I was shocked when I realized that the Master password re-prompt feature actually only protects the password field but no other field. And I was also shocked that I don’t need my security key when trying to access an item, which has the Master password re-prompt feature enabled.
I personally fear the scenario of a trojan including keylogging and screen stealing the most. In this particular scenario I have to assume that the attacker will get access to my master password. So the additional layer of security of having the Master password re-prompt feature enabled is not a real layer of security. It is useless without also having to use the second factor (e.g. my security key). Critical and sensitive information (e.g. the backup codes to reset the security keys on some gmail account and similar) will only be protected by the presumably already exposed master password.
To sum it up:
- Please implement the Master password re-prompt feature in a proper way (thus protecting all of the information of an item, not only the password - maybe except for the login-name so that the item can still be listed within the list of items so that you know that a login exists for a given page).
- Please backup the insecure master password (assuming: trojan/keylogger scenario…) with the additional request of having to touch the 2FA security key for all critical events (e.g. exporting the database; trying to open an item with an enabled Master password re-prompt feature and similar.).
Or any other session hijacking issues, especially with today’s current work from home environments.
VOTED! I agree, there should be a global or individual-item option to re-prompt the user before they can auto-fill / view / edit / export, and also to change any setting in the extension/app. The re-prompt option should allow the user to choose one of the following re-prompt options, and the setting should be available either globally or for individual items:
- None (no re-prompt)
- Master password
- Security key (most important option because if the device is remotely compromised then the attacker will not be able auto-fill / view / edit / export passwords because they won’t have physical access to the security key).
Concerning master password reprompt in general, what happens to it if/when your emergency contact is granted “view” access after your demise? With view-only access, the emergency contact cannot change the master password. So does it mean he cannot access the items that require master password reprompt? Or can he?
To answer my own question: I just tested this and the emergency contact with “view-only” rights is not requested to enter the master password and is able to view the item in plain text.
Bitwarden has the function that the master password can be prompted when opening items. It would be useful if you could also set the items to prompt for the 2FA code. This would increase the security of the items much more, if the device is hijacked and the web vault is unlocked, it only takes a keylogger to get the master password and then even these items are no longer secure. It would be much safer to prompt for the 2FA code here.
Microsoft has the same system with the Personal Vault in OneDrive. If you want to unlock it to access your stored data, you need the 2FA code. Might be worth considering adding an option for 2FA in the items as well.
Hey @sinned97, this enhancement will be included in an upcoming release where the whole vault item will be protected by the re-prompt
At the moment, all “Master password re-prompt” does for Secure Notes is ask me for a password when I want to edit it. Since there is no password, this feature doesn’t actually protect any content.
I propose making this feature actually lock the note text itself. (Yes, I understand that this is a UI protection rather than an extra layer of crypto, but this would protect me against an attacker who happens upon my desk while I’m answering the door).
The “Master password re-prompt” feature should lock different item types differently:
- Logins: passwords
- Cards: numbers and security codes
- Identities: license number, passport number, social security number
- Secure Note: notes (maybe show the size when locked?)
This is related to Master password re-prompt on specified sub-fields, which would allow locking specific fields. That would be as simple as adding a lock icon by every item when in edit mode, respecting the defaults as outlined above. If you implement that feature, I’d suggest that custom items in Secure Notes should default to being locked when the note is locked. This isn’t part of my standalone request because it can’t be changed without this linked request.
Yes, 100% we need this. I was confused because I could still see my secure notes without the master password reprompt. Makes the feature completely useless.
I would really like this feature. Honestly, I thought it was a bug how it works now. The secure note can be easily read even with the re-prompt.
I hit this in the desktop app for Linux:
Interestingly, this seems to work as intended in the web app.
I was also very confused, completely agree with the others.
The note part on a secure note should act the same as a password on a login item (imho). It should be hidden by default, with a button to make it visible. When selecting the master password prompt option it should show only after entering your password. Again, just like a login item.
Completely agree, this feature is broken the point of a password reprompt should be to prevent data disclosure, not to prevent content modification!
So as a workaround for this, Secure Notes also supports hidden Custom Fields. With master password re-prompt enabled on the secure note, the note name, notes, and custom field name are all searchable, but for obvious reasons the hidden field data is not searchable. To view the hidden field data you are re-prompted for the master password as intended.
This comes with the drawback the currently custom fields are limited to 5000 characters, whereas notes support up to a max 10,000 character limit after encryption.
Of course anything larger can also use file attachments with a premium subscription which will also require master password re-prompt for those selected secure notes.
Another good option here would be to simply have the ability to hide a notes section either per entry as, or with master password re-prompt, or possibly a global setting if chosen, as Notes section is available for all item types currently with Notes, logins, cards, and identities.
The notes that are secured with master password re-prompt or protected with a separate password / 2-step auth. Before that it is hidden and not accessible even the vault is open with master password.
What will this feature do differently?
Currently, when the vault is open all secure notes such as recovery phrases etc are available to be copied, but it is compromising security as it is very sensitive information and it should not be in open even we opened the vault to copy some website password.
What benefits will this feature bring?
It will allow us to store recovery phrases on Bitwarden app.
Notes with password prompt should not be visible, even when vault is unlocked
Nice workaround but one of the downsides is that you can’t use lines to format the note. It is basically one long giant line which is pretty annoying. If they have support for custom hidden fields I really don’t see why they don’t prompt for the master password before showing the whole note. It doesn’t make any sense.
Hey everyone, the Master Password Re-prompt functionality is being revamped to cover the whole vault item, rather than just password fields