✅ Require master password "re-prompt" for some items

@Stephanie_Foldy: Just look at the post right before yours:

2 Likes

Amazing! Thank you very much!

Hi @tgreer

Thanks for the update. Is there any plan to bring this feature to mobile and other platforms?

Not exactly what you are talking about, but is kinda related: what about the possibility to have a second master password, with a second encryption key, prompted every time, to protect some items?
It would be great for have an higher level of security for very important passwords and notes.

@mnjm this will apply to all platforms :slight_smile:

3 Likes

Can’t wait to see this feature! +1

Hello! I’m new to the forums but I’ve been using Bitwarden for quite some time now, self-hosted and currently on bitwarden.com. I’m a super happy user! :heart:

Recently I’ve been dealing with some very sensitive data and I need a very secure place to store private keys for ssh and crypto. Currently I have a couple groups with secure notes in them and I can happily put things there, but I don’t feel its as safe as it should be.

When I unlock my Bitwarden, all my items are decrypted and probably available in the memory. However, these sensitive items in these groups don’t need to be decrypted and I’d rather manually type in a second password to access them. When I’m done, I want to immediately clean up my computers memory for that data.

These OpenSSL commands let you encrypt and decrypt strings as base64 with the same algorithms as Bitwarden does (i think, ref: Encryption | Bitwarden Help & Support):

echo -n "Bitwarden is awesome!" | openssl enc -e -aes-256-cbc -pbkdf2 -iter 100000 -a
# password: test
echo "U2FsdGVkX1/XP3td8nLWj/k5Slo2bLAaQhRar7JeKbOcQ8Bv4gFL+kpVQmJrHHI2" | openssl base64 -d | openssl enc -d -aes-256-cbc -pbkdf2 -iter 100000

Maybe I’m just super paranoid but this second layer of security for extremely sensitive data gives me a good feeling that my data is safe.

I need this urgently so I’m probably going to create a Chrome extension that does this for me with the OpenSSL commands above and store the base64 string in a secure note. I’ll post more down below when I’m a step further.

Thank you,
Maki

This feature request already exist:

1 Like

I’m not sure if @Maki was talking about a re-prompt of the same master password, but a second password, with a different encryption key.

I created a Chrome extension today and It does exactly what I want.
I recommend watching the video to get an idea of how it works.

NOTE: THIS IS NOT AN OFFICIAL BITWARDEN PRODUCT

I just made this for myself and as a proof of concept to show you all. :heart:

I will not be distributing any builds because its a big privacy concern.

5 Likes

While automatically locking the vault after a certain period of time offers relatively good security, I find myself using a longer timeout in order to prevent having to enter my master password every time I need access to a password. The problem is that, once the vault is unlocked, all passwords are accessible and I feel this can be improved upon.

What if instead, you could configure how securely a password should be stored? Whether you need to enter your master password again in order to access that particular password?

@99linesofcode this is coming next release :sunglasses:

9 Likes

That’s great news. I did a quick search but apparently didn’t use the right terms so missed that thread!

That’s great news! Is there an estimate on when the next release will be released?

Within the next month or so. Some other features like Admin password reset will go along with it, so it’s a larger effort for the overall release.

1 Like

@tgreer
New user here coming from Lastpass. Very impressed so far with what I have seen. It is not very often I find that a feature I am missing deeply from an application is scheduled to be released when I have just started using it. I have been really lucky as I see that this post has been going for 2 years.

Thank you for finally listening to your users. My utter respect!

4 Likes

Just letting people know that this was released yesterday!

https://bitwarden.com/help/article/releasenotes/#2021-06-29

2 Likes

The clients will be available soon.

Mobile will come shortly after the desktop/browser/CLI - almost there!!

3 Likes

As far i I understood there are no options to enable it by default for all items and forget. Right?

If so, I think it doesn’t solve the problem for paranoid people that would like to enable it and forget and be sure that anything can be viewed only with password reprompt

Hopefully those folks who need everything reprompted will just make sure their vault is locked automatically :slight_smile:

But! - there is now a reprompt property in both the CSV and JSON import/export formats, just in case you need to import with repompt already enabled :+1:

2 Likes