🗓 Require Re-prompt for entire item (view, edit, etc.)

Feature name

more ‘secure’ secure notes

Feature function

currently ‘secure notes’ are visible just by clicking on them in the vault, even if ‘require master password’ is checked. This seems like a major vulnerability for if you have say your cryypto wallet passphrases in there for example and anyone can see it if your vault is unlocked without even needing to re-authenticate. Please modify this so the specific notes marked as requiring reauth are not visible at all until the user puts the master pass back in to display them.

Also your warning on notes was a little concerning as well, maybe on notes that have that flag set, dont even decrypt them until the user reauths and then clear it from memory after so there arent alternative ways to easily spy on them.

thanks for your consideration!
dave

No apparent progress on reauthentication for over a year. Personally I’m nearly ready to move back to Lastpass after typing in my master password a million times a day for the last year. Reauthentication needs to be biometric with its own timeout.

Hey @Caign thanks for checking in, the team is actively working on this one :+1:

3 Likes

Really good news. Thank you @dwbit for the update.