Extra Security for Sensitive Passwords

I would like the ability to require an extra step before auto-filling or displaying sensitive passwords, such as a bank account or brokerage account.

Preferably by authentication with a physical security key or a passcode.

An option to require this could be set for each password.

These passwords should not be stored unencrypted while logged into the app.

No password is “stored unencrypted” while logged in. Passwords are always stored encrypted while logged in, and unlocking the vault decrypts the passwords into device volatile memory only; locking the vault clears the unencrypted passwords from memory.

For extra security of individual passwords in an unlocked vault, you can use the master password reprompt feature.


I was aware of the master password reprompt. I was hoping for something easier than typing my lengthy password. A physical key or a passcode would be a lot easier. :grinning:

Thanks for the information about how passwords are store. My assumptions were incorrect. :grinning:

I was picturing your use case in my mind. It makes some sense but is likely unneeded. When you go to your bank and/or your brokerage they should be setup to require a YubiKey or similar at their website (my recommendation). In such a configuration a “bad guy” could have my username and password but if those accounts absolutely require a security key the other items would leave them dead in the water. That is how my Banks are setup.

Lastly I have another idea but only you can decide if your security profile fits. e.g. your laptop at home where a security key is solid and secure but doesn’t leave the home. I program two of my Yubikeys in slot 2 with a 35 character passphrase. Then when I want that passphrase typed/entered I simply press the key for like 2-3 seconds and the key enters the entire passphrase in the cursor field. In this example it would be where your master password needs to be entered. Works perfectly but obviously the “fail” would be if you didn’t have control over your physical key. A YubiKey CANNOT be hacked remotely!! You could slightly reduce the key thing by entering (e.g. 2 digits) characters before you hit the YubiKey for the other 35 digits. This way someone pressing the key will never get your actual passphrase. I do that but with several more than 2!!


I tried your suggestion and as you said, it worked perfectly! Thanks for the idea! :grinning:

The members in this forum are here to try and help out when situations arise. I am glad it fits your needs. I love the slot 2 feature on YubiKeys. I sure as hell don’t want to type 35 digits to access things, and yet I get the security of a really long passphrase. Enjoy!!

1 Like

Your solution worked perfectly I wish there was a way to withdraw my proposal. :smiley: