Understand Log In vs. Unlock
Bitwarden uses two distinct processes to secure your vault without sacrificing convenience: logging in to your Bitwarden account and unlocking your vault. This separation ensures Bitwarden never stores unencrypted data on its servers. When your vault is not unlocked or logged in, your vault data only exists on the server in its encrypted form.
Logging in
Logging in to Bitwarden retrieves the encrypted vault data and decrypts the vault data locally on your device. In practice, that means two things:
Logging in always requires your master password, approved device, or created passkey to gain access to the account encryption key that's used to decrypt vault data. Any enabled two-step login methods are also required at this stage.
Logging in always requires an internet connection (or, if self-hosting, a server connection) to download the encrypted vault to disk. The vault is then decrypted in your device's memory.
Unlocking
Unlocking your vault is only done when you're already logged in. This means, according to the above section, your device has encrypted vault data stored on disk. In practice, this means two things:
You don't specifically need your master password. While your master password can be used to unlock your vault, so can other methods like PIN codes and biometrics.
note
När du ställer in en PIN-kod eller biometri används en ny krypteringsnyckel härledd från PIN-koden eller den biometriska faktorn för att kryptera kontons krypteringsnyckel, som du kommer att ha tillgång till genom att vara inloggad och lagrad på disk
ª.Upplåsning av ditt valv gör att PIN-koden eller den biometriska nyckeln dekrypterar kontokrypteringsnyckeln i minnet. Den dekrypterade kontokrypteringsnyckeln används sedan för att dekryptera alla valvdata i minnet.
Att låsa ditt valv gör att all dekrypterad valvdata, inklusive den dekrypterade kontokrypteringsnyckeln, raderas.
ª- Om du använder alternativet Lås med huvudlösenord vid omstart, lagras denna nyckel bara i minnet istället för på disken.You don't need to be connected to the internet (or, if you are self-hosting, connected to the server).