Recently the “Master password reprompt” feature was released, and while it’s useful the docco says mostly cosmetic rather than actually adding an extra layer of cryptographic security.
I would like to have my vault segmented into things that require a master password entry to view/fill, and ones that can be accessed with a secondary password and/or biometrics. Master password can unlock and edit the whole vault, secondary can only unlock and edit a subset (e.g. vault minus bank/email credentials and SSH private keys).
I understand that I could create an organisation for myself, make collections for these segmented “vaults”, have two accounts for myself in that organisation and only share certain credentials with each one but I feel like this is clunky for a few reasons:
- I have to have two accounts logged in on all my devices and switch between which one is primed
- I can get sync issues where the secondary account creates a login for that local account, rather than adding to the organisation collections
- I have to manage an “organisation” which is actually just myself
- I need an email address for each account
- I need to pay for multiple premium subscriptions to make each account full featured
I’ve seen that “Client profiles” are a roadmap item, but I can’t find much documentation of what it will look like or whether it will be relevant here.
I understand that crypto sec is difficult stuff, and it’s not exactly simple to have two keys that can operate different aspects of the same vault, not to mention integrating with the autofill capabilities of devices like browser plugins or phone stuff. I understand the feature might not exist or is not very feasible, but has anyone else tried to get this to work, and is there just an “oh yeah do this” that solves the things I’m after?