You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I’ve encountered an issue with frequent password prompts when using Vaultwarden with YubiKey as a second authentication factor. Every time I restart my browser or the session times out, I am required to enter my master password again, even though YubiKey is enabled for 2FA.
The only way to avoid entering the master password repeatedly is by enabling the "never log out" option, which keeps the session permanently active. However, this might not be ideal from a security perspective.
It would be great if there was an option to extend session durations or reduce the frequency of password prompts when using a physical security key like YubiKey.
Steps to Reproduce:
Configure Vaultwarden with a YubiKey for 2FA.
Log in using the master password and authenticate with YubiKey.
Close the browser or wait for the session to expire.
Reopen Vaultwarden – the system requests the master password again.
Expected Behavior:
When a YubiKey is enabled, it should be possible to avoid entering the master password frequently, or there should be an option to extend session durations without relying on the "never log out" option.
Environment:
Vaultwarden version: Docker version 27.5.0
Hosting environment: Docker
Browser: Chrome 132
YubiKey model: YubiKey 5 NFC
Additional Context:
Are there any existing configurations or workarounds to address this issue? Or is this something that could be considered for future updates?
Thanks for all the work on Vaultwarden – it’s an amazing project
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I’ve encountered an issue with frequent password prompts when using Vaultwarden with YubiKey as a second authentication factor. Every time I restart my browser or the session times out, I am required to enter my master password again, even though YubiKey is enabled for 2FA.
The only way to avoid entering the master password repeatedly is by enabling the "never log out" option, which keeps the session permanently active. However, this might not be ideal from a security perspective.
It would be great if there was an option to extend session durations or reduce the frequency of password prompts when using a physical security key like YubiKey.
Steps to Reproduce:
Configure Vaultwarden with a YubiKey for 2FA.
Log in using the master password and authenticate with YubiKey.
Close the browser or wait for the session to expire.
Reopen Vaultwarden – the system requests the master password again.
Expected Behavior:
When a YubiKey is enabled, it should be possible to avoid entering the master password frequently, or there should be an option to extend session durations without relying on the "never log out" option.
Environment:
Vaultwarden version: Docker version 27.5.0
Hosting environment: Docker
Browser: Chrome 132
YubiKey model: YubiKey 5 NFC
Additional Context:
Are there any existing configurations or workarounds to address this issue? Or is this something that could be considered for future updates?
Thanks for all the work on Vaultwarden – it’s an amazing project
Beta Was this translation helpful? Give feedback.
All reactions