✅ Require master password "re-prompt" for some items

Hm, I guessed the purpose of this feature was just for the paranoid people that they want to enable a setting one time and forgot forever, being sure none can see their password when the device is left alone.
I understood you are saying that you still have to make sure your vault is locked everytime. So if I have to make sure my vault is closed, then I don’t need the re prompt.

I instead always liked this function in LastPass because you enable it only for the first time, and then you don’t have to make sure of anything anymore and avoid headaches and stress and leave your devices unattended peacefully.
I think most people here intended it this way

I understand that this is a nice feature, but after upgrading my Bitwarden client on Windows, Bitwarden is prompting on each and every password I request from Bitwarden. Why is it the default after an upgrade? Can it be disabled somehow for all items? Changing the settings for each item manually isn’t an option because of the number of passwords we have stored.

I would have expected now to go in settings and find the checkbox “always request master password re-prompt” so that I would have been relaxed even leaving the device unattended. But It seems like it’s only an object setting. Also it seems it gets auto-removed when editing objects.

So you still can’t live relaxed, because you still obsessed that you may have missed the check on some objects. I like LastPass approach because you enable it one time, and you live relaxed forever.

I am misunderstanding something? Unfortunately I followed this thread from months and waiting for it to switch to bitwarden, but I don’t think i will, because that feature actually is still missing as requested. Nothing against you, I like your job and you make your choices. I was just explaining my point of view :v:

I can totally understand your perspective, and appreciate the feedback.

The re-prompt feature isn’t 100% rolled out yet - it was released only the server-side. If you edit an item on a client that isn’t updated, the ‘reprompt’ flag will be removed. Once all the clients have been updated, your ‘reprompt’ setting will remain until you remove it manually.

[Edit- typo]

4 Likes

Hi I’m getting the re-prompt on every single password for every site. My master password is intentionally huge and difficult to type, this flies in the face of the whole point of a password manager for me. Is this an intentional change?

@iamaelephant The reprompt is only supposed to apply to the items you’ve enabled it on specifically, and is off by default.

@tgreer - I am getting the same results as @iamaelephant. I only checked the box yesterday for 3 items and today everything has the box checked. I should include this only appears to be happening within the Chrome extension.

Edit: Not sure what happened but looks like the extension has been fixed.

We’re looking into it!

I think it’s a usefull feature, but it would be more even more powerfull (and user friendly) if you could use Windows Hello to unlock the re-prompt as well instead of the master password.

@Joshua - thank you for the feedback!

@Drazilla @iamaelephant - we’ve found the issue, and a ‘full sync’ will fix it, but we’re also putting a patch in to help prevent it in the future :+1:

1 Like

That’s good to hear… how do I do a full sync?
Edit - I found it, click Bitwarden icon → Settings (at the bottom) → Sync → Sync vault now

This seems to have resolved the issue - thank you!

1 Like

Any plan on having an option to enable this for all items (and having it enabled by default)?

is it a bug, or by design that all entries including secure notes are readable even though you tick the re-prompt masterpass box? It’s just the editing part that is secured.

1 Like

It’s as intended. Any password or hidden field will require re-prompt :+1:

1 Like

Just started using this feature and noticed that the prompt only appears if I fill credential fields using the Bitwarden extension icon, and not if I use the autofill hotkey or the context menu upon right-clicking in the input field. The password doesn’t fill for these cases, but I would think it should prompt if those fill actions are used and then fill. Are there plans to have the prompt appear when using these actions as well?

I don’t understand the logic, isn’t secure notes supposed to be secure? Is it because of a limitation of the browser extension system? Because from the web vault i can’t view entrys with masterpass re-prompt, unless i enter the pass.
Seems better to just lock the whole entry, there might be secret stuff in other fields aswell, like the notes field.

1 Like

That’s not how works for me, autofill or manual fill with ctrl+shift+L does not work, neither does the context menu, for re-prompt enabled items, i use firefox/windows.

As noted by others, one of the primary use cases for this feature is secure notes, where I don’t want anything to be visible until reprompt. A full no-viewing-anything-at-all mode should be available even for regular logins that might have 2FA recovery codes in their notes, for example. Frankly, I’m not sure what the use case is at all for keeping everything visible except passwords and hidden fields.

I’d also like to suggest this feature be renamed “Authentication re-prompt” and support unlocking via biometrics on platforms where that’s possible. I just want to ensure no one can view certain incredibly sensitive things if I accidentally leave my computer or phone unlocked, and a fingerprint is sufficient proof that it’s actually me behind the wheel.

3 Likes

Good feedback @blackwind.

I’m closing this thread as the MVP of this feature is complete. If there are missing functions/changes that are requested, we can use separate specific requests, like this one, for instance:

2 Likes