Firefox Bitwarden extensions constantly logging me out #8873
Comments
|
Hello there, Can you please share your timeout action and settings within your Bitwarden extension? |
|
Hi @Krychaz
|
|
+1, I've been seeing the same behavior for the past week and a half or so. Same environment, MacOS 14.4.1, FIrefox 124.0.2, BW extension 2024.4.1 (I don't have the issue on Chrome 123 on a separate 14.4.1 mac, nor with Chrome on Windows 11). Assuming the same cause, it looks like the extension is locking but not performing a full logout (email is pre-filled and I am asked for my password, but not prompted for 2FA). These are my set security settings, but when this issue pops up it unchecks the "Unlock with PIN" option and I have to set a new PIN. 
|
|
Yeah to be clear the browser extension isn't doing this on Chrome (and it seemed ok on Firefox on Linux too, but I have not used that as much recently to be certain). On the browsers where I see the issue it doesn't do it every day, as today is ok. But it is happening across multiple profiles I have on the firefox browser on Mac |
|
Thank you. I have passed this issue to our engineering team. |
|
Happens with Firefox on Linux too, if that helps. |
|
Same here. I've got Vault Timeout set to 'never'. Vault Timeout option is 'lock'. Environment is Firefox (currently version 125.0.2) and MacOS Sonoma 14.4.1. |
|
I'm encountering the same problem on Firefox 125.0.2 x64, Windows 11 23H2 |
|
same here, multiple machines. between this and the biometrics-take-5-tries bug introduced 2 years ago and never fixed, bitwarden has really become a bit of a disappointment. I've stopped recommending it to people, personally, which is sad after so many years of quality product. |
|
Seeing this as well the past week. Set to "never" logout, but may be happening when computer goes to sleep and resumes. Not sure. Or maybe when restarting browser. Tried "remember email" but that setting seemed to be lost. It's not like the extension is 100% reset; after logging back in, I saw that it was still set to "never" timeout, and to Unlock with PIN. It's just finding a way to be logged out anyway. |
|
Hello everyone, I wanted to let you all know that I understand what you're all referring to, as I've experienced this myself a few times in the past 2 weeks on my Windows 11 Pro machine with Firefox. We're looking into this matter internally at this stage. I thank you in advance for your understanding and patience, |
|
Hello, We believe we have identified the root cause of this issue and plan to address it in the upcoming release of the Firefox extension. Due to ongoing release preparation and the store submission process we cannot guarantee a date for this new version to be available, but it will be provided as soon as possible. Thank you for your patience. |
|
Also happens on Firefox ESR (currently 115.10) on Linux (debian 12, in my case). |
|
I'm wondering why this doesn't happen on my PC. I'm logged in to my vault on both my work Macbook (Sonoma 14.4.1) and my home PC (Windows 11 23H2) but I'm only signed out on my Mac. On both machines I use Firefox 125.0.3 and the timeout settings are the same. |
|
Still happening on my extension version: 2024.4.2 + Mac FF 125.0.3 |
|
I haven't experienced this in a few days using 2024.4.2 with Firefox 125.0.3 on two Linux machines. |
|
I share @good-lly's experience, but running on Windows: I also experienced the logout with 2024.4.2 on Firefox 125.0.3 on Windows 10 today. |
|
2024.4.2 on Firefox 126.0, MacOS 14.4.1, still having this issue. |
|
Still occurring on Bitwarden version 2024.4.2, on Windows Firefox. |
|
Version 2024.4.2 seems to have made this worse. Previously, it was only affecting my laptop (which I imagine had something to do with sleep mode), but now it's also affecting my desktop, which doesn't ever go to sleep - it only turns off the display. Would really like to see a fix for this ASAP, because right now there's zero point in setting "Vault Timeout" to "Never" or "Vault Timeout Action" to anything other than "Log Out". Also, for whatever reason, this isn't a true logout, because I'm not asked to confirm 2FA when logging back in. Both my laptop and desktop are on Windows 11 Pro, Firefox 125.0.3 |
I should not have said that; the day after I got logged out again. |
same |
|
@trmartin4 how are things going regarding this bug? It's been some time since Bitwarden's last comment on this matter. |
|
Also happening on Firefox/Arch Linux |
|
Also got this issue, very frustrating.
|
|
Bitwarden support pointed me to this thread after I raised a support case for this issue. System: 2022 MacBook Air I can't see any pattern in the way the logout ocurs, it is not triggered by reboots or closing & re-opening the browser, it occurs sometimes after a long period of sleep, and sometimes it has occured while I've been using the browser. |
It works for a day or two then breaks again, I'm on my 3rd or 4th reinstall. It wouldn't even be as bad if 30% of the time it fails to actually fully log me in, and just spins on loading, so then I have to go into the menus, log out fully, then log in again to actually get my passwords. |
Surely an ETA or goal release date could have been provided? The issue itself is irritating, but the lack of communication is (IMHO) worse. If you could let us know once it is submitted to the store, that would at least provide some guidance. The last browser releases were: Dec 20 Surely we can't be far off release now? |
|
Or at least a method to downgrade to an older version of Bitwarden? All previous versions on Mozilla are broken with the I revisit this thread multiple times every day when I eventually get signed out again and copy my password from a Notepad window I have open just for logging into Bitwarden, the lack of updates (or a fix) is really tempting me to switch to a different password manager. |
|
@Krychaz @trmartin4 Is there any way that the next release could be expedited? The issue is starting to get ridiculous - I'm being logged out multiple times a day. The entire reason I use Bitwarden is so I don't have to constantly type passwords. |
never once did i mention any issue with anything other than the fire fox plugin. and OBVIOUSLY i know how to identify the settings in each.. the plugin is and has always been set to "ON BROWSER RESTART". but thanks for NOT reading the whole content. |
|
as for the firefox plugin. another user mentioned rolling the plugin back... may have to try it. ive had it disabled for over a week.. did a search for an update - NONE. quit sad actually.. this is such a GREAT idea.. too bad it does not work as expected... if this was Amazon. i bet we'd get our money back... but, then its not really about the money.. to me, its about the functionality of a wonderful idea, that seems to be lacking in addressing a real issue that is clearly impacting many users... its quite sad to me... |
|
Bitwarden is a security tool. If they can't keep base functionality working, how can we have confidence our passwords are secure? My entire life lives inside my password manager, it's important. |
|
Hello, I'm a paying Bitwarden customer. I didn't want to further pollute the issue by asking here. Therefore, I went to Bitwarden support and asked for an ETA. Unfortunately, I didn't get any answer other than next release. And at the end, I was redirected to here by support. So here it goes. This bug became so unbearable recently that we went back to using shared Apple Notes in my family for most used sites. Can I please get an ETA for the fix? Thanks! |
|
Not that this is a "fix" (and I really hope that Mozilla speeds things up and gets the new version out ASAP), but I'm assuming that everyone who has to re-login everyday (or more often) is using the "Login with your phone" option (if you can)? It's much simpler than having to type out a long master password every time. |
|
I have also noticed this issue on Firefox on both Windows 10 and MacOS Sonoma for the last few months. |
You can also do this from the desktop app, although you have to pop out the extension window or use the classic sidebar. Personally I've now almost fully transitioned to proton, which I don't like anywhere near as much....but it does function. It's missing some important features but the import process went smoothly (it just ignored what it didn't understand) and it's been serving me well the last week or two as a backup. |
|
Hello, We will be releasing the fix for this issue in our June release of the Firefox extension, which will be submitted to stores in the middle of next week. As users of the product ourselves, we understand the frustration with this bug and sincerely appreciate the patience as we build this into our upcoming release. We have had a longer-than-normal release interval and this bug was caught in that intervening time. This is not a pattern that we expect to continue, and we do truly appreciate and recognize that this was a frustrating experience. As there is a lot of interest in this thread, we will keep this open until the release is submitted and you are able to see the results on your browsers. Thank you sincerely for your patience. We are all very glad that we can commit to having this fixed soon. |
|
I understand bugs happen. Unexpected delays happen as well. On a different note: is there a way to help Bitwarden catch these bugs before they hit the extension stores? Like a beta-testing program. |
|
@trmartin4 Glad that a fix is finally coming out with a definite schedule. As others have said, though, I would have preferred better communication on this issue. I'm also left wondering why it will be nearly two months since the issue (and presumably the fix) was identified when the fix finally comes out? Will also point out that you had a new release between now and when you said "the fix will deploy with the next release" - Browser v2024.5.0 came out on May 21, almost a month after your original comment. I'm not going to lie, this is quite disappointing, and I (and many others) would like to see better communication in the future - perhaps starting with more detailed patch notes? "Bug fixes" doesn't really tell us which bugs were fixed (and, perhaps more importantly, which were not). |
|
I hate to pile on to this thread but I couldn't agree more re: the release notes comment by @ann4belle.
|
|
+1 |
You can actually (this I wad I do, for example) set up passwordless authentication via push notification to your mobile device, which we asserted it works fine and is not affected by this bug, and then just put the PIN again in the settings (no 2fa required (I did put "remember me", to be noted), no nothing, and from my experience the extension retains all settings but the PIN, and logs you out, nothing more)
There is an option, it's not with a Yubikey, tho you can emulate a Yubikey, it's called OnlyKey, idk if you ever heard of them. Well basically it's a password manager on a USB stick, you unlock it with a PIN between 7 and 10 digits and can use it to input URLs, usernames, passwords, it can do 2FA via U2F/WebAuthN, TOTP, HOTP and Yubico (standard, not "authenticated", if the service talks to the Yubico servers then you have the option to buy (or in your case you already have) a Yubikey and "steal" its keys to use in the OnlyKey), yes you can use only one at a time (Yubikey gets disabled) but at least you have one device that works for everything and - ice on top of the cake - it's inexpensive, like I paid 55 shipped I think if I remember correctly... IK, it's a workaround, but you can input both password and Yubikey/TOTP/WebAuthN with one PIN and one click No I'm not an OnlyKey investor (they're not public) nor an associate nor anything (not even a shill, I think), I just like the product, and for its workarounds and quirks, it definitely has quite a lot of benefits too IMHO. |
Couldn't have said in better terms what was reflected upon by @ann4belle and @scottwallacesh, and also @pwseo here:
@ home I live on the edge, I'm on Arch Linux with LibreWolf and BetterBird and (I'll let you bash me in the comments, I know, I know) a crap ton of AUR packages, I wouldn't mind beta-testing BW at home. But at work, where I need to get things done, doing customer support with some client on the phone line? I can't wait 3 minutes just to log in. Yes I can put the customer on hold, but how many times before s/he gets frustrated at me for something that isn't my fault? Point is @trmartin4, as a community of (admittedly mostly) nerds, we would like to have the ability of help you help us, some of us wouldn't do it, but just the possibility of doing so would mean a lot "in the public eye"... |
|
+1 |
|
Thank you all for your honest feedback. We truly value and respect the consideration of our community, and we will make efforts to be more responsive in the future. We were hesitant to commit to any particular release timeline in this case, as we wanted to avoid over-promising, but avoiding any communication at all left the community feeling like the issue wasn't being addressed - which is far from the truth. Our release schedule in this case was disrupted by the efforts for the Manifest v3 overhaul of our extension, which resulted in a more limited release ( |
|
Thanks @trmartin4 , that is a reasonable response and I appreciate yours and everyone's efforts at Bitwarden. In the grand scheme, while this bug is annoying...it's just that -- annoying. It's not a completely app-breaking thing. I, like the others, get that many of us pay for this solution and with that comes certain expectations, but at the end of the day, this is indeed a minor annoyance and not anything detrimental. Thanks for working on this and for the explanation. |
I strongly disagree, @justinnichols. Bitwarden is, first and foremost, a password manager - I (and many others) use it so that we don't have to remember and constantly type in passwords to websites and apps. A bug that requires me to near-constantly re-enter my password stretches beyond mere annoyance and into "app-breaking" territory, since it significantly diminishes the usefulness of the app. I have to login to a service that refuses to respect my "remember me" setting 1-2 times a day, roughly coinciding with the time that the extension logs me out. This renders the app next to useless to me, since I'm effectively forced to type in a password no matter what - either I type in the password to the service I'm trying to use, or I type in the Bitwarden password, hope it doesn't get stuck spinning, and have Bitwarden autofill the saved password. I'm personally going to choose the second option for a number of reasons, but if I was a first-time user of the app, a bug like this might turn me off from password managers entirely - which is absolutely not what a company offering a paid password manager service should want. |
|
You're quite free to disagree, @ann4belle . I'm used to people not agreeing with me -- because I use logic and reason more than I use emotion, or I try my best at it. I work in software engineering and know what it takes to build/test/deploy/maintain software. I agree, this sucks, and shouldn't have taken this long to fix, but the annoyance of having to type one and only one password to get access to your vault vs. the annoyance of having to remember all passwords for all sites, seems quite lopsided. It's a bug, it's acknowledged as such, and it will be in a fix as soon as they can get it in. Vote with your wallet. If this is that much of a problem for you, there are alternatives. I, for one, am content with Bitwarden and understand that what they provide with the browser extensions is a convenience, one we of course pay for, but a convenience nonetheless. You can just as easily browse to your vault using their website to get your passwords, and perhaps the "remember-me" function works there. |
Wooooowwwwwwwwwwwwwwwww. Maybe we can all avoid trying to start fights in the comment thread. |
|
@justinnichols Not sure what exactly made you decide to be so hostile, but keep it to yourself, thanks. Also, nice job trying to flex that you work in software engineering and "know what it takes" to build/test/deploy/maintain software - it's not like this is GitHub or anything. |
|
I see the release https://github.com/bitwarden/clients/releases/tag/browser-v2024.6.0 for fixing the issue, but not published to Firefox Extension. I loaded the extension as temporary extension to see if it helps. |
|
The latest release also has a decent enough changelog / release notes! :D |
|
very much looking forward for that fix. Hopefully it makes its way through the FF extension store approval process quickly. |
and others
Steps To Reproduce
Until a week or so ago, when I use the browser every day bitwarden stays logged in for long periods of time.
Expected Result
bitwarden stays logged in for long periods of time.
Actual Result
Bitwarden is logging me out almost every day
Screenshots or Videos
No response
Additional Context
This has only started recently. Once logged in I set it to be unlocked with PIN without needing master pasword again. Usually when I go on my laptop each day it would stay logged in, but now it keeps logging me out. The desktop application and the application on my phone is not having this issue
Operating System
macOS
Operating System Version
14.4.1 (23E224)
Web Browser
Firefox
Browser Version
124.0.2 (64-bit)
Build Version
2024.4.1
Issue Tracking Info
The text was updated successfully, but these errors were encountered: