Vault timeout settings not respected + master password input necessary far too often

I read everything very carefully. Your post is useful, but not for me. Your post has high value here on the forum, for other readers.
you wrote a meaningful post about BW taking care of my passwords.
I will respond in the same volume.

For the past few months, BW has been practicing the game “Forced Security”. You were constantly showing a warning about having access to mail. I closed it and calmly, without threats from hypothetical scammers, I quietly lived on.
Now your warnings are over, and so is the game. A difficult reality has begun.

I disabled all authorizations from new devices on the site, no biometrics, and set the “NEVER” timeout again. I have made it easier for all the scammers on the Internet to access my storage with my own hands - this is my choice.
And now I have to enter my password every time. You’re stealing my time. You’re protecting my passwords, which I didn’t ask you to do.

I ask you not to give me an educational program, as in the USSR in the 1920s.

At the same time as your security games, another thing happened - Google introduced support for extensions for mobile browsers in Chromium. And soon all browsers will get it.
All mobile browsers will be able to install third-party extensions. And it turns out that Bitwarden is not the only extension on Android.

This is Autofill passwords from Android. This is not a complete choice. There are browsers with their own Autofill, but Android has not enabled them here. That is, these are not all ways to fill in passwords, only a part.

I’m only talking about desktop. For the last 5 years, I have been entering the password for my password database about 2 times a year. Now you have made it necessary to enter this password 10 times a day, i.e. 3652 times a year.

Now I’ll show you the likely way - now every browser has its own password management mechanisms. On both desktop and Android.
I usually see 2 offers: from the browser and from BW. I close Autofill from the browser and try to keep the database up-to-date from BW.
But I can change my behavior, and swap these two Autofills.

All browsers with Autofill have the same password synchronization system through their servers. None of them are so paranoid about entering passwords every launch. The volume of their password databases is about 70% the same as the BW database.

I say again, 2 months ago there was no such thing as now. Don’t hypnotize me.
When will you bring this setting back and make it relevant instead of an empty picture?

For the following, I assume you mean the Bitwarden master password… (?!)

So you turned the “new device verification” off in the web vault? – Enabling or disabling biometrics, the vault timeout settings and whether you “have” to enter your master password often or seldom have all nothing to do with the “new device verification”.

This topic is about the “new device verification”. If you experience problems or bugs with biometrics (or other unlocking methods) and the vault timeout settings, than this would be worth another discussion (or even bug reports on GitHub).

Interesting… I haven’t heard anything from Bitwarden to that yet… for now I guess, still, only the Bitwarden mobile apps are supported on mobile devices…

See my comment from a minute before - please understand, that this has nothing to do with the “new device verification”… You can open a new topic at every time here on the forum, to possibly “troubleshoot” this separately…

I’ll not completely enter that discussion - but that is one reason, why browser password managers are considered less secure…

Then I’ll say that again also : If you mean by “no such thing” the issue, that you have to enter your master password far more often than before - then that has nothing to do with the “new device verification”. (but it must have other reasons) → the “new device verification” only adds a “second factor” for “unknown devices” during login… the “new device verification” has/is no mechanism to force you to enter the master password more often…

Honestly, I’m confused now. When you say “bring this setting back” and you post a screenshot of the “vault timeout” – “never” settings, does that mean you don’t have or see this setting any longer? - I thought, you just set the vault timeout to never:

… So, did you set it to never – or don’t you have that setting and want it back? (it can’t be both)

The main thing in your answer is that the BW representative considers this a bug. But I (in my inner conviction) consider this to be a forced security from BW.
@AlexCaswen said about this above . I made the appropriate conclusion.
And there are many such examples on other services.
If this is a bug, then I agree with you — it does not relate to the topic “New devices …”.
I reinstalled BW. It didn’t help. BW Itself Works, saves passwords. But it does not save this “Timeout:Never” setting. He shows it, but does not transfer it to BW ???
Indeed, if naming this as a bug, then need to investigate all the reasons (BW, browser, OS). And reinstalling the OS is the fastest and most reliable way :).
Now I’ll forgive to take out my post into a separate topic “bug”. And I promise to continue it by the evening, after reinstalling the OS, or close it.

I think I didn’t write this . I think it sounds more like bugs (or configurational problems) what you are describing. For example: I don’t experience having to type my master password more often than before (but only, where it is necessary).

PS: And yeah, as @DenBesten added, I’m not a Bitwarden representative.

Even if one would see the introduction of the “new device verification” that way - it can’t be stressed enough, that it can be disabled in the web vault, so ultimately it isn’t “forced”… and everything else you describe about the vault timeout settings and master password inputs more frequently, is not a “forced security”, as there was no change for those mechanisms the last months, as far as I know.

Can you please clarify on this what you mean? Because, the vault timeout settings don’t get transfered at all (they don’t get “synced”). For every Bitwarden app/client (browser extension, mobile app, desktop app, web vault…) you have to set individual / separate vault timeout settings. They can be the same vault timeout settings if you wish… but as those settings are not “centralized” settings, you can set different vault timeout settings for every BW app.

Maybe… but a bit “extreme” to begin with reinstalling the OS… I would try other things before that.

(PS: For resetting “Bitwarden” on your devices, it should usually be enough, to deinstall the Bitwarden apps and make sure that the local storage of the BW apps is deleted - and then reinstall the BW apps. – Of course, for all of that, one should have the Bitwarden login credentials at hand - and if the “new device verification / login protection” would be in place, also to have access to the email address, to be able to receive the email verification code…)

Okay…

@serega_da Hey, I decided, to open a new topic with our posts, as the connection to the “new device verification” is very thin and we can troubleshoot your issues better.

I set the title as a focus to the vault timeout settings and your experience, you have to type the master password now far more often than before. - If you’re not okay with the title, then please suggest changes.

Furthermore, I had to set tags for this new topic. If “server:default-cloud” (or are you self-hosting BW?) and “os:all” are not correct, then please say what is more accurate. (as you are experiencing it with not only one BW app, I think “app:all” should be okay?!) - For the OS question: could be good to know, if you’re on Windows, MacOS or Linux… iOS or Android… etc.

To be clear, @Nail1684 , @grb and I are all customers of Bitwarden, just like you. The three of us are not employees and are not representatives.

This sounds like your browser or another extension is deleting your cookies and/or local storage. If you have something like cookie auto delete installed, you might try disabling it to see if that helps.

This problem only with BW-extension for browser. OS: Windows 11.26100.3427. BW always up-to-date — I guess we all can’t change that. And that’s right.

I forgot that the behavior of the individual application has not changed on android, although they have the same server settings. So this is a desktop bug only.

I’ve been using BW for a long time, but people only come to the forum when they have problems. It’s such a pain for all the support forums. And you can’t change that either :).

I know what a cookie is. I don’t clean them, they’re useful. As far as I know, extension settings are not stored in cookies, their are in own folder, or extension_crx, or in “service worker”.
I shouldn’t have to dig so deep to find the source of the problems. Nothing changes for me. No PC, no OS, no browser, no address, no IP. And if I have a new device, a phone, then it stays new only 1 time, not 10 times a day. (And the problems are just not on the phone).
But I do not know why BW stopped saving its settings. Cookies do not belong to BW. Cookies refer to site settings.

I can only draw logical conclusions: first, BW warns about additional protection, and then I see the implementation of my threat — daily passwords.
But I always get such a figurative poetic accusation about “crooked hands” on various forums. 99% of users can only turn on their computer. They have no time to learn the cookies. And I even envy them.

I will reinstall Windows. It won’t be long. It takes a long time to reinstall all the software with its settings. This is a lot of work.

Somebody likes to use a lot of tweakers and cleaners. Then he gets accused too: do you like tweakers ? Then solve your problems self.

One simple reason might be: logging out. - When you log out, the settings in the browser extension do get lost. I stand corrected: just logging out in the extension does retain most settings (as long as the local storage is not manually deleted additionally).

So, do you use the manual log out?

 

And/or did you set the vault timeout action to “Log out”?

Not clicking the Logout button — is the goal of my life, and of my life on this Forum

You can see this extension support now in EDGE 135. Only 22 are represented, including BW. I don’t have a mobile Chrome, probably there either too.
But BW pleases with its reaction speed — from the entire Google Chrome Store, 22 are ext only! Because Edge takes extensions from the MS Store.
Picture need ?

I remembered — there’s Chrome Beta 136, but it doesn’t have extension support!
It’s very strange.
EDGE is moving the entire Internet to the Future !
.

Okay - and your “vault timeout action” is “lock” or “log out”?

And when you have to type in your master password, is it always for “logging in” to the Bitwarden browser extension:

?

Or is it also for “unlocking” the BW browser extension:

?

PS: And what browser are you using? Up-to-date as well? – And did you try another browser (with the Bitwarden browser extension) with the same result?

And what does "it does not save this “Timeout:Never” exactly mean? – Does that setting really resets itself to the default setting “On browser restart”? Or does it mean, the “Timeout: never” setting remains there, but is not respected by the extension (= the extension locks or logs out)?

I guess, you mean the latter (= the setting “is not respected”), right? That is what you mean by “(it) does not transfer it to BW”, right?

I reinstalled Windows. In my life, I’ve probably done this about 100 times already. I remember the days of Windows XP, when just rewriting from a DVD took 15 minutes. Now , with the victory of SSD SATA (including the NVMe format). My Win reinstallation record is 3.5 minutes. But this is only until you get a clean desktop. Working software does not refers to this.

Yes, of course, there is a lot of software specifically for creating backups, transferring the entire OS. But I never learned it. All software is installed from the beginning. This ensures that old errors are not or not carried forward.

Of course the Problem is gone. Everything is the same as before, when the trees were taller and the girls were younger – BitWarden works without additional questions.

The best news is the lack of news. So it is here. I’m glad that I don’t notice any positive changes in BW – I don’t need anything. The main thing is that everything is as before.

The problem looked like this - how in 1 picture .
BW remembers my e-mail, but if you close/open the browser for 2 seconds - - BW request to enter a master-password . I did not touch BW , I only closed the browser itself, where BW - extension . Settings - no, they did not change. The behavior changes of BW itself .
A month ago there were no unnecessary questions, and now they appeared by themselves.

I understand, you need reasons. Your testers are important.
This was more likely a coincidence, as I said .
First, a warning from BW about access to mail, and then immediately problems. I’m glad it’s just a coincidenceI understand that always the biggest problem is determining the source of the problem.
BW is at the top of the chain: Windows - Browser - BitWarden. Yes, at the top. What else can I say on the BW forum?

And problems at any base of this pyramid cause problems at its top.
Don’t torment me – I don’t know what the reason is . The testers are highly qualified, there is a lot of special testing software (they need to have access to hardware, memory, registry) Remotely we won’t find anything . Only by this method exclusion - - clean OS, clean browser, clean BW.
Everything, problems of the this has been destroyed. The reason is hidden in the depths of the unknown. The search for an error is postponed.

Even I remember , on another forum I was asked not to touch the computer. And along with them to look for the reason, send bug-reports, and even install software to catch errors. Thank you, I refuse.
The case is isolated, close the topic.
Moreover, I ALWAYS have the latest versions of Windows, and they are not from the “Stable” channel. More from “Beta” or “Preview” .
I have such a disease, although I do not use these new products, like Copilot on Desktop or even “Windows Hello”.
But on the other hand, if I put these raw versions, then I have no problems with other software except BW. Everything is very confusing.
BW uses all the same technologies as any browser, the same HTML, JS. As all other extensions too (but other extensions do not have a server. Although uBlock , most likely, has a server.
As I remember, over the past 5 years – this picture with BW is only 1 time. This is good.

I want to say “Settings do not apply” .
In long texts I use an automatic translator and do not check the result. Sorry.

Theoretically, there could be a situation where the TimeOut: “NEVER” setting is set (It’s just a beautiful CSS) , but it doesn’t reach the database. The link is broken. And the extension thinks that I have the option “when close a browser” - the result is very similar to this.
But all this is in the past.