Today I was going though my vault and I realize under my “Financial” folder, for a MAJORITY of items, I could simply click them and see all the confidential information.
While a handful of items had the Master Password Confirmation turned on, a good amount of the others didn’t.
I ended up going through the folder making sure ALL of the items had the “Master password re-prompt” option checked.
Seeing all of these items were under Financial, I thought it would be great when creating a folder, if folders had an option to force a password resubmit for all of the items contained within it.
I’m going to tell my wife to go through her entries and make sure she puts on the additional protection for her information as well.
We both LOVE Bitwarden, thanks so much for developing this marvelous program!
Your feature request here is fine, but you should be aware that the “Master password re-prompt” feature only creates a simple barrier, which at best may keep out a nosey passerby who comes across your open Bitwarden app on an unlocked and unattended device, or may perhaps foil an overly inquisitive friend whom you may have handed your device while your Bitwarden app is still running.
However, when it comes to an attacker who knows what they’re doing, if they get temporary access to your device (either physical access to an unattended or stolen device, or remote access via malware infections), then it is a trivial task for them to by-pass the “Master password re-prompt” requirement and steal all of your vault contents (including the confidential financial information) — if any of your Bitwarden apps or browser extensions have been left in an unlocked state.
Thus, to protect your vault data, you should keep your Bitwarden apps and browser extensions locked at all times — except for when you are actively using your vault. The best way to do this is to go the account security settings and set the Vault Timeout Action to “Lock”, and then set the Vault Timeout period to the shortest time interval that works for you (15 minutes or less is recommended).
Sidenote: I adjusted the title fromAbility to Lock all items under specific folderstoBulk activation/deactivation of “master password re-prompt” (for selected items, folders, collections…).
Hi Grb, yes I TOTALLY understand that the password resubmit is only a “minimal” barrier for when someone were to quickly access my computer or phone when I “go to the kitchen” or bathroom etc.
BUT I’ll def take what I can get - I rarely have BW open when other people are around (besides my wife of course), but items under a “locked folder” will definitely be more protected vs what I experienced w/a majority of new items clearly viewable within my Financial folder!
(Edit: And yes, I def have my password timeout turned on as well!)
Ideally, it would require another biometric challenge before unlocking, which IMO, is more convenient vs a password retype!
There is a feature request for using biometrics as a replacement for master password reprompt:
If you set the Vault Timeout to “Immediate” and use “Unlock with Biometrics”, then your vault items will be unprotected only for a few seconds after leave your device unattended, and you can quickly unlock using a fingerprint or Face ID.
What type of computer do you have? I believe that Mac computers do not support the use of third-party fingerprint readers for biometric authentication.
I’m on Windows - I have a fingerprint reader in my Ammy cart, but just haven’t purchased it yet - just more stuffs I’d probably stop using in a coupla months…
A few of my programs allow me to bio-authenticate using my fone, which is just as handy. (no pun )
)