Encrypted Folder within your Vault

TL;DR: Let users create a password protected / encrypted folder inside vaults.

I suggest that Bitwarden adds a feature so users can create encrypted folders (protected by a “folder password”). The folder stays encrypted until the folder password is entered which decrypts it (much like the how the general vault functions today). By being able to have an encrypted folder inside your encrypted vault creates an extra layer of protection. This can be used in different ways obviously.

I can see different use cases for why this is vaulable:

  1. It can be used to protect extra sensitive / important passwords or documents. It could for example be bank information, passport documents or something else you consider important to keep save (e.g. facebook, google, mails) but you rarely use or log into so it is unnecessary expose it when you decrypt your general vault. A protected folder would “solve” this.

  2. You can have your “non-important stuff”/“Stuff used often” in the general vault which only requires you to lock into the vault to decrypt while the important stuff is secure.

  3. It can be designed by the individual user in a vivid of ways (level of importance, by topic, by frequency of use… etc).

  4. Protected folders make the vault much more “flexible” and removes any need to create several accounts/vaults to different things (and it removes the “fiction” by having to log in and out of different accounts).

In this way you can avoid have “two sets of password managers” as suggested in this acticle.

I don’t understand why this would be needed? Honestly, the entire vault is heavily encrypted and the encryption key is your master pass, the ability for a hacker or somebody to decrypt your vault would be nearly impossible especially if you have BitWarden setup with all the proper security settings like 2FA and high enough KDF Iterations to prevent brute force.

I have my KDF set to 1,000,000 and I could technically go higher, as my computer has no issues with it being at 1,000,000 I also have 2FA enabled.

It see the possibility to protect parts of your vault even through it is “open”. So not the entire vault is decrypted.

I’d like to store my 2FA backup codes in my vault, by storing them with my passwords, it ruins the whole point of having 2FA. With an encrypted folder, I could store them on that instead of creating a new account. Maybe a better option would be having multiple vaults on one account? That way this wouldn’t break the existing security checks and whatever.

1 Like