Bitwarden
Vault credential protection #7364
Closed
libre-max
started this conversation in
Password Manager
Replies: 2 comments 1 reply
-
|
Hey @libre-max is this a feature request or code that you would like to contribute to the Bitwarden codebase? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
A feature request, because I am not a dev |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks for confirmation! Can you repost in the feature request section of the forums? Closing this one out for now, as this area is for proposing and working on code contributions to the Bitwarden codebase. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Code Contribution Proposal
Each time Bitwarden is unlocked with the master password, the full database is exposed to any malicious software running on the PC.
To reduce this type of attacks, I would propose that "Master password" unlocks partially the database to get access of name, login and URL of vaults entries (with integrity protection to detect phishing site)
Then, each time, a credential (password, passkey, OTP) is exposed outside of the vault to fill an authentication form, a second action is required to fully unlock the vault item : either with a PIN or security key push button, or NFC contact.
That is my view to reduce credentials leak .... (more secure than timeout inactivity expiration)
Thanks in advance for the discussion on this topic
Beta Was this translation helpful? Give feedback.
All reactions