keyguard-app

keyguard-app copied to clipboard

There is a toggle for it in the password edit page, but it doesn't seem to do anything.

Can confirm, it is not implemented yet on the Cipher view page.

Did a basic implementation, for now the loopholes using which you can still access the password are: Autofill (you can freely autofill the item that has extra protected password if a vault is unlocked), Reused password (obviously just click the Warning item and check the password of the other item).

I think that this is good enough for UI-only feature. Any thoughts?

The loophole for autofill doesn't really match Bitwarden's blog on password reprompt and its aims, so I hope you reconsider this. I saw the build date was Sept 1st, so does it mean the changes is already there? I can't really tell...

Meanwhile I was thinking of providing users a way to trust the app they're using autofill on, so I'm gonna open another issue.

I agree, will ask for Authentication when a user clicks on a autofill suggestion that is additionally protected. This is probably gonna come in a separate second update this month.

The build date is not very accurate as it shows the date of internal build. Which is indeed was updated today.

You can email me your email if you want to be added to internal testing group. Must warm you that rarely but sometimes bugs slip in.

Sure, it's [email protected]

I can install it in my second profile to test it out

Sure, it's [email protected]

I can install it in my second profile to test it out

https://play.google.com/apps/internaltest/4699652101333707360

Just found out that Copy OTP secret also misses the additional protection.

I looked for app password reprompt in the Bitwarden community and this came up: https://community.bitwarden.com/t/require-re-prompt-for-entire-item-view-edit-etc/31737/11

“Master Password Reprompt” (MPR) feature needs revision to improve usability and security:

1. Substitute master password re-entry with biometric reauthentication where possible. Major usability improvement.
2. Separate, optional, short timeout for reauthentication, include options of 30 seconds, 1 min, 5 mins, 15 mins, 30 mins, 1 hour, 2 hours, 5 hours, etc. Usability improvement.
3. Protection of all fields, not just obscured fields. Security improvement.
4. Optional: Do not reauthenticate if user has just logged in. Usability improvement over LastPass’s implementation.

Rename feature to “Reauthenticate”, since it will no longer always reprompt for master password.

Initial implementation of reprompt fulfilled users’ requests, but the above features are necessary to round out the implementation, making it more usable and more secure.

(image source: https://community.bitwarden.com/uploads/default/original/2X/4/48d085122c790e6e12c13b124d3e6e63ad5bce78.png)

We already implemented some of them: biometric protection (1) and skipping the process for newly-logged-in users (4).

I think we should hide all fields (3) when an item is protected, and reduce the step needed for an action after choosing to edit or copy a field by doing it as soon as the item is unlocked. (2) would overlap the option of locking after a delay, so we can just use that instead.

Edit1: Fine grained protection rules for fields is a discussion in #7

@danielphan2003 hmm, does the app not ask you to reauthenticate after you just unlocked the vault? Or do you mean that it only asks once and then unlocks a cipher when you viewed something protected?

I think we should hide all fields (3) when an item is protected, and reduce the step needed for an action after choosing to edit or copy a field by doing it as soon as the item is unlocked.

I disagree (3). This is what gives a user a control over what fields should be protected. Luckily in Keyguard you can just easily change the type of the field to the obscured one.

Instead, we should protect more non-custom fields, such as notes and files (which we currently don't).

(2, 4) I think having this defeats the purpose of additionally protecting the item. You should be able to unlock a device, open something and give it to your "friend" and not worry that he will quickly copy your master password of a Bitwarden login.

@danielphan2003 hmm, does the app not ask you to reauthenticate after you just unlocked the vault? Or do you mean that it only asks once and then unlocks a cipher when you viewed something protected?

I noticed that on autofill, if the vault is locked and you unlock it, you can use the item without reauthentication.

@danielphan2003 hmm, does the app not ask you to reauthenticate after you just unlocked the vault? Or do you mean that it only asks once and then unlocks a cipher when you viewed something protected?

I noticed that on autofill, if the vault is locked and you unlock it, you can use the item without reauthentication.

AH, that's because on I haven't implemented the check on Autofill side yet :smile:

I think we should hide all fields (3) when an item is protected, and reduce the step needed for an action after choosing to edit or copy a field by doing it as soon as the item is unlocked.

I disagree (3). This is what gives a user a control over what fields should be protected. Luckily in Keyguard you can just easily change the type of the field to the obscured one.

Instead, we should protect more non-custom fields, such as notes and files (which we currently don't).

Yeah protecting notes and files should be a thing and I don't know why Bitwarden haven't done it yet.

(2, 4) I think having this defeats the purpose of additionally protecting the item. You should be able to unlock a device, open something and give it to your "friend" and not worry that he will quickly copy your master password of a Bitwarden login.

I didn't really think this through because I thought you were doing the same thing with autofill 😅

Yeah protecting notes and files should be a thing and I don't know why Bitwarden haven't done it yet.

I think that Bitwarden didn't intent it to be a security feature, so they didn't spend much time designing it. While we will do a bit better, I agree that this is not a feature that you should rely on. You should never give another person that you don't trust the access to your vault. If an attacker really wants your data and is close nearby he will just wrench you till you give up your master password.

Speaking about giving your phone to a friend so he copies a password, maybe it will makes sense to implement another feature similar to Large Type that will work like this: locks the vault -> opens another screen that has the data shown.

In the build that will be in internal testing in 30m the following things were added:

• a data will be copied (etc) immediately after you confirm your access;
• note is secured;
• files are secured;
• if you turn off Conceal fields in the settings, that does not apply to Extra protected items.

What is left to do:

• ask for vault password again on autofill (if it's unlocked already);
• tweak a list view so it doesn't contain a note if it's extra protected.

The loopholes that are up to be discussed

• search (you can bruteforce the extra protected password by searching it)
• watchtower.

There are a list of autofill items that you can use on the keyboard after unlock. For extra protected items shown there, can Keyguard also confirm my access outside the vault, without having to open it?

There are a list of autofill items that you can use on the keyboard after unlock. For extra protected items shown there, can Keyguard also confirm my access outside the vault, without having to open it?

It will be able to. But it does not today :)