OK, for the love of pete what must I do to not have to enter my vault password every single time I open the extension OR the desktop app? I have the timeout set to 4 hours– doesnt matter…. its super irritating… not sure I an hang with it anymore. Thoughts?
@kevinvinv Welcome to the forum!
We would need some more details… and I think, the easiest and fastest thing would be, if you could post a screenshot of your Account security page in the BW extension settings (and the corresponding desktop app settings) – like this:
And do you close your browser (!) and the desktop app in between?
Set the timeout to “Never” (and take measures to ensure that no malicious actor ever gets access to your device, whether in person, or remotely via malware).
Besides what @grb said, the second easiest (and safer) thing is to never close your browser or desktop app. In the desktop app, you can make actual closing (File → Quit menu) more explicit by setting these options:
Well, THANK YOU for these replies. I am very relieved to at least get some advice! I am vowing to reduce a few irritants for the new year! 
Here is my screen shot from the browser extension
and from the desktop app
(They wont let me post a second image since I am a new user but it looks the same)
YES- I DO close my browser and desktop app. Is that the issue? I always did that when I was using LastPass and didnt have this constant need to enter my massive vault password as I recall (not to make a comparison here… but making a comparison )
I am presuming that the root cause is closing the browser and / or desktop app. I find this a little odd actually but is that the cause of my troubles?
I did the settings you mentioned @Neuron5569 , that seems helpful for the desktop app.
I noticed this too:
I wonder, would you feel like commenting on this a bit? I would much rather use the desktop app in general but of course I like the auto-fill feature offered by the extension(s). What does the above feature actually do?
I will read the manual on this…
This setting (“Allow browser integration”) in the Desktop app is directly related to the browser extension setting “Unlock with biometrics” (which you can see at the top of your first screenshot). For technical and security reasons, the browser extension’s “Unlock with biometrics” function requires behind-the-scenes communication between the browser extension and the Desktop app; the Desktop app setting you were asking about (“Allow browser integration”) gives permission for such communication to occur.
For security reasons, if you quit and restart the browser or Desktop app, Bitwarden will become locked (the only exception being when the Timeout is set to “Never”, which is not considered a secure setting). One way to circumvent this (without setting the Timeout to “Never”) is to refrain from closing the browser and Desktop app, instead just minimizing them and allowing them to keep running in the background. The Desktop app (but not the browser extension) has a set of settings (summarized by @Neuron5569 above) that will automatically minimize the Desktop app instead of closing it when you click the ☒.
I would suggest that you start with the following sections of the documentation:
- Understand Log In vs. Unlock | Bitwarden
- Unlock With PIN | Bitwarden
- Unlock With Biometrics | Bitwarden
Then you can decide whether you would prefer to unlock your Desktop app and/or browser extension using a PIN or Windows Hello (biometrics) instead of typing your master password.
Well, it’s not really a cause of trouble, but that’s how Bitwarden works (compared to LastPass); if you don’t close the browser or the desktop app, the timeout would likely be honored.
The “Allow browser integration” feature essentially lets the desktop communicate with the browser extension for “Biometrics unlock,” which, on Windows, just means “Windows Hello unlock,” regardless of whether you have a biometrics device. If you are running the desktop app all the time and you set up “Biometrics unlock” on both the desktop and in the browser extension, you can actually close the browser at will and unlock it with your Windows PIN or biometrics when needed.
You should definitely use the browser extension for its anti-phishing properties; it only matches against the URL that was initially set up, and malicious websites won’t be able to fool it, unlike a distracted human.
Bitwarden does let you unlock your apps/extensions in a number of ways, including password (like you are set up now), PIN, and biometrics (which, on Windows, means with your Windows PIN or biometrics). Logging in is not the same as unlocking, as you’ve learned from other comments.
Ok Thank you both for such a generous bit of help @Neuron5569 @grb
I am very thankful. I wish things didn’t work like they do but trust there is some reason that bitwarden is different than LastPass in this regard… of course I know LastPass had a bit of a security issue at one point after all… and that is why I switched to BitWarden.
Anyhow, At least I understand a bit more now.
I don’t use Windows Hello (not sure why) and I don’t understand why a pin is considered secure exactly but I’ll have to read the sections you pointed me to and do some study.
Thanks again. I have configured firefox to close less often and the desktop app settings for minimize seem VERY nice.
Thanks again.
Ding ding ding ding! 
Yes, you hit it one the nose: allowing the browser or app to unlock your vault without user input (after restarting a browser or app that had been closed) is not possible without creating a serious security vulnerability.
First, to avoid misunderstanding, I should clarify that in Bitwarden’s non-mobile apps (e.g., the Desktop app and the browser extensions), a Bitwarden “PIN” can also include non-numeric characters. Thus, it is more accurate to think of “Unlock with PIN” as unlocking with an alternative password (different from your master password).
Enabling “Unlock with PIN” is thus an option that trades off an increase in convenience for a decrease in security (against local attacks against your devices — the security of the main vault database stored on the cloud servers is not affected). You are in complete control over how much security is lost (and how much convenience is gained), by choosing how strong the “PIN” (alternative password) should be.
For example, best practice is for the master password to consist of a randomly generated passphrase consisting of at least 4 randomly selected words (e.g., guts-olive-macaroni-crummiest); this is equivalent in strength to a random character string consisting of at least 8 randomly selected characters (e.g., BSy=5VDn), whereas the passphrase option is recommended because it easier to remember and to type.
Now, when setting a PIN, you could do a three-word random passphrase (e.g., anvil-approve-density) or a six-character password (e.g., 2Jn@0I) for modest security reduction (an 8000-fold decrease in average cracking time) accompanied by a 30% increase in convenience. Or you could do something more extreme, like setting an all-numeric PIN (e.g., a 9-digit random PIN like 237502825, which would reduce your security by a factor of almost 4 million, compared to the master password).
An important aspect to consider is that the reduced security mentioned above is applicable only in scenarios for which an attacker is able to obtain a memory dump from your device (e.g., using information-stealing malware) while the Bitwarden app (and/or browser) is running, but locked. If you consider this scenario to be far-fetched, then the gain in convenience will likely outweigh any real increase of your risk.
1 Like
Well! That post made me smile! You spent a lot of time and cleared up a lot of questions and I Iearned a lot.
THANK YOU - I enter the new year with one less irritant… and I am grateful!
2 Likes