Mon CompteSe connecter & Déverrouiller

Understand Log In vs. Unlock

Bitwarden uses two distinct processes to secure your vault without sacrificing convenience: logging in to your Bitwarden account and unlocking your vault. This separation ensures Bitwarden never stores unencrypted data on its servers. When your vault is not unlocked or logged in, your vault data only exists on the server in its encrypted form.

Logging in

Logging in to Bitwarden retrieves the encrypted vault data and decrypts the vault data locally on your device. In practice, that means two things:

  • Logging in always requires your master password, approved device, or created passkey to gain access to the account encryption key that's used to decrypt vault data. Any enabled two-step login methods are also required at this stage.

  • Logging in always requires an internet connection (or, if self-hosting, a server connection) to download the encrypted vault to disk. The vault is then decrypted in your device's memory.

    note

    After logging in, Bitwarden data will be stored in memory. Once logged in, the unlock feature will allow access to vault data in offline mode (as read-only). Decrypted data is stored in memory and never written to persistent storage. Log out to clear data from the device.

Unlocking

Unlocking your vault is only done when you're already logged in. This means, according to the above section, your device has encrypted vault data stored on disk. In practice, this means two things:

  • You don't specifically need your master password. While your master password can be used to unlock your vault, so can other methods like PIN codes and biometrics.

    note

    Lorsque vous configurez un code PIN ou la biométrie, une nouvelle clé de chiffrement dérivée du code PIN ou du facteur biométrique est utilisée pour chiffrer la clé de chiffrement du compte, à laquelle vous aurez accès en vertu d'être connecté, et stockée sur le disqueª.

    Déverrouiller votre coffre provoque la clé PIN ou biométrique pour déchiffrer la clé de chiffrement de compte en mémoire. La clé de chiffrement de compte déchiffrée est ensuite utilisée pour déchiffrer toutes les données du coffre en mémoire.

    Verrouiller votre coffre entraîne la suppression de toutes les données de coffre déchiffrées, y compris la clé de chiffrement de compte déchiffrée.

    ª - Si vous utilisez l'option Verrouiller avec le mot de passe principal au redémarrage, cette clé est uniquement stockée en mémoire plutôt que sur le disque.

  • You don't need to be connected to the internet (or, if you are self-hosting, connected to the server).

note

While your device remains logged in, encrypted data is stored as a local cache on your device. Decrypted data is never written to persistent storage. Once logged out, your encryption keys and vault data are purged as aggressively as possible from memory.