I’m wondering if there’s a way to hide the notes section until you press on “reveal” or something. This is to stop people from being able to take a quick peek while you’re copying the password.
No, that functionality is not currently available.
If you’re using Firefox, and are familiar with both Firefox and CSS, you can write a little CSS to hide the Notes field, and then press Edit when you want to see it.
Thanks for the help
I imported my passwords from LastPass and now my attached notes are easily seen right from the Bitwarden browser extension. I do NOT want these notes visible. LastPass browser extension doesn’t show any notes.
Some examples would be if I write down some security question answers for a site, or a recovery code. Now these secret notes are visible from the browser extension without even needing to enter a password!
I paid for the premium Bitwarden and they’re cheerfully showing my password notes to anyone who gains access to my laptop. Can someone please explain the logic and also fix this ASAP!!!
Hi Clark, sorry to hear that the notes experience wasn’t what you were expecting, and I can see how having the option to hide notes could be helpful.
Currently you can use hidden custom fields to store information like security questions. You can also add your vote to the hide notes on item view feature request,
Thanks for the reply! I added my vote.
Hidden fields are nice, but when importing from LastPass these notes go into Bitwarden notes by default and not the hidden fields. I have too many notes to go through and move them to hidden fields. A much more elegant solution is to simply make the Bitwarden notes hidden by default. Problem solved.
Added to this, the only way to see actual password characters in LastPass browser extension is to type in your master password again. This allows you to use the extension to fill in passwords without ever revealing the passwords.
Bitwarden allows anyone with access to your laptop to see everything by simply clicking the eyeball icons.
Hi @Clark, I can try to explain the logic here:
- Bitwarden and Lastpass do things differently. Just because Lastpass did it one way, it doesn’t mean it is the only way or the best way. I think a lot of your frustration may originate here.
- Bitwarden should NOT be left open and running endlessly on your laptop, PC, or phone. Use the lock feature and master password re-prompt feature to secure your info. Why you would leave your laptop unlocked AND your Bitwarden client unlocked for anyone to browse seems just plain silly to me. Again, maybe Lastpass did this differently, but see my previous point above.
Thank you for explaining the thought process behind how Bitwarden is intended to be used. I will make sure I always log out of Bitwarden before closing my laptop or leaving it unattended.
I see now that perhaps LastPass is for casual users and so they have these extra features in case a computer is left unattended, whereas Bitwarden is for security-conscious savvy Internet users who always log out.
I’ll have to see how this fits into my daily workflow. I think LastPass makes me feel more secure because if I ever forget to log out, they have these extra layers of security.
All this being said, these might be some great features that Bitwarden could steal from LastPass. Learn from the enemy!
As for leaving my laptop open and Bitwarden unlocked, you are correct it would be silly. In the back of my mind I think I’m worried about the possible scenario where someone observes me enter my laptop password, and then swipes my laptop knowing they can now gain access. In this case LastPass will continue to protect my passwords and secure notes from eyeballs even if still logged in. This will give me some time to log into LastPass from another computer and kill all sessions.
Hi @clark - what you might try is setting a vault timeout option so that your Bitwarden vault is automatically locked after 1 or 2 minutes of inactivity. Or you can even set it to immediately lock when you are done using it. Then you can setup a device-specific PIN code or biometrics (if available on your device) to unlock. If it locks immediately, then this would roughly replicate your LastPass experience - you will be required to enter a code or biometrics every time you wanted to access the vault. PIN codes are really handy because you don’t have to type out a long master password each time, nor do you expose the master password to potentially malicious onlookers. Plus, you can still secure any password individually with a requirement to type in your master password before a password or other hidden field is revealed. Hopefully, those options will help! Cheers.