Secure notes

Feature name

more ‘secure’ secure notes

Feature function

currently ‘secure notes’ are visible just by clicking on them in the vault, even if ‘require master password’ is checked. This seems like a major vulnerability for if you have say your cryypto wallet passphrases in there for example and anyone can see it if your vault is unlocked without even needing to re-authenticate. Please modify this so the specific notes marked as requiring reauth are not visible at all until the user puts the master pass back in to display them.

Also your warning on notes was a little concerning as well, maybe on notes that have that flag set, dont even decrypt them until the user reauths and then clear it from memory after so there arent alternative ways to easily spy on them.

thanks for your consideration!
dave

A post was merged into an existing topic: :spiral_calendar: Require Re-prompt for entire item (view, edit, etc.)