Different unlock policy based on accounts or folders

Feature name

  • Account/Folder based vault unlock policy

Feature function

  • What will this feature do differently?
    Unlike single unlock policy for all credentials, I want to be able to set up different unlocking policy based on individual accounts or all accounts in specific folders. This allows better user experience where I do not need to manually unlock for certain less critical accounts frequently but require authentication for high risk accounts.
  • What benefits will this feature bring?
    This will allow better user experience and trust that stepping away from computer for a bit or handing over to anyone to review something does not compromise vault information for accounts deemed high risk.

Is there a reason why the Master Password Reprompt feature does not meet these needs?

This is more of a user experience feature than security. I may not want frequent prompts for some of their accounts (eg, reddit, apartment portal, etc or some locally hosted services that are available only from within the network). For such use cases, I would keep my vault unlocked till I lock my computer again. However for accounts like banks, gmail, etc. I would want to have better control that I am prompted for master password/biometric to unlock each time I am needed to login.

This is not a feature from threat vector perspective. I know that all is compromised if an attacker gain access to the machine. This is to put minimal hurdles for someone who is fairly trusted to use my device, but not me, from accessing the credentials.

I don’t know how carefully you reviewed the information in the Master Password Reprompt documentation that I had linked above. As far as I can tell, your description of what you are looking for sounds like it will be adequately met by enabling the Master Password Reprompt option for your bank login, Gmail login, and other sensitive vault items.

This existing feature allows you to require — on a per-item basis — the user of an unlocked vault to enter the Master Password to access or autofill sensitive items. Here is a blog article that explains the Master Password Reprompt feature, and describes some real-life use-cases (which sound exactly like the use-cases that you are describing):

I tried that feature but it only accepts for master password. I would prefer if there is flexibility for me to choose biometric or pin as well. As stated in the blog, this is anyway going to be an interface level block and not a real security measure. But i would very much prefer to have biometric authentication as an option instead of typing my long master password.

1 Like

If i understood your request properly , there is a same feature request created earlier - Adding Biometric/PIN authentication with Master password re-prompt
Please review it once , so that you can add your inputs and vote in the same place.

Thanks Gaurav - I believe this is exactly what the OP is looking for.

Closing this thread since it is asking for a duplicate feature - OP: please add your vote to this feature if you want to see it supported.