Require Re-prompt for entire item (view, edit, etc.)

Okay, so it’s still secure equally to all other fields (encryption and unlocking vault initially). It’s just that if the field has sensitive information, the expectation of posters is that it remain unviewable until the re-prompt has been entered. But, BW’s design is scoped to preventing editing, pw copying, auto-fill; viewing is still permitted. My memory is that LastPass may have also blocked viewing until you entered a re-prompt. I can see how posters would logically assume it should be unviewable. Thanks.

A difference to Lastpass is that Bitwarden has “hidden” field in notes. Lastpass has only one text field and in order to hide it you have to enable Master password re-prompt. In Bitwarden, when you have Master password re-prompt enabled, you need to provide password when viewing hidden fields while other type fields can be seen all time.

I don’t know should whole note be hidden or not, after finding this feature I didn’t anymore miss much lastpass-like functionality.

(I more miss the feature to set reathentication timeout so that I don’t need to be typing master password all the time.)

There is a feature request for that!

Yes, this seems like an oversight and I support work on this to make sure “view item” is also a protected item.

This behaviour is also present for password items that require re-prompt, and you can view secure notes and other custom fields without re-entering the master password.

Just of note, currently the Hidden Custom Field type does require the Master Password Re-prompt for view or copy, similar to the password for an item.

Though as described a rework of this feature that should resolve this request is currently projected on the roadmap.
So looks like many things planned to come :slight_smile:

Thanks, Kent! I’ll take a look!

It’s around 21 months since Master Password Reprompt was implemented and coming up to 2 years since I moved from LastPass. Really appreciate the fast tracking of the initial Master Password Reprompt implementation, not so much the feature oversights and the long wait to get them addressed.

With 422 votes as at 28-Mar-2023, I can’t believe that Vault Item Labels (tags), currently in implementation, is the most important thing to be done. Besides security patches, surely Require Re-prompt for entire item (view, edit, etc.) (93 votes) and Adding Biometric/PIN authentication with Master password re-prompt (73 votes) are the most important things on the list. It makes me question the voting system.

The three top vote-getting feature requests that are not yet implemented have over 600 votes each, so while the two requests you have called out may be the “most important” to you, these are not necessarily the most important features to other users. In any case, the voting results are not binding to Bitwarden — they will use these data as one factor among other considerations when developing the roadmap.

Is there any simple way to encrypt/decrypt notes with base64 so that I can copy and paste it in the bitwarden secured notes, till this feature is implemented?

One-way I know if to use the OneNote password protected section and save the notes there. I am looking for something simpler than this.

@jojobar Welcome to the forum!

Here is a Base64 encoder/decoder that you can use:

I’m not sure I’d trust a site like that with sensitive data… (though works otherwise)

How about this one (can be downloaded and run locally):

https://www.glezen.org/Base64Decoder.html

That one looks ok - can’t see anything dodgy in the source code (and yes, best to download it)

1 Like

I can’t believe that the team considers users’ votes in deciding when to fix this SECURITY VULNERABILITY (the ability to see the notes for a critical account that I’ve flagged for re-prompt). Security vulnerabilities should be prioritized separately and fixed in the NEXT patch.

I provide tech guidance to a large group of family and friends that are waiting on my go-ahead to switch from LastPass to Bitwarden. That’ll happen when this vulnerability is fixed AND biometrics is made to work with re-prompt (there’s little point in having biometrics if I have to constantly type my crazy-long master password).

Can we please get a best guess of when the fix will be implemented?

1 Like

Agreed, security vulnerabilities should trump everything else.

Looking at the items in-progress or planned, nothing else is a security vulnerability. So it’s not a question of opinion.

This is only a security vulnerability if you allow other people to observe you while you are using Bitwarden (which by itself creates “security vulnerabilities” beyond the ability to read your notes), or worse, if you allow other people to use your device while Bitwarden is unlocked (which violates fundamental opsec principles and puts you at risk of getting your vault compromised, whether this feature request has been implemented or not).

And you can always put your super-secret notes into custom hidden fields instead of in the Notes field, which will make them not be viewable if the reprompt option is enabled.

Thanks @grb for your suggestion to use custom hidden field. That helps, however hidden field does not support multi-line text. “Secure note” type may have been chosen by user especially because it allows to save free-form (multi-line) text rather than individual values. Therefore, I think protecting the actual secure note is still required.

I would think protecting all information rather than having special hidden field makes more sense from user’s perspective. I may be wrong of course, and I am aware the team must first weigh possible other user expectations.

It is not productive to argue about whether this is or not security vulnerability per se. In ideal word no one would observe user while working with secrets, but in reality, it’s perfectly common that it will be seen. Passwords are not shown in plain sight by default for a reason for example. For same reason, this feature is important.

Lastly, while I understand there may be more important or wanted feature requests and issues to address, this may be always the case and I think people are starting to lose hope that this will be ever addressed. Addressing in priority order is important, but I think it would be useful to also weigh the low complexity of the change. As a software developer myself I am aware that features may not be as simple to plan and implement as it looks to users - but this issue really looks like low hanging fruit. I was happy to see @bw-admin 's message of the team actively working on this, but this was almost one year ago, and I cannot comprehend why this still has not progressed.

I love Bitwarden and I use its full potential on daily basis on all my devices. However, I cannot get rid of a bitter feeling of Bitwarden not listening to their users - ignoring simple request to fix the issue (it is highly questionable this should be classified as feature request, despite dismissing it as “works as requested”), downplaying user’s reasons of its importance and dragging this for years, maybe forever.

I agree that this makes sense, and my understanding is that there are plans to modify the functionality along these lines.

My point of disagreement is that this missing feature would represent some kind of critical, all-hands-on-deck CVE — or even that it is the most pressing of the submitted community request.

Furthermore, to provide additional context, my understanding is that in the past few years, the highest priority for Bitwarden developers has been to get the password manager ready for Manifest V3 (and deprecation of V2), which seems like it may require a complete redesign of much of the code-base from the ground up. Thus, there may not be a lot of developer time available to devote to new feature requests.

Any news on this? I just registered to the community to be able to vote on it.

Frankly, I find it totally mind-boggling, that in a project driven by very intelligent and security aware people someone really decided: “Well, let’s build in a double master password prompt. And then make the highly, double-secured private notice still readably for anyone with access to the device. It’s a feature.”
I mean, this should be an absolute core behavior, and a no-brainer.

From the usage standpoint, I am sure many people will store highly sensitive data in the “supposed to be secure” notes, since for many things the “Login” etc. feature is not suitable, formatting-wise.

If there are any people who really think having secure notes, but freely browsable, even with double prompt, is a good idea, why not use the feature in a more logical way:

Idea one:
No double master PW Prompt = Secure notes can be viewed while browsing in the password safe
Yes double prompt = The notes are actually secure, and you can only see them via double PM prompt.
(There will be a reason why someone checked that box…)

Other, a bit more convoluted, solutions could be:
Have
“Notes” and “Secure Notes” that deserve the name. So anyone can have them as fit.

or

Maybe an option / tic box that needs to be set in the settings, secured by double opt-in, how to treat notes in that case. Something like “Make notes browsable”.

PS: Did not mean to attack someone, but I did not expect this. To be honest, I just fully migrated from Lastpass to Bitwarden because of the security issues, and was shocked to discover how this is handled. And wonder if I am really a minority here.

2 Likes

I quite like all of your ideas. The “notes” and “secure notes” idea in particular seems like a great implementation. I really do not want my secure notes to be viewable or copyable if I tick the master password re-prompt button. Same goes for passwords for logins; I don’t want them to viewable or copyable if the master password re-prompt box has been ticked.