Require master password "re-prompt" for some items

app:browser

#21

because 99.999% of the world is too lazy to create multiple accounts on a computer.

seriously, windows, mac, and Linux all have “guest account” features, so just click “switch user”, select the guest account, and bam, they have a fresh new browser with no history of extensions.


#22

Easy to switch account (existing), but when computer is use for internet radio or music, it’s always shut off this when switching user.
Even if we really use separated windows account, I don’t will close my session every time I left my chair. If I don’t close session and bitwarden is unlock, password are visible.
Alexandre.


#23

If there’s going to be some second layer of defence, like a re-prompt, I would like the option to make it harder than my default option. Because I really care about my critical items, my Bitwarden has a hard password, defending all. That does make it a pain to unlock. A simple PIN to unlock most passwords would be a relief, as long as a hard password would still be required for the critical ones.


#24

You don’t need to end your session.

Windows, Mac, and Linux all have a button on the lock screen that says “switch accounts”. When you click it, another user can login to their account on your computer.

Most OSes have a feature called “auto-lock after x minutes”

If you won’t use the simple security features of your OS, I doubt you will remember to use any features Bitwarden adds.


#25

sometimes I pass my computer to a coworker to use for 2 mins because we’re debugging something, and I may step away for 1 min.

90% of the time I step away, I remember to lock my computer. but those times, it’s OK for my coworker to use some saved passwords while other passwords are more critical.

we may all have use cases which is why we don’t have to vote the same features, but why do you need to say “I doubt you will remember…”
how do you know if someone will remember or not? haha


#26

If you’re debugging something odds are your coworker could easily open the Chrome dev panel and extract your Bitwarden encryption key, or install a keylogger to grab your “extra password”

If the answer is “but I trust my coworker” then why not trust them to not open your private secrets?

If Bitwarden implements this, it must use an extra layer of encryption to be useful to an adversary that knows anything remotely related to development.

LastPass extra protection only protects you from a tech illiterate adversary.

I just made a comment that if you don’t have the security consciousness to lock your OS before letting someone use your computer, (and revoke admin priveleges for their accounts) then two things are likely:

  1. Odds are, given a feature to increase security and decrease convenience, it will not be used if the person has shown reluctance to use similar features on their OS.
  2. Odds are, an adversary with a small amount of skill can circumvent the Bitwarden feature if the user is not using the OS feature.

I understand it “feels secure,” but the problem with adding features that feel secure, but aren’t, is that it creates a false sense of security.

Like I’ve said before, currently, OS user management is much more secure than LastPass extra protection.

If this feature were to be implemented, it would need to add a second layer of encryption from a second password (not your master password) to increase security at all.

Adding such a feature without such encryption should only be done with the explicit goal of making users “feel safe” while explicitly acknowledging that it doesn’t actually make 99.999% of users any more safe, and decreases the safety of any user that decides to stop using other security features of the OS etc. because of the added “sense of security”


#27

it actually does make 99.9999% users more safe. maybe not MUCH more safe as you stated. but majority of the world will not know how to install a keylogger, or extract my Bitwarden encryption key. we’re talking about general public here.

Adding a second prompt even without having a second password for the second layer of encryption would already be safer than the current implementation. but i totally agree with you that adding a second password with the second layer of encryption would definitely be the final solution. can we take steps to be come secure? Probably yes as well.

with security, something is better than nothing, but there will always be something to be more secure than the currently implementation.


#28

Not always.

If build a box for you to store treasure in, you won’t hand the unlocked box to someone you don’t trust.

This issue is saying: make a little box within my box that is unlocked with the same key… but make that lock out of toilet paper.

The example above is obvious to anyone, so everyone would agree it doesn’t increase security, and if it was added, some people who don’t understand how weak toilet paper is will now trust people with their unlocked box which decreases security.

So actually, no, sometimes with security less is more.


#29

I don’t use lock, but only switch. When I switch, music ends.

Yes, my session is not safe, yes, i use a shared account, but into this shared account, i need safety on passwords.
Why it’s so impossible to believe / understand ??


#30

i’m not sure…i think if someone was breaking in, and saw 2 locks, they would’ve tried to break in with someone with only 1 lock instead. its just easier and less time consuming…thus making “something is better than nothing” true. but i’m just speaking on general terms here, of course its not the ideal thing like i said earlier. but in software, its incremental changes, not a complete overhaul changes in things. you need to take risks and access as we go with security, it will NEVER ever be perfect scenario with security


#31

but where the problem comes in is the user.

If the user doesn’t understand that the second lock is useless and only for show, they might leave the first strong lock open (aka let someone use their computer without locking Bitwarden)


#32

Another convert chiming in: you don’t know how useful this feature is until you’ve used it. I promise: some of you against this feature might actually find a use for it.

For me, it mainly ends not only malicious actors, but also mischievous children or practical jokes: “You won’t believe what we bought you on Amazon, mate.” :joy:

For those talking about “well, secure your computer!” The most sensitive items (i.e., cause the most pain in the shortest amount of time) on my system are my financial logins in a password manager. Besides Bitwarden, those logins are stored nowhere. A hacked or stolen laptop won’t glean much of anything…except the logins for my financial accounts if Bitwarden remains logged in and those logins remain decrypted for any individual.

One ethos of good security is triage: we should put more protection on more sensitive items. Allowing a second layer of security on the most sensitive items allows for increased convenience (a pain point for passwords).

//

And in the end, it will be an option and I think a very popular one.


#33

Many websites also use a password re-prompt for particularly destructive tasks, like Twitter when re-naming your handle.

Or, Bitwarden when you want to change your Master password! If we believe Bitwarden should give “complete access” any time an account is logged in, then why does it re-prompt for the Master password when changing it?

Clearly, Bitwarden does believe this action could be dangerous and thus wants every user to re-confirm their identity.

Thus, I believe Bitwarden should extend to users and developers alike the choice to give this same extra protection to items that we really know are also “dangerous”.


#34

I fully agree with ikjadoon. I recently switched back to Lastpass for this very reason only, even though I dislike its UI. It’s not mainly “hackers” that I am afraid of, it is pranksters and mischievous acquaintances who are far from technical masterminds but may be too tempted by the opportunity of having access to my credit cards in clear text with just two quick mouse clicks.

I always lock my computer when I am not near it, but it has happened in the past that I was distracted and forgot to lock it and I think it’s safe to assume that it may happen again sometime.

I am looking forward to be able to switch back to Bitwarden again.


#35

Is there a roadmap or something to know where this feature fits? It has the most feature votes and is one of the most active threads on the community site.

I’m anxiously awaiting for this feature to switch from LastPass.


#36

I can’t find it now, but this would also be effective for another request (I thought I saw) for securing TOTP with a PIN or something.


#37

No roadmap, AFAIK. Actually, ironically, heh, that’s another feature request.

I’m hopeful that its #1 vote rank (140 votes as of Jan 17, 2019) means it’s more likely to be added. I am a Free user (thank you, BW development team, for this amazing password manager, BTW; came from LastPass last week), so I’m not particularly antsy: but it would make me feel much safer once it finally comes.

And, yes: I think most current LastPass users wanting to migrate would be held back by primarily this feature (and perhaps text field account selection).


#38

How is this still not implemented? I would actually pay for this.


#39

I would also pay for this feature. Make it part of the “families” plan and I’ll subscribe in a heartbeat.


#40

Actually, there is a technical reason why master password is needed to change the master password. Not just a security theatre “I want to feel safe without actually increasing security” type situation.

I am not against adding an extra layer of encryption to certain items.

I’m just against that key being the master password of the vault itself, or not adding a layer of encryption and just showing an easily bypassable popup.

I voted for this. I want it too, but I want it done right.