmberber Welcome to the forum!

You can also unlock via biometrics (fingerprint or face ID). Also, please note that on non-mobile apps, the “PIN” can be non-numeric — i.e., a password or passphrase.

Can you try to link this again (or use the </> button in the forum text editor to insert the URL as pre-formatted text instead of a link)? I cannot find anything like what you’ve described in the release notes.

Thanks for the link. That is a blog post that is four years old not really relevant. It just announces that the option that was known as “Lock Options” before 2020 was being renamed to “Vault Timeout Action”. It is still called “Vault Timeout Action”.