Master Password Reprompt option is very good for having security but not needing to retype password all the time. Unfortunately, it is currently kind of useless because the only time you would enable it is if you are afraid someone will get access to your computer while the vault is still unlocked, yet it does not actually encrypt the password (" We recommend never leaving your vault unlocked when unattended or on a shared workstation."). If the password wasn’t important I why would I enable reprompting in the first place. I hope that the security for Master Password Reprompt can be improved, perhaps store and encrypt these items separately…
Hi @asdfaw - Welcome to the community! We appreciate your feedback and will forward your suggestion.
“Master password re-prompt” as it is now, is basically useless. It does not re-encrypt the data in the field, nor allows to use other passwords in it and therefore provides very little real protection addition. However, this could all be changed easily.
Feature request:
When “Master password re-prompt” is used, use the main password + random nonce per field/data to encrypt the content of the protected fields/data, BUT allow the user to select “Use different password” to encrypt (with random nonce per field/data) the content of the protected fields/data using that other password.
-
When exporting passwords as unencrypted copy, the app could still decrypt all the additionally encrypted fields/data that are encrypted using just the main password.
-
When exporting passwords as unencrypted copy, that have different password, app should notify the user and request the passwords in question to be able to decrypt them and provide unencrypted export of the passwords. If user can not provide the password, the app would suggest exporting passwords as encrypted database or to ignore that particular field/data.
-
When exporting passwords as encrypted copy, no further action would be required.
= This would provide very strong protection for the most sensitive fields/data, even in the case of master password compromise! This is some serious additional protection we are talking here, that does not exist now in Bitwarden nor in any other password tool I know of.
= Using encryption and different passwords for other fields/data would make it possible to use layered approach to security, where main passwords would be protected as they are, but most sensitive data could be further encrypted in very secure and trusted manner, giving users extra protection if they want to, using different passwords if they desire on different material they want to protect.
= Regular users would not notice anything, since by default the default Bitwarden password would be used with nonce to encrypt the fields in question, and export to unencrypted and encrypted backups would be the same as they are now.
Something to concider, but a bit out of scope here:
- One could use or force, or let user select, GPG encryption standard to these fields/data to remain fully compatible with, well, anything. Meaning that users could export the passwords as unencrypted copy, but these fields protected by additional password would be just a GPG encrypted message using the additional password as encryption/decryption assigned to that field/data. This would make it easy to recover unencrypted password data file, yet keep the most important fields/data still encrypted.
- Ofcourse, you could also allow exporting the passwords from Bitwarden to GPG encrypted file alltogether, but this gets a bit out of scope of this suggestion…but it would be great for advanced users, removing the need for additional doings with the unencrypted backupfile, since they could decrypt it with GPG with their master password (or assigned password) and the superhypersecret fields/data further encrypted with additional password, using again GPG
@mmja Welcome to the forum!
I moved your post into this existing Feature Request to the same topic.
or perhaps…
Allow users to protect not only individual fields/data using this approach, but also create folders/types with this approach.
This would make it easier to use and allow to create encrypted rings inside each, like an onion rings. One could have “unprotected” most common basic social media logins, then have an additional password encrypted folder which contains important login data like email etc. and even under that yet an other password encrypted folder with important backups like encryption keys etc.
This would not only increase security, make it more usable, but also easier for the user to use.