When you restart the browser, a new browser extension process is started, which has an assigned section of memory that is initially blank. To load your vault data into the process memory (so that you can see your vault contents), the browser extension first reads a local cache that has been stored on your computer hard drive. However, to safeguard your secrets, the stored data cache is always encrypted — this means that no one, not even the Bitwarden browser extension, can decrypt the encrypted vault data (thereby unlocking your vault) unless they have access to the required encryption key.
Because the Bitwarden browser extension process memory is always blank whenever you restart the browser, how can the extension get the key that it will need to decrypt your vault? There are only two possibilities:
- It reads the key from some storage location (hard disk or credential manager) on your computer.
- It generates the correct key value based on information entered by the user at the unlock prompt.
Case #1 is what happens when you set the Timeout to “Never”. Case #2 is what happens when you set the Timeout to something other than “Never”.