When most people consider cybersecurity risks, the focus will primarily be on weak passwords or vulnerability to hackers. This is because these two risks are key in most scenarios. Most attacks either rely on hackers guessing weak passwords or exploiting vulnerabilities. If you’re using a password manager, you have hopefully started – or continued – using unique, long, and complex passwords for every account you have. Hopefully, your master password is also pretty strong. If this is the case, you’ve minimized your risk from weak passwords as much as possible without using two-factor authentication.
One of the issues that you could run into, however, is access to your password vault. If you leave your account logged in, anyone who can access your device can access your password vault. This isn’t so much of an issue in your own home; as you know, everyone there and has control over access to your device. However, if you’re out and about or in an office, this can be more of a risk. For example, if you’re using your computer at work and walk away from your computer, leaving it and your password vault unlocked, a colleague who holds a grudge could access your device and all of your passwords. If you did the same in a public coffee shop, an opportunistic thief could also access your device and passwords to all of your accounts.
To avoid this type of scenario, it’s important to lock your device when leaving it unattended. It is also a good idea to configure your password manager to lock after a certain period of inactivity automatically. Bitwarden allows you to configure both the timeout period and what happens when your web vault times out.
How to Configure the Timeout Action of the Web Vault
To configure the timeout period of the web vault, you need to configure the web vault options. You can sign into the web vault here. Once you’re signed in, switch to the “Settings” tab, then click on “Options” in the column on the left.
To configure your vault timeout period, click on the “Vault timeout” dropdown box. You can select from: one, five, fifteen, and thirty minutes, one or four hours, or only when the browser tab is refreshed. It’s recommended that you choose a relatively short time period, but not so short that you’ll be logged out constantly when you’re trying to use it.
To configure what happens when your vault times out, click on one of the radio buttons under “Vault timeout action.” You can choose to have your vault log you out or to lock. If you’re signed out of your vault, you need to enter both your username and password again, whereas locking your vault only requires your password to re-authenticate and doesn’t require an internet connection.
Once you’ve selected your preferences, be sure to click “Save” to save the changes.
Access to your web vault could grant anyone access to all of your other accounts. Therefore, it is essential to ensure that it automatically locks itself when not in use. By following the steps in this guide, you can choose the vault timeout period and the timeout action.