Password managers are fantastic tools to help you keep the login details for all of your accounts secure. They enable you to use unique passwords for every website and allow you to use much longer and more complex passwords than you would be able to remember. Obviously, however, the biggest risk is that someone else gets access to your password manager. One key protection against that is to use a long and strong master password. This makes it harder for a hacker to gain access to your account.
However, using a strong master password doesn’t protect you from someone getting access to your device when it’s already logged in. There are two main scenarios in which this is a risk. For example, if your device is infected with malware, a hacker may be able to control your device remotely. Similarly, if you leave your computer logged in, someone with physical access to the device could use it.
In either case, with access to your device, someone else can use your accounts and passwords if the browser extension is logged in. To limit the risk of this sort of access, it’s a good idea to configure your browser extension to automatically timeout. Doing so reduces the amount of time that someone else could be able to access your password vault.
How to Configure Your Browser Extension Timeout Settings
To configure your browser extension settings, you first need to open the extension. To do so, click on the Bitwarden extension icon. Once the extension pane is open, switch to the “Settings” tab. Here, at the top of the “Security” section, you can find two dropdown boxes. The first allows you to configure when the extension will timeout. The second allows you to configure what happens when it does.
You can choose the timeout options: immediately, one minute, five minutes, fifteen minutes, thirty minutes, one hour, four hours, on system lock, on browser restart, and never.
Tip: Immediately, it will require you to re-enter your password every time you open the extension pane, making it quite annoying to use.
You can choose what happens when the extension times out. “Lock” only requires the master password to unlock the vault and doesn’t require an internet connection to work. “Log out” requires you to provide both your username and password to sign in again and requires an internet connection.
When your password manager browser extension is signed in, anyone with access to your device can access your vault. By configuring a time-out period, you can increase your security. By following the steps in this guide, you can configure a timeout for your Bitwarden browser extension and what happens when it times out.