Why do I have to supply my password twice, once for the browser extension and again for the Web Vault?

Hi, BitWarden Fans,

I’m a long-time LastPass user trying out BitWarden. I use Firefox and have the BW extension loaded, plus a browser tab showing the BW Web Vault. Using the extension I have set the Vault Timeout option to “On Browser Restart” and the Vault Timeout Action option to “Lock”.

When I first start my browser, both the BW Web Vault tab and the extension ask me to enter my password, of course. If I enter the password into the extension, BW unlocks the extension. However, the BW Web Vault tab still wants a password (and my 2FA code).

On the other hand, if I start the browser and first enter my password (and 2FA code) into the BW Web Vault tab, the extension still requires me to enter my password. In LastPass I only had to enter my password (and 2FA code) once in order to use both the extension and the vault tab. I really want to use both the Web Vault and the extension, so this is a nuisance. Any suggestions?


Different people use things in different ways. I usually have an extension running, I seldom use the other ways of accessing my passwords. Why do you want to use both.

I don’t know, but it is possible that having the two things separate is a bit more secure.

Can you clarify the issue here. Are you asking if open a browser and go to bitwarden.com and login, why when you open the extension it prompts you for the password, too? I recall this is the behavior for Last Pass as well.

How about first logging into the extension and then using it to log into the Bitwarden vault (for what ever reason that might be necessary) ? Then logging in is just a hotkey away: Ctrl + Shift + L

Good question, David. The extension lists sites in alphabetical order, which is not handy. The browser tab lets you show your favorites, so you can launch sites from there. However, if you have multiple logins into a site, then it seems you need the extension to choose which login you want.

Hi, Paul. I have a standard browser tab open for the LastPass web vault. I use it to log in, at which point the extension is active, too. I think the reason is that the web vault (as a tab) is really just a way the extension can show itself (in addition to the red extension icon in the upper right). BW seems to handle the tab/vault as a separate entity from the extension, or so I’m guessing.

Do you use Bitwarden as a bookmark-manager or do you have lots and lots of accounts for the same sites?

If you filled in the URI for (almost) every login then you should never see too many items.

Thanks, Peter. That’s clever. I logged into the extension (supplying my two-factor authentication code), and BW did fill in the user name and password. Good. However, it requires me to manually look up and add my two-factor authentication code (again).

If your TOTP 2FA (edit: poor wording. It was late, I was tired.) is within Bitwarden all you have to do is press Ctrl + V to paste it.

Peter, you said “If your 2FA is within Bitwarden all you have to do is press Ctrl + V to paste it.”

I assume you’re referring to BW’s own authenticator, as opposed to, say, Google Authenticator or Authy. That’s a premium feature, right?

If one uses BW’s own authenticator and someone gets access to your BW login name and password, then they can go to all of your sites that require authentication codes, right? Of course, I guess they’d have to first overcome any 2FA method you use to log into BW.

I can’t confirm for the browser extension, but on mobile, if you are Bitwarden premium and autofill credentials from an item that has 2FA code, then the code is supposed to be automatically copied to your clipboard, meaning that you only need to paste it.

The reason why LastPass does not ask you for the password to access your vault is because it’s using a local copy of the vault, which as you guessed it, it’s more or less part of the extension. If you were to go to LastPass online vault which is the equivalent in this sense to “vault.bitwarden.com”, then you would see the same behavior. That is because you’re technically accessing a site which requires you to identify, not a local decrypted vault.

If it’s bothering you to unlock the vault with the master password and 2FA, you can choose to pick a pin in the settings, or choose to never lock. However, the web vault will not be affected. What you can do however is to press “Remember” when you put the 2FA. This will not ask you anymore for it. To keep the vault open in a tab, you need to go to settings and make it to never time out, however, you will have to enter the password again if you close the tab.

Another workaround is that you can put your password for bitwarden inside your bitwarden vault… This does present some risks, like someone getting access to your device while the vault is open.

However, as far as I am aware, Bitwarden will always request you to enter your password for the vault.

Thanks, Yuri, for the detailed reply! One follow-up: if one asks BW to remember the 2FA code, how does one “undo” this so one is again expected to enter the 2FA code?

I guess I always felt the bitwarden site and extension are separate entities, so you can’t really login one and expect the other to work the same way. When I tried this with last pass in the past, it also required me to login twice. It may be the difference in settings?

Both will require relogin if you close the browser. However, for the extension, I think you can set the timeout so that even if you close the browser, it still stays open depending on your setting.

For your browser find the settings for cookies and delete all for Bitwarden.com.

I haven’t tried it for the apps but I have read several times that this should work:
Go to vault.bitwarden.com and log in, then go to SettingsMy Account and scroll down to the Danger Zone. Click Deauthorize Sessions. Read the pop-up and remember that (as mentioned) it might take “up to one hour”.

Before you delete the sessions, what do you mean by 2fa code. Do you mean the one for the bitwarden site or did you mean the individual 2fa on each account?

This was about the 2FA code for the Bitwarden account.

Thanks, guys, for helping this newbie. I am pleased there is an active community of BitWarden users willing to help one another. This should ease the my transition to BitWarden.


We unfortunately do not have the same kind of video about this forum: