Master Password Re-prompt Timeout for sites with credentials split on multiple pages

If we unlock an item with a master password re-prompt, leave the vault unlocked for [30, 60, 90 120] seconds

Feature function

Problem
Some bank sites ask for credentials on two pages, e.g., username on the first page and password on second page. If that bank URL has a master password re-prompt, I need to unlock that item on each page separately.

For example, chase.com has a user + pass with a master password re-prompt. Currently,

  1. Click auto-fill and enter master password.
  2. The first URL only accepts a user name.
  3. Click “Next” to move to the next page.
  4. Click auto-fill and enter master password again.
  5. The second URL only accepts a password.

This issue also occurs with a common bug in credit / debit card entry, where Bitwarden can sometimes requires 2x or 3x auto-fills (on the same URL) to fill all fields (e.g., credit number first time, expiration date second time, and CCV on the third time).

Other times, we need to login into multiple sensitive (i.e., master password re-prompt protected) in a short amount of time, say like two bank accounts to start a transfer. Thus, all re-prompt items should be unlocked and not require a re-prompt in that time.

Solution
It would be helpful if Bitwarden could add global timeout setting that makes the vault with a master password re-prompt have a 30-second (or configurable) window where the vault remains unlocked after being successfully unlocked. Then, you would only need to enter the master password once (unless it takes you longer than 30 seconds to reach the second URL).

It’s not a major issue, though I believe it is a helpful tweak borrowed from LastPass.

Related topics + references

This request is a follow up to the now successfully-implemented Master Password Re-Prompt request.

I’d also like a feature like this. I opened a request here for a broader option that would leave all password-locked items unlocked for a configurable period after the master password is entered.

1 Like

That’s a great improvement. Could we merge these two requests? Either mine into yours or yours into mine? That way, hopefully, we can combine votes.

How does one merge requests? Mine doesn’t have any votes so far, so it would make sense to emrge into yours.

1 Like

When using logins set to require reentering the master password, I sometimes have to enter my password repeatedly in a very short span of time. The most common case for me is unlocking my vault specifically to use a password-locked login. It’s also an issue if logging into multiple accounts and for sites with separate username and password screens.

If the user proves their identity once, there is little point in immediately asking a second time. I think the clear solution is a setting, similar to vault timeout, that would skip master password confirmations within a configurable time range since the password was last entered. (Unless the vault is locked, of course.) The time range would need much smaller initial increments than for vault timeout.

I saw a mention in another thread of other methods of confirmation, so a corresponding option for each would make sense. “After confirming identity via [password/biometrics/etc], do not require confirmation with that method for [time].”

Related topics + references

This would be a broader version of this request.

1 Like

Ah, I actually did not know how either, but the mods have done it. I’ve given a hopefully-improved OP post that combines both of our issues.

I’m also happy to copy your text fully, especially if I’ve missed something helpful.

1 Like