Why does cloud BW require me to unlock BW vault if it's already open in another tab of same browser?

lenraphael · January 16, 2023, 5:34am

and I have the custom timeout set to 72 hours?

I get this behavior on Chrome beta, Edge beta on Win 11 standard release and early release. Several different PC’s.

Have cleared everything from each of the browsers on each machine. Rebooted.

cksapp · January 16, 2023, 6:34pm

Not entirely sure with this one, but I would imagine it is a browser level security feature to not allow sharing of memory resources between tabs, or it could be how Bitwarden is coded.

Similarly to how if you had installed a malicious extension or visited a sketchy website, you wouldn’t want this to be able to read data from your password manager.
So I would imagine trying to share the Vault encryption key in memory would be something difficult/near impossible to do securely.

BW_Michael · January 16, 2023, 7:11pm

The web interface is counted as a different device, I believe. This is probably for security reasons.

grb · January 16, 2023, 9:05pm

Why not install the browser extension instead of using he web vault? Then you just need to unlock once, and the vault will be available in all browser tabs (and even in different browser windows).

lenraphael · January 17, 2023, 3:23am

After someone else on this site explained to me how to change the settings for each browser extension, for each windows pc, I set timeout to “never” because they’re all secure desktop pcs with other security.

That reduced need to enter my master pw by about 90 pct.

Don’t understand what the extension setting for “Unlock with PIN” does, because when I have to lock seems I still have to input my master pw.

(I have the other PIN setting Vault timeout action

Unlock with PIN and input a PIN.

Does that PIN get wiped out every time I logout?

Should i uncheck “Lock w master pw on browser restart” or is that redundant

Regardless, I’m never getting prompted to input the PIN I input. Prompted for master pw.

grb · January 17, 2023, 3:32am

Yes, the PIN is reset every time you log out. Most users stay logged in all the time, and just use vault locking to secure their passwords.

That is up to you. If you never want to type in your master password and just use your PIN, then you should disable it. Some people prefer to keep it checked, to provide additional security, or just to ensure that they will remember their master password by having to type it in at least once a day.

lenraphael · January 17, 2023, 5:30am

got it. I’ll ignore that kinda useless setting and just input my master pw when needed. Thank you.