Firefox Bitwarden extensions constantly logging me out

[matteematt]

Steps To Reproduce

Until a week or so ago, when I use the browser every day bitwarden stays logged in for long periods of time.

Expected Result

bitwarden stays logged in for long periods of time.

Actual Result

Bitwarden is logging me out almost every day

Screenshots or Videos

No response

Additional Context

This has only started recently. Once logged in I set it to be unlocked with PIN without needing master pasword again. Usually when I go on my laptop each day it would stay logged in, but now it keeps logging me out. The desktop application and the application on my phone is not having this issue

Operating System

macOS

Operating System Version

14.4.1 (23E224)

Web Browser

Firefox

Browser Version

124.0.2 (64-bit)

Build Version

2024.4.1

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[Aevrin]

Glad to see this is a known issue. Thanks for the work.

[pinchies]

I certainly hope that I did not come across as snide. I hope that I did come across as frustrated and disappointed which I was and still am. I am very glad to hear a fix has been found. Thank you @trmartin4 for that news. 😃

I did not put much stock in the earlier comment "We believe we have identified the root cause" because that in my mind carries a very different degree of confidence to the statement "We have identified the root cause of this issue".

I actually reached out to support previously for what seemed to be the same issue (or very similar related issue) both via email ticket, and on github here. I was advised in january: "We received reports about this behaviour and the Engineering department is looking into it to hopefully address this in a future release." — so this is not merely one month, but rather over five months.

The use of the word "hopefully" somewhat scares me, that either there is not enough engineering resources to tackle this issue as a priority, or that the severity of the issue was not considered to be high enough. If it sounds like I am overreacting, I saw a similar lack of resources in the Firefox Lockwise team, who delayed key bugfixes for over 2 years, before the lack of engineering staff resources saw their entire project shut down abruptly. I certainly really hope that bitwarden is in a far healthier position than they were.

I hope this clarifies my intended tone. I look forward indeed to the fix, and will be most grateful when this is released.

I would have appreciated a little more regular communication from Bitwarden on this issue. Maybe a fix really does take 4 weeks to roll out, so a little more guidance on timeline would have helped to set expectations accordingly.

It also would have suggested to me that perhaps a roll-back would have been a more appropriate solution... and/or that perhaps Bitwarden could benefit from some kind of beta program?

[keebler125]

as an information security consultant and long time supporter of Bitwarden, I can confirm that I too am very concerned by the SLOW pace Bitwarden responds to issues.. especially ones that are widely reported. multi-platform and multi OS strongly suggests that the issue is more a root issue and all the hypothesizes and "theorizing" from the development and engineering team DO NOT build confidence in the product. but rather dissuade current members from telling friends and others to consider Bitwarden.

the idea is wonderful, as are SOME of the thought processes put into the app(s). However, the lack of enthusiasm by technical, engineering, and development teams suggest that there is a huge management issue (or a plethora of them), a lack of skilled employees to perform such tasks, and/or the project teams are working on other issues that are far less impactful to the community of paid users. while fixing bugs is never a fun job - I would suggest that if Bitwarden is keen to keep or expand its paid memberships, they should put members issues at the top of the discussion pool. I hate to say this. but I'm sure that the members are what keeps Bitwarden afloat and developing. - - ignoring us, can only hurt future expansions. I would love to see Bitwarden continued to be recommended across all platforms - but with the stagnant responses to members issues can only lead to issues (such as a decline in confidence) for Bitwarden.

if this issue was FIRST reported in Jan (2024) and here it is the end of May (2024). then there are obviously more issues at Bitwarden than meets the eye.. and honestly that is sad. this is a great idea. Who wouldn't want a secure area to store their private information from an increasingly hostel internet? and when you factor in that you can further secure your "stuff" with 2FA, a crypto key (Yubico, and others). one of the many things that puts Bitwarden above other password managers is that the entire vault can be encrypted using some of the best security protocols rated by third parties such as the US Armed Forces (which I was a member of). such as Zero Knowledge Encryption, 2FA, and AES. All this means that the data I submit, should only be accessible to me with my 2FA key. and to my knowledge. my stored data has not been exposed. to date, this makes Bitwarden one of the best options to secure and use your data anywhere you want it.

Come on guys and gals, at Bitwarden, get your act together!

notes: OS: W10 Bitwarden (browser): 2024.4.2 // svr: 2024.5.0 Bitwarden (desktop): 2024.2.0 // shell: 28.1.3 // render: 120.0.6099.199 Browser: FIREFOX

to be fair, the issue is ONLY with the browser version. the desktop version works as expected...

[peterwroot]

Perhaps we can all calm down a little bit and realise that a GitHub issue is not the place to have an argument, or post walls of text that do not assist in fixing the issue? I'm sure the devs don't appreciate reading this.

@trmartin4 Thank you (and the rest of the Bitwarden team) for your hard work.

[Matt-PMCT]

I, too, am experiencing this issue and looking for a resolution. It is extremely annoying and wasteful of my time since I use a Yubikey and have to go walk and get it multiple times a day now... Please consider fixing the Firefox extension sooner rather than later.

[rumenavramov]

Speaking as a paying consumer with no loyalty to any company, the fact is 1p doesn't have any bugs that annoy me on a daily basis. If one pops up after I switch and they're unresponsive or slow to fix it, I'll reevaluate.

@rodalpho, the fact is there is no such thing as software without bugs. I am frustrated by this too, but I'd rather have an honest and slow response accompanied with a proper fix as opposed to a cosmetic quick "fix" that only hides the bug.

[rodalpho]

Obviously bugs exist. I'm a paying customer and if a bug impacting me isn't fixed in what I feel is a reasonable time, I'll move elsewhere. Don't know where you got that cosmetic bit from.

Lets not clutter up the git issue with more back and forth.

[arborealoctopus]

the fact is there is no such thing as software without bugs. I am frustrated by this too, but I'd rather have an honest and slow response accompanied with a proper fix as opposed to a cosmetic quick "fix" that only hides the bug.

That is a false dichotomy. For example: given this seems to be impacting a wide swath of people, what about an easy mechanism for reverting to a prior bitwarden release? For my part I tried to do that through the firefox addon manager and am unable to log in with the 24.3 release just prior to encountering this bug. I would happily accept using a 1-month older piece of software that works over a 1-month newer piece of software that doesn't. In this case I have 2 pieces of software that won't let me log in but in different ways.

[keebler125]

SO, here is my temporary (hopefully) work around. this stinks to high heaven. but, at least it works... I have disabled the FIREFOX plugin - since it will not let me use an older version and this one keeps logging me out. I am using the desktop version that works just fine.. having to copy and paste over to the webpage is slow and tedious. but, again it works..

still no issues with the DESKTOP version 2024.2.0 // shell: 28.1.3 // render: 120.0.6099.199 nor the ANDROID version 2024.4.0 build (10172)

note: I totally understand and appreciate the mobile version logging out and requiring to log back in after a set amount a time, the mobile version is EASY to forget it is open and heaven forbid you leave your device somewhere.... but, the desktop? probably not going to leave it anywhere.... now, if a user was to be using BITWARDEN at a public library. I can see having it timeout... BUT!! shouldn't that be up to the user? its their fault if they leave the public computer open with their BITWARDEN unlocked... Home/office users should be able to decide for themselves if they want the BITWARDEN to timeout or remain open (such as is the option in the desktop app and the browser plugin (when it gets fixed)). having the WORKING option to self secure upon browser restart/close is ideal for most home/office users i would think...

option for improvement - as a paid user. I have the option to use my YUBICO key to unlock the vault(s)... can there be an option to set it open (desktop/browser/etc) simply by inserting the key (After opening the app of course) no logging in, no extra password, simply open the app and enter your key and the app opens. having the option would allow the user to disable this at will should the key become compromised. you can always gain access to your web portal using an alternative method such as a 2FA /One Time Password using Google or Microsoft Authenticator (which is SUPER easy to set up on the web page for a secondary means to gain access to your web account should something happen)

[rumenavramov]

@arborealoctopus I am not sure what exactly you mean by "false dichotomy", but do keep in mind that it is not always easy to revert to a previous version, unless the bug is caught before the new version is released. Once the version is out there and people start using it, that kind of decision is much more complex. You have to decide whether to revert everything or just some of the code. Both are possible and both come with their respective risks and other negatives. At the very least you risk pissing off users, who quickly got used to something new and are now losing it. In the worst case scenario you may undo a bug fix, a security fix or just break the whole thing completely. In any case it is a challenging balance for the developers to find. On the other hand, failing forward (which is what is happening here) usually carries far less or at least smaller risks and is preferable.

[rumenavramov]

@keebler125 , I use the extension in Firefox, the desktop client and the Android app and they all have the option to lock themselves up or even log-out completely based on a user defined time out. Take a look at the options and the documentation and you should be able to figure it out.

[arborealoctopus]

I am not sure what exactly you mean by "false dichotomy",

this:

honest and slow response accompanied with a proper fix as opposed to a cosmetic quick "fix" that only hides the bug

[aaronssh]

I am seeing the same issue. Started on a Windows PC on Monday and now is affecting my MacBook too.

[Arsoth]

Just drumming my fingers waiting on that promised "next release" for Firefox. Really getting tired of needing to log myself in constantly. Any updates BW team?

[barelyprofessional]

Glad I'm not the only one experiencing this issue. Good that the Bitwarden team merged a fix so quickly after it was reported, annoying that was a month ago this fix was merged and it has yet to be released.

I do understand that there's a release cadence the Bitwarden team likes to keep and they're at the mercy of Mozilla's extension review system, but given this is a usability issue that is affecting paying customers, is there scope for pushing out a hotfix?

[Snuupy]

What is the last version of the extension that does not have this issue? I will downgrade my extension version because this is so annoying.

[arborealoctopus]

What is the last version of the extension that does not have this issue? I will downgrade my extension version because this is so annoying.

Afaik 24.3 but they seem to have broken backward compatibility (https://github.com/bitwarden/clients/issues/8873#issuecomment-2131941783)

[Tipoff4317]

@Snuupy

The OP reported 2024.4.1, which I am using and am not having any problem (on FF ESR, W11, PIN lock, automatically timed lock). So, probably before 2024.4.1. 2024.3.0 had a vulnerability fix, so you probably wouldn't want to go earlier than that.

[lazerboi64]

I was pointed to this thread by Bitwarden Support as well. I have this same issue on two different Win10 machines. Glad to know work is being done to fix this!

[DanForever]

For what it's worth I also have this problem with 2024.4.2, Firefox, Windows 10

[justinnichols]

Yet another +1 to having this issue.

I only use the Firefox extension (2024.4.2), but this happens on both my Mac and on my Linux install. I don't know if having both set up is somehow causing the problem, but it occurs on each usually within a few hours of having previously used the other.

This really only started doing this within the past few months.

[0oWow]

It just happened to me again this morning, also on version 2024.4.2. I'm on Firefox Beta 127.0.

[tmeader]

Hopefully the fixed version clears the Firefox add-on approval process soon, but, just a data point, I'm ONLY seeing this behavior with version 2024.4.2 on my Firefox Beta (127) installs. On installs where I'm running FF stable (126 currently), this logout behavior does not occur.

[AQDuck97]

And another +1, 2024.4.2, Firefox 126, Arch Linux

[justinnichols]

Hopefully the fixed version clears the Firefox add-on approval process soon, but, just a data point, I'm ONLY seeing this behavior with version 2024.4.2 on my Firefox Beta (127) installs. On installs where I'm running FF stable (126 currently), this logout behavior does not occur.

It occurs for me on FF 126 on both MacOS and my Garuda Arch Linux install. Sounds like a fix is in process and hopefully will hit the FF Addons site soon.

[lusoman]

BW: 2024.5.0 Firefox: 126.0.1 Windows 10

This has been happening for at least a couple of weeks for me.

Royal pain...

[pSych0bUNny]

I reverted to a previous version of Bitwarden and have had no issues with logouts since (24hrs+) - had to go back to BW v2024.3.1 as x.4.1 would not let me login to the plugin for some reason.

Successfully running on Win: 11 23H2 Fx: 126.0.1 BW: 2024.3.1

Awaiting the fix. Thx

[jamesWongAigniter]

I reverted to a previous version of Bitwarden and have had no issues with logouts since (24hrs+) - had to go back to BW v2024.3.1 as x.4.1 would not let me login to the plugin for some reason.

Successfully running on Win: 11 23H2 Fx: 126.0.1 BW: 2024.3.1

Awaiting the fix. Thx

How did you downgrade Bitwarden? When I try installing any older version (including v2024.3.1), I get this error upon logging in:

An error has occurred
t.authenticatedAccounts.push is not a function

[Snuupy]

@jamesWongAigniter uninstall extension, download old extension zip, in Firefox about:config set xpinstall.signatures.required to false, restart Firefox, install old extension

[jamesWongAigniter]

@Snuupy Doesn't seem to work on regular Firefox, only on developer/nightly Firefox since xpinstall.signatures.required is disabled on regular installations

[Snuupy]

@jamesWongAigniter ah. I'm using librewolf so that makes sense. Perhaps you should switch forks?

[NightHawkATL]

I noticed the auto-logout issues even when I set it to never. I finally gave in and removed the browser extension and added it back and haven't had an issue since. I am not sure if there was an update that didn't get auto-pushed to the extension or if it is what was needed to accept the new update but a notice would have been nice. After re-adding the browser extension, I have not had any issues and it has been working as expected and I have also noticed that the fill option banner on the login prompts for websites is much nicer now.

[justinnichols]

Note: I have removed the extension multiple times and re-added it. It is not fixed by doing that, for me.

[Arsoth]

I noticed the auto-logout issues even when I set it to never. I finally gave in and removed the browser extension and added it back and haven't had an issue since. I am not sure if there was an update that didn't get auto-pushed to the extension or if it is what was needed to accept the new update but a notice would have been nice. After re-adding the browser extension, I have not had any issues and it has been working as expected and I have also noticed that the fill option banner on the login prompts for websites is much nicer now.

It works for a day or two then breaks again, I'm on my 3rd or 4th reinstall.

It wouldn't even be as bad if 30% of the time it fails to actually fully log me in, and just spins on loading, so then I have to go into the menus, log out fully, then log in again to actually get my passwords.

[pinchies]

We believe we have identified the root cause of this issue and plan to address it in the upcoming release of the Firefox extension. Due to ongoing release preparation and the store submission process we cannot guarantee a date for this new version to be available, but it will be provided as soon as possible. Thank you for your patience.

Surely an ETA or goal release date could have been provided? The issue itself is irritating, but the lack of communication is (IMHO) worse. If you could let us know once it is submitted to the store, that would at least provide some guidance.

The last browser releases were:

Dec 20 Jan 11 - 22 days Jan 23 - 12 days Feb 8 - 16 days Mar 7 - 28 days Apr 8 - 32 days Apr 12 - 4 days May 6 - 31 days (Jun 1 - Chrome only release??)

Surely we can't be far off release now? June 8 - 32 days? - hopefully??

[jamesWongAigniter]

Or at least a method to downgrade to an older version of Bitwarden? All previous versions on Mozilla are broken with the t.authenticatedAccounts.push is not a function error, so people are forced to use the latest version while this bug remains unresolved indefinitely.

I revisit this thread multiple times every day when I eventually get signed out again and copy my password from a Notepad window I have open just for logging into Bitwarden, the lack of updates (or a fix) is really tempting me to switch to a different password manager.

[ann4belle]

@Krychaz @trmartin4 Is there any way that the next release could be expedited? The issue is starting to get ridiculous - I'm being logged out multiple times a day. The entire reason I use Bitwarden is so I don't have to constantly type passwords.

[keebler125]

@keebler125 , I use the extension in Firefox, the desktop client and the Android app and they all have the option to lock themselves up or even log-out completely based on a user defined time out. Take a look at the options and the documentation and you should be able to figure it out.

never once did i mention any issue with anything other than the fire fox plugin. and OBVIOUSLY i know how to identify the settings in each.. the plugin is and has always been set to "ON BROWSER RESTART". but thanks for NOT reading the whole content.

[keebler125]

as for the firefox plugin. as of today 06JUN2024 - still multiple logouts whenever the plugin decides to log me out.. this is beyond frustrating to many of us Im sure...

another user mentioned rolling the plugin back... may have to try it. ive had it disabled for over a week.. did a search for an update - NONE. quit sad actually.. this is such a GREAT idea.. too bad it does not work as expected... if this was Amazon. i bet we'd get our money back... but, then its not really about the money.. to me, its about the functionality of a wonderful idea, that seems to be lacking in addressing a real issue that is clearly impacting many users... its quite sad to me...

[rodalpho]

Bitwarden is a security tool. If they can't keep base functionality working, how can we have confidence our passwords are secure? My entire life lives inside my password manager, it's important.

[tarikdemirci]

Hello,

I'm a paying Bitwarden customer. I didn't want to further pollute the issue by asking here. Therefore, I went to Bitwarden support and asked for an ETA. Unfortunately, I didn't get any answer other than next release. And at the end, I was redirected to here by support. So here it goes.

This bug became so unbearable recently that we went back to using shared Apple Notes in my family for most used sites. Can I please get an ETA for the fix? Thanks!

[tmeader]

Not that this is a "fix" (and I really hope that Mozilla speeds things up and gets the new version out ASAP), but I'm assuming that everyone who has to re-login everyday (or more often) is using the "Login with your phone" option (if you can)? It's much simpler than having to type out a long master password every time.

[isjamesalive]

I have also noticed this issue on Firefox on both Windows 10 and MacOS Sonoma for the last few months.

[arborealoctopus]

I'm assuming that everyone who has to re-login everyday (or more often) is using the "Login with your phone"

You can also do this from the desktop app, although you have to pop out the extension window or use the classic sidebar.

Personally I've now almost fully transitioned to proton, which I don't like anywhere near as much....but it does function. It's missing some important features but the import process went smoothly (it just ignored what it didn't understand) and it's been serving me well the last week or two as a backup.

[trmartin4]

Hello,

We will be releasing the fix for this issue in our June release of the Firefox extension, which will be submitted to stores in the middle of next week. As users of the product ourselves, we understand the frustration with this bug and sincerely appreciate the patience as we build this into our upcoming release. We have had a longer-than-normal release interval and this bug was caught in that intervening time. This is not a pattern that we expect to continue, and we do truly appreciate and recognize that this was a frustrating experience.

As there is a lot of interest in this thread, we will keep this open until the release is submitted and you are able to see the results on your browsers.

Thank you sincerely for your patience. We are all very glad that we can commit to having this fixed soon.

[pwseo]

@trmartin4,

I understand bugs happen. Unexpected delays happen as well. But communication should have been better on this issue -- I know developers aren't customer support, but this could've been handled differently.

On a different note: is there a way to help Bitwarden catch these bugs before they hit the extension stores? Like a beta-testing program.

[ann4belle]

@trmartin4 Glad that a fix is finally coming out with a definite schedule. As others have said, though, I would have preferred better communication on this issue. I'm also left wondering why it will be nearly two months since the issue (and presumably the fix) was identified when the fix finally comes out?

Will also point out that you had a new release between now and when you said "the fix will deploy with the next release" - Browser v2024.5.0 came out on May 21, almost a month after your original comment.

I'm not going to lie, this is quite disappointing, and I (and many others) would like to see better communication in the future - perhaps starting with more detailed patch notes? "Bug fixes" doesn't really tell us which bugs were fixed (and, perhaps more importantly, which were not).

[scottwallacesh]

I hate to pile on to this thread but I couldn't agree more re: the release notes comment by @ann4belle.

... perhaps starting with more detailed patch notes? "Bug fixes" doesn't really tell us which bugs were fixed (and, perhaps more importantly, which were not).

[LighScan]

+1 MacOS 14.5 Firefox 126.0.1 Bitwarden 2024.4.2 Vault time-out: never + time-out action: lock

[bryanpedini]

@keebler125

SO, here is my temporary (hopefully) work around. [...] having to copy and paste over to the webpage is slow and tedious. but, again it works..

You can actually (this I wad I do, for example) set up passwordless authentication via push notification to your mobile device, which we asserted it works fine and is not affected by this bug, and then just put the PIN again in the settings (no 2fa required (I did put "remember me", to be noted), no nothing, and from my experience the extension retains all settings but the PIN, and logs you out, nothing more)

option for improvement - as a paid user. I have the option to use my YUBICO key to unlock the vault(s)... can there be an option to set it open (desktop/browser/etc) simply by inserting the key (After opening the app of course) no logging in, no extra password, simply open the app and enter your key and the app opens.

There is an option, it's not with a Yubikey, tho you can emulate a Yubikey, it's called OnlyKey, idk if you ever heard of them. Well basically it's a password manager on a USB stick, you unlock it with a PIN between 7 and 10 digits and can use it to input URLs, usernames, passwords, it can do 2FA via U2F/WebAuthN, TOTP, HOTP and Yubico (standard, not "authenticated", if the service talks to the Yubico servers then you have the option to buy (or in your case you already have) a Yubikey and "steal" its keys to use in the OnlyKey), yes you can use only one at a time (Yubikey gets disabled) but at least you have one device that works for everything and - ice on top of the cake - it's inexpensive, like I paid 55 shipped I think if I remember correctly... I also consider it to be basically a 2FA in one device, since you have to have it, and you have to know the PIN. Or at least this is what I tell myself and the people that ask me if having TOTP/U2F on it defeats the purpose of 2FA.

IK, it's a workaround, but you can input both password and Yubikey/TOTP/WebAuthN with one PIN and one click Plus you get a device that stores up to 24 "logins" (url/us/pw/2fa combo)

No I'm not an OnlyKey investor (they're not public) nor an associate nor anything (not even a shill, I think), I just like the product, and for its workarounds and quirks, it definitely has quite a lot of benefits too IMHO.