Require master password "re-prompt" for some items

app:browser

#41

Well, technical reasons aside, consider exporting the vault. Even though all logins are decrypted and can be copied one at a time, to copy all logins at once, Bitwarden asks again for the Master Password.

It’s because Bitwarden has decided “This is a sensitive action so the user’s identity must be confirmed again. Copying every password one-by-one? I trust you. Copying every password all together? I cannot trust you!”

But, I’m with you: it doesn’t need to be a pop-up nor does the verification need to be the Master Password. Anything that confirms my identity is A-OK on certain logins and I’d fully support it.


#42

actually, this is also a technical reason… or more accurately a performance one, but I guess it could be partially due to what you said.


#43

I also voted for this feature. Like others have mentioned, I would like another verification step before accessing some of my items, credit card numbers and some extra sensitive passwords.

I migrated over from LastPass the other day and I miss this feature.

I understand that this should be done “properly” and if that makes it so that re-entering the master password is not “proper” enough, then maybe something else. But for me, I am not as worried about hackers as I am worried about regular folks snooping around with a mouse and keyboard.

Just thought I would give my $0.02.


#44

Right with you all.

To clarify, this post has been tagged app:browser, but I would think it would be useful on all platforms. Perhaps not as neccessary on mobile apps, but still a good feature to have when people borrow someone’s phone.

Thus, I think this tag should be app:all instead.


#45

Any update on this issue? I recently switched to BitWarden after comparing for long time but may have to go back to LastPass just because I am missing this badly.

On a side note, BitWarden is awesome and thanks to all the contributors for great work.


#46

There is the option to lock the browser extension (or any app) immediately after leaving it. Wouldn’t that solve your problems? Then you have to enter your masterpassword EVERY TIME you want to view or use your passwords. No chance someone could see your passwords on accident because you forgot to lock your computer.


#47

Unfortunately, that means Bitwarden completely abandons all trust: “I never know who is using this computer, so I will lock every login, even for Netflix, even if a user provided the Master Password 2 seconds ago.”

What this feature request is saying: “I’m usually using this computer, but I might have kids or extended family or even friends who borrow it temporarily. I don’t mind if someone else uses Bitwarden to re-login to Netflix, but that user shouldn’t be allowed to fill in my debit card details.”


#48

any update on this? seems like a lot of interest in this feature


#49

Also, I noticed that while in locked state, it doesn’t prompt to save new passwords. So that means that even if I go for lock immediately, master password for viewing and using existing passwords is ok but I need to unlock it every time I am signing up or logging in a new site (which IMHO is not easy to remember or obvious)


#50

I registered an account just to say, “This is exactly what I’m thinking” :smiley:
I hope this feature will implemented soon!


#51

Similar to others, at least initially I’m not concerned about extra in-memory protection for these. I’m mainly looking for extra protection against end users of the system. I’ll lend the system to friends and family for brief usage that doesn’t make sense to swap out to a complete separate account, and I could walk away. I prefer the option that some require a re-prompt.

As an addendum though, I also strongly like the feature in last-pass to set a period of time that it does not re-prompt for, so for 5-15 minutes I can log into multiple financial sites without re-prompts. Such a feature however wouldn’t be compatible with more advanced options of a separate salt + key for individual sites, but could maybe just have a separate salt for all re-prompt sites, re-entry generates this alternate key, and then optionally keeps it in memory for the “no re-prompt period”?

At minimum though, the end-user protection first would be good, then maybe in future add actual on-system protection against memory attacks?


#52

So I am still using Dashlane and decided to try out Bitwarden for multiple reasons. I don’t understand how re-prompting to access secure notes, credit cards, or passwords in the app is not implemented yet…


#53

I’ve come from Lastpass, and I’m thinking the same.


#54

I’ve just come from Lastpass as well, disappointed to see this is not an option as well.


#55

+1
I’ll be great if you develop this feature.


#56

I have checked this topic many times. Can somebody from the development team please give some feedback? Is the implementation of this feature in development? When will it be released?
Please don’t just let us in the dark. Thank you


#57

It is planned. Not in development at this time.


#58

Just came to Bitwarden from LastPass. I was shocked to discover that such a feature wasn’t already in place. It’s not for protection against serious hackers (because the vault is already decrypted), but I certainly don’t want a coworker or house guest to have access to bank account and other sensitive info just because I walked away from my computer for a few minutes while the vault was unlocked. (They can have my forum logins if they really want those…)