'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
What is the Bitwarden Master Password re-prompt and how do you enable it?
With the password re-prompt option enabled, any time anyone (including yourself) wants to view a password, that person has to type your vault master password a second time.
When it comes to passwords and online security in general, I tend to go a bit overboard. Why? Because I've watched as so many people get their accounts hacked or their identities stolen and it's no fun to see your friends and family struggle through such an ordeal.
To that end, I strive to add every layer of security I can. One very simple layer I take advantage of lies within the Bitwarden password manager. This open-source tool has quite a good number of features that not only make Bitwarden more useful but also more secure.
One such feature is the password re-prompt.
Also: The best password managers of 2023
Let me explain this feature by way of a scenario.
You've unlocked your Bitwarden vault and opened an item. You copy the password and then paste it into a login prompt. You then step away from your desk for a moment, forgetting to either close or lock Bitwarden. Some nefarious ne'er-do-well sidles up to your desk, sees Bitwarden open, clicks the eye icon to view your password, writes it down, and walks off. That person can now log into whatever account you have visible in Bitwarden.
You don't want that.
Now, if that vault entry had the password prompt option enabled, when the scoundrel clicked the eye icon to view the password, they'd be prompted to type your Bitwarden master password before the password in question was revealed.
To sum it up, with the password re-prompt option enabled, any time anyone (including yourself) wanted to view a password, that person would have to type your vault master password a second time.
Yes, it's yet another step to access that password, but that added layer of security can keep your accounts from being accessed by anyone but you.
Also: How to use Bitwarden Send (and when you should)
The other silver lining is that the password re-prompt is required when just copying a password.
A couple of things to keep in mind:
- The password re-prompt doesn't prevent someone from copying the password and pasting it in clear text anywhere else.
- The password re-prompt can be enabled on either new entries or existing entries.
Because the password re-prompt doesn't prevent copying the password, it's not a perfect solution. That means, of course, they could copy the password, open an email client, paste it into an email, and send it to themselves. Or, they could simply paste the password into a document and view it in plain text. Even so, it will prevent other people from viewing your passwords. So, it may not be ideal but it's still an extra step I would suggest you enable (especially for important passwords, such as bank account information).
Also: How to send password-protected emails in Gmail
With that said, how do you enable the password re-prompt? Let me show you.
How to enable the Bitwarden password re-prompt
What you'll need: The only things you need for this are a working instance of Bitwarded, either on a desktop or mobile device. The process also works on the web-based version. I'll demonstrate this on the desktop app, but the process is the same on all platforms.
1. Open Bitwarden and unlock your vault
The first thing to do is open the Bitwarden app and unlock your vault.
2. Open a vault item for editing
The next step is to locate and select the vault item for which you want to enable the password re-prompt. Once you've done that, click the pencil icon to open the item for editing.
The edit button is the pencil directly to the right of the + button.
3. Enable the password re-prompt
With the vault item opened for editing, scroll down until you see the Master password re-prompt option. Click the checkbox to enable the feature for the item. Once you've done that, click the save icon and you're done.
Enabling the Master password re-prompt for a Bitwarden vault entry.
Now, any time you want to view that password, you'll be prompted to type your Bitwarden vault password. Those who do not know your password will be unable to view the entry.
Also: This AI-generated crypto invoice scam almost got me, and I'm a security pro
Keep going and add the re-prompt feature to any/all vault entries you believe need the extra layer of security.
A couple of extra steps
This may not stop unwanted users from copying and pasting your passwords, but it will definitely prevent them from viewing them. Because of this, I would highly recommend you set your desktop lock and the vault timeout to very short periods. You might set your desktop to lock after 5 minutes of inactivity and the Bitwarden vault to lock after 1 minute of inactivity. With just a bit of extra work, you can ensure your passwords are far more secure than they would be by default.