Will lock options ever mirror roboform?

Migrating from Roboform leaves one pretty important feature behind. On desktop with roboform, when my computer restarts and I login, it will remain logged in. Only when I reboot do I need to enter master PW again. This isn’t the case with Bitwarden. I’m forced to either constantly type in passwords to unlock which is tedious and unnecessary especially at home, but now I have the unlock set to “permanent” which is now a real security threat as if someone steals my PC or whatever, ALL my secured data is vulnerable. I’m sure this is fine for a lot of people, I don’t need convincing I know what I want, so just asking if this is on the table and if not, could someone explain why. Very happy with Bitwarden otherwise and love it on mobile as it just works so much better.

It’s probably not coming because your encryption key is stored in memory so if you close the app or browser the key is removed and thus you need to enter your master password.

To work like Roboform, Bitwarden would need to store your encryption key to your hard drive which is just as bad as setting Bitwarden to never lock.

The next best option is to use PIN unlock in settings and uncheck the require master password on restart. This way the data is encrypted but you don’t have to enter your master password all the time, just the PIN. The PIN never leaves your device so you still need to remember your master password. After 5 failed guesses of your PIN, Bitwarden goes back to requiring your master password. So the PIN is safe to use.

1 Like

Thanks for the explanation. I think having a password stored on the drive is still much safer than what I’m doing now, I mean I know it is. Having the option would be convenient for many of us migrating and could help Bitwarden grow.

1 Like

I agree. It would be nice if that was an option. For anyone who uses Bitlocker, or encrypted volumes on a Mac, then the possibility of recovering the key from somewhere on an encrypted volume, is pretty slim. Especially when you consider that the likely recipient of your stolen PC is probably some crack-head burglar who is hardly likely to a be whiz computer cracker or government agent.

Plus the fact, reading the OP, it would seem that Roboform probably erases the key on computer shutdown - which would seem like a very sensible idea indeed. So any thief who managed to crack your encrypted volume - no matter how unlikely that might be - may not find the key anywhere anyway.

That’s the way to go!

2 Likes