Hi, I used Email and master password to login. I never use passkey or login with device.
Do you mean this is not intended (secure notes can be viewed)? I thought this was the current behavior since the thread was talking about it.
Well, it seems that this feature request has already been (at least partially) implemented, as you experienced yourself in the browser extension. Perhaps the mobile implementation is lagging behind, but if you are able to edit items that have master password reprompt enabled, or if you are able to view hidden fields (e.g., password fields) in such items, then there is a bug.
1 Like
Thanks for the clarification. The reprompt is working fine for me when editing item and viewing hidden fields.
2 Likes
I trust that bitwarden is able to keep my notes secure, so I use it to store my recovery keys for services I’ve enabled 2fa on, and I tick “Re-prompt master password” in order to make sure these keys are protected.
However, when I use the ctrl+shift+L hotkey to autofill a login, the screen that pops up prompting me to re-enter my master password shows my backup keys clear as day, completely defeating the point of re-prompting
@CodingCatAero I think you are referring to this effect for a login item and the browser extension:
?!
(PS: I stretched the extension window beyond the default for the screenshot.)
Yes, you are correct. I’ll post an example of what it looks like for me
1 Like
This is with the default extension window size, no stretching required.
Although this is off topic for this issue, in regards to the re-prompt master password popup, I find that it stops me from continuing to press ctrl + shift + L to cycle through logins if you press ‘cancel’ (Pressing esc works fine). When I enter the master password in again and press the above hotkey, it just asks for the master password again.
Instead of using the Notes field to store the recovery key, create a custom field of type “hidden” and store it there. Hidden fields are protected by master password reprompt; Text fields are not.
Also, do be aware that reprompt is basically security theater in that it only protects the display of the vault entry; it is not an additional layer of encryption.
1 Like
I want those numbers [SSN, ID, Passport] to be protected with password re-prompt. Can’t do that because they’re not hidden fields. For now, my workaround is to make custom hidden fields and use those instead, but it would be nice if they’re hidden by default.
Also it’s kinda inconsistent that card numbers and CCV codes are hidden but ID numbers aren’t.
@Damariobros I moved your post into the existing feature request to the same topic.
(you may want to add the “key words” from your title "In “Identity” type vault items, make SSN, Passport, and License entries hidden fields" to your post now…)
What version of the extension are you using here? When I protect an item with master password reprompt, the whole item is protected - I can’t view the item without being prompted first, so it never displays the master password confirmation over top of the item details.
@Micah_Edelblut As I reproduced this 7 days ago myself, this was on extension version 2025.5.0 (on Vivaldi) for me. - I just tried it again now and can confirm, that this seems to have changed with extension version 2025.5.1 (the “View Login” doesn’t open now in the background as it happened 7 days ago…).
1 Like
Understandable. I think we introduced this behavior (protecting the entire item) with the UI refresh, but this would take time to propagate across clients and to self-hosted environments. The work is ongoing for the mobile apps (Android PR here).
2 Likes
I really love this solution! I would enjoy granular controls, and lock icons seem an elegant solution. Also these defaults seem reasonable, I like it. Perhaps there could be three radio bubbles where you choose between Off, Granular Protection, or Full Protection.
Granular Protection would reveal the lock icon buttons, which are set to those defaults, and Full Protection would lock the entire vault item, and require authentication to view the item in the first place.
Maybe there can be a little (i) button to explain the difference.
If a field isn’t hidden otherwise (like a username), then locking that field could change it to a hidden field, so that it can require authentication to reveal it.
In Granular Protection, autofilling would still require authentication, unless you disable protection for ALL autofillable fields and then tick a checkbox that says “Allow autofill without authentication.”
In either granular or full, edit protection should be forced on.
There should be an option for notes that allows the user to master password protect any notes you want to keep secret. I know LastPass had this.
This would be nice for credentials too. For certain credentials, relying on a PIN code (or even leaving the device unlocked) may be unsuitable such as bank credentials, but at the same time having the convenience of lower security access on the device for other passwords is handy.
The option of a password reprompt for Secure Notes would certainly make them more secure.
+1 for this as a user thinking of switching from dashlane premium to bitwarden premium.
Would be nice for things that are sensitive but dont necessarily fit into exising types of things to keep in the vault like two factor backup codes
I’m not convinced this is true.
The only situation where this would increase security is if you never lock your vault on a personal computer (which you should do).
If someone gets hold of your password, it doesn’t matter how many times they have to enter it, they will always be able to access your information
This is important, in the case where you haven’t locked your computer, and someone can then view all your secure notes.
There should be an option (just like there is with password records) to require a password reprompt when viewing certain notes.
1 Like