Ability to not require master password for marked sites?

For the vast majority of sites I store the passwords of I do not care if the passwords/sites are compromised. With Lastpass I had the ability to only require passwords for some sites (I believe Bitwarden allows this too but it says it’s not secure). Is this possible somehow? e.g.

  • Ability to only require password re-prompt for certain accounts (without compromising the security of those accounts).
  • Multiple bitwarden accounts/extensions, one that does not require a master password to unlock for non-sensitive passwords?

My current plan is to re-install Lastpass for storing non-sensitive passwords.

Hi @Dan22 - welcome.

Yes, you can certainly choose which of your vault items require a master password re-prompt and which don’t. However, you will always have to login to your vault with your password initially. After that, you can determine whether your vault locks again automatically or not, and how long it takes.

Here are some Bitwarden helpful links, in case they are useful:

https://bitwarden.com/help/article/vault-timeout/

1 Like

Thanks @dh024! The problems are that:

  1. I have to manually enable it for all items (~95% of the passwords I do not want to have reprompt)
  2. This compromises the security of secure items: Vault Items | Bitwarden Help & Support note the warning:

Master password re-prompt is not an encryption mechanism. This feature is an interface-only guardrail that a sophisticated user may find ways to work around. We recommend never leaving your Vault unlocked when unattended or on a shared workstation.

Keeping the vault locked defeats the purpose of not requiring re-prompt for the non-sensitive items, and turning off the lock completely defeats the purpose of Bitwarden to secure the sensitive accounts due to the warning above.

There are different use cases for the master password re-prompt feature. Essentially, if you turn your back for a minute and your PC and vault are unlocked, someone could quickly view your credentials. Turning on master password re-prompt would prevent someone from being able to view your most important/sensitive credentials.

I personally don’t use the feature. If you leave your machine, lock it.