Session timeout options determine whether Password Manager vault will automatically log out or lock after a specified period of inactivity. When configuring your vault timeout settings, you can set the timeout
and timeout action
.
To set your timeout behavior:
Navigate to Settings → Security to choose your session timeout and session timeout action.
Navigate to Settings → Account security to choose your session timeout and session timeout action.
Navigate to Settings → Account security to choose your session timeout and session timeout action.
On macOS, navigate to Bitwarden → Settings to choose your session timeout and session timeout action.
On Windows or Linux, navigate to File → Settings to choose your session timeout and session timeout action.
note
Closing the desktop app will cause the vault to lock or log out, depending on your chosen timeout action.
Session timeout, also called vault timeout, determines how long Bitwarden can be inactive before timing out. Inactivity is measured by time since interacting with Bitwarden—not system idle time.
Timeout options vary by app. If there are fewer timeout options than expected and you're part of an Enterprise organization, they may have turned on the session timeout policy
.
Select when your Bitwarden session times out:
Time passed: After the time interval you chose, like 5 minutes or 1 hour
On browser refresh: When you refresh the browser window where Bitwarden is open
Custom: After the amount of time entered in Hours and Minutes
note
Because the web app and browser extensions depend on your web browser, there are unique timeout scenarios to consider:
If you refresh your browser (CMD/CTRL + R), the web app will lock. Refreshing will not affect a browser extension.
If you close your browser tab, you will be logged out of your web app vault. Closing a single tab will not affect the browser extension.
If you close your browser window, you will be logged out of your web app and your browser extension will timeout.
By default, your browser extension will require you to login or unlock with your master password regardless of your selected vault timeout action.
To instead unlock with a PIN after closing your browser window, uncheck Lock with master password on browser restart option when setting up the PIN
.
Select when your Bitwarden session times out. Available options may differ by browser and may include:
Immediately: When the user stops interacting with Bitwarden
Time passed: After the time interval you chose, like 5 minutes or 1 hour
On system lock: When the device is locked or the screensaver activates
On browser restart: When you first open or restart the browser where Bitwarden is open
note
Some browsers will treat the On browser restart option differently:
On Chromebooks, there is no way to fully close or restart the browser. Therefore, the On browser restart option will only lock the extension when you restart your device.
In Firefox browsers installed via snap, closing the application does not stop all processes. Therefore, the On browser restart option will only lock the extension when you restart your device.
For Microsoft Edge users, browser restart does not take place when closing the browser. In order for Bitwarden Vault Timeout to occur On browser restart, two Microsoft Edge settings must be turned off:
Startup Boost
Continue to run background extensions and applications after Microsoft Edge is closed
Never: Your session doesn't time out.
warning
The Never timeout option stores your encryption key unencrypted on your device, which may hinder security. To keep your data secure, we strongly recommend choosing a different option.
Custom: After the amount of time entered in Hours and Minutes
Browser extensions will not observe your chosen time-out settings when popped-out.
note
Because the web app and browser extensions depend on your web browser, there are unique timeout scenarios to consider:
If you refresh your browser (CMD/CTRL + R), the web app will lock. Refreshing will not affect a browser extension.
If you close your browser tab, you will be logged out of your web app vault. Closing a single tab will not affect the browser extension.
If you close your browser window, you will be logged out of your web app and your browser extension will timeout.
By default, your browser extension will require you to login or unlock with your master password regardless of your selected vault timeout action.
To instead unlock with a PIN after closing your browser window, uncheck Lock with master password on browser restart option when setting up the PIN
.
Select when your Bitwarden session times out:
Immediately: When the user stops interacting with Bitwarden
Time passed: After the time interval you chose, like 5 minutes or 1 hour
On app restart: When you first open or restart the Bitwarden app
Never: Your session doesn't time out.
warning
The Never timeout option stores your encryption key unencrypted on your device, which may hinder security. To keep your data secure, we strongly recommend choosing a different option.
Custom: After the amount of time entered in Hours and Minutes
Select when your Bitwarden session times out:
Time passed: After the time interval you chose, like 5 minutes or 1 hour
On system idle: When your device has been inactive for a set time but hasn't entered sleep mode
On system sleep: When your device goes to sleep
On system lock: When the device is locked or the screensaver activates
On restart: When your device is first turned on or restarted
Never: Your session doesn't time out.
warning
The Never timeout option stores your encryption key unencrypted on your device, which may hinder security. To keep your data secure, we strongly recommend choosing a different option.
Custom: After the amount of time entered in Hours and Minutes
This option determines what Bitwarden will do once your session times out
. Options include:
Lock (default)
Locking your vault will maintain vault data on the device, so unlocking your vault can be done offline. You will be required to enter your master password
or PIN
, or use biometrics
, but won't need to use any active two-step login methods.
Log out
Logging out of your vault completely removes all vault data from your device. Logging back in will require you to re-authenticate your identity, so logging in can only be done when online. You will be required to enter your master password
and any active two-step login
method.
If you use trusted devices
, you must enable biometrics
or a PIN
to unlock your vault. If biometrics or a PIN is not enabled, a session timeout will always log out instead of locking.
Unlocking and logging in with trusted devices always require an internet connection.