diff --git a/.eslintrc.json b/.eslintrc.json
index f3115898ff8..4fba3dd6128 100644
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -156,7 +156,10 @@
     {
       "files": ["libs/components/src/**/*.ts"],
       "rules": {
-        "no-restricted-imports": ["error", { "patterns": ["@bitwarden/components/*", "src/**/*"] }]
+        "no-restricted-imports": [
+          "error",
+          { "patterns": ["@bitwarden/components/*", "src/**/*", "@bitwarden/angular/*"] }
+        ]
       }
     },
     {
@@ -176,6 +179,12 @@
       "rules": {
         "no-restricted-imports": ["error", { "patterns": ["@bitwarden/node/*", "src/**/*"] }]
       }
+    },
+    {
+      "files": ["libs/vault/src/**/*.ts"],
+      "rules": {
+        "no-restricted-imports": ["error", { "patterns": ["@bitwarden/vault/*", "src/**/*"] }]
+      }
     }
   ]
 }
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 15de72d785b..c5f55674aee 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -4,7 +4,7 @@
 
 # The following owners will be the default owners for everything in the repo.
 # Unless a later match takes precedence
-* @bitwarden/team-leads-eng
+* @bitwarden/tech-leads
 
 ## Secrets Manager team files ##
 bitwarden_license/bit-web/src/app/secrets-manager @bitwarden/team-secrets-manager-dev
@@ -39,6 +39,7 @@ apps/desktop/src/vault @bitwarden/team-vault-dev
 apps/web/src/app/vault @bitwarden/team-vault-dev
 libs/angular/src/vault @bitwarden/team-vault-dev
 libs/common/src/vault @bitwarden/team-vault-dev
+libs/vault @bitwarden/team-vault-dev
 
 ## Admin Console team files ##
 apps/browser/src/admin-console @bitwarden/team-admin-console-dev
diff --git a/.github/whitelist-capital-letters.txt b/.github/whitelist-capital-letters.txt
index 17047f4333d..f5a60f817ce 100644
--- a/.github/whitelist-capital-letters.txt
+++ b/.github/whitelist-capital-letters.txt
@@ -2,10 +2,7 @@
 ./apps/browser/src/safari/desktop/Assets.xcassets/AccentColor.colorset
 ./apps/browser/src/safari/desktop/Assets.xcassets/AppIcon.appiconset
 ./apps/browser/src/safari/desktop/Base.lproj
-./apps/browser/src/services/vaultTimeout
 ./apps/browser/store/windows/Assets
-./libs/common/src/abstractions/vaultTimeout
-./libs/common/src/services/vaultTimeout
 ./bitwarden_license/README.md
 ./libs/angular/src/directives/cipherListVirtualScroll.directive.ts
 ./libs/angular/src/scss/webfonts/Open_Sans-italic-700.woff
@@ -25,13 +22,10 @@
 ./libs/common/src/misc/linkedFieldOption.decorator.ts
 ./libs/common/src/misc/serviceUtils.ts
 ./libs/common/src/misc/serviceUtils.spec.ts
-./libs/common/src/abstractions/vaultTimeout/vaultTimeoutSettings.service.ts
-./libs/common/src/abstractions/vaultTimeout/vaultTimeout.service.ts
 ./libs/common/src/abstractions/anonymousHub.service.ts
-./libs/common/src/services/vaultTimeout/vaultTimeoutSettings.service.ts
-./libs/common/src/services/vaultTimeout/vaultTimeout.service.ts
 ./libs/common/src/services/anonymousHub.service.ts
 ./libs/auth/README.md
+./libs/vault/README.md
 ./README.md
 ./LICENSE_BITWARDEN.txt
 ./CONTRIBUTING.md
@@ -78,5 +72,4 @@
 ./apps/browser/src/safari/safari/SafariWebExtensionHandler.swift
 ./apps/browser/src/safari/safari/Info.plist
 ./apps/browser/src/safari/desktop.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist
-./apps/browser/src/services/vaultTimeout/vaultTimeout.service.ts
 ./SECURITY.md
diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index 9c670f01c65..b17cb816336 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -31,6 +31,9 @@ on:
         description: "Custom image tag extension"
         required: false
 
+env:
+  _AZ_REGISTRY: bitwardenprod.azurecr.io
+
 jobs:
   cloc:
     name: CLOC
@@ -65,8 +68,7 @@ jobs:
   build-artifacts:
     name: Build artifacts
     runs-on: ubuntu-22.04
-    needs:
-      - setup
+    needs: setup
     env:
       _VERSION: ${{ needs.setup.outputs.version }}
     strategy:
@@ -146,13 +148,10 @@ jobs:
       matrix:
         include:
           - artifact_name: cloud-QA
-            registries: [bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
             image_name: web-qa-cloud
           - artifact_name: ee
-            registries: [bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
             image_name: web-ee
           - artifact_name: selfhosted-COMMERCIAL
-            registries: [bitwarden, bitwardenprod.azurecr.io, bitwardenqa.azurecr.io]
             image_name: web
     env:
       _VERSION: ${{ needs.setup.outputs.version }}
@@ -174,15 +173,7 @@ jobs:
           fi
 
       ########## ACRs ##########
-      - name: Login to Azure - QA
-        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
-        with:
-          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
-
-      - name: Log into QA container registry
-        run: az acr login -n bitwardenqa
-
-      - name: Login to Azure - Prod
+      - name: Login to Prod Azure
         uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
         with:
           creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
@@ -190,6 +181,18 @@ jobs:
       - name: Log into Prod container registry
         run: az acr login -n bitwardenprod
 
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve github PAT secrets
+        id: retrieve-secret-pat
+        uses: bitwarden/gh-actions/get-keyvault-secrets@f096207b7a2f31723165aee6ad03e91716686e78
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
+
       - name: Download ${{ matrix.artifact_name }} artifact
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
@@ -218,37 +221,17 @@ jobs:
 
           echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
 
-      - name: Generate tag list
-        id: tag-list
-        env:
-          IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
-          PROJECT_NAME: ${{ matrix.image_name }}
-        run: echo "tags=bitwardenqa.azurecr.io/${PROJECT_NAME}:${IMAGE_TAG},bitwardenprod.azurecr.io/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
-
       ########## Build Image ##########
       - name: Extract artifact
         working-directory: apps/web
         run: unzip web-${{ env._VERSION }}-${{ matrix.artifact_name }}.zip
 
-      - name: Login to Azure
-        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve github PAT secrets
-        id: retrieve-secret-pat
-        uses: bitwarden/gh-actions/get-keyvault-secrets@a30e9c3d658dc97c4c2e61ec749fdab64b83386c
-        with:
-          keyvault: "bitwarden-ci"
-          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
-
-      - name: Setup DCT
-        if: ${{ env.is_publish_branch == 'true' }}
-        id: setup-dct
-        uses: bitwarden/gh-actions/setup-docker-trust@a30e9c3d658dc97c4c2e61ec749fdab64b83386c
-        with:
-          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-          azure-keyvault-name: "bitwarden-ci"
+      - name: Generate image full name
+        id: image-name
+        env:
+          IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
+          PROJECT_NAME: ${{ matrix.image_name }}
+        run: echo "name=$_AZ_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
 
       - name: Build Docker image
         uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4.1.1
@@ -257,21 +240,10 @@ jobs:
           file: apps/web/Dockerfile
           platforms: linux/amd64
           push: true
-          tags: ${{ steps.tag-list.outputs.tags }}
+          tags: ${{ steps.image-name.outputs.name }}
           secrets: |
             "GH_PAT=${{ steps.retrieve-secret-pat.outputs.github-pat-bitwarden-devops-bot-repo-scope }}"
 
-      - name: Push to DockerHub
-        if: contains(matrix.registries, 'bitwarden') && env.is_publish_branch == 'true'
-        env:
-          IMAGE_TAG: ${{ steps.tag.outputs.image_tag }}
-          PROJECT_NAME: ${{ matrix.image_name }}
-          DOCKER_CONTENT_TRUST: 1
-          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
-        run: |
-          docker tag bitwardenprod.azurecr.io/$PROJECT_NAME:$IMAGE_TAG bitwarden/$PROJECT_NAME:$IMAGE_TAG
-          docker push bitwarden/$PROJECT_NAME:$IMAGE_TAG
-
       - name: Log out of Docker
         run: docker logout
 
@@ -279,8 +251,7 @@ jobs:
   crowdin-push:
     name: Crowdin Push
     if: github.ref == 'refs/heads/master'
-    needs:
-      - build-artifacts
+    needs: build-artifacts
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
diff --git a/.github/workflows/release-web.yml b/.github/workflows/release-web.yml
index 601d788449c..b53542747d9 100644
--- a/.github/workflows/release-web.yml
+++ b/.github/workflows/release-web.yml
@@ -15,10 +15,13 @@ on:
           - Redeploy
           - Dry Run
 
+env:
+  _AZ_REGISTRY: bitwardenprod.azurecr.io
+
 jobs:
   setup:
     name: Setup
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     outputs:
       release_version: ${{ steps.version.outputs.version }}
       tag_version: ${{ steps.version.outputs.tag }}
@@ -46,10 +49,9 @@ jobs:
           monorepo: true
           monorepo-project: web
 
-
   self-host:
     name: Release self-host docker
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs: setup
     env:
       _BRANCH_NAME: ${{ github.ref_name }}
@@ -67,42 +69,6 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
-      ########## DockerHub ##########
-      - name: Setup DCT
-        id: setup-dct
-        uses: bitwarden/gh-actions/setup-docker-trust@a30e9c3d658dc97c4c2e61ec749fdab64b83386c
-        with:
-          azure-creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-          azure-keyvault-name: "bitwarden-ci"
-
-      - name: Pull branch image
-        run: |
-          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
-            docker pull bitwarden/web:latest
-          else
-            docker pull bitwarden/web:$_BRANCH_NAME
-          fi
-
-      - name: Docker Tag version
-        run: |
-          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
-            docker tag bitwarden/web:latest bitwarden/web:$_RELEASE_VERSION
-          else
-            docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:$_RELEASE_VERSION
-          fi
-
-      - name: Docker Push version
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        env:
-          DOCKER_CONTENT_TRUST: 1
-          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
-        run: docker push bitwarden/web:$_RELEASE_VERSION
-
-      - name: Log out of Docker and disable Docker Notary
-        run: |
-          docker logout
-          echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
-
       ########## ACR ##########
       - name: Login to Azure - PROD Subscription
         uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
@@ -112,38 +78,46 @@ jobs:
       - name: Login to Azure ACR
         run: az acr login -n bitwardenprod
 
-      - name: Tag version
-        env:
-          REGISTRY: bitwardenprod.azurecr.io
+      - name: Pull branch image
         run: |
           if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
-            docker tag bitwarden/web:latest $REGISTRY/web:$_RELEASE_VERSION
-
-            docker tag bitwarden/web:latest $REGISTRY/web-sh:$_RELEASE_VERSION
+            docker pull $_AZ_REGISTRY/web:latest
           else
-            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web:$_RELEASE_VERSION
+            docker pull $_AZ_REGISTRY/web:$_BRANCH_NAME
+          fi
 
-            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web-sh:$_RELEASE_VERSION
+      - name: Tag version
+        run: |
+          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
+            docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web:dryrun
+            docker tag $_AZ_REGISTRY/web:latest $_AZ_REGISTRY/web-sh:dryrun
+          else
+            docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:$_RELEASE_VERSION
+            docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION
+            docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web:latest
+            docker tag $_AZ_REGISTRY/web:$_BRANCH_NAME $_AZ_REGISTRY/web-sh:latest
           fi
 
       - name: Push version
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        env:
-          REGISTRY: bitwardenprod.azurecr.io
         run: |
-          docker push $REGISTRY/web:$_RELEASE_VERSION
-
-          docker push $REGISTRY/web-sh:$_RELEASE_VERSION
+          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
+            docker push $_AZ_REGISTRY/web:dryrun
+            docker push $_AZ_REGISTRY/web-sh:dryrun
+          else
+            docker push $_AZ_REGISTRY/web:$_RELEASE_VERSION
+            docker push $_AZ_REGISTRY/web-sh:$_RELEASE_VERSION
+            docker push $_AZ_REGISTRY/web:latest
+            docker push $_AZ_REGISTRY/web-sh:latest
+          fi
 
       - name: Log out of Docker
         run: docker logout
 
 
   ghpages-deploy:
-    name: Deploy to GitHub Pages
-    runs-on: ubuntu-20.04
-    needs:
-      - setup
+    name: Create Deploy PR for GitHub Pages
+    runs-on: ubuntu-22.04
+    needs: setup
     env:
       _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
       _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
@@ -191,7 +165,7 @@ jobs:
       - name: Unzip build asset
         working-directory: assets
         run: unzip web-*-cloud-COMMERCIAL.zip
-  
+
       - name: Create new branch
         run: |
           cd ${{ github.workspace }}/ghpages-deployment
@@ -200,12 +174,12 @@ jobs:
           git config --global url."https://github.com/".insteadOf ssh://git@github.com/
           git config --global url."https://".insteadOf ssh://
           git checkout -b ${_BRANCH}
-  
+
       - name: Copy build files
         run: |
           rm -rf ${{ github.workspace }}/ghpages-deployment/*
           cp -Rf ${{ github.workspace }}/assets/build/* ghpages-deployment/
-  
+
       - name: Commit and push changes
         working-directory: ghpages-deployment
         run: |
@@ -233,7 +207,7 @@ jobs:
 
   release:
     name: Create GitHub Release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     needs:
       - setup
       - self-host
diff --git a/.vscode/settings.json b/.vscode/settings.json
index 07423dd18ba..27e3a9b293a 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,3 +1,9 @@
 {
-  "cSpell.words": ["Csprng", "decryptable", "Popout", "Reprompt", "takeuntil"]
+  "cSpell.words": ["Csprng", "decryptable", "Popout", "Reprompt", "takeuntil"],
+  "search.exclude": {
+    "**/locales/[^e]*/messages.json": true,
+    "**/locales/*[^n]/messages.json": true,
+    "**/_locales/[^e]*/messages.json": true,
+    "**/_locales/*[^n]/messages.json": true
+  }
 }
diff --git a/apps/browser/package.json b/apps/browser/package.json
index 5e1ad9bfd8d..7808666ccce 100644
--- a/apps/browser/package.json
+++ b/apps/browser/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/browser",
-  "version": "2023.7.1",
+  "version": "2023.8.0",
   "scripts": {
     "build": "webpack",
     "build:mv3": "cross-env MANIFEST_VERSION=3 webpack",
diff --git a/apps/browser/src/_locales/ar/messages.json b/apps/browser/src/_locales/ar/messages.json
index bf021b10513..772f77d2039 100644
--- a/apps/browser/src/_locales/ar/messages.json
+++ b/apps/browser/src/_locales/ar/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "استعادة العنصر"
   },
-  "restoreItemConfirmation": {
-    "message": "هل أنت متأكد من أنك تريد استعادة هذا العنصر؟"
-  },
   "restoredItem": {
     "message": "تم استعادة العنصر"
   },
diff --git a/apps/browser/src/_locales/az/messages.json b/apps/browser/src/_locales/az/messages.json
index 26d26ac38a2..d986efb5a47 100644
--- a/apps/browser/src/_locales/az/messages.json
+++ b/apps/browser/src/_locales/az/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Elementi bərpa et"
   },
-  "restoreItemConfirmation": {
-    "message": "Elementi bərpa etmək istədiyinizə əminsiniz?"
-  },
   "restoredItem": {
     "message": "Element bərpa edildi"
   },
diff --git a/apps/browser/src/_locales/be/messages.json b/apps/browser/src/_locales/be/messages.json
index 946b2dc5d9d..50526f7839d 100644
--- a/apps/browser/src/_locales/be/messages.json
+++ b/apps/browser/src/_locales/be/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Аднавіць элемент"
   },
-  "restoreItemConfirmation": {
-    "message": "Вы сапраўды хочаце аднавіць гэты элемент?"
-  },
   "restoredItem": {
     "message": "Элемент адноўлены"
   },
diff --git a/apps/browser/src/_locales/bg/messages.json b/apps/browser/src/_locales/bg/messages.json
index 04a9f08050d..e57654ed012 100644
--- a/apps/browser/src/_locales/bg/messages.json
+++ b/apps/browser/src/_locales/bg/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Възстановяване на запис"
   },
-  "restoreItemConfirmation": {
-    "message": "Сигурни ли сте, че искате да възстановите записа?"
-  },
   "restoredItem": {
     "message": "Записът е възстановен"
   },
diff --git a/apps/browser/src/_locales/bn/messages.json b/apps/browser/src/_locales/bn/messages.json
index aef8c25bfeb..7555b212220 100644
--- a/apps/browser/src/_locales/bn/messages.json
+++ b/apps/browser/src/_locales/bn/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "বস্তু পুনরুদ্ধার"
   },
-  "restoreItemConfirmation": {
-    "message": "আপনি কি নিশ্চিত যে আপনি এই বস্তুটি পুনরুদ্ধার করতে চান?"
-  },
   "restoredItem": {
     "message": "বস্তু পুনরুদ্ধারকৃত"
   },
diff --git a/apps/browser/src/_locales/bs/messages.json b/apps/browser/src/_locales/bs/messages.json
index 4f85dde0c37..04f25644349 100644
--- a/apps/browser/src/_locales/bs/messages.json
+++ b/apps/browser/src/_locales/bs/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/ca/messages.json b/apps/browser/src/_locales/ca/messages.json
index 916eeea79f4..a30b8305c2f 100644
--- a/apps/browser/src/_locales/ca/messages.json
+++ b/apps/browser/src/_locales/ca/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restaura l'element"
   },
-  "restoreItemConfirmation": {
-    "message": "Esteu segur que voleu restaurar aquest element?"
-  },
   "restoredItem": {
     "message": "Element restaurat"
   },
diff --git a/apps/browser/src/_locales/cs/messages.json b/apps/browser/src/_locales/cs/messages.json
index de48e4c237d..120b6512a83 100644
--- a/apps/browser/src/_locales/cs/messages.json
+++ b/apps/browser/src/_locales/cs/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Obnovit položku"
   },
-  "restoreItemConfirmation": {
-    "message": "Opravdu chcete tuto položku obnovit?"
-  },
   "restoredItem": {
     "message": "Položka byla obnovena"
   },
diff --git a/apps/browser/src/_locales/cy/messages.json b/apps/browser/src/_locales/cy/messages.json
index 2d0dc622f72..13c15666016 100644
--- a/apps/browser/src/_locales/cy/messages.json
+++ b/apps/browser/src/_locales/cy/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Adfer yr eitem"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/da/messages.json b/apps/browser/src/_locales/da/messages.json
index 58dbe45aec2..10bf61a453a 100644
--- a/apps/browser/src/_locales/da/messages.json
+++ b/apps/browser/src/_locales/da/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Gendan element"
   },
-  "restoreItemConfirmation": {
-    "message": "Er du sikker på, at du vil gendanne dette element?"
-  },
   "restoredItem": {
     "message": "Element gendannet"
   },
diff --git a/apps/browser/src/_locales/de/messages.json b/apps/browser/src/_locales/de/messages.json
index d48d1ec04c2..f00576263ab 100644
--- a/apps/browser/src/_locales/de/messages.json
+++ b/apps/browser/src/_locales/de/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Eintrag wiederherstellen"
   },
-  "restoreItemConfirmation": {
-    "message": "Soll dieser Eintrag wirklich wiederhergestellt werden?"
-  },
   "restoredItem": {
     "message": "Eintrag wiederhergestellt"
   },
diff --git a/apps/browser/src/_locales/el/messages.json b/apps/browser/src/_locales/el/messages.json
index 9a3ab302bce..90bad88038b 100644
--- a/apps/browser/src/_locales/el/messages.json
+++ b/apps/browser/src/_locales/el/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Ανάκτηση Στοιχείου"
   },
-  "restoreItemConfirmation": {
-    "message": "Είστε βέβαιοι ότι θέλετε να ανακτήσετε αυτό το στοιχείο;"
-  },
   "restoredItem": {
     "message": "Στοιχείο που έχει Ανακτηθεί"
   },
diff --git a/apps/browser/src/_locales/en/messages.json b/apps/browser/src/_locales/en/messages.json
index e31b317b03b..b068befd0d0 100644
--- a/apps/browser/src/_locales/en/messages.json
+++ b/apps/browser/src/_locales/en/messages.json
@@ -338,6 +338,9 @@
   "other": {
     "message": "Other"
   },
+  "unlockMethodNeededToChangeTimeoutActionDesc": {
+    "message": "Set up an unlock method to change your vault timeout action."
+  },
   "rateExtension": {
     "message": "Rate the extension"
   },
@@ -1449,9 +1452,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
@@ -1608,6 +1608,12 @@
   "biometricsNotSupportedDesc": {
     "message": "Browser biometrics is not supported on this device."
   },
+  "biometricsFailedTitle": {
+    "message": "Biometrics failed"
+  },
+  "biometricsFailedDesc": {
+    "message": "Biometrics cannot be completed, consider using a master password or logging out. If this persists, please contact Bitwarden support."
+  },
   "nativeMessaginPermissionErrorTitle": {
     "message": "Permission not provided"
   },
@@ -2158,8 +2164,8 @@
   "notificationSentDevice": {
     "message": "A notification has been sent to your device."
   },
-  "logInInitiated": {
-    "message": "Log in initiated"
+  "loginInitiated": {
+    "message": "Login initiated"
   },
   "exposedMasterPassword": {
     "message": "Exposed Master Password"
@@ -2245,6 +2251,31 @@
   "opensInANewWindow": {
     "message": "Opens in a new window"
   },
+  "deviceApprovalRequired": {
+    "message": "Device approval required. Select an approval option below:"
+  },
+  "rememberThisDevice": {
+    "message": "Remember this device"
+  },
+  "uncheckIfPublicDevice": {
+    "message": "Uncheck if using a public device"
+  },
+  "approveFromYourOtherDevice": {
+    "message": "Approve from your other device"
+  },
+  "requestAdminApproval": {
+    "message": "Request admin approval"
+  },
+  "approveWithMasterPassword": {
+    "message": "Approve with master password"
+  },
+  "ssoIdentifierRequired": {
+    "message": "Organization SSO identifier is required."
+  },
+  "eu": {
+    "message": "EU",
+    "description": "European Union"
+  },
   "usDomain": {
     "message": "bitwarden.com"
   },
@@ -2260,6 +2291,134 @@
   "display": {
     "message": "Display"
   },
+  "accountSuccessfullyCreated": {
+    "message": "Account successfully created!"
+  },
+  "adminApprovalRequested": {
+    "message": "Admin approval requested"
+  },
+  "adminApprovalRequestSentToAdmins": {
+    "message": "Your request has been sent to your admin."
+  },
+  "youWillBeNotifiedOnceApproved": {
+    "message": "You will be notified once approved."
+  },
+  "troubleLoggingIn": {
+    "message": "Trouble logging in?"
+  },
+  "loginApproved": {
+    "message": "Login approved"
+  },
+  "userEmailMissing": {
+    "message": "User email missing"
+  },
+  "deviceTrusted": {
+    "message": "Device trusted"
+  },
+  "inputRequired": {
+    "message": "Input is required."
+  },
+  "required": {
+    "message": "required"
+  },
+  "search": {
+    "message": "Search"
+  },
+  "inputMinLength": {
+    "message": "Input must be at least $COUNT$ characters long.",
+    "placeholders": {
+      "count": {
+        "content": "$1",
+        "example": "8"
+      }
+    }
+  },
+  "inputMaxLength": {
+    "message": "Input must not exceed $COUNT$ characters in length.",
+    "placeholders": {
+      "count": {
+        "content": "$1",
+        "example": "20"
+      }
+    }
+  },
+  "inputForbiddenCharacters": {
+    "message": "The following characters are not allowed: $CHARACTERS$",
+    "placeholders": {
+      "characters": {
+        "content": "$1",
+        "example": "@, #, $, %"
+      }
+    }
+  },
+  "inputMinValue": {
+    "message": "Input value must be at least $MIN$.",
+    "placeholders": {
+      "min": {
+        "content": "$1",
+        "example": "8"
+      }
+    }
+  },
+  "inputMaxValue": {
+    "message": "Input value must not exceed $MAX$.",
+    "placeholders": {
+      "max": {
+        "content": "$1",
+        "example": "100"
+      }
+    }
+  },
+  "multipleInputEmails": {
+    "message": "1 or more emails are invalid"
+  },
+  "inputTrimValidator": {
+    "message": "Input must not contain only whitespace.",
+    "description": "Notification to inform the user that a form's input can't contain only whitespace."
+  },
+  "inputEmail": {
+    "message": "Input is not an email address."
+  },
+  "fieldsNeedAttention": {
+    "message": "$COUNT$ field(s) above need your attention.",
+    "placeholders": {
+      "count": {
+        "content": "$1",
+        "example": "4"
+      }
+    }
+  },
+  "selectPlaceholder": {
+    "message": "-- Select --"
+  },
+  "multiSelectPlaceholder": {
+    "message": "-- Type to filter --"
+  },
+  "multiSelectLoading": {
+    "message": "Retrieving options..."
+  },
+  "multiSelectNotFound": {
+    "message": "No items found"
+  },
+  "multiSelectClearAll": {
+    "message": "Clear all"
+  },
+  "plusNMore": {
+    "message": "+ $QUANTITY$ more",
+    "placeholders": {
+      "quantity": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
+  "submenu": {
+    "message": "Submenu"
+  },
+  "toggleCollapse": {
+    "message": "Toggle collapse",
+    "description": "Toggling an expand/collapse state."
+  },
   "loginPasskey": {
     "message": "This login uses a passkey"
   },
diff --git a/apps/browser/src/_locales/en_GB/messages.json b/apps/browser/src/_locales/en_GB/messages.json
index 9627efab01d..739c56b094c 100644
--- a/apps/browser/src/_locales/en_GB/messages.json
+++ b/apps/browser/src/_locales/en_GB/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/en_IN/messages.json b/apps/browser/src/_locales/en_IN/messages.json
index 5903b01eb3b..258b99300e4 100644
--- a/apps/browser/src/_locales/en_IN/messages.json
+++ b/apps/browser/src/_locales/en_IN/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Restored item"
   },
diff --git a/apps/browser/src/_locales/es/messages.json b/apps/browser/src/_locales/es/messages.json
index e9dd0024495..b6504f13c97 100644
--- a/apps/browser/src/_locales/es/messages.json
+++ b/apps/browser/src/_locales/es/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restaurar elemento"
   },
-  "restoreItemConfirmation": {
-    "message": "¿Estás seguro de que quieres restaurar este elemento?"
-  },
   "restoredItem": {
     "message": "Elemento restaurado"
   },
diff --git a/apps/browser/src/_locales/et/messages.json b/apps/browser/src/_locales/et/messages.json
index 7ae023a60f5..5a5536aebd5 100644
--- a/apps/browser/src/_locales/et/messages.json
+++ b/apps/browser/src/_locales/et/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Taasta kirje"
   },
-  "restoreItemConfirmation": {
-    "message": "Oled kindel, et soovid selle kirje taastada?"
-  },
   "restoredItem": {
     "message": "Kirje on taastatud"
   },
diff --git a/apps/browser/src/_locales/eu/messages.json b/apps/browser/src/_locales/eu/messages.json
index eaab1c4b4b9..e2d4739708d 100644
--- a/apps/browser/src/_locales/eu/messages.json
+++ b/apps/browser/src/_locales/eu/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Berreskuratu elementua"
   },
-  "restoreItemConfirmation": {
-    "message": "Ziur zaude elementu hau berreskuratu nahi duzula?"
-  },
   "restoredItem": {
     "message": "Elementua berreskuratua"
   },
diff --git a/apps/browser/src/_locales/fa/messages.json b/apps/browser/src/_locales/fa/messages.json
index 5ebfe79be2b..2bbe4f69b7e 100644
--- a/apps/browser/src/_locales/fa/messages.json
+++ b/apps/browser/src/_locales/fa/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "بازیابی مورد"
   },
-  "restoreItemConfirmation": {
-    "message": "آیا مطمئن هستید که می‌خواهید این مورد را بازیابی کنید؟"
-  },
   "restoredItem": {
     "message": "مورد بازیابی شد"
   },
diff --git a/apps/browser/src/_locales/fi/messages.json b/apps/browser/src/_locales/fi/messages.json
index e95aa2bc803..6f91ffde6aa 100644
--- a/apps/browser/src/_locales/fi/messages.json
+++ b/apps/browser/src/_locales/fi/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Palauta kohde"
   },
-  "restoreItemConfirmation": {
-    "message": "Haluatko varmasti palauttaa kohteen?"
-  },
   "restoredItem": {
     "message": "Kohde palautettiin"
   },
diff --git a/apps/browser/src/_locales/fil/messages.json b/apps/browser/src/_locales/fil/messages.json
index c6082c51669..08a1400ed88 100644
--- a/apps/browser/src/_locales/fil/messages.json
+++ b/apps/browser/src/_locales/fil/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Ibalik ang item"
   },
-  "restoreItemConfirmation": {
-    "message": "Sigurado ka bang nais mong ibalik ang item na ito?"
-  },
   "restoredItem": {
     "message": "Item na nai-restore"
   },
diff --git a/apps/browser/src/_locales/fr/messages.json b/apps/browser/src/_locales/fr/messages.json
index d5216ae72d7..8369936cd53 100644
--- a/apps/browser/src/_locales/fr/messages.json
+++ b/apps/browser/src/_locales/fr/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restaurer l'élément"
   },
-  "restoreItemConfirmation": {
-    "message": "Êtes-vous sûr de vouloir restaurer cet élément ?"
-  },
   "restoredItem": {
     "message": "Élément restauré"
   },
diff --git a/apps/browser/src/_locales/gl/messages.json b/apps/browser/src/_locales/gl/messages.json
index 63dd227e52b..400e75dd1b4 100644
--- a/apps/browser/src/_locales/gl/messages.json
+++ b/apps/browser/src/_locales/gl/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/he/messages.json b/apps/browser/src/_locales/he/messages.json
index 64c8bf51176..fca4e448637 100644
--- a/apps/browser/src/_locales/he/messages.json
+++ b/apps/browser/src/_locales/he/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "שחזר פריט"
   },
-  "restoreItemConfirmation": {
-    "message": "האם אתה בטוח שברצונך לשחזר פריט זה?"
-  },
   "restoredItem": {
     "message": "פריט ששוחזר"
   },
diff --git a/apps/browser/src/_locales/hi/messages.json b/apps/browser/src/_locales/hi/messages.json
index c91afe71cf3..7ac864a5c30 100644
--- a/apps/browser/src/_locales/hi/messages.json
+++ b/apps/browser/src/_locales/hi/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "आइटम बहाल करें"
   },
-  "restoreItemConfirmation": {
-    "message": "क्या आप सुनिश्चित हैं कि आप इस आइटम को बहाल करना चाहते हैं?"
-  },
   "restoredItem": {
     "message": "बहाल आइटम"
   },
diff --git a/apps/browser/src/_locales/hr/messages.json b/apps/browser/src/_locales/hr/messages.json
index 65bbc664fdd..f7f491610f1 100644
--- a/apps/browser/src/_locales/hr/messages.json
+++ b/apps/browser/src/_locales/hr/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Vrati stavku"
   },
-  "restoreItemConfirmation": {
-    "message": "Sigurno želiš vratiti ovu stavku?"
-  },
   "restoredItem": {
     "message": "Stavka vraćena"
   },
diff --git a/apps/browser/src/_locales/hu/messages.json b/apps/browser/src/_locales/hu/messages.json
index bd106eac48d..fd9bed689a0 100644
--- a/apps/browser/src/_locales/hu/messages.json
+++ b/apps/browser/src/_locales/hu/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Elem visszaállítása"
   },
-  "restoreItemConfirmation": {
-    "message": "Biztosan visszaállításra kerüljön ezt az elem?"
-  },
   "restoredItem": {
     "message": "Visszaállított elem"
   },
diff --git a/apps/browser/src/_locales/id/messages.json b/apps/browser/src/_locales/id/messages.json
index 724e8bc30d0..89491f6b7e4 100644
--- a/apps/browser/src/_locales/id/messages.json
+++ b/apps/browser/src/_locales/id/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Pulihkan Item"
   },
-  "restoreItemConfirmation": {
-    "message": "Apakah Anda yakin ingin memulihkan item ini?"
-  },
   "restoredItem": {
     "message": "Item Yang Dipulihkan"
   },
diff --git a/apps/browser/src/_locales/it/messages.json b/apps/browser/src/_locales/it/messages.json
index 20f338b39e1..15a62b57e0c 100644
--- a/apps/browser/src/_locales/it/messages.json
+++ b/apps/browser/src/_locales/it/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Ripristina elemento"
   },
-  "restoreItemConfirmation": {
-    "message": "Sei sicuro di voler ripristinare questo elemento?"
-  },
   "restoredItem": {
     "message": "Elemento ripristinato"
   },
diff --git a/apps/browser/src/_locales/ja/messages.json b/apps/browser/src/_locales/ja/messages.json
index e52752179b7..d0851ec36d7 100644
--- a/apps/browser/src/_locales/ja/messages.json
+++ b/apps/browser/src/_locales/ja/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "アイテムをリストア"
   },
-  "restoreItemConfirmation": {
-    "message": "このアイテムをリストアしますか？"
-  },
   "restoredItem": {
     "message": "リストアされたアイテム"
   },
diff --git a/apps/browser/src/_locales/ka/messages.json b/apps/browser/src/_locales/ka/messages.json
index 569277e8e34..8e9e2576438 100644
--- a/apps/browser/src/_locales/ka/messages.json
+++ b/apps/browser/src/_locales/ka/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/km/messages.json b/apps/browser/src/_locales/km/messages.json
index 63dd227e52b..400e75dd1b4 100644
--- a/apps/browser/src/_locales/km/messages.json
+++ b/apps/browser/src/_locales/km/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/kn/messages.json b/apps/browser/src/_locales/kn/messages.json
index 3a9a33dda1a..dab35128eee 100644
--- a/apps/browser/src/_locales/kn/messages.json
+++ b/apps/browser/src/_locales/kn/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "ಐಟಂ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಿ"
   },
-  "restoreItemConfirmation": {
-    "message": "ಈ ಐಟಂ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಲು ನೀವು ಖಚಿತವಾಗಿ ಬಯಸುವಿರಾ?"
-  },
   "restoredItem": {
     "message": "ಐಟಂ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಲಾಗಿದೆ"
   },
diff --git a/apps/browser/src/_locales/ko/messages.json b/apps/browser/src/_locales/ko/messages.json
index 50cadc8a949..f7c45565d4b 100644
--- a/apps/browser/src/_locales/ko/messages.json
+++ b/apps/browser/src/_locales/ko/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "항목 복원"
   },
-  "restoreItemConfirmation": {
-    "message": "정말 이 항목을 복원하시겠습니까?"
-  },
   "restoredItem": {
     "message": "복원된 항목"
   },
diff --git a/apps/browser/src/_locales/lt/messages.json b/apps/browser/src/_locales/lt/messages.json
index b1dc314612c..8c610f8261d 100644
--- a/apps/browser/src/_locales/lt/messages.json
+++ b/apps/browser/src/_locales/lt/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Atkurti elementą"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Elementas atkurtas"
   },
diff --git a/apps/browser/src/_locales/lv/messages.json b/apps/browser/src/_locales/lv/messages.json
index bd42b3bcbbf..a5dcdb1c21c 100644
--- a/apps/browser/src/_locales/lv/messages.json
+++ b/apps/browser/src/_locales/lv/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Atjaunot vienumu"
   },
-  "restoreItemConfirmation": {
-    "message": "Jūs tiešām atjaunot šo vienumu?"
-  },
   "restoredItem": {
     "message": "Vienums atjaunots"
   },
diff --git a/apps/browser/src/_locales/ml/messages.json b/apps/browser/src/_locales/ml/messages.json
index ad8f6083c22..3f2ba29f295 100644
--- a/apps/browser/src/_locales/ml/messages.json
+++ b/apps/browser/src/_locales/ml/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "ഇനം വീണ്ടെടുക്കുക "
   },
-  "restoreItemConfirmation": {
-    "message": "ഈ ഇനം വീണ്ടെടുക്കണമെന്ന് ഉറപ്പാണോ?"
-  },
   "restoredItem": {
     "message": "വീണ്ടെടുത്ത ഇനം"
   },
diff --git a/apps/browser/src/_locales/mr/messages.json b/apps/browser/src/_locales/mr/messages.json
index 70b41cafbdb..55709a1a5b6 100644
--- a/apps/browser/src/_locales/mr/messages.json
+++ b/apps/browser/src/_locales/mr/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/my/messages.json b/apps/browser/src/_locales/my/messages.json
index 63dd227e52b..400e75dd1b4 100644
--- a/apps/browser/src/_locales/my/messages.json
+++ b/apps/browser/src/_locales/my/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/nb/messages.json b/apps/browser/src/_locales/nb/messages.json
index 0e4904dcd15..1de995e52d4 100644
--- a/apps/browser/src/_locales/nb/messages.json
+++ b/apps/browser/src/_locales/nb/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Gjenopprett objekt"
   },
-  "restoreItemConfirmation": {
-    "message": "Er du sikker på at du vil gjenopprette dette elementet?"
-  },
   "restoredItem": {
     "message": "Gjenopprettet objekt"
   },
diff --git a/apps/browser/src/_locales/ne/messages.json b/apps/browser/src/_locales/ne/messages.json
index 63dd227e52b..400e75dd1b4 100644
--- a/apps/browser/src/_locales/ne/messages.json
+++ b/apps/browser/src/_locales/ne/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/nl/messages.json b/apps/browser/src/_locales/nl/messages.json
index 7ff5ec8b36b..34780583ba6 100644
--- a/apps/browser/src/_locales/nl/messages.json
+++ b/apps/browser/src/_locales/nl/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Item herstellen"
   },
-  "restoreItemConfirmation": {
-    "message": "Weet je zeker dat je dit item wilt herstellen?"
-  },
   "restoredItem": {
     "message": "Hersteld item"
   },
diff --git a/apps/browser/src/_locales/nn/messages.json b/apps/browser/src/_locales/nn/messages.json
index 63dd227e52b..400e75dd1b4 100644
--- a/apps/browser/src/_locales/nn/messages.json
+++ b/apps/browser/src/_locales/nn/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/or/messages.json b/apps/browser/src/_locales/or/messages.json
index 63dd227e52b..400e75dd1b4 100644
--- a/apps/browser/src/_locales/or/messages.json
+++ b/apps/browser/src/_locales/or/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/pl/messages.json b/apps/browser/src/_locales/pl/messages.json
index f010699118b..c2f2138bfce 100644
--- a/apps/browser/src/_locales/pl/messages.json
+++ b/apps/browser/src/_locales/pl/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Przywróć element"
   },
-  "restoreItemConfirmation": {
-    "message": "Czy na pewno chcesz przywrócić ten element?"
-  },
   "restoredItem": {
     "message": "Element został przywrócony"
   },
diff --git a/apps/browser/src/_locales/pt_BR/messages.json b/apps/browser/src/_locales/pt_BR/messages.json
index d0370af24e9..d65e745ddbe 100644
--- a/apps/browser/src/_locales/pt_BR/messages.json
+++ b/apps/browser/src/_locales/pt_BR/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restaurar Item"
   },
-  "restoreItemConfirmation": {
-    "message": "Você tem certeza que deseja restaurar esse item?"
-  },
   "restoredItem": {
     "message": "Item Restaurado"
   },
diff --git a/apps/browser/src/_locales/pt_PT/messages.json b/apps/browser/src/_locales/pt_PT/messages.json
index 5254144a08b..532b280e9dd 100644
--- a/apps/browser/src/_locales/pt_PT/messages.json
+++ b/apps/browser/src/_locales/pt_PT/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restaurar item"
   },
-  "restoreItemConfirmation": {
-    "message": "Tem a certeza de que pretende restaurar este item?"
-  },
   "restoredItem": {
     "message": "Item restaurado"
   },
@@ -2129,7 +2126,7 @@
     "message": "Iniciar sessão com o dispositivo"
   },
   "loginWithDeviceEnabledInfo": {
-    "message": "O início de sessão com o dispositivo deve ser ativado nas definições da aplicação Bitwarden. Necessita de outra opção?"
+    "message": "O início de sessão com o dispositivo deve ser ativado nas definições da aplicação Bitwarden. Precisa de outra opção?"
   },
   "fingerprintPhraseHeader": {
     "message": "Frase de impressão digital"
diff --git a/apps/browser/src/_locales/ro/messages.json b/apps/browser/src/_locales/ro/messages.json
index f4369278d64..12bc1d421b5 100644
--- a/apps/browser/src/_locales/ro/messages.json
+++ b/apps/browser/src/_locales/ro/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restabilire articol"
   },
-  "restoreItemConfirmation": {
-    "message": "Sigur doriți să restabiliți acest articol?"
-  },
   "restoredItem": {
     "message": "Articol restabilit"
   },
diff --git a/apps/browser/src/_locales/ru/messages.json b/apps/browser/src/_locales/ru/messages.json
index f9c9b0141ab..3c1ecb4b44b 100644
--- a/apps/browser/src/_locales/ru/messages.json
+++ b/apps/browser/src/_locales/ru/messages.json
@@ -631,7 +631,7 @@
     "message": "Обновить"
   },
   "notificationUnlockDesc": {
-    "message": "Разблокируйте свое хранилище Bitwarden для завершения запроса автозаполнения."
+    "message": "Разблокируйте свое хранилище Bitwarden чтобы выполнить автозаполнение."
   },
   "notificationUnlock": {
     "message": "Разблокировать"
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Восстановить элемент"
   },
-  "restoreItemConfirmation": {
-    "message": "Вы уверены, что хотите восстановить этот элемент?"
-  },
   "restoredItem": {
     "message": "Элемент восстановлен"
   },
diff --git a/apps/browser/src/_locales/si/messages.json b/apps/browser/src/_locales/si/messages.json
index 0f209dd000b..369f1c0bf38 100644
--- a/apps/browser/src/_locales/si/messages.json
+++ b/apps/browser/src/_locales/si/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "අයිතමය යළි පිහිටුවන්න"
   },
-  "restoreItemConfirmation": {
-    "message": "ඔබට මෙම අයිතමය යථා තත්වයට පත් කිරීමට අවශ්ය බව ඔබට විශ්වාසද?"
-  },
   "restoredItem": {
     "message": "ප්රතිෂ්ඨාපනය අයිතමය"
   },
diff --git a/apps/browser/src/_locales/sk/messages.json b/apps/browser/src/_locales/sk/messages.json
index bccc8a74ce5..caf8cc51b5e 100644
--- a/apps/browser/src/_locales/sk/messages.json
+++ b/apps/browser/src/_locales/sk/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Obnoviť položku"
   },
-  "restoreItemConfirmation": {
-    "message": "Naozaj chcete obnoviť túto položku?"
-  },
   "restoredItem": {
     "message": "Obnovená položka"
   },
diff --git a/apps/browser/src/_locales/sl/messages.json b/apps/browser/src/_locales/sl/messages.json
index 64f3415ae27..81280a088fb 100644
--- a/apps/browser/src/_locales/sl/messages.json
+++ b/apps/browser/src/_locales/sl/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Obnovi element"
   },
-  "restoreItemConfirmation": {
-    "message": "Ste prepričani, da želite obnoviti ta element?"
-  },
   "restoredItem": {
     "message": "Element obnovljen"
   },
diff --git a/apps/browser/src/_locales/sr/messages.json b/apps/browser/src/_locales/sr/messages.json
index 38ba6e1a4b1..08e99691c1c 100644
--- a/apps/browser/src/_locales/sr/messages.json
+++ b/apps/browser/src/_locales/sr/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Врати ставку"
   },
-  "restoreItemConfirmation": {
-    "message": "Да ли сте сигурни да желите да вратите ову ставку?"
-  },
   "restoredItem": {
     "message": "Ставка враћена"
   },
diff --git a/apps/browser/src/_locales/sv/messages.json b/apps/browser/src/_locales/sv/messages.json
index 36ebb906412..d761d526a61 100644
--- a/apps/browser/src/_locales/sv/messages.json
+++ b/apps/browser/src/_locales/sv/messages.json
@@ -11,7 +11,7 @@
     "description": "Extension description"
   },
   "loginOrCreateNewAccount": {
-    "message": "Logga in eller skapa ett nytt konto för att komma åt dina lösenord."
+    "message": "Logga in eller skapa ett nytt konto för att komma åt ditt säkra valv."
   },
   "createAccount": {
     "message": "Skapa konto"
@@ -342,7 +342,7 @@
     "message": "Betygsätt tillägget"
   },
   "rateExtensionDesc": {
-    "message": "Överväg gärna att hjälpa oss genom att ge oss en bra recension!"
+    "message": "Överväg gärna att skriva en recension om oss!"
   },
   "browserNotSupportClipboard": {
     "message": "Din webbläsare har inte stöd för att enkelt kopiera till urklipp. Kopiera till urklipp manuellt istället."
@@ -370,7 +370,7 @@
     }
   },
   "invalidMasterPassword": {
-    "message": "Felaktigt huvudlösenord"
+    "message": "Ogiltigt huvudlösenord"
   },
   "vaultTimeout": {
     "message": "Valvets tidsgräns"
@@ -736,7 +736,7 @@
     "message": "Kopiera verifieringskod"
   },
   "attachments": {
-    "message": "Bifogade filer"
+    "message": "Bilagor"
   },
   "deleteAttachment": {
     "message": "Radera bilaga"
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Återställ objekt"
   },
-  "restoreItemConfirmation": {
-    "message": "Är du säker på att du vill återställa detta objekt?"
-  },
   "restoredItem": {
     "message": "Återställde objekt"
   },
diff --git a/apps/browser/src/_locales/te/messages.json b/apps/browser/src/_locales/te/messages.json
index 63dd227e52b..400e75dd1b4 100644
--- a/apps/browser/src/_locales/te/messages.json
+++ b/apps/browser/src/_locales/te/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Restore item"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/browser/src/_locales/th/messages.json b/apps/browser/src/_locales/th/messages.json
index 667c26a1e12..3b677f92acf 100644
--- a/apps/browser/src/_locales/th/messages.json
+++ b/apps/browser/src/_locales/th/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "กู้คืนรายการ"
   },
-  "restoreItemConfirmation": {
-    "message": "คุณแน่ใจหรือไม่ว่าต้องการกู้คืนรายการนี้"
-  },
   "restoredItem": {
     "message": "คืนค่ารายการแล้ว"
   },
diff --git a/apps/browser/src/_locales/tr/messages.json b/apps/browser/src/_locales/tr/messages.json
index 23727c5af9a..a03f2e11bf5 100644
--- a/apps/browser/src/_locales/tr/messages.json
+++ b/apps/browser/src/_locales/tr/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Kaydı geri yükle"
   },
-  "restoreItemConfirmation": {
-    "message": "Bu kaydı geri yüklemek istediğinizden emin misiniz?"
-  },
   "restoredItem": {
     "message": "Kayıt geri yüklendi"
   },
diff --git a/apps/browser/src/_locales/uk/messages.json b/apps/browser/src/_locales/uk/messages.json
index 45177b5bdea..d4d8a2c1d3f 100644
--- a/apps/browser/src/_locales/uk/messages.json
+++ b/apps/browser/src/_locales/uk/messages.json
@@ -631,10 +631,10 @@
     "message": "Оновити"
   },
   "notificationUnlockDesc": {
-    "message": "Unlock your Bitwarden vault to complete the auto-fill request."
+    "message": "Розблокуйте своє сховище Bitwarden, щоб завершити запит автозаповнення."
   },
   "notificationUnlock": {
-    "message": "Unlock"
+    "message": "Розблокувати"
   },
   "enableContextMenuItem": {
     "message": "Показувати в контекстному меню"
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Відновити запис"
   },
-  "restoreItemConfirmation": {
-    "message": "Ви дійсно хочете відновити цей запис?"
-  },
   "restoredItem": {
     "message": "Запис відновлено"
   },
@@ -2228,7 +2225,7 @@
     }
   },
   "loggingInOn": {
-    "message": "Logging in on"
+    "message": "Увійти на"
   },
   "opensInANewWindow": {
     "message": "Відкривається у новому вікні"
diff --git a/apps/browser/src/_locales/vi/messages.json b/apps/browser/src/_locales/vi/messages.json
index 0bb3aaefb85..2d1b03486a8 100644
--- a/apps/browser/src/_locales/vi/messages.json
+++ b/apps/browser/src/_locales/vi/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "Khôi phục mục"
   },
-  "restoreItemConfirmation": {
-    "message": "Bạn có chắc chắn muốn khôi phục mục này không?"
-  },
   "restoredItem": {
     "message": "Mục đã được khôi phục"
   },
diff --git a/apps/browser/src/_locales/zh_CN/messages.json b/apps/browser/src/_locales/zh_CN/messages.json
index 4f5d42ef1ad..c4838ff8775 100644
--- a/apps/browser/src/_locales/zh_CN/messages.json
+++ b/apps/browser/src/_locales/zh_CN/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "恢复项目"
   },
-  "restoreItemConfirmation": {
-    "message": "您确定要恢复此项目吗？"
-  },
   "restoredItem": {
     "message": "项目已恢复"
   },
diff --git a/apps/browser/src/_locales/zh_TW/messages.json b/apps/browser/src/_locales/zh_TW/messages.json
index c7350529d77..6c4caad3948 100644
--- a/apps/browser/src/_locales/zh_TW/messages.json
+++ b/apps/browser/src/_locales/zh_TW/messages.json
@@ -1446,9 +1446,6 @@
   "restoreItem": {
     "message": "還原項目"
   },
-  "restoreItemConfirmation": {
-    "message": "您確定要還原此項目嗎？"
-  },
   "restoredItem": {
     "message": "項目已還原"
   },
diff --git a/apps/browser/src/auth/background/service-factories/auth-request-crypto-service.factory.ts b/apps/browser/src/auth/background/service-factories/auth-request-crypto-service.factory.ts
new file mode 100644
index 00000000000..e1757f98129
--- /dev/null
+++ b/apps/browser/src/auth/background/service-factories/auth-request-crypto-service.factory.ts
@@ -0,0 +1,29 @@
+import { AuthRequestCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-crypto.service.abstraction";
+import { AuthRequestCryptoServiceImplementation } from "@bitwarden/common/auth/services/auth-request-crypto.service.implementation";
+
+import {
+  CryptoServiceInitOptions,
+  cryptoServiceFactory,
+} from "../../../platform/background/service-factories/crypto-service.factory";
+import {
+  CachedServices,
+  FactoryOptions,
+  factory,
+} from "../../../platform/background/service-factories/factory-options";
+
+type AuthRequestCryptoServiceFactoryOptions = FactoryOptions;
+
+export type AuthRequestCryptoServiceInitOptions = AuthRequestCryptoServiceFactoryOptions &
+  CryptoServiceInitOptions;
+
+export function authRequestCryptoServiceFactory(
+  cache: { authRequestCryptoService?: AuthRequestCryptoServiceAbstraction } & CachedServices,
+  opts: AuthRequestCryptoServiceInitOptions
+): Promise<AuthRequestCryptoServiceAbstraction> {
+  return factory(
+    cache,
+    "authRequestCryptoService",
+    opts,
+    async () => new AuthRequestCryptoServiceImplementation(await cryptoServiceFactory(cache, opts))
+  );
+}
diff --git a/apps/browser/src/auth/background/service-factories/auth-service.factory.ts b/apps/browser/src/auth/background/service-factories/auth-service.factory.ts
index 5612cedb91c..6aaeb476369 100644
--- a/apps/browser/src/auth/background/service-factories/auth-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/auth-service.factory.ts
@@ -52,6 +52,14 @@ import {
   PasswordStrengthServiceInitOptions,
 } from "../../../tools/background/service_factories/password-strength-service.factory";
 
+import {
+  authRequestCryptoServiceFactory,
+  AuthRequestCryptoServiceInitOptions,
+} from "./auth-request-crypto-service.factory";
+import {
+  deviceTrustCryptoServiceFactory,
+  DeviceTrustCryptoServiceInitOptions,
+} from "./device-trust-crypto-service.factory";
 import {
   keyConnectorServiceFactory,
   KeyConnectorServiceInitOptions,
@@ -75,7 +83,9 @@ export type AuthServiceInitOptions = AuthServiceFactoyOptions &
   I18nServiceInitOptions &
   EncryptServiceInitOptions &
   PolicyServiceInitOptions &
-  PasswordStrengthServiceInitOptions;
+  PasswordStrengthServiceInitOptions &
+  DeviceTrustCryptoServiceInitOptions &
+  AuthRequestCryptoServiceInitOptions;
 
 export function authServiceFactory(
   cache: { authService?: AbstractAuthService } & CachedServices,
@@ -101,7 +111,9 @@ export function authServiceFactory(
         await i18nServiceFactory(cache, opts),
         await encryptServiceFactory(cache, opts),
         await passwordStrengthServiceFactory(cache, opts),
-        await policyServiceFactory(cache, opts)
+        await policyServiceFactory(cache, opts),
+        await deviceTrustCryptoServiceFactory(cache, opts),
+        await authRequestCryptoServiceFactory(cache, opts)
       )
   );
 }
diff --git a/apps/browser/src/auth/background/service-factories/device-trust-crypto-service.factory.ts b/apps/browser/src/auth/background/service-factories/device-trust-crypto-service.factory.ts
new file mode 100644
index 00000000000..430d50fea75
--- /dev/null
+++ b/apps/browser/src/auth/background/service-factories/device-trust-crypto-service.factory.ts
@@ -0,0 +1,74 @@
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { DeviceTrustCryptoService } from "@bitwarden/common/auth/services/device-trust-crypto.service.implementation";
+
+import {
+  DevicesApiServiceInitOptions,
+  devicesApiServiceFactory,
+} from "../../../background/service-factories/devices-api-service.factory";
+import {
+  AppIdServiceInitOptions,
+  appIdServiceFactory,
+} from "../../../platform/background/service-factories/app-id-service.factory";
+import {
+  CryptoFunctionServiceInitOptions,
+  cryptoFunctionServiceFactory,
+} from "../../../platform/background/service-factories/crypto-function-service.factory";
+import {
+  CryptoServiceInitOptions,
+  cryptoServiceFactory,
+} from "../../../platform/background/service-factories/crypto-service.factory";
+import {
+  EncryptServiceInitOptions,
+  encryptServiceFactory,
+} from "../../../platform/background/service-factories/encrypt-service.factory";
+import {
+  CachedServices,
+  FactoryOptions,
+  factory,
+} from "../../../platform/background/service-factories/factory-options";
+import {
+  I18nServiceInitOptions,
+  i18nServiceFactory,
+} from "../../../platform/background/service-factories/i18n-service.factory";
+import {
+  PlatformUtilsServiceInitOptions,
+  platformUtilsServiceFactory,
+} from "../../../platform/background/service-factories/platform-utils-service.factory";
+import {
+  StateServiceInitOptions,
+  stateServiceFactory,
+} from "../../../platform/background/service-factories/state-service.factory";
+
+type DeviceTrustCryptoServiceFactoryOptions = FactoryOptions;
+
+export type DeviceTrustCryptoServiceInitOptions = DeviceTrustCryptoServiceFactoryOptions &
+  CryptoFunctionServiceInitOptions &
+  CryptoServiceInitOptions &
+  EncryptServiceInitOptions &
+  StateServiceInitOptions &
+  AppIdServiceInitOptions &
+  DevicesApiServiceInitOptions &
+  I18nServiceInitOptions &
+  PlatformUtilsServiceInitOptions;
+
+export function deviceTrustCryptoServiceFactory(
+  cache: { deviceTrustCryptoService?: DeviceTrustCryptoServiceAbstraction } & CachedServices,
+  opts: DeviceTrustCryptoServiceInitOptions
+): Promise<DeviceTrustCryptoServiceAbstraction> {
+  return factory(
+    cache,
+    "deviceTrustCryptoService",
+    opts,
+    async () =>
+      new DeviceTrustCryptoService(
+        await cryptoFunctionServiceFactory(cache, opts),
+        await cryptoServiceFactory(cache, opts),
+        await encryptServiceFactory(cache, opts),
+        await stateServiceFactory(cache, opts),
+        await appIdServiceFactory(cache, opts),
+        await devicesApiServiceFactory(cache, opts),
+        await i18nServiceFactory(cache, opts),
+        await platformUtilsServiceFactory(cache, opts)
+      )
+  );
+}
diff --git a/apps/browser/src/auth/background/service-factories/user-verification-api-service.factory.ts b/apps/browser/src/auth/background/service-factories/user-verification-api-service.factory.ts
new file mode 100644
index 00000000000..01bfb0f13cb
--- /dev/null
+++ b/apps/browser/src/auth/background/service-factories/user-verification-api-service.factory.ts
@@ -0,0 +1,29 @@
+import { UserVerificationApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/user-verification/user-verification-api.service.abstraction";
+import { UserVerificationApiService } from "@bitwarden/common/auth/services/user-verification/user-verification-api.service";
+
+import {
+  ApiServiceInitOptions,
+  apiServiceFactory,
+} from "../../../platform/background/service-factories/api-service.factory";
+import {
+  FactoryOptions,
+  CachedServices,
+  factory,
+} from "../../../platform/background/service-factories/factory-options";
+
+type UserVerificationApiServiceFactoryOptions = FactoryOptions;
+
+export type UserVerificationApiServiceInitOptions = UserVerificationApiServiceFactoryOptions &
+  ApiServiceInitOptions;
+
+export function userVerificationApiServiceFactory(
+  cache: { userVerificationApiService?: UserVerificationApiServiceAbstraction } & CachedServices,
+  opts: UserVerificationApiServiceInitOptions
+): Promise<UserVerificationApiServiceAbstraction> {
+  return factory(
+    cache,
+    "userVerificationApiService",
+    opts,
+    async () => new UserVerificationApiService(await apiServiceFactory(cache, opts))
+  );
+}
diff --git a/apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts b/apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts
new file mode 100644
index 00000000000..79d327c9485
--- /dev/null
+++ b/apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts
@@ -0,0 +1,51 @@
+import { UserVerificationService as AbstractUserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
+import { UserVerificationService } from "@bitwarden/common/auth/services/user-verification/user-verification.service";
+
+import {
+  CryptoServiceInitOptions,
+  cryptoServiceFactory,
+} from "../../../platform/background/service-factories/crypto-service.factory";
+import {
+  FactoryOptions,
+  CachedServices,
+  factory,
+} from "../../../platform/background/service-factories/factory-options";
+import {
+  I18nServiceInitOptions,
+  i18nServiceFactory,
+} from "../../../platform/background/service-factories/i18n-service.factory";
+import {
+  StateServiceInitOptions,
+  stateServiceFactory,
+} from "../../../platform/background/service-factories/state-service.factory";
+
+import {
+  UserVerificationApiServiceInitOptions,
+  userVerificationApiServiceFactory,
+} from "./user-verification-api-service.factory";
+
+type UserVerificationServiceFactoryOptions = FactoryOptions;
+
+export type UserVerificationServiceInitOptions = UserVerificationServiceFactoryOptions &
+  StateServiceInitOptions &
+  CryptoServiceInitOptions &
+  I18nServiceInitOptions &
+  UserVerificationApiServiceInitOptions;
+
+export function userVerificationServiceFactory(
+  cache: { userVerificationService?: AbstractUserVerificationService } & CachedServices,
+  opts: UserVerificationServiceInitOptions
+): Promise<AbstractUserVerificationService> {
+  return factory(
+    cache,
+    "userVerificationService",
+    opts,
+    async () =>
+      new UserVerificationService(
+        await stateServiceFactory(cache, opts),
+        await cryptoServiceFactory(cache, opts),
+        await i18nServiceFactory(cache, opts),
+        await userVerificationApiServiceFactory(cache, opts)
+      )
+  );
+}
diff --git a/apps/browser/src/auth/popup/lock.component.html b/apps/browser/src/auth/popup/lock.component.html
index cf964c15646..e787e0106d1 100644
--- a/apps/browser/src/auth/popup/lock.component.html
+++ b/apps/browser/src/auth/popup/lock.component.html
@@ -5,14 +5,20 @@
       <span class="title">{{ "verifyIdentity" | i18n }}</span>
     </h1>
     <div class="right">
-      <button type="submit" *ngIf="!hideInput">{{ "unlock" | i18n }}</button>
+      <button type="submit" *ngIf="pinEnabled || masterPasswordEnabled">
+        {{ "unlock" | i18n }}
+      </button>
     </div>
   </header>
   <main tabindex="-1">
     <div class="box">
       <div class="box-content">
-        <div class="box-content-row box-content-row-flex" appBoxRow *ngIf="!hideInput">
-          <div class="row-main" *ngIf="pinLock">
+        <div
+          class="box-content-row box-content-row-flex"
+          appBoxRow
+          *ngIf="pinEnabled || masterPasswordEnabled"
+        >
+          <div class="row-main" *ngIf="pinEnabled">
             <label for="pin">{{ "pin" | i18n }}</label>
             <input
               id="pin"
@@ -24,7 +30,7 @@
               appInputVerbatim
             />
           </div>
-          <div class="row-main" *ngIf="!pinLock">
+          <div class="row-main" *ngIf="masterPasswordEnabled && !pinEnabled">
             <label for="masterPassword">{{ "masterPass" | i18n }}</label>
             <input
               id="masterPassword"
diff --git a/apps/browser/src/auth/popup/lock.component.ts b/apps/browser/src/auth/popup/lock.component.ts
index f72bb8cc787..f0c435a6877 100644
--- a/apps/browser/src/auth/popup/lock.component.ts
+++ b/apps/browser/src/auth/popup/lock.component.ts
@@ -2,14 +2,14 @@ import { Component, NgZone } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { LockComponent as BaseLockComponent } from "@bitwarden/angular/auth/components/lock.component";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -19,6 +19,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
+import { DialogService } from "@bitwarden/components";
 
 import { BiometricErrors, BiometricErrorTypes } from "../../models/biometricErrors";
 
@@ -44,14 +45,15 @@ export class LockComponent extends BaseLockComponent {
     stateService: StateService,
     apiService: ApiService,
     logService: LogService,
-    keyConnectorService: KeyConnectorService,
     ngZone: NgZone,
     policyApiService: PolicyApiServiceAbstraction,
     policyService: InternalPolicyService,
     passwordStrengthService: PasswordStrengthServiceAbstraction,
     private authService: AuthService,
     route: ActivatedRoute,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService,
+    deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    userVerificationService: UserVerificationService
   ) {
     super(
       router,
@@ -65,13 +67,14 @@ export class LockComponent extends BaseLockComponent {
       stateService,
       apiService,
       logService,
-      keyConnectorService,
       ngZone,
       policyApiService,
       policyService,
       passwordStrengthService,
       route,
-      dialogService
+      dialogService,
+      deviceTrustCryptoService,
+      userVerificationService
     );
     this.successRoute = "/tabs/current";
     this.isInitialLockScreen = (window as any).previousPopupUrl == null;
@@ -83,7 +86,7 @@ export class LockComponent extends BaseLockComponent {
       (await this.stateService.getDisableAutoBiometricsPrompt()) ?? true;
 
     window.setTimeout(async () => {
-      document.getElementById(this.pinLock ? "pin" : "masterPassword").focus();
+      document.getElementById(this.pinEnabled ? "pin" : "masterPassword")?.focus();
       if (
         this.biometricLock &&
         !disableAutoBiometricsPrompt &&
@@ -95,7 +98,7 @@ export class LockComponent extends BaseLockComponent {
     }, 100);
   }
 
-  async unlockBiometric(): Promise<boolean> {
+  override async unlockBiometric(): Promise<boolean> {
     if (!this.biometricLock) {
       return;
     }
diff --git a/apps/browser/src/auth/popup/login-decryption-options/login-decryption-options.component.html b/apps/browser/src/auth/popup/login-decryption-options/login-decryption-options.component.html
new file mode 100644
index 00000000000..32e3ea0c598
--- /dev/null
+++ b/apps/browser/src/auth/popup/login-decryption-options/login-decryption-options.component.html
@@ -0,0 +1,108 @@
+<div id="login-initiated">
+  <header>
+    <h1 class="margin-auto">
+      <span class="title">{{ "loginInitiated" | i18n }}</span>
+    </h1>
+  </header>
+
+  <div class="content login-page">
+    <div class="full-loading-spinner" *ngIf="loading">
+      <i class="bwi bwi-spinner bwi-spin bwi-3x" aria-hidden="true"></i>
+    </div>
+
+    <ng-container *ngIf="!loading">
+      <ng-container *ngIf="data.state == State.ExistingUserUntrustedDevice">
+        <div class="standard-x-margin">
+          <p class="lead">{{ "loginInitiated" | i18n }}</p>
+          <h6 class="mb-20px">{{ "deviceApprovalRequired" | i18n }}</h6>
+        </div>
+
+        <form
+          id="rememberDeviceForm"
+          class="mb-20px standard-x-margin"
+          [formGroup]="rememberDeviceForm"
+        >
+          <div>
+            <input
+              type="checkbox"
+              id="rememberDevice"
+              name="rememberDevice"
+              formControlName="rememberDevice"
+            />
+            <label for="rememberDevice">
+              {{ "rememberThisDevice" | i18n }}
+            </label>
+            <p id="rememberThisDeviceHintText">{{ "uncheckIfPublicDevice" | i18n }}</p>
+          </div>
+        </form>
+
+        <div class="box mb-20px">
+          <button
+            *ngIf="data.showApproveFromOtherDeviceBtn"
+            (click)="approveFromOtherDevice()"
+            type="button"
+            class="btn primary block"
+          >
+            <b>{{ "approveFromYourOtherDevice" | i18n }}</b>
+          </button>
+          <button
+            *ngIf="data.showReqAdminApprovalBtn"
+            (click)="requestAdminApproval()"
+            type="button"
+            class="btn block btn-top-margin"
+          >
+            {{ "requestAdminApproval" | i18n }}
+          </button>
+          <button
+            *ngIf="data.showApproveWithMasterPasswordBtn"
+            type="button"
+            class="btn block btn-top-margin"
+            (click)="approveWithMasterPassword()"
+          >
+            {{ "approveWithMasterPassword" | i18n }}
+          </button>
+        </div>
+      </ng-container>
+
+      <ng-container *ngIf="data.state == State.NewUser">
+        <div class="standard-x-margin">
+          <p class="lead">{{ "loginInitiated" | i18n }}</p>
+        </div>
+
+        <form
+          id="rememberDeviceForm"
+          class="mb-20px standard-x-margin"
+          [formGroup]="rememberDeviceForm"
+        >
+          <div>
+            <input
+              type="checkbox"
+              id="rememberDevice"
+              name="rememberDevice"
+              formControlName="rememberDevice"
+            />
+            <label for="rememberDevice">
+              {{ "rememberThisDevice" | i18n }}
+            </label>
+            <p id="rememberThisDeviceHintText">{{ "uncheckIfPublicDevice" | i18n }}</p>
+          </div>
+        </form>
+
+        <div class="box mb-20px">
+          <button (click)="createUser()" type="button" class="btn primary block">
+            <b>{{ "continue" | i18n }}</b>
+          </button>
+        </div>
+      </ng-container>
+
+      <hr class="muted-hr mx-5px mb-20px" />
+
+      <div class="small mx-5px">
+        <p class="no-margin">{{ "loggingInAs" | i18n }} {{ data.userEmail }}</p>
+        <a tabindex="0" role="button" style="cursor: pointer" (click)="logOut()">{{
+          "notYou" | i18n
+        }}</a>
+      </div>
+    </ng-container>
+  </div>
+</div>
diff --git a/apps/browser/src/auth/popup/login-decryption-options/login-decryption-options.component.ts b/apps/browser/src/auth/popup/login-decryption-options/login-decryption-options.component.ts
new file mode 100644
index 00000000000..7fac9a42b06
--- /dev/null
+++ b/apps/browser/src/auth/popup/login-decryption-options/login-decryption-options.component.ts
@@ -0,0 +1,18 @@
+import { Component } from "@angular/core";
+
+import { BaseLoginDecryptionOptionsComponent } from "@bitwarden/angular/auth/components/base-login-decryption-options.component";
+
+@Component({
+  selector: "browser-login-decryption-options",
+  templateUrl: "login-decryption-options.component.html",
+})
+export class LoginDecryptionOptionsComponent extends BaseLoginDecryptionOptionsComponent {
+  override async createUser(): Promise<void> {
+    try {
+      await super.createUser();
+      await this.router.navigate(["/tabs/vault"]);
+    } catch (error) {
+      this.validationService.showError(error);
+    }
+  }
+}
diff --git a/apps/browser/src/auth/popup/login-with-device.component.html b/apps/browser/src/auth/popup/login-with-device.component.html
index d794b7d212b..127f7ec96fe 100644
--- a/apps/browser/src/auth/popup/login-with-device.component.html
+++ b/apps/browser/src/auth/popup/login-with-device.component.html
@@ -5,32 +5,57 @@
     </h1>
   </header>
   <div class="content login-page">
-    <div>
-      <p class="lead">{{ "logInInitiated" | i18n }}</p>
-
+    <ng-container *ngIf="state == StateEnum.StandardAuthRequest">
       <div>
-        <p>{{ "notificationSentDevice" | i18n }}</p>
+        <p class="lead">{{ "loginInitiated" | i18n }}</p>
 
-        <p>
-          {{ "fingerprintMatchInfo" | i18n }}
-        </p>
+        <div>
+          <p>{{ "notificationSentDevice" | i18n }}</p>
+
+          <p>
+            {{ "fingerprintMatchInfo" | i18n }}
+          </p>
+        </div>
+
+        <div>
+          <b class="fingerprint-phrase-header">{{ "fingerprintPhraseHeader" | i18n }}</b>
+          <p class="fingerprint-text">
+            <code>{{ fingerprintPhrase }}</code>
+          </p>
+        </div>
+
+        <div class="resend-notification" *ngIf="showResendNotification">
+          <a (click)="startPasswordlessLogin()">{{ "resendNotification" | i18n }}</a>
+        </div>
+
+        <div class="footer">
+          {{ "loginWithDeviceEnabledInfo" | i18n }}
+          <a href="#" (click)="back()">{{ "viewAllLoginOptions" | i18n }}</a>
+        </div>
       </div>
+    </ng-container>
 
+    <ng-container *ngIf="state == StateEnum.AdminAuthRequest">
       <div>
-        <b class="fingerprint-phrase-header">{{ "fingerprintPhraseHeader" | i18n }}</b>
-        <p class="fingerprint-text">
-          <code>{{ fingerprintPhrase }}</code>
-        </p>
-      </div>
+        <p class="lead">{{ "adminApprovalRequested" | i18n }}</p>
 
-      <div class="resend-notification" *ngIf="showResendNotification">
-        <a (click)="startPasswordlessLogin()">{{ "resendNotification" | i18n }}</a>
-      </div>
+        <div>
+          <p>{{ "adminApprovalRequestSentToAdmins" | i18n }}</p>
+          <p>{{ "youWillBeNotifiedOnceApproved" | i18n }}</p>
+        </div>
 
-      <div class="footer">
-        {{ "loginWithDeviceEnabledInfo" | i18n }}
-        <a routerLink="/login">{{ "viewAllLoginOptions" | i18n }}</a>
+        <div>
+          <b class="fingerprint-phrase-header">{{ "fingerprintPhraseHeader" | i18n }}</b>
+          <p class="fingerprint-text">
+            <code>{{ fingerprintPhrase }}</code>
+          </p>
+        </div>
+
+        <div class="footer">
+          {{ "troubleLoggingIn" | i18n }}
+          <a routerLink="/login-initiated">{{ "viewAllLoginOptions" | i18n }}</a>
+        </div>
       </div>
-    </div>
+    </ng-container>
   </div>
 </div>
diff --git a/apps/browser/src/auth/popup/login-with-device.component.ts b/apps/browser/src/auth/popup/login-with-device.component.ts
index cf0e57b5ee5..f3a1dfffaa0 100644
--- a/apps/browser/src/auth/popup/login-with-device.component.ts
+++ b/apps/browser/src/auth/popup/login-with-device.component.ts
@@ -1,10 +1,13 @@
+import { Location } from "@angular/common";
 import { Component, OnDestroy, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
 
 import { LoginWithDeviceComponent as BaseLoginWithDeviceComponent } from "@bitwarden/angular/auth/components/login-with-device.component";
 import { AnonymousHubService } from "@bitwarden/common/abstractions/anonymousHub.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AuthRequestCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-crypto.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
@@ -42,7 +45,10 @@ export class LoginWithDeviceComponent
     validationService: ValidationService,
     stateService: StateService,
     loginService: LoginService,
-    syncService: SyncService
+    syncService: SyncService,
+    deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    authReqCryptoService: AuthRequestCryptoServiceAbstraction,
+    private location: Location
   ) {
     super(
       router,
@@ -59,10 +65,16 @@ export class LoginWithDeviceComponent
       anonymousHubService,
       validationService,
       stateService,
-      loginService
+      loginService,
+      deviceTrustCryptoService,
+      authReqCryptoService
     );
     super.onSuccessfulLogin = async () => {
       await syncService.fullSync(true);
     };
   }
+
+  protected back() {
+    this.location.back();
+  }
 }
diff --git a/apps/browser/src/auth/popup/login.component.ts b/apps/browser/src/auth/popup/login.component.ts
index 776b792fa1d..d9b789e4d81 100644
--- a/apps/browser/src/auth/popup/login.component.ts
+++ b/apps/browser/src/auth/popup/login.component.ts
@@ -4,8 +4,8 @@ import { ActivatedRoute, Router } from "@angular/router";
 
 import { LoginComponent as BaseLoginComponent } from "@bitwarden/angular/auth/components/login.component";
 import { FormValidationErrorsService } from "@bitwarden/angular/platform/abstractions/form-validation-errors.service";
-import { DevicesApiServiceAbstraction } from "@bitwarden/common/abstractions/devices/devices-api.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
diff --git a/apps/browser/src/auth/popup/register.component.ts b/apps/browser/src/auth/popup/register.component.ts
index ad7a9e1cc68..1599af2216c 100644
--- a/apps/browser/src/auth/popup/register.component.ts
+++ b/apps/browser/src/auth/popup/register.component.ts
@@ -4,7 +4,6 @@ import { Router } from "@angular/router";
 
 import { RegisterComponent as BaseRegisterComponent } from "@bitwarden/angular/components/register.component";
 import { FormValidationErrorsService } from "@bitwarden/angular/platform/abstractions/form-validation-errors.service";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
@@ -15,6 +14,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-register",
@@ -38,7 +38,7 @@ export class RegisterComponent extends BaseRegisterComponent {
     environmentService: EnvironmentService,
     logService: LogService,
     auditService: AuditService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       formValidationErrorService,
diff --git a/apps/browser/src/auth/popup/services/index.ts b/apps/browser/src/auth/popup/services/index.ts
index 06bfe0009bd..63563f61fd9 100644
--- a/apps/browser/src/auth/popup/services/index.ts
+++ b/apps/browser/src/auth/popup/services/index.ts
@@ -1,2 +1 @@
-export { LockGuardService } from "./lock-guard.service";
 export { UnauthGuardService } from "./unauth-guard.service";
diff --git a/apps/browser/src/auth/popup/services/lock-guard.service.ts b/apps/browser/src/auth/popup/services/lock-guard.service.ts
deleted file mode 100644
index ef6ebc73aca..00000000000
--- a/apps/browser/src/auth/popup/services/lock-guard.service.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-import { Injectable } from "@angular/core";
-
-import { LockGuard as BaseLockGuardService } from "@bitwarden/angular/auth/guards/lock.guard";
-
-@Injectable()
-export class LockGuardService extends BaseLockGuardService {
-  protected homepage = "tabs/current";
-}
diff --git a/apps/browser/src/auth/popup/services/unauth-guard.service.ts b/apps/browser/src/auth/popup/services/unauth-guard.service.ts
index 4aa700b5568..062239a7d36 100644
--- a/apps/browser/src/auth/popup/services/unauth-guard.service.ts
+++ b/apps/browser/src/auth/popup/services/unauth-guard.service.ts
@@ -1,6 +1,6 @@
 import { Injectable } from "@angular/core";
 
-import { UnauthGuard as BaseUnauthGuardService } from "@bitwarden/angular/auth/guards/unauth.guard";
+import { UnauthGuard as BaseUnauthGuardService } from "@bitwarden/angular/auth/guards";
 
 @Injectable()
 export class UnauthGuardService extends BaseUnauthGuardService {
diff --git a/apps/browser/src/auth/popup/set-password.component.ts b/apps/browser/src/auth/popup/set-password.component.ts
index 83ec3572737..73b092f32e0 100644
--- a/apps/browser/src/auth/popup/set-password.component.ts
+++ b/apps/browser/src/auth/popup/set-password.component.ts
@@ -2,7 +2,6 @@ import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { SetPasswordComponent as BaseSetPasswordComponent } from "@bitwarden/angular/components/set-password.component";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
@@ -15,6 +14,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-set-password",
@@ -36,7 +36,7 @@ export class SetPasswordComponent extends BaseSetPasswordComponent {
     route: ActivatedRoute,
     organizationApiService: OrganizationApiServiceAbstraction,
     organizationUserService: OrganizationUserService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
diff --git a/apps/browser/src/auth/popup/sso.component.ts b/apps/browser/src/auth/popup/sso.component.ts
index 2214e91687a..9d04701680e 100644
--- a/apps/browser/src/auth/popup/sso.component.ts
+++ b/apps/browser/src/auth/popup/sso.component.ts
@@ -1,11 +1,12 @@
-import { Component } from "@angular/core";
+import { Component, Inject } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { SsoComponent as BaseSsoComponent } from "@bitwarden/angular/auth/components/sso.component";
+import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -35,7 +36,8 @@ export class SsoComponent extends BaseSsoComponent {
     syncService: SyncService,
     environmentService: EnvironmentService,
     logService: LogService,
-    private vaultTimeoutService: VaultTimeoutService
+    configService: ConfigServiceAbstraction,
+    @Inject(WINDOW) private win: Window
   ) {
     super(
       authService,
@@ -48,7 +50,8 @@ export class SsoComponent extends BaseSsoComponent {
       cryptoFunctionService,
       environmentService,
       passwordGenerationService,
-      logService
+      logService,
+      configService
     );
 
     const url = this.environmentService.getWebVaultUrl();
@@ -57,15 +60,22 @@ export class SsoComponent extends BaseSsoComponent {
     this.clientId = "browser";
 
     super.onSuccessfulLogin = async () => {
-      await syncService.fullSync(true);
+      syncService.fullSync(true);
 
       // If the vault is unlocked then this will clear keys from memory, which we don't want to do
       if ((await this.authService.getAuthStatus()) !== AuthenticationStatus.Unlocked) {
         BrowserApi.reloadOpenWindows();
       }
 
-      const thisWindow = window.open("", "_self");
-      thisWindow.close();
+      this.win.close();
+    };
+
+    super.onSuccessfulLoginTde = async () => {
+      syncService.fullSync(true);
+    };
+
+    super.onSuccessfulLoginTdeNavigate = async () => {
+      this.win.close();
     };
   }
 }
diff --git a/apps/browser/src/auth/popup/two-factor.component.ts b/apps/browser/src/auth/popup/two-factor.component.ts
index 21a2bd42f85..c0af31d25e5 100644
--- a/apps/browser/src/auth/popup/two-factor.component.ts
+++ b/apps/browser/src/auth/popup/two-factor.component.ts
@@ -1,9 +1,9 @@
-import { Component } from "@angular/core";
+import { Component, Inject } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 import { first } from "rxjs/operators";
 
 import { TwoFactorComponent as BaseTwoFactorComponent } from "@bitwarden/angular/auth/components/two-factor.component";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
+import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
@@ -11,6 +11,7 @@ import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -18,6 +19,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 import { BrowserApi } from "../../platform/browser/browser-api";
 import { PopupUtilsService } from "../../popup/services/popup-utils.service";
@@ -48,7 +50,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     twoFactorService: TwoFactorService,
     appIdService: AppIdService,
     loginService: LoginService,
-    private dialogService: DialogServiceAbstraction
+    configService: ConfigServiceAbstraction,
+    private dialogService: DialogService,
+    @Inject(WINDOW) protected win: Window
   ) {
     super(
       authService,
@@ -56,19 +60,28 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       i18nService,
       apiService,
       platformUtilsService,
-      window,
+      win,
       environmentService,
       stateService,
       route,
       logService,
       twoFactorService,
       appIdService,
-      loginService
+      loginService,
+      configService
     );
-    super.onSuccessfulLogin = () => {
-      this.loginService.clearValues();
-      return syncService.fullSync(true);
+    super.onSuccessfulLogin = async () => {
+      syncService.fullSync(true);
     };
+
+    super.onSuccessfulLoginTde = async () => {
+      syncService.fullSync(true);
+    };
+
+    super.onSuccessfulLoginTdeNavigate = async () => {
+      this.win.close();
+    };
+
     super.successRoute = "/tabs/vault";
     // FIXME: Chromium 110 has broken WebAuthn support in extensions via an iframe
     this.webAuthnNewTab = true;
@@ -107,7 +120,7 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       const confirmed = await this.dialogService.openSimpleDialog({
         title: { key: "warning" },
         content: { key: "popup2faCloseMessage" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
       if (confirmed) {
         this.popupUtilsService.popOut(window);
@@ -117,11 +130,11 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
     this.route.queryParams.pipe(first()).subscribe(async (qParams) => {
       if (qParams.sso === "true") {
-        super.onSuccessfulLogin = () => {
+        super.onSuccessfulLogin = async () => {
           // This is not awaited so we don't pause the application while the sync is happening.
           // This call is executed by the service that lives in the background script so it will continue
           // the sync even if this tab closes.
-          const syncPromise = this.syncService.fullSync(true);
+          this.syncService.fullSync(true);
 
           // Force sidebars (FF && Opera) to reload while exempting current window
           // because we are just going to close the current window.
@@ -130,8 +143,6 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
           // We don't need this window anymore because the intent is for the user to be left
           // on the web vault screen which tells them to continue in the browser extension (sidebar or popup)
           BrowserApi.closeBitwardenExtensionTab();
-
-          return syncPromise;
         };
       }
     });
diff --git a/apps/browser/src/autofill/background/service_factories/autofill-service.factory.ts b/apps/browser/src/autofill/background/service_factories/autofill-service.factory.ts
index a802fd8cf1c..efa5bdcffbb 100644
--- a/apps/browser/src/autofill/background/service_factories/autofill-service.factory.ts
+++ b/apps/browser/src/autofill/background/service_factories/autofill-service.factory.ts
@@ -2,6 +2,10 @@ import {
   TotpServiceInitOptions,
   totpServiceFactory,
 } from "../../../auth/background/service-factories/totp-service.factory";
+import {
+  UserVerificationServiceInitOptions,
+  userVerificationServiceFactory,
+} from "../../../auth/background/service-factories/user-verification-service.factory";
 import {
   EventCollectionServiceInitOptions,
   eventCollectionServiceFactory,
@@ -38,7 +42,8 @@ export type AutoFillServiceInitOptions = AutoFillServiceOptions &
   TotpServiceInitOptions &
   EventCollectionServiceInitOptions &
   LogServiceInitOptions &
-  SettingsServiceInitOptions;
+  SettingsServiceInitOptions &
+  UserVerificationServiceInitOptions;
 
 export function autofillServiceFactory(
   cache: { autofillService?: AbstractAutoFillService } & CachedServices,
@@ -55,7 +60,8 @@ export function autofillServiceFactory(
         await totpServiceFactory(cache, opts),
         await eventCollectionServiceFactory(cache, opts),
         await logServiceFactory(cache, opts),
-        await settingsServiceFactory(cache, opts)
+        await settingsServiceFactory(cache, opts),
+        await userVerificationServiceFactory(cache, opts)
       )
   );
 }
diff --git a/apps/browser/src/autofill/browser/cipher-context-menu-handler.spec.ts b/apps/browser/src/autofill/browser/cipher-context-menu-handler.spec.ts
index 53d3d100769..dbe391ce4ab 100644
--- a/apps/browser/src/autofill/browser/cipher-context-menu-handler.spec.ts
+++ b/apps/browser/src/autofill/browser/cipher-context-menu-handler.spec.ts
@@ -1,6 +1,7 @@
 import { mock, MockProxy } from "jest-mock-extended";
 
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherRepromptType } from "@bitwarden/common/vault/enums/cipher-reprompt-type";
@@ -13,6 +14,7 @@ describe("CipherContextMenuHandler", () => {
   let mainContextMenuHandler: MockProxy<MainContextMenuHandler>;
   let authService: MockProxy<AuthService>;
   let cipherService: MockProxy<CipherService>;
+  let userVerificationService: MockProxy<UserVerificationService>;
 
   let sut: CipherContextMenuHandler;
 
@@ -20,10 +22,17 @@ describe("CipherContextMenuHandler", () => {
     mainContextMenuHandler = mock();
     authService = mock();
     cipherService = mock();
+    userVerificationService = mock();
+    userVerificationService.hasMasterPassword.mockResolvedValue(true);
 
     jest.spyOn(MainContextMenuHandler, "removeAll").mockResolvedValue();
 
-    sut = new CipherContextMenuHandler(mainContextMenuHandler, authService, cipherService);
+    sut = new CipherContextMenuHandler(
+      mainContextMenuHandler,
+      authService,
+      cipherService,
+      userVerificationService
+    );
   });
 
   afterEach(() => jest.resetAllMocks());
@@ -83,11 +92,11 @@ describe("CipherContextMenuHandler", () => {
       };
 
       cipherService.getAllDecryptedForUrl.mockResolvedValue([
-        null,
-        undefined,
-        { type: CipherType.Card },
-        { type: CipherType.Login, reprompt: CipherRepromptType.Password },
-        realCipher,
+        null, // invalid cipher
+        undefined, // invalid cipher
+        { type: CipherType.Card }, // invalid cipher
+        { type: CipherType.Login, reprompt: CipherRepromptType.Password }, // invalid cipher
+        realCipher, // valid cipher
       ] as any[]);
 
       await sut.update("https://test.com");
@@ -96,7 +105,7 @@ describe("CipherContextMenuHandler", () => {
 
       expect(cipherService.getAllDecryptedForUrl).toHaveBeenCalledWith("https://test.com");
 
-      expect(mainContextMenuHandler.loadOptions).toHaveBeenCalledTimes(1);
+      expect(mainContextMenuHandler.loadOptions).toHaveBeenCalledTimes(2);
 
       expect(mainContextMenuHandler.loadOptions).toHaveBeenCalledWith(
         "Test Cipher (Test Username)",
@@ -105,5 +114,61 @@ describe("CipherContextMenuHandler", () => {
         realCipher
       );
     });
+
+    it("adds ciphers with master password reprompt if the user does not have a master password", async () => {
+      authService.getAuthStatus.mockResolvedValue(AuthenticationStatus.Unlocked);
+
+      // User does not have a master password, or has one but hasn't logged in with it (key connector user or TDE user)
+      userVerificationService.hasMasterPasswordAndMasterKeyHash.mockResolvedValue(false);
+
+      mainContextMenuHandler.init.mockResolvedValue(true);
+
+      const realCipher = {
+        id: "5",
+        type: CipherType.Login,
+        reprompt: CipherRepromptType.None,
+        name: "Test Cipher",
+        login: { username: "Test Username" },
+      };
+
+      const repromptCipher = {
+        id: "6",
+        type: CipherType.Login,
+        reprompt: CipherRepromptType.Password,
+        name: "Test Reprompt Cipher",
+        login: { username: "Test Username" },
+      };
+
+      cipherService.getAllDecryptedForUrl.mockResolvedValue([
+        null, // invalid cipher
+        undefined, // invalid cipher
+        { type: CipherType.Card }, // invalid cipher
+        repromptCipher, // valid cipher
+        realCipher, // valid cipher
+      ] as any[]);
+
+      await sut.update("https://test.com");
+
+      expect(cipherService.getAllDecryptedForUrl).toHaveBeenCalledTimes(1);
+
+      expect(cipherService.getAllDecryptedForUrl).toHaveBeenCalledWith("https://test.com");
+
+      // Should call this twice, once for each valid cipher
+      expect(mainContextMenuHandler.loadOptions).toHaveBeenCalledTimes(2);
+
+      expect(mainContextMenuHandler.loadOptions).toHaveBeenCalledWith(
+        "Test Cipher (Test Username)",
+        "5",
+        "https://test.com",
+        realCipher
+      );
+
+      expect(mainContextMenuHandler.loadOptions).toHaveBeenCalledWith(
+        "Test Reprompt Cipher (Test Username)",
+        "6",
+        "https://test.com",
+        repromptCipher
+      );
+    });
   });
 });
diff --git a/apps/browser/src/autofill/browser/cipher-context-menu-handler.ts b/apps/browser/src/autofill/browser/cipher-context-menu-handler.ts
index d4f72e56633..1d1be8f8386 100644
--- a/apps/browser/src/autofill/browser/cipher-context-menu-handler.ts
+++ b/apps/browser/src/autofill/browser/cipher-context-menu-handler.ts
@@ -1,10 +1,10 @@
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { StateFactory } from "@bitwarden/common/platform/factories/state-factory";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { GlobalState } from "@bitwarden/common/platform/models/domain/global-state";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
-import { CipherRepromptType } from "@bitwarden/common/vault/enums/cipher-reprompt-type";
 import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 
@@ -12,6 +12,7 @@ import {
   authServiceFactory,
   AuthServiceInitOptions,
 } from "../../auth/background/service-factories/auth-service.factory";
+import { userVerificationServiceFactory } from "../../auth/background/service-factories/user-verification-service.factory";
 import { Account } from "../../models/account";
 import { CachedServices } from "../../platform/background/service-factories/factory-options";
 import { BrowserApi } from "../../platform/browser/browser-api";
@@ -38,7 +39,8 @@ export class CipherContextMenuHandler {
   constructor(
     private mainContextMenuHandler: MainContextMenuHandler,
     private authService: AuthService,
-    private cipherService: CipherService
+    private cipherService: CipherService,
+    private userVerificationService: UserVerificationService
   ) {}
 
   static async create(cachedServices: CachedServices) {
@@ -77,7 +79,8 @@ export class CipherContextMenuHandler {
     return new CipherContextMenuHandler(
       await MainContextMenuHandler.mv3Create(cachedServices),
       await authServiceFactory(cachedServices, serviceOptions),
-      await cipherServiceFactory(cachedServices, serviceOptions)
+      await cipherServiceFactory(cachedServices, serviceOptions),
+      await userVerificationServiceFactory(cachedServices, serviceOptions)
     );
   }
 
@@ -180,7 +183,7 @@ export class CipherContextMenuHandler {
     if (
       cipher == null ||
       cipher.type !== CipherType.Login ||
-      cipher.reprompt !== CipherRepromptType.None
+      (await this.userVerificationService.hasMasterPasswordAndMasterKeyHash())
     ) {
       return;
     }
diff --git a/apps/browser/src/autofill/browser/context-menu-clicked-handler.ts b/apps/browser/src/autofill/browser/context-menu-clicked-handler.ts
index a5cf1c70655..38e605abe70 100644
--- a/apps/browser/src/autofill/browser/context-menu-clicked-handler.ts
+++ b/apps/browser/src/autofill/browser/context-menu-clicked-handler.ts
@@ -203,17 +203,45 @@ export class ContextMenuClickedHandler {
         if (tab == null) {
           return;
         }
-        await this.autofillAction(tab, cipher);
+
+        if (cipher.reprompt !== CipherRepromptType.None) {
+          await BrowserApi.tabSendMessageData(tab, "passwordReprompt", {
+            cipherId: cipher.id,
+            action: AUTOFILL_ID,
+          });
+        } else {
+          await this.autofillAction(tab, cipher);
+        }
+
         break;
       case COPY_USERNAME_ID:
         this.copyToClipboard({ text: cipher.login.username, tab: tab });
         break;
       case COPY_PASSWORD_ID:
-        this.copyToClipboard({ text: cipher.login.password, tab: tab });
-        this.eventCollectionService.collect(EventType.Cipher_ClientCopiedPassword, cipher.id);
+        if (cipher.reprompt !== CipherRepromptType.None) {
+          await BrowserApi.tabSendMessageData(tab, "passwordReprompt", {
+            cipherId: cipher.id,
+            action: COPY_PASSWORD_ID,
+          });
+        } else {
+          this.copyToClipboard({ text: cipher.login.password, tab: tab });
+          this.eventCollectionService.collect(EventType.Cipher_ClientCopiedPassword, cipher.id);
+        }
+
         break;
       case COPY_VERIFICATIONCODE_ID:
-        this.copyToClipboard({ text: await this.totpService.getCode(cipher.login.totp), tab: tab });
+        if (cipher.reprompt !== CipherRepromptType.None) {
+          await BrowserApi.tabSendMessageData(tab, "passwordReprompt", {
+            cipherId: cipher.id,
+            action: COPY_VERIFICATIONCODE_ID,
+          });
+        } else {
+          this.copyToClipboard({
+            text: await this.totpService.getCode(cipher.login.totp),
+            tab: tab,
+          });
+        }
+
         break;
     }
   }
diff --git a/apps/browser/src/autofill/content/message_handler.ts b/apps/browser/src/autofill/content/message_handler.ts
index 5302a5042be..5ef0abdb7cc 100644
--- a/apps/browser/src/autofill/content/message_handler.ts
+++ b/apps/browser/src/autofill/content/message_handler.ts
@@ -28,6 +28,7 @@ window.addEventListener(
 
 const forwardCommands = [
   "promptForLogin",
+  "passwordReprompt",
   "addToLockedVaultPendingNotifications",
   "unlockCompleted",
   "addedCipher",
diff --git a/apps/browser/src/autofill/services/autofill.service.ts b/apps/browser/src/autofill/services/autofill.service.ts
index 9ced0104b8e..571b4af7213 100644
--- a/apps/browser/src/autofill/services/autofill.service.ts
+++ b/apps/browser/src/autofill/services/autofill.service.ts
@@ -1,6 +1,7 @@
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { SettingsService } from "@bitwarden/common/abstractions/settings.service";
 import { TotpService } from "@bitwarden/common/abstractions/totp.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { EventType, FieldType, UriMatchType } from "@bitwarden/common/enums";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
@@ -45,7 +46,8 @@ export default class AutofillService implements AutofillServiceInterface {
     private totpService: TotpService,
     private eventCollectionService: EventCollectionService,
     private logService: LogService,
-    private settingsService: SettingsService
+    private settingsService: SettingsService,
+    private userVerificationService: UserVerificationService
   ) {}
 
   getFormsWithPasswordFields(pageDetails: AutofillPageDetails): FormData[] {
@@ -234,7 +236,19 @@ export default class AutofillService implements AutofillServiceInterface {
       }
     }
 
-    if (cipher == null || cipher.reprompt !== CipherRepromptType.None) {
+    if (cipher == null) {
+      return null;
+    }
+
+    if (
+      cipher.reprompt !== CipherRepromptType.None &&
+      (await this.userVerificationService.hasMasterPasswordAndMasterKeyHash())
+    ) {
+      await BrowserApi.tabSendMessageData(tab, "passwordReprompt", {
+        cipherId: cipher.id,
+        action: "autofill",
+      });
+
       return null;
     }
 
diff --git a/apps/browser/src/background/commands.background.ts b/apps/browser/src/background/commands.background.ts
index 118953b9da0..0cbf91c6666 100644
--- a/apps/browser/src/background/commands.background.ts
+++ b/apps/browser/src/background/commands.background.ts
@@ -1,4 +1,4 @@
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
diff --git a/apps/browser/src/background/idle.background.ts b/apps/browser/src/background/idle.background.ts
index 3854d2383b4..7200301c795 100644
--- a/apps/browser/src/background/idle.background.ts
+++ b/apps/browser/src/background/idle.background.ts
@@ -1,5 +1,5 @@
 import { NotificationsService } from "@bitwarden/common/abstractions/notifications.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 
 import { BrowserStateService } from "../platform/services/abstractions/browser-state.service";
diff --git a/apps/browser/src/background/main.background.ts b/apps/browser/src/background/main.background.ts
index 69335ca5586..03b297aecea 100644
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@@ -1,27 +1,33 @@
 import { AvatarUpdateService as AvatarUpdateServiceAbstraction } from "@bitwarden/common/abstractions/account/avatar-update.service";
 import { ApiService as ApiServiceAbstraction } from "@bitwarden/common/abstractions/api.service";
 import { AuditService as AuditServiceAbstraction } from "@bitwarden/common/abstractions/audit.service";
+import { DevicesServiceAbstraction } from "@bitwarden/common/abstractions/devices/devices.service.abstraction";
 import { EventCollectionService as EventCollectionServiceAbstraction } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { EventUploadService as EventUploadServiceAbstraction } from "@bitwarden/common/abstractions/event/event-upload.service";
 import { NotificationsService as NotificationsServiceAbstraction } from "@bitwarden/common/abstractions/notifications.service";
 import { SearchService as SearchServiceAbstraction } from "@bitwarden/common/abstractions/search.service";
 import { SettingsService as SettingsServiceAbstraction } from "@bitwarden/common/abstractions/settings.service";
 import { TotpService as TotpServiceAbstraction } from "@bitwarden/common/abstractions/totp.service";
-import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService as VaultTimeoutSettingsServiceAbstraction } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService as VaultTimeoutSettingsServiceAbstraction } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
 import { InternalOrganizationServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService as InternalPolicyServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { ProviderService as ProviderServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/provider.service";
 import { PolicyApiService } from "@bitwarden/common/admin-console/services/policy/policy-api.service";
 import { ProviderService } from "@bitwarden/common/admin-console/services/provider.service";
+import { AuthRequestCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-crypto.service.abstraction";
 import { AuthService as AuthServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { KeyConnectorService as KeyConnectorServiceAbstraction } from "@bitwarden/common/auth/abstractions/key-connector.service";
 import { TokenService as TokenServiceAbstraction } from "@bitwarden/common/auth/abstractions/token.service";
 import { TwoFactorService as TwoFactorServiceAbstraction } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { UserVerificationApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/user-verification/user-verification-api.service.abstraction";
 import { UserVerificationService as UserVerificationServiceAbstraction } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
+import { AuthRequestCryptoServiceImplementation } from "@bitwarden/common/auth/services/auth-request-crypto.service.implementation";
 import { AuthService } from "@bitwarden/common/auth/services/auth.service";
+import { DeviceTrustCryptoService } from "@bitwarden/common/auth/services/device-trust-crypto.service.implementation";
+import { DevicesApiServiceImplementation } from "@bitwarden/common/auth/services/devices-api.service.implementation";
 import { KeyConnectorService } from "@bitwarden/common/auth/services/key-connector.service";
 import { TokenService } from "@bitwarden/common/auth/services/token.service";
 import { TwoFactorService } from "@bitwarden/common/auth/services/two-factor.service";
@@ -60,12 +66,13 @@ import { WebCryptoFunctionService } from "@bitwarden/common/platform/services/we
 import { AvatarUpdateService } from "@bitwarden/common/services/account/avatar-update.service";
 import { ApiService } from "@bitwarden/common/services/api.service";
 import { AuditService } from "@bitwarden/common/services/audit.service";
+import { DevicesServiceImplementation } from "@bitwarden/common/services/devices/devices.service.implementation";
 import { EventCollectionService } from "@bitwarden/common/services/event/event-collection.service";
 import { EventUploadService } from "@bitwarden/common/services/event/event-upload.service";
 import { NotificationsService } from "@bitwarden/common/services/notifications.service";
 import { SearchService } from "@bitwarden/common/services/search.service";
 import { TotpService } from "@bitwarden/common/services/totp.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/services/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/services/vault-timeout/vault-timeout-settings.service";
 import {
   PasswordGenerationService,
   PasswordGenerationServiceAbstraction,
@@ -136,7 +143,7 @@ import { PopupUtilsService } from "../popup/services/popup-utils.service";
 import { BrowserSendService } from "../services/browser-send.service";
 import { BrowserSettingsService } from "../services/browser-settings.service";
 import { BrowserFido2UserInterfaceService } from "../services/fido2/browser-fido2-user-interface.service";
-import VaultTimeoutService from "../services/vaultTimeout/vaultTimeout.service";
+import VaultTimeoutService from "../services/vault-timeout/vault-timeout.service";
 import { BrowserFolderService } from "../vault/services/browser-folder.service";
 import { VaultFilterService } from "../vault/services/vault-filter.service";
 
@@ -164,7 +171,7 @@ export default class MainBackground {
   cipherService: CipherServiceAbstraction;
   folderService: InternalFolderServiceAbstraction;
   collectionService: CollectionServiceAbstraction;
-  vaultTimeoutService: VaultTimeoutServiceAbstraction;
+  vaultTimeoutService: VaultTimeoutService;
   vaultTimeoutSettingsService: VaultTimeoutSettingsServiceAbstraction;
   syncService: SyncServiceAbstraction;
   passwordGenerationService: PasswordGenerationServiceAbstraction;
@@ -207,6 +214,10 @@ export default class MainBackground {
   cipherContextMenuHandler: CipherContextMenuHandler;
   configService: ConfigServiceAbstraction;
   configApiService: ConfigApiServiceAbstraction;
+  devicesApiService: DevicesApiServiceAbstraction;
+  devicesService: DevicesServiceAbstraction;
+  deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction;
+  authRequestCryptoService: AuthRequestCryptoServiceAbstraction;
   popupUtilsService: PopupUtilsService;
   browserPopoutWindowService: BrowserPopoutWindowService;
 
@@ -399,6 +410,23 @@ export default class MainBackground {
         that.runtimeBackground.processMessage(message, that as any);
       };
     })();
+
+    this.devicesApiService = new DevicesApiServiceImplementation(this.apiService);
+    this.deviceTrustCryptoService = new DeviceTrustCryptoService(
+      this.cryptoFunctionService,
+      this.cryptoService,
+      this.encryptService,
+      this.stateService,
+      this.appIdService,
+      this.devicesApiService,
+      this.i18nService,
+      this.platformUtilsService
+    );
+
+    this.devicesService = new DevicesServiceImplementation(this.devicesApiService);
+
+    this.authRequestCryptoService = new AuthRequestCryptoServiceImplementation(this.cryptoService);
+
     this.authService = new AuthService(
       this.cryptoService,
       this.apiService,
@@ -414,14 +442,26 @@ export default class MainBackground {
       this.i18nService,
       this.encryptService,
       this.passwordStrengthService,
-      this.policyService
+      this.policyService,
+      this.deviceTrustCryptoService,
+      this.authRequestCryptoService
+    );
+
+    this.userVerificationApiService = new UserVerificationApiService(this.apiService);
+
+    this.userVerificationService = new UserVerificationService(
+      this.stateService,
+      this.cryptoService,
+      this.i18nService,
+      this.userVerificationApiService
     );
 
     this.vaultTimeoutSettingsService = new VaultTimeoutSettingsService(
       this.cryptoService,
       this.tokenService,
       this.policyService,
-      this.stateService
+      this.stateService,
+      this.userVerificationService
     );
 
     this.vaultTimeoutService = new VaultTimeoutService(
@@ -432,7 +472,6 @@ export default class MainBackground {
       this.platformUtilsService,
       this.messagingService,
       this.searchService,
-      this.keyConnectorService,
       this.stateService,
       this.authService,
       this.vaultTimeoutSettingsService,
@@ -483,13 +522,15 @@ export default class MainBackground {
       this.eventUploadService
     );
     this.totpService = new TotpService(this.cryptoFunctionService, this.logService);
+
     this.autofillService = new AutofillService(
       this.cipherService,
       this.stateService,
       this.totpService,
       this.eventCollectionService,
       this.logService,
-      this.settingsService
+      this.settingsService,
+      this.userVerificationService
     );
     this.auditService = new AuditService(this.cryptoFunctionService, this.apiService);
     this.exportService = new VaultExportService(
@@ -511,15 +552,6 @@ export default class MainBackground {
       this.authService,
       this.messagingService
     );
-
-    this.userVerificationApiService = new UserVerificationApiService(this.apiService);
-
-    this.userVerificationService = new UserVerificationService(
-      this.cryptoService,
-      this.i18nService,
-      this.userVerificationApiService
-    );
-
     this.configApiService = new ConfigApiService(this.apiService, this.authService);
 
     this.configService = new ConfigService(
@@ -528,6 +560,7 @@ export default class MainBackground {
       this.authService,
       this.environmentService
     );
+
     this.browserPopoutWindowService = new BrowserPopoutWindowService();
 
     this.popupUtilsService = new PopupUtilsService(this.isPrivateMode);
@@ -669,7 +702,8 @@ export default class MainBackground {
       this.cipherContextMenuHandler = new CipherContextMenuHandler(
         this.mainContextMenuHandler,
         this.authService,
-        this.cipherService
+        this.cipherService,
+        this.userVerificationService
       );
     }
   }
@@ -679,7 +713,7 @@ export default class MainBackground {
 
     await this.stateService.init();
 
-    await (this.vaultTimeoutService as VaultTimeoutService).init(true);
+    await this.vaultTimeoutService.init(true);
     await (this.i18nService as BrowserI18nService).init();
     await (this.eventUploadService as EventUploadService).init(true);
     await this.runtimeBackground.init();
diff --git a/apps/browser/src/background/nativeMessaging.background.ts b/apps/browser/src/background/nativeMessaging.background.ts
index 742cd39f15c..8f8705b41c7 100644
--- a/apps/browser/src/background/nativeMessaging.background.ts
+++ b/apps/browser/src/background/nativeMessaging.background.ts
@@ -10,7 +10,11 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import {
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 
 import { BrowserApi } from "../platform/browser/browser-api";
 
@@ -42,6 +46,7 @@ type ReceiveMessage = {
 
   // Unlock key
   keyB64?: string;
+  userKeyB64?: string;
 };
 
 type ReceiveMessageOuter = {
@@ -320,16 +325,55 @@ export class NativeMessagingBackground {
         }
 
         if (message.response === "unlocked") {
-          await this.cryptoService.setKey(
-            new SymmetricCryptoKey(Utils.fromB64ToArray(message.keyB64))
-          );
+          try {
+            if (message.userKeyB64) {
+              const userKey = new SymmetricCryptoKey(
+                Utils.fromB64ToArray(message.userKeyB64)
+              ) as UserKey;
+              await this.cryptoService.setUserKey(userKey);
+            } else if (message.keyB64) {
+              // Backwards compatibility to support cases in which the user hasn't updated their desktop app
+              // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3472)
+              let encUserKey = await this.stateService.getEncryptedCryptoSymmetricKey();
+              encUserKey ||= await this.stateService.getMasterKeyEncryptedUserKey();
+              if (!encUserKey) {
+                throw new Error("No encrypted user key found");
+              }
+              const masterKey = new SymmetricCryptoKey(
+                Utils.fromB64ToArray(message.keyB64)
+              ) as MasterKey;
+              const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(
+                masterKey,
+                new EncString(encUserKey)
+              );
+              await this.cryptoService.setMasterKey(masterKey);
+              await this.cryptoService.setUserKey(userKey);
+            } else {
+              throw new Error("No key received");
+            }
+          } catch (e) {
+            this.logService.error("Unable to set key: " + e);
+            this.messagingService.send("showDialog", {
+              title: { key: "biometricsFailedTitle" },
+              content: { key: "biometricsFailedDesc" },
+              acceptButtonText: { key: "ok" },
+              cancelButtonText: null,
+              type: "danger",
+            });
+
+            // Exit early
+            if (this.resolver) {
+              this.resolver(message);
+            }
+            return;
+          }
 
           // Verify key is correct by attempting to decrypt a secret
           try {
             await this.cryptoService.getFingerprint(await this.stateService.getUserId());
           } catch (e) {
             this.logService.error("Unable to verify key: " + e);
-            await this.cryptoService.clearKey();
+            await this.cryptoService.clearKeys();
             this.showWrongUserDialog();
 
             // Exit early
diff --git a/apps/browser/src/background/runtime.background.ts b/apps/browser/src/background/runtime.background.ts
index 3c2ac7a96cc..f8754798241 100644
--- a/apps/browser/src/background/runtime.background.ts
+++ b/apps/browser/src/background/runtime.background.ts
@@ -52,7 +52,11 @@ export default class RuntimeBackground {
       sender: chrome.runtime.MessageSender,
       sendResponse: any
     ) => {
-      const messagesWithResponse = ["fido2RegisterCredentialRequest", "fido2GetCredentialRequest"];
+      const messagesWithResponse = [
+        "checkFido2FeatureEnabled",
+        "fido2RegisterCredentialRequest",
+        "fido2GetCredentialRequest",
+      ];
 
       if (messagesWithResponse.includes(msg.command)) {
         this.processMessage(msg, sender).then(
@@ -75,6 +79,8 @@ export default class RuntimeBackground {
   }
 
   async processMessage(msg: any, sender: chrome.runtime.MessageSender) {
+    const cipherId = msg.data?.cipherId;
+
     switch (msg.command) {
       case "loggedIn":
       case "unlocked": {
@@ -82,7 +88,7 @@ export default class RuntimeBackground {
 
         if (this.lockedVaultPendingNotifications?.length > 0) {
           item = this.lockedVaultPendingNotifications.pop();
-          await this.browserPopoutWindowService.closeLoginPrompt();
+          await this.browserPopoutWindowService.closeUnlockPrompt();
         }
 
         await this.main.refreshBadge();
@@ -122,13 +128,22 @@ export default class RuntimeBackground {
         break;
       case "promptForLogin":
       case "bgReopenPromptForLogin":
-        await this.browserPopoutWindowService.openLoginPrompt(sender.tab?.windowId);
+        await this.browserPopoutWindowService.openUnlockPrompt(sender.tab?.windowId);
+        break;
+      case "passwordReprompt":
+        if (cipherId) {
+          await this.browserPopoutWindowService.openPasswordRepromptPrompt(sender.tab?.windowId, {
+            cipherId: cipherId,
+            senderTabId: sender.tab.id,
+            action: msg.data?.action,
+          });
+        }
         break;
       case "openAddEditCipher": {
         const addEditCipherUrl =
-          msg.data?.cipherId == null
+          cipherId == null
             ? "popup/index.html#/edit-cipher"
-            : "popup/index.html#/edit-cipher?cipherId=" + msg.data.cipherId;
+            : "popup/index.html#/edit-cipher?cipherId=" + cipherId;
 
         BrowserApi.openBitwardenExtensionTab(addEditCipherUrl, true);
         break;
@@ -233,6 +248,8 @@ export default class RuntimeBackground {
       case "fido2AbortRequest":
         this.abortControllers.get(msg.abortedRequestId)?.abort();
         break;
+      case "checkFido2FeatureEnabled":
+        return await this.main.fido2ClientService.isFido2FeatureEnabled();
       case "fido2RegisterCredentialRequest":
         return await this.main.fido2ClientService
           .createCredential(msg.data, this.createAbortController(msg.requestId))
diff --git a/apps/browser/src/background/service-factories/devices-api-service.factory.ts b/apps/browser/src/background/service-factories/devices-api-service.factory.ts
new file mode 100644
index 00000000000..8999b7c2c72
--- /dev/null
+++ b/apps/browser/src/background/service-factories/devices-api-service.factory.ts
@@ -0,0 +1,28 @@
+import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
+import { DevicesApiServiceImplementation } from "@bitwarden/common/auth/services/devices-api.service.implementation";
+
+import {
+  ApiServiceInitOptions,
+  apiServiceFactory,
+} from "../../platform/background/service-factories/api-service.factory";
+import {
+  FactoryOptions,
+  CachedServices,
+  factory,
+} from "../../platform/background/service-factories/factory-options";
+
+type DevicesApiServiceFactoryOptions = FactoryOptions;
+
+export type DevicesApiServiceInitOptions = DevicesApiServiceFactoryOptions & ApiServiceInitOptions;
+
+export function devicesApiServiceFactory(
+  cache: { devicesApiService?: DevicesApiServiceAbstraction } & CachedServices,
+  opts: DevicesApiServiceInitOptions
+): Promise<DevicesApiServiceAbstraction> {
+  return factory(
+    cache,
+    "devicesApiService",
+    opts,
+    async () => new DevicesApiServiceImplementation(await apiServiceFactory(cache, opts))
+  );
+}
diff --git a/apps/browser/src/background/service-factories/vault-timeout-service.factory.ts b/apps/browser/src/background/service-factories/vault-timeout-service.factory.ts
index 601867ad385..b019db3297d 100644
--- a/apps/browser/src/background/service-factories/vault-timeout-service.factory.ts
+++ b/apps/browser/src/background/service-factories/vault-timeout-service.factory.ts
@@ -1,13 +1,9 @@
-import { VaultTimeoutService as AbstractVaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
+import { VaultTimeoutService as AbstractVaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 
 import {
   authServiceFactory,
   AuthServiceInitOptions,
 } from "../../auth/background/service-factories/auth-service.factory";
-import {
-  keyConnectorServiceFactory,
-  KeyConnectorServiceInitOptions,
-} from "../../auth/background/service-factories/key-connector-service.factory";
 import {
   CryptoServiceInitOptions,
   cryptoServiceFactory,
@@ -29,7 +25,7 @@ import {
   StateServiceInitOptions,
   stateServiceFactory,
 } from "../../platform/background/service-factories/state-service.factory";
-import VaultTimeoutService from "../../services/vaultTimeout/vaultTimeout.service";
+import VaultTimeoutService from "../../services/vault-timeout/vault-timeout.service";
 import {
   cipherServiceFactory,
   CipherServiceInitOptions,
@@ -64,7 +60,6 @@ export type VaultTimeoutServiceInitOptions = VaultTimeoutServiceFactoryOptions &
   PlatformUtilsServiceInitOptions &
   MessagingServiceInitOptions &
   SearchServiceInitOptions &
-  KeyConnectorServiceInitOptions &
   StateServiceInitOptions &
   AuthServiceInitOptions &
   VaultTimeoutSettingsServiceInitOptions;
@@ -86,7 +81,6 @@ export function vaultTimeoutServiceFactory(
         await platformUtilsServiceFactory(cache, opts),
         await messagingServiceFactory(cache, opts),
         await searchServiceFactory(cache, opts),
-        await keyConnectorServiceFactory(cache, opts),
         await stateServiceFactory(cache, opts),
         await authServiceFactory(cache, opts),
         await vaultTimeoutSettingsServiceFactory(cache, opts),
diff --git a/apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts b/apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts
index 724993127b7..eda86c0a156 100644
--- a/apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts
+++ b/apps/browser/src/background/service-factories/vault-timeout-settings-service.factory.ts
@@ -1,5 +1,5 @@
-import { VaultTimeoutSettingsService as AbstractVaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/services/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService as AbstractVaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/services/vault-timeout/vault-timeout-settings.service";
 
 import {
   policyServiceFactory,
@@ -9,6 +9,10 @@ import {
   tokenServiceFactory,
   TokenServiceInitOptions,
 } from "../../auth/background/service-factories/token-service.factory";
+import {
+  userVerificationServiceFactory,
+  UserVerificationServiceInitOptions,
+} from "../../auth/background/service-factories/user-verification-service.factory";
 import {
   CryptoServiceInitOptions,
   cryptoServiceFactory,
@@ -29,7 +33,8 @@ export type VaultTimeoutSettingsServiceInitOptions = VaultTimeoutSettingsService
   CryptoServiceInitOptions &
   TokenServiceInitOptions &
   PolicyServiceInitOptions &
-  StateServiceInitOptions;
+  StateServiceInitOptions &
+  UserVerificationServiceInitOptions;
 
 export function vaultTimeoutSettingsServiceFactory(
   cache: { vaultTimeoutSettingsService?: AbstractVaultTimeoutSettingsService } & CachedServices,
@@ -44,7 +49,8 @@ export function vaultTimeoutSettingsServiceFactory(
         await cryptoServiceFactory(cache, opts),
         await tokenServiceFactory(cache, opts),
         await policyServiceFactory(cache, opts),
-        await stateServiceFactory(cache, opts)
+        await stateServiceFactory(cache, opts),
+        await userVerificationServiceFactory(cache, opts)
       )
   );
 }
diff --git a/apps/browser/src/manifest.json b/apps/browser/src/manifest.json
index 4eadf4bb552..bbbcd752e62 100644
--- a/apps/browser/src/manifest.json
+++ b/apps/browser/src/manifest.json
@@ -2,7 +2,7 @@
   "manifest_version": 2,
   "name": "__MSG_extName__",
   "short_name": "__MSG_appName__",
-  "version": "2023.7.1",
+  "version": "2023.8.0",
   "description": "__MSG_extDesc__",
   "default_locale": "en",
   "author": "Bitwarden Inc.",
diff --git a/apps/browser/src/manifest.v3.json b/apps/browser/src/manifest.v3.json
index 2a366053ce3..ce21088709a 100644
--- a/apps/browser/src/manifest.v3.json
+++ b/apps/browser/src/manifest.v3.json
@@ -3,7 +3,7 @@
   "minimum_chrome_version": "102.0",
   "name": "__MSG_extName__",
   "short_name": "__MSG_appName__",
-  "version": "2023.7.1",
+  "version": "2023.8.0",
   "description": "__MSG_extDesc__",
   "default_locale": "en",
   "author": "Bitwarden Inc.",
diff --git a/apps/browser/src/platform/browser/browser-api.ts b/apps/browser/src/platform/browser/browser-api.ts
index b93781aa977..391f8830301 100644
--- a/apps/browser/src/platform/browser/browser-api.ts
+++ b/apps/browser/src/platform/browser/browser-api.ts
@@ -45,11 +45,20 @@ export class BrowserApi {
     });
   }
 
-  static async getTab(tabId: number) {
-    if (tabId == null) {
+  static async getTab(tabId: number): Promise<chrome.tabs.Tab> | null {
+    if (!tabId) {
       return null;
     }
-    return await chrome.tabs.get(tabId);
+
+    if (BrowserApi.manifestVersion === 3) {
+      return await chrome.tabs.get(tabId);
+    }
+
+    return new Promise((resolve) =>
+      chrome.tabs.get(tabId, (tab) => {
+        resolve(tab);
+      })
+    );
   }
 
   static async getTabFromCurrentWindow(): Promise<chrome.tabs.Tab> | null {
diff --git a/apps/browser/src/platform/popup/abstractions/browser-popout-window.service.ts b/apps/browser/src/platform/popup/abstractions/browser-popout-window.service.ts
index ca22e369d80..0b3f55ee990 100644
--- a/apps/browser/src/platform/popup/abstractions/browser-popout-window.service.ts
+++ b/apps/browser/src/platform/popup/abstractions/browser-popout-window.service.ts
@@ -1,6 +1,15 @@
 interface BrowserPopoutWindowService {
-  openLoginPrompt(senderWindowId: number): Promise<void>;
-  closeLoginPrompt(): Promise<void>;
+  openUnlockPrompt(senderWindowId: number): Promise<void>;
+  closeUnlockPrompt(): Promise<void>;
+  openPasswordRepromptPrompt(
+    senderWindowId: number,
+    promptData: {
+      action: string;
+      cipherId: string;
+      senderTabId: number;
+    }
+  ): Promise<void>;
+  closePasswordRepromptPrompt(): Promise<void>;
 }
 
 export { BrowserPopoutWindowService };
diff --git a/apps/browser/src/platform/popup/browser-popout-window.service.ts b/apps/browser/src/platform/popup/browser-popout-window.service.ts
index bfec3e690ba..95be15cc20d 100644
--- a/apps/browser/src/platform/popup/browser-popout-window.service.ts
+++ b/apps/browser/src/platform/popup/browser-popout-window.service.ts
@@ -11,20 +11,48 @@ class BrowserPopoutWindowService implements BrowserPopupWindowServiceInterface {
     height: 800,
   };
 
-  async openLoginPrompt(senderWindowId: number) {
-    await this.closeLoginPrompt();
-    await this.openPopoutWindow(
+  async openUnlockPrompt(senderWindowId: number) {
+    await this.closeUnlockPrompt();
+    await this.openSingleActionPopout(
       senderWindowId,
       "popup/index.html?uilocation=popout",
-      "loginPrompt"
+      "unlockPrompt"
     );
   }
 
-  async closeLoginPrompt() {
-    await this.closeSingleActionPopout("loginPrompt");
+  async closeUnlockPrompt() {
+    await this.closeSingleActionPopout("unlockPrompt");
   }
 
-  private async openPopoutWindow(
+  async openPasswordRepromptPrompt(
+    senderWindowId: number,
+    {
+      cipherId,
+      senderTabId,
+      action,
+    }: {
+      cipherId: string;
+      senderTabId: number;
+      action: string;
+    }
+  ) {
+    await this.closePasswordRepromptPrompt();
+
+    const promptWindowPath =
+      "popup/index.html#/view-cipher" +
+      "?uilocation=popout" +
+      `&cipherId=${cipherId}` +
+      `&senderTabId=${senderTabId}` +
+      `&action=${action}`;
+
+    await this.openSingleActionPopout(senderWindowId, promptWindowPath, "passwordReprompt");
+  }
+
+  async closePasswordRepromptPrompt() {
+    await this.closeSingleActionPopout("passwordReprompt");
+  }
+
+  private async openSingleActionPopout(
     senderWindowId: number,
     popupWindowURL: string,
     singleActionPopoutKey: string
diff --git a/apps/browser/src/platform/services/browser-crypto.service.ts b/apps/browser/src/platform/services/browser-crypto.service.ts
index 1018c270cb2..a6dce0f39e9 100644
--- a/apps/browser/src/platform/services/browser-crypto.service.ts
+++ b/apps/browser/src/platform/services/browser-crypto.service.ts
@@ -1,13 +1,32 @@
 import { KeySuffixOptions } from "@bitwarden/common/enums";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import {
+  SymmetricCryptoKey,
+  UserKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { CryptoService } from "@bitwarden/common/platform/services/crypto.service";
 
 export class BrowserCryptoService extends CryptoService {
-  protected async retrieveKeyFromStorage(keySuffix: KeySuffixOptions) {
-    if (keySuffix === "biometric") {
+  override async hasUserKeyStored(keySuffix: KeySuffixOptions, userId?: string): Promise<boolean> {
+    if (keySuffix === KeySuffixOptions.Biometric) {
+      return await this.stateService.getBiometricUnlock({ userId: userId });
+    }
+    return super.hasUserKeyStored(keySuffix, userId);
+  }
+
+  /**
+   * Browser doesn't store biometric keys, so we retrieve them from the desktop and return
+   * if we successfully saved it into memory as the User Key
+   */
+  protected override async getKeyFromStorage(keySuffix: KeySuffixOptions): Promise<UserKey> {
+    if (keySuffix === KeySuffixOptions.Biometric) {
       await this.platformUtilService.authenticateBiometric();
-      return (await this.getKey())?.keyB64;
+      const userKey = await this.stateService.getUserKey();
+      if (userKey) {
+        return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey.keyB64)) as UserKey;
+      }
     }
 
-    return await super.retrieveKeyFromStorage(keySuffix);
+    return await super.getKeyFromStorage(keySuffix);
   }
 }
diff --git a/apps/browser/src/platform/services/browser-state.service.spec.ts b/apps/browser/src/platform/services/browser-state.service.spec.ts
index 874e13b7d8f..d6bb83f7fb5 100644
--- a/apps/browser/src/platform/services/browser-state.service.spec.ts
+++ b/apps/browser/src/platform/services/browser-state.service.spec.ts
@@ -41,7 +41,8 @@ describe("Browser State Service", () => {
     logService = mock();
     stateMigrationService = mock();
     stateFactory = mock();
-    useAccountCache = true;
+    // turn off account cache for tests
+    useAccountCache = false;
 
     state = new State(new GlobalState());
     state.accounts[userId] = new Account({
diff --git a/apps/browser/src/platform/services/browser-state.service.ts b/apps/browser/src/platform/services/browser-state.service.ts
index 37f50d6dc77..34fa1a1d0f3 100644
--- a/apps/browser/src/platform/services/browser-state.service.ts
+++ b/apps/browser/src/platform/services/browser-state.service.ts
@@ -1,5 +1,12 @@
 import { BehaviorSubject } from "rxjs";
 
+import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { StateMigrationService } from "@bitwarden/common/platform/abstractions/state-migration.service";
+import {
+  AbstractStorageService,
+  AbstractMemoryStorageService,
+} from "@bitwarden/common/platform/abstractions/storage.service";
+import { StateFactory } from "@bitwarden/common/platform/factories/state-factory";
 import { GlobalState } from "@bitwarden/common/platform/models/domain/global-state";
 import { StorageOptions } from "@bitwarden/common/platform/models/domain/storage-options";
 import { StateService as BaseStateService } from "@bitwarden/common/platform/services/state.service";
@@ -26,14 +33,44 @@ export class BrowserStateService
   protected activeAccountSubject: BehaviorSubject<string>;
   @sessionSync({ initializer: (b: boolean) => b })
   protected activeAccountUnlockedSubject: BehaviorSubject<boolean>;
-  @sessionSync({
-    initializer: Account.fromJSON as any, // TODO: Remove this any when all any types are removed from Account
-    initializeAs: "record",
-  })
-  protected accountDiskCache: BehaviorSubject<Record<string, Account>>;
 
   protected accountDeserializer = Account.fromJSON;
 
+  constructor(
+    storageService: AbstractStorageService,
+    secureStorageService: AbstractStorageService,
+    memoryStorageService: AbstractMemoryStorageService,
+    logService: LogService,
+    stateMigrationService: StateMigrationService,
+    stateFactory: StateFactory<GlobalState, Account>,
+    useAccountCache = true
+  ) {
+    super(
+      storageService,
+      secureStorageService,
+      memoryStorageService,
+      logService,
+      stateMigrationService,
+      stateFactory,
+      useAccountCache
+    );
+
+    // TODO: This is a hack to fix having a disk cache on both the popup and
+    // the background page that can get out of sync. We need to work out the
+    // best way to handle caching with multiple instances of the state service.
+    if (useAccountCache) {
+      chrome.storage.onChanged.addListener((changes, namespace) => {
+        if (namespace === "local") {
+          for (const key of Object.keys(changes)) {
+            if (key !== "accountActivity" && this.accountDiskCache.value[key]) {
+              this.deleteDiskCache(key);
+            }
+          }
+        }
+      });
+    }
+  }
+
   async addAccount(account: Account) {
     // Apply browser overrides to default account values
     account = new Account(account);
@@ -132,4 +169,17 @@ export class BrowserStateService
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
     );
   }
+
+  // Overriding the base class to prevent deleting the cache on save. We register a storage listener
+  // to delete the cache in the constructor above.
+  protected override async saveAccountToDisk(
+    account: Account,
+    options: StorageOptions
+  ): Promise<void> {
+    const storageLocation = options.useSecureStorage
+      ? this.secureStorageService
+      : this.storageService;
+
+    await storageLocation.save(`${options.userId}`, account, options);
+  }
 }
diff --git a/apps/browser/src/popup/app-routing.module.ts b/apps/browser/src/popup/app-routing.module.ts
index 360637343bc..002337eb70b 100644
--- a/apps/browser/src/popup/app-routing.module.ts
+++ b/apps/browser/src/popup/app-routing.module.ts
@@ -1,14 +1,21 @@
 import { Injectable, NgModule } from "@angular/core";
 import { ActivatedRouteSnapshot, RouteReuseStrategy, RouterModule, Routes } from "@angular/router";
 
-import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
-import { LockGuard } from "@bitwarden/angular/auth/guards/lock.guard";
-import { UnauthGuard } from "@bitwarden/angular/auth/guards/unauth.guard";
+import {
+  redirectGuard,
+  AuthGuard,
+  lockGuard,
+  tdeDecryptionRequiredGuard,
+  UnauthGuard,
+} from "@bitwarden/angular/auth/guards";
+import { canAccessFeature } from "@bitwarden/angular/guard/feature-flag.guard";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
 import { EnvironmentComponent } from "../auth/popup/environment.component";
 import { HintComponent } from "../auth/popup/hint.component";
 import { HomeComponent } from "../auth/popup/home.component";
 import { LockComponent } from "../auth/popup/lock.component";
+import { LoginDecryptionOptionsComponent } from "../auth/popup/login-decryption-options/login-decryption-options.component";
 import { LoginWithDeviceComponent } from "../auth/popup/login-with-device.component";
 import { LoginComponent } from "../auth/popup/login.component";
 import { RegisterComponent } from "../auth/popup/register.component";
@@ -50,8 +57,11 @@ import { TabsComponent } from "./tabs.component";
 const routes: Routes = [
   {
     path: "",
-    redirectTo: "home",
     pathMatch: "full",
+    children: [], // Children lets us have an empty component.
+    canActivate: [
+      redirectGuard({ loggedIn: "/tabs/current", loggedOut: "/home", locked: "/lock" }),
+    ],
   },
   {
     path: "vault",
@@ -77,13 +87,19 @@ const routes: Routes = [
   {
     path: "login-with-device",
     component: LoginWithDeviceComponent,
-    canActivate: [UnauthGuard],
+    canActivate: [],
+    data: { state: "login-with-device" },
+  },
+  {
+    path: "admin-approval-requested",
+    component: LoginWithDeviceComponent,
+    canActivate: [],
     data: { state: "login-with-device" },
   },
   {
     path: "lock",
     component: LockComponent,
-    canActivate: [LockGuard],
+    canActivate: [lockGuard()],
     data: { state: "lock" },
   },
   {
@@ -98,6 +114,14 @@ const routes: Routes = [
     canActivate: [UnauthGuard],
     data: { state: "2fa-options" },
   },
+  {
+    path: "login-initiated",
+    component: LoginDecryptionOptionsComponent,
+    canActivate: [
+      tdeDecryptionRequiredGuard(),
+      canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
+    ],
+  },
   {
     path: "sso",
     component: SsoComponent,
diff --git a/apps/browser/src/popup/app.component.ts b/apps/browser/src/popup/app.component.ts
index 485b283407e..815109c5499 100644
--- a/apps/browser/src/popup/app.component.ts
+++ b/apps/browser/src/popup/app.component.ts
@@ -12,12 +12,12 @@ import { IndividualConfig, ToastrService } from "ngx-toastr";
 import { filter, concatMap, Subject, takeUntil } from "rxjs";
 import Swal from "sweetalert2";
 
-import { DialogServiceAbstraction, SimpleDialogOptions } from "@bitwarden/angular/services/dialog";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService, SimpleDialogOptions } from "@bitwarden/components";
 
 import { BrowserApi } from "../platform/browser/browser-api";
 import { BrowserStateService } from "../platform/services/abstractions/browser-state.service";
@@ -50,7 +50,7 @@ export class AppComponent implements OnInit, OnDestroy {
     private ngZone: NgZone,
     private sanitizer: DomSanitizer,
     private platformUtilsService: PlatformUtilsService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
diff --git a/apps/browser/src/popup/app.module.ts b/apps/browser/src/popup/app.module.ts
index a367c4a152b..7e4e1512844 100644
--- a/apps/browser/src/popup/app.module.ts
+++ b/apps/browser/src/popup/app.module.ts
@@ -20,6 +20,7 @@ import { EnvironmentComponent } from "../auth/popup/environment.component";
 import { HintComponent } from "../auth/popup/hint.component";
 import { HomeComponent } from "../auth/popup/home.component";
 import { LockComponent } from "../auth/popup/lock.component";
+import { LoginDecryptionOptionsComponent } from "../auth/popup/login-decryption-options/login-decryption-options.component";
 import { LoginWithDeviceComponent } from "../auth/popup/login-with-device.component";
 import { LoginComponent } from "../auth/popup/login.component";
 import { RegisterComponent } from "../auth/popup/register.component";
@@ -122,6 +123,7 @@ import "../platform/popup/locales";
     LockComponent,
     LoginComponent,
     LoginWithDeviceComponent,
+    LoginDecryptionOptionsComponent,
     OptionsComponent,
     GeneratorComponent,
     PasswordGeneratorHistoryComponent,
diff --git a/apps/browser/src/popup/components/user-verification.component.html b/apps/browser/src/popup/components/user-verification.component.html
index 8d7f1ed8706..25bd81cf394 100644
--- a/apps/browser/src/popup/components/user-verification.component.html
+++ b/apps/browser/src/popup/components/user-verification.component.html
@@ -1,4 +1,4 @@
-<ng-container *ngIf="!usesKeyConnector">
+<ng-container *ngIf="hasMasterPassword">
   <div class="box-content-row" appBoxRow>
     <label for="masterPassword">{{ "masterPass" | i18n }}</label>
     <input
@@ -14,7 +14,7 @@
     />
   </div>
 </ng-container>
-<ng-container *ngIf="usesKeyConnector">
+<ng-container *ngIf="!hasMasterPassword">
   <div class="box-content-row" appBoxRow>
     <label class="d-block">{{ "sendVerificationCode" | i18n }}</label>
     <button
diff --git a/apps/browser/src/popup/images/bwi-passkey.png b/apps/browser/src/popup/images/bwi-passkey.png
new file mode 100644
index 00000000000..702be33446e
Binary files /dev/null and b/apps/browser/src/popup/images/bwi-passkey.png differ
diff --git a/apps/browser/src/popup/scss/base.scss b/apps/browser/src/popup/scss/base.scss
index d22c3a55ad5..bef8307e57a 100644
--- a/apps/browser/src/popup/scss/base.scss
+++ b/apps/browser/src/popup/scss/base.scss
@@ -669,3 +669,37 @@ app-fido2 {
     }
   }
 }
+
+#login-initiated {
+  .margin-auto {
+    margin: auto;
+  }
+  .mb-20px {
+    margin-bottom: 20px;
+  }
+
+  .mx-5px {
+    margin-left: 5px !important;
+    margin-right: 5px !important;
+  }
+
+  .muted-hr {
+    margin-top: 1rem;
+    margin-bottom: 1rem;
+    border-top: 1px solid rgba(0, 0, 0, 0.1);
+  }
+
+  .standard-x-margin {
+    margin-left: 5px;
+    margin-right: 5px;
+  }
+
+  .btn-top-margin {
+    margin-top: 12px;
+  }
+
+  #rememberThisDeviceHintText {
+    font-size: $font-size-small;
+    color: $text-muted;
+  }
+}
diff --git a/apps/browser/src/popup/services/browser-dialog.service.ts b/apps/browser/src/popup/services/browser-dialog.service.ts
deleted file mode 100644
index 44028695198..00000000000
--- a/apps/browser/src/popup/services/browser-dialog.service.ts
+++ /dev/null
@@ -1,79 +0,0 @@
-import { Injectable } from "@angular/core";
-import Swal, { SweetAlertIcon } from "sweetalert2";
-
-import {
-  DialogService,
-  SimpleDialogOptions,
-  SimpleDialogType,
-} from "@bitwarden/angular/services/dialog";
-
-@Injectable()
-export class BrowserDialogService extends DialogService {
-  async openSimpleDialog(options: SimpleDialogOptions) {
-    const defaultCancel =
-      options.cancelButtonText === undefined
-        ? options.acceptButtonText == null
-          ? "no"
-          : "cancel"
-        : null;
-
-    return this.legacyShowDialog(
-      this.translate(options.content),
-      this.translate(options.title),
-      this.translate(options.acceptButtonText, "yes"),
-      this.translate(options.cancelButtonText, defaultCancel),
-      options.type
-    );
-  }
-
-  private async legacyShowDialog(
-    body: string,
-    title?: string,
-    confirmText?: string,
-    cancelText?: string,
-    type?: SimpleDialogType
-  ) {
-    let iconClasses: string = null;
-    let icon: SweetAlertIcon = null;
-    if (type != null) {
-      // If you add custom types to this part, the type to SweetAlertIcon cast below needs to be changed.
-      switch (type) {
-        case "success":
-          iconClasses = "bwi-check text-success";
-          icon = "success";
-          break;
-        case "warning":
-          iconClasses = "bwi-exclamation-triangle text-warning";
-          icon = "warning";
-          break;
-        case "danger":
-          iconClasses = "bwi-error text-danger";
-          icon = "error";
-          break;
-        case "info":
-          iconClasses = "bwi-info-circle text-info";
-          icon = "info";
-          break;
-        default:
-          break;
-      }
-    }
-
-    const confirmed = await Swal.fire({
-      heightAuto: false,
-      buttonsStyling: false,
-      icon: icon,
-      iconHtml:
-        iconClasses != null ? `<i class="swal-custom-icon bwi ${iconClasses}"></i>` : undefined,
-      text: body,
-      titleText: title,
-      showCancelButton: cancelText != null,
-      cancelButtonText: cancelText,
-      showConfirmButton: true,
-      confirmButtonText: confirmText == null ? this.i18nService.t("ok") : confirmText,
-      timer: 300000,
-    });
-
-    return confirmed.value;
-  }
-}
diff --git a/apps/browser/src/popup/services/services.module.ts b/apps/browser/src/popup/services/services.module.ts
index 7b269800987..191e2c78060 100644
--- a/apps/browser/src/popup/services/services.module.ts
+++ b/apps/browser/src/popup/services/services.module.ts
@@ -1,22 +1,21 @@
 import { APP_INITIALIZER, LOCALE_ID, NgModule } from "@angular/core";
 
-import { LockGuard as BaseLockGuardService } from "@bitwarden/angular/auth/guards/lock.guard";
-import { UnauthGuard as BaseUnauthGuardService } from "@bitwarden/angular/auth/guards/unauth.guard";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
+import { UnauthGuard as BaseUnauthGuardService } from "@bitwarden/angular/auth/guards";
 import { MEMORY_STORAGE, SECURE_STORAGE } from "@bitwarden/angular/services/injection-tokens";
 import { JslibServicesModule } from "@bitwarden/angular/services/jslib-services.module";
 import { ThemingService } from "@bitwarden/angular/services/theming/theming.service";
 import { AbstractThemingService } from "@bitwarden/angular/services/theming/theming.service.abstraction";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
+import { DevicesServiceAbstraction } from "@bitwarden/common/abstractions/devices/devices.service.abstraction";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { EventUploadService } from "@bitwarden/common/abstractions/event/event-upload.service";
 import { NotificationsService } from "@bitwarden/common/abstractions/notifications.service";
 import { SearchService as SearchServiceAbstraction } from "@bitwarden/common/abstractions/search.service";
 import { SettingsService } from "@bitwarden/common/abstractions/settings.service";
 import { TotpService } from "@bitwarden/common/abstractions/totp.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import {
@@ -25,7 +24,9 @@ import {
 } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { ProviderService } from "@bitwarden/common/admin-console/abstractions/provider.service";
 import { PolicyApiService } from "@bitwarden/common/admin-console/services/policy/policy-api.service";
+import { AuthRequestCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-crypto.service.abstraction";
 import { AuthService as AuthServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
 import { LoginService as LoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/login.service";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
@@ -80,11 +81,12 @@ import {
 import { PasswordRepromptService as PasswordRepromptServiceAbstraction } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { FolderApiService } from "@bitwarden/common/vault/services/folder/folder-api.service";
+import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/exporter/vault-export";
 
 import { BrowserOrganizationService } from "../../admin-console/services/browser-organization.service";
 import { BrowserPolicyService } from "../../admin-console/services/browser-policy.service";
-import { LockGuardService, UnauthGuardService } from "../../auth/popup/services";
+import { UnauthGuardService } from "../../auth/popup/services";
 import { AutofillService } from "../../autofill/services/abstractions/autofill.service";
 import MainBackground from "../../background/main.background";
 import { Account } from "../../models/account";
@@ -103,7 +105,6 @@ import { PasswordRepromptService } from "../../vault/popup/services/password-rep
 import { BrowserFolderService } from "../../vault/services/browser-folder.service";
 import { VaultFilterService } from "../../vault/services/vault-filter.service";
 
-import { BrowserDialogService } from "./browser-dialog.service";
 import { DebounceNavigationService } from "./debounceNavigationService";
 import { InitService } from "./init.service";
 import { PopupSearchService } from "./popup-search.service";
@@ -133,6 +134,7 @@ function getBgService<T>(service: keyof MainBackground) {
   providers: [
     InitService,
     DebounceNavigationService,
+    DialogService,
     {
       provide: LOCALE_ID,
       useFactory: () => getBgService<I18nServiceAbstraction>("i18nService")().translationLocale,
@@ -144,7 +146,6 @@ function getBgService<T>(service: keyof MainBackground) {
       deps: [InitService],
       multi: true,
     },
-    { provide: BaseLockGuardService, useClass: LockGuardService },
     { provide: BaseUnauthGuardService, useClass: UnauthGuardService },
     { provide: PopupUtilsService, useFactory: () => new PopupUtilsService(isPrivateMode) },
     {
@@ -252,6 +253,21 @@ function getBgService<T>(service: keyof MainBackground) {
       },
       deps: [EncryptService],
     },
+    {
+      provide: AuthRequestCryptoServiceAbstraction,
+      useFactory: getBgService<AuthRequestCryptoServiceAbstraction>("authRequestCryptoService"),
+      deps: [],
+    },
+    {
+      provide: DeviceTrustCryptoServiceAbstraction,
+      useFactory: getBgService<DeviceTrustCryptoServiceAbstraction>("deviceTrustCryptoService"),
+      deps: [],
+    },
+    {
+      provide: DevicesServiceAbstraction,
+      useFactory: getBgService<DevicesServiceAbstraction>("devicesService"),
+      deps: [],
+    },
     {
       provide: EventUploadService,
       useFactory: getBgService<EventUploadService>("eventUploadService"),
@@ -502,10 +518,6 @@ function getBgService<T>(service: keyof MainBackground) {
         EnvironmentService,
       ],
     },
-    {
-      provide: DialogServiceAbstraction,
-      useClass: BrowserDialogService,
-    },
   ],
 })
 export class ServicesModule {}
diff --git a/apps/browser/src/popup/settings/premium.component.ts b/apps/browser/src/popup/settings/premium.component.ts
index 459cd2a6cb2..e57d53f3c40 100644
--- a/apps/browser/src/popup/settings/premium.component.ts
+++ b/apps/browser/src/popup/settings/premium.component.ts
@@ -1,7 +1,6 @@
 import { CurrencyPipe, Location } from "@angular/common";
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { PremiumComponent as BasePremiumComponent } from "@bitwarden/angular/vault/components/premium.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -9,6 +8,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-premium",
@@ -25,7 +25,7 @@ export class PremiumComponent extends BasePremiumComponent {
     logService: LogService,
     private location: Location,
     private currencyPipe: CurrencyPipe,
-    dialogService: DialogServiceAbstraction,
+    dialogService: DialogService,
     environmentService: EnvironmentService
   ) {
     super(
diff --git a/apps/browser/src/popup/settings/settings.component.html b/apps/browser/src/popup/settings/settings.component.html
index 987127d3d84..6591d11cc19 100644
--- a/apps/browser/src/popup/settings/settings.component.html
+++ b/apps/browser/src/popup/settings/settings.component.html
@@ -71,28 +71,29 @@
       <div class="box-content-row display-block" appBoxRow>
         <label for="vaultTimeoutAction">{{ "vaultTimeoutAction" | i18n }}</label>
         <select
-          #vaultTimeoutActionSelect
           id="vaultTimeoutAction"
           name="VaultTimeoutActions"
           formControlName="vaultTimeoutAction"
         >
-          <option *ngFor="let o of vaultTimeoutActionOptions" [ngValue]="o.value">
-            {{ o.name }}
+          <option *ngFor="let action of availableVaultTimeoutActions" [ngValue]="action">
+            {{ action | i18n }}
           </option>
         </select>
       </div>
+      <div
+        *ngIf="!availableVaultTimeoutActions.includes(VaultTimeoutAction.Lock)"
+        id="unlockMethodHelp"
+        class="box-footer"
+      >
+        {{ "unlockMethodNeededToChangeTimeoutActionDesc" | i18n }}
+      </div>
       <div class="box-content-row box-content-row-checkbox" appBoxRow>
         <label for="pin">{{ "unlockWithPin" | i18n }}</label>
-        <input id="pin" type="checkbox" (change)="updatePin()" formControlName="pin" />
+        <input id="pin" type="checkbox" formControlName="pin" />
       </div>
       <div class="box-content-row box-content-row-checkbox" appBoxRow *ngIf="supportsBiometric">
         <label for="biometric">{{ "unlockWithBiometrics" | i18n }}</label>
-        <input
-          id="biometric"
-          type="checkbox"
-          (change)="updateBiometric()"
-          formControlName="biometric"
-        />
+        <input id="biometric" type="checkbox" formControlName="biometric" />
       </div>
       <div
         class="box-content-row box-content-row-checkbox"
@@ -108,6 +109,7 @@
         />
       </div>
       <button
+        *ngIf="availableVaultTimeoutActions.includes(VaultTimeoutAction.Lock)"
         type="button"
         class="box-content-row box-content-row-flex text-default"
         appStopClick
diff --git a/apps/browser/src/popup/settings/settings.component.ts b/apps/browser/src/popup/settings/settings.component.ts
index 562cf55f2da..30a1f03eacf 100644
--- a/apps/browser/src/popup/settings/settings.component.ts
+++ b/apps/browser/src/popup/settings/settings.component.ts
@@ -1,16 +1,28 @@
-import { Component, ElementRef, OnInit, ViewChild } from "@angular/core";
+import { ChangeDetectorRef, Component, OnInit } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
 import { Router } from "@angular/router";
-import { concatMap, debounceTime, filter, map, Observable, Subject, takeUntil, tap } from "rxjs";
+import {
+  BehaviorSubject,
+  combineLatest,
+  concatMap,
+  distinctUntilChanged,
+  filter,
+  firstValueFrom,
+  map,
+  Observable,
+  pairwise,
+  Subject,
+  switchMap,
+  takeUntil,
+} from "rxjs";
 import Swal from "sweetalert2";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { DeviceType } from "@bitwarden/common/enums";
 import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -19,6 +31,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { DialogService } from "@bitwarden/components";
 
 import { BiometricErrors, BiometricErrorTypes } from "../../models/biometricErrors";
 import { BrowserApi } from "../../platform/browser/browser-api";
@@ -47,16 +60,15 @@ const RateUrls = {
 })
 // eslint-disable-next-line rxjs-angular/prefer-takeuntil
 export class SettingsComponent implements OnInit {
-  @ViewChild("vaultTimeoutActionSelect", { read: ElementRef, static: true })
-  vaultTimeoutActionSelectRef: ElementRef;
+  protected readonly VaultTimeoutAction = VaultTimeoutAction;
+
+  availableVaultTimeoutActions: VaultTimeoutAction[] = [];
   vaultTimeoutOptions: any[];
-  vaultTimeoutActionOptions: any[];
   vaultTimeoutPolicyCallout: Observable<{
     timeout: { hours: number; minutes: number };
     action: VaultTimeoutAction;
   }>;
   supportsBiometric: boolean;
-  previousVaultTimeout: number = null;
   showChangeMasterPass = true;
 
   form = this.formBuilder.group({
@@ -67,6 +79,7 @@ export class SettingsComponent implements OnInit {
     enableAutoBiometricsPrompt: true,
   });
 
+  private refreshTimeoutSettings$ = new BehaviorSubject<void>(undefined);
   private destroy$ = new Subject<void>();
 
   constructor(
@@ -83,12 +96,14 @@ export class SettingsComponent implements OnInit {
     private stateService: StateService,
     private popupUtilsService: PopupUtilsService,
     private modalService: ModalService,
-    private keyConnectorService: KeyConnectorService,
-    private dialogService: DialogServiceAbstraction
+    private userVerificationService: UserVerificationService,
+    private dialogService: DialogService,
+    private changeDetectorRef: ChangeDetectorRef
   ) {}
 
   async ngOnInit() {
-    this.vaultTimeoutPolicyCallout = this.policyService.get$(PolicyType.MaximumVaultTimeout).pipe(
+    const maximumVaultTimeoutPolicy = this.policyService.get$(PolicyType.MaximumVaultTimeout);
+    this.vaultTimeoutPolicyCallout = maximumVaultTimeoutPolicy.pipe(
       filter((policy) => policy != null),
       map((policy) => {
         let timeout;
@@ -99,13 +114,6 @@ export class SettingsComponent implements OnInit {
           };
         }
         return { timeout: timeout, action: policy.data?.action };
-      }),
-      tap((policy) => {
-        if (policy.action) {
-          this.form.controls.vaultTimeoutAction.disable({ emitEvent: false });
-        } else {
-          this.form.controls.vaultTimeoutAction.enable({ emitEvent: false });
-        }
       })
     );
 
@@ -131,35 +139,17 @@ export class SettingsComponent implements OnInit {
     this.vaultTimeoutOptions.push({ name: this.i18nService.t("onRestart"), value: -1 });
     this.vaultTimeoutOptions.push({ name: this.i18nService.t("never"), value: null });
 
-    this.vaultTimeoutActionOptions = [
-      { name: this.i18nService.t(VaultTimeoutAction.Lock), value: VaultTimeoutAction.Lock },
-      { name: this.i18nService.t(VaultTimeoutAction.LogOut), value: VaultTimeoutAction.LogOut },
-    ];
-
     let timeout = await this.vaultTimeoutSettingsService.getVaultTimeout();
     if (timeout === -2 && !showOnLocked) {
       timeout = -1;
     }
-    const pinSet = await this.vaultTimeoutSettingsService.isPinLockSet();
-
-    const initialValues = {
-      vaultTimeout: timeout,
-      vaultTimeoutAction: await this.vaultTimeoutSettingsService.getVaultTimeoutAction(),
-      pin: pinSet[0] || pinSet[1],
-      biometric: await this.vaultTimeoutSettingsService.isBiometricLockSet(),
-      enableAutoBiometricsPrompt: !(await this.stateService.getDisableAutoBiometricsPrompt()),
-    };
-    this.form.setValue(initialValues, { emitEvent: false });
-
-    this.previousVaultTimeout = timeout;
-    this.supportsBiometric = await this.platformUtilsService.supportsBiometric();
-    this.showChangeMasterPass = !(await this.keyConnectorService.getUsesKeyConnector());
+    const pinStatus = await this.vaultTimeoutSettingsService.isPinLockSet();
 
     this.form.controls.vaultTimeout.valueChanges
       .pipe(
-        debounceTime(250),
-        concatMap(async (value) => {
-          await this.saveVaultTimeout(value);
+        pairwise(),
+        concatMap(async ([previousValue, newValue]) => {
+          await this.saveVaultTimeout(previousValue, newValue);
         }),
         takeUntil(this.destroy$)
       )
@@ -167,34 +157,103 @@ export class SettingsComponent implements OnInit {
 
     this.form.controls.vaultTimeoutAction.valueChanges
       .pipe(
-        concatMap(async (action) => {
-          await this.saveVaultTimeoutAction(action);
+        pairwise(),
+        concatMap(async ([previousValue, newValue]) => {
+          await this.saveVaultTimeoutAction(previousValue, newValue);
+        }),
+        takeUntil(this.destroy$)
+      )
+      .subscribe();
+
+    const initialValues = {
+      vaultTimeout: timeout,
+      vaultTimeoutAction: await firstValueFrom(
+        this.vaultTimeoutSettingsService.vaultTimeoutAction$()
+      ),
+      pin: pinStatus !== "DISABLED",
+      biometric: await this.vaultTimeoutSettingsService.isBiometricLockSet(),
+      enableAutoBiometricsPrompt: !(await this.stateService.getDisableAutoBiometricsPrompt()),
+    };
+    this.form.patchValue(initialValues); // Emit event to initialize `pairwise` operator
+
+    this.supportsBiometric = await this.platformUtilsService.supportsBiometric();
+    this.showChangeMasterPass = await this.userVerificationService.hasMasterPassword();
+
+    this.form.controls.pin.valueChanges
+      .pipe(
+        concatMap(async (value) => {
+          await this.updatePin(value);
+          this.refreshTimeoutSettings$.next();
         }),
         takeUntil(this.destroy$)
       )
       .subscribe();
 
     this.form.controls.biometric.valueChanges
-      .pipe(takeUntil(this.destroy$))
-      .subscribe((enabled) => {
-        if (enabled) {
-          this.form.controls.enableAutoBiometricsPrompt.enable();
+      .pipe(
+        distinctUntilChanged(),
+        concatMap(async (enabled) => {
+          await this.updateBiometric(enabled);
+          if (enabled) {
+            this.form.controls.enableAutoBiometricsPrompt.enable();
+          } else {
+            this.form.controls.enableAutoBiometricsPrompt.disable();
+          }
+          this.refreshTimeoutSettings$.next();
+        }),
+        takeUntil(this.destroy$)
+      )
+      .subscribe();
+
+    this.refreshTimeoutSettings$
+      .pipe(
+        switchMap(() =>
+          combineLatest([
+            this.vaultTimeoutSettingsService.availableVaultTimeoutActions$(),
+            this.vaultTimeoutSettingsService.vaultTimeoutAction$(),
+          ])
+        ),
+        takeUntil(this.destroy$)
+      )
+      .subscribe(([availableActions, action]) => {
+        this.availableVaultTimeoutActions = availableActions;
+        this.form.controls.vaultTimeoutAction.setValue(action, { emitEvent: false });
+        // NOTE: The UI doesn't properly update without detect changes.
+        // I've even tried using an async pipe, but it still doesn't work. I'm not sure why.
+        // Using an async pipe means that we can't call `detectChanges` AFTER the data has change
+        // meaning that we are forced to use regular class variables instead of observables.
+        this.changeDetectorRef.detectChanges();
+      });
+
+    this.refreshTimeoutSettings$
+      .pipe(
+        switchMap(() =>
+          combineLatest([
+            this.vaultTimeoutSettingsService.availableVaultTimeoutActions$(),
+            maximumVaultTimeoutPolicy,
+          ])
+        ),
+        takeUntil(this.destroy$)
+      )
+      .subscribe(([availableActions, policy]) => {
+        if (policy?.data?.action || availableActions.length <= 1) {
+          this.form.controls.vaultTimeoutAction.disable({ emitEvent: false });
         } else {
-          this.form.controls.enableAutoBiometricsPrompt.disable();
+          this.form.controls.vaultTimeoutAction.enable({ emitEvent: false });
         }
       });
   }
 
-  async saveVaultTimeout(newValue: number) {
+  async saveVaultTimeout(previousValue: number, newValue: number) {
     if (newValue == null) {
       const confirmed = await this.dialogService.openSimpleDialog({
         title: { key: "warning" },
         content: { key: "neverLockWarning" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!confirmed) {
-        this.form.controls.vaultTimeout.setValue(this.previousVaultTimeout);
+        this.form.controls.vaultTimeout.setValue(previousValue, { emitEvent: false });
         return;
       }
     }
@@ -210,33 +269,25 @@ export class SettingsComponent implements OnInit {
       return;
     }
 
-    this.previousVaultTimeout = this.form.value.vaultTimeout;
-
     await this.vaultTimeoutSettingsService.setVaultTimeoutOptions(
       newValue,
       this.form.value.vaultTimeoutAction
     );
-    if (this.previousVaultTimeout == null) {
+    if (newValue == null) {
       this.messagingService.send("bgReseedStorage");
     }
   }
 
-  async saveVaultTimeoutAction(newValue: VaultTimeoutAction) {
+  async saveVaultTimeoutAction(previousValue: VaultTimeoutAction, newValue: VaultTimeoutAction) {
     if (newValue === VaultTimeoutAction.LogOut) {
       const confirmed = await this.dialogService.openSimpleDialog({
         title: { key: "vaultTimeoutLogOutConfirmationTitle" },
         content: { key: "vaultTimeoutLogOutConfirmation" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!confirmed) {
-        this.vaultTimeoutActionOptions.forEach((option: any, i) => {
-          if (option.value === this.form.value.vaultTimeoutAction) {
-            this.vaultTimeoutActionSelectRef.nativeElement.value =
-              i + ": " + this.form.value.vaultTimeoutAction;
-          }
-        });
-        this.form.controls.vaultTimeoutAction.patchValue(VaultTimeoutAction.Lock, {
+        this.form.controls.vaultTimeoutAction.setValue(previousValue, {
           emitEvent: false,
         });
         return;
@@ -256,26 +307,26 @@ export class SettingsComponent implements OnInit {
       this.form.value.vaultTimeout,
       newValue
     );
+    this.refreshTimeoutSettings$.next();
   }
 
-  async updatePin() {
-    if (this.form.value.pin) {
+  async updatePin(value: boolean) {
+    if (value) {
       const ref = this.modalService.open(SetPinComponent, { allowMultipleModals: true });
 
       if (ref == null) {
-        this.form.controls.pin.setValue(false);
+        this.form.controls.pin.setValue(false, { emitEvent: false });
         return;
       }
 
-      this.form.controls.pin.setValue(await ref.onClosedPromise());
+      this.form.controls.pin.setValue(await ref.onClosedPromise(), { emitEvent: false });
     } else {
-      await this.cryptoService.clearPinProtectedKey();
       await this.vaultTimeoutSettingsService.clear();
     }
   }
 
-  async updateBiometric() {
-    if (this.form.value.biometric && this.supportsBiometric) {
+  async updateBiometric(enabled: boolean) {
+    if (enabled && this.supportsBiometric) {
       let granted;
       try {
         granted = await BrowserApi.requestPermission({ permissions: ["nativeMessaging"] });
@@ -289,7 +340,7 @@ export class SettingsComponent implements OnInit {
             content: { key: "nativeMessaginPermissionSidebarDesc" },
             acceptButtonText: { key: "ok" },
             cancelButtonText: null,
-            type: SimpleDialogType.INFO,
+            type: "info",
           });
 
           this.form.controls.biometric.setValue(false);
@@ -303,7 +354,7 @@ export class SettingsComponent implements OnInit {
           content: { key: "nativeMessaginPermissionErrorDesc" },
           acceptButtonText: { key: "ok" },
           cancelButtonText: null,
-          type: SimpleDialogType.DANGER,
+          type: "danger",
         });
 
         this.form.controls.biometric.setValue(false);
@@ -324,7 +375,7 @@ export class SettingsComponent implements OnInit {
       });
 
       await this.stateService.setBiometricAwaitingAcceptance(true);
-      await this.cryptoService.toggleKey();
+      await this.cryptoService.refreshAdditionalKeys();
 
       await Promise.race([
         submitted.then(async (result) => {
@@ -339,7 +390,7 @@ export class SettingsComponent implements OnInit {
             this.form.controls.biometric.setValue(result);
 
             Swal.close();
-            if (this.form.value.biometric === false) {
+            if (!result) {
               this.platformUtilsService.showToast(
                 "error",
                 this.i18nService.t("errorEnableBiometricTitle"),
@@ -358,7 +409,7 @@ export class SettingsComponent implements OnInit {
               content: { key: error.description },
               acceptButtonText: { key: "ok" },
               cancelButtonText: null,
-              type: SimpleDialogType.DANGER,
+              type: "danger",
             });
           }),
       ]);
@@ -382,7 +433,7 @@ export class SettingsComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "logOut" },
       content: { key: "logOutConfirmation" },
-      type: SimpleDialogType.INFO,
+      type: "info",
     });
 
     if (confirmed) {
@@ -394,7 +445,7 @@ export class SettingsComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "changeMasterPassword" },
       content: { key: "changeMasterPasswordConfirmation" },
-      type: SimpleDialogType.INFO,
+      type: "info",
     });
     if (confirmed) {
       BrowserApi.createNewTab(
@@ -407,7 +458,7 @@ export class SettingsComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "twoStepLogin" },
       content: { key: "twoStepLoginConfirmation" },
-      type: SimpleDialogType.INFO,
+      type: "info",
     });
     if (confirmed) {
       BrowserApi.createNewTab("https://bitwarden.com/help/setup-two-step-login/");
@@ -418,7 +469,7 @@ export class SettingsComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "learnOrg" },
       content: { key: "learnOrgConfirmation" },
-      type: SimpleDialogType.INFO,
+      type: "info",
     });
     if (confirmed) {
       BrowserApi.createNewTab("https://bitwarden.com/help/about-organizations/");
diff --git a/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift b/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift
index 80ea214b4b0..95369453409 100644
--- a/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift
+++ b/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift
@@ -19,11 +19,11 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling {
         os_log(.default, "Received message from browser.runtime.sendNativeMessage: %@", message as! CVarArg)
 
         let response = NSExtensionItem()
-        
+
         guard let command = message?["command"] as? String else {
             return
         }
-        
+
         switch (command) {
         case "readFromClipboard":
             let pasteboard = NSPasteboard.general
@@ -59,12 +59,12 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling {
             guard let data = blobData else {
                 return
             }
-            
+
             let panel = NSSavePanel()
             panel.canCreateDirectories = true
             panel.nameFieldStringValue = dlMsg.fileName
             let response = panel.runModal();
-           
+
             if response == NSApplication.ModalResponse.OK {
                 if let url = panel.url {
                     do {
@@ -87,12 +87,12 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling {
             }
             return
         case "biometricUnlock":
-            
+
             var error: NSError?
             let laContext = LAContext()
-            
+
             laContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error)
-            
+
             if let e = error, e.code != kLAErrorBiometryLockout {
                 response.userInfo = [
                     SFExtensionMessageKey: [
@@ -123,26 +123,32 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling {
                     guard let userId = message?["userId"] as? String else {
                         return
                     }
-                    let passwordName = userId + "_masterkey_biometric"
+                    let passwordName = userId + "_user_biometric"
                     var passwordLength: UInt32 = 0
                     var passwordPtr: UnsafeMutableRawPointer? = nil
-                    
+
                     var status = SecKeychainFindGenericPassword(nil, UInt32(ServiceNameBiometric.utf8.count), ServiceNameBiometric, UInt32(passwordName.utf8.count), passwordName, &passwordLength, &passwordPtr, nil)
                     if status != errSecSuccess {
                         let fallbackName = "key"
                         status = SecKeychainFindGenericPassword(nil, UInt32(ServiceNameBiometric.utf8.count), ServiceNameBiometric, UInt32(fallbackName.utf8.count), fallbackName, &passwordLength, &passwordPtr, nil)
                     }
-    
+
+                    // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3473)
+                    if status != errSecSuccess {
+                        let secondaryFallbackName = "_masterkey_biometric"
+                        status = SecKeychainFindGenericPassword(nil, UInt32(ServiceNameBiometric.utf8.count), ServiceNameBiometric, UInt32(secondaryFallbackName.utf8.count), secondaryFallbackName, &passwordLength, &passwordPtr, nil)
+                    }
+
                     if status == errSecSuccess {
                         let result = NSString(bytes: passwordPtr!, length: Int(passwordLength), encoding: String.Encoding.utf8.rawValue) as String?
                                     SecKeychainItemFreeContent(nil, passwordPtr)
-                        
+
                         response.userInfo = [ SFExtensionMessageKey: [
                             "message": [
                                 "command": "biometricUnlock",
                                 "response": "unlocked",
                                 "timestamp": Int64(NSDate().timeIntervalSince1970 * 1000),
-                                "keyB64": result!.replacingOccurrences(of: "\"", with: ""),
+                                "userKeyB64": result!.replacingOccurrences(of: "\"", with: ""),
                             ],
                         ]]
                     } else {
@@ -157,10 +163,10 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling {
                         ]
                     }
                 }
-                
+
                 context.completeRequest(returningItems: [response], completionHandler: nil)
             }
-            
+
             return
         default:
             return
diff --git a/apps/browser/src/services/vaultTimeout/vaultTimeout.service.ts b/apps/browser/src/services/vault-timeout/vault-timeout.service.ts
similarity index 93%
rename from apps/browser/src/services/vaultTimeout/vaultTimeout.service.ts
rename to apps/browser/src/services/vault-timeout/vault-timeout.service.ts
index b75a0c20325..228c63f0b81 100644
--- a/apps/browser/src/services/vaultTimeout/vaultTimeout.service.ts
+++ b/apps/browser/src/services/vault-timeout/vault-timeout.service.ts
@@ -1,4 +1,4 @@
-import { VaultTimeoutService as BaseVaultTimeoutService } from "@bitwarden/common/services/vaultTimeout/vaultTimeout.service";
+import { VaultTimeoutService as BaseVaultTimeoutService } from "@bitwarden/common/services/vault-timeout/vault-timeout.service";
 
 import { SafariApp } from "../../browser/safariApp";
 
diff --git a/apps/browser/src/tools/popup/send/send-add-edit.component.ts b/apps/browser/src/tools/popup/send/send-add-edit.component.ts
index aaf951e036f..1efd950c508 100644
--- a/apps/browser/src/tools/popup/send/send-add-edit.component.ts
+++ b/apps/browser/src/tools/popup/send/send-add-edit.component.ts
@@ -3,7 +3,6 @@ import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 import { first } from "rxjs/operators";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AddEditComponent as BaseAddEditComponent } from "@bitwarden/angular/tools/send/add-edit.component";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -13,6 +12,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 import { BrowserStateService } from "../../../platform/services/abstractions/browser-state.service";
 import { PopupUtilsService } from "../../../popup/services/popup-utils.service";
@@ -47,7 +47,7 @@ export class SendAddEditComponent extends BaseAddEditComponent {
     private popupUtilsService: PopupUtilsService,
     logService: LogService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
diff --git a/apps/browser/src/tools/popup/send/send-groupings.component.ts b/apps/browser/src/tools/popup/send/send-groupings.component.ts
index 596d6e5ed35..e93064fe80b 100644
--- a/apps/browser/src/tools/popup/send/send-groupings.component.ts
+++ b/apps/browser/src/tools/popup/send/send-groupings.component.ts
@@ -1,7 +1,6 @@
 import { ChangeDetectorRef, Component, NgZone } from "@angular/core";
 import { Router } from "@angular/router";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { SendComponent as BaseSendComponent } from "@bitwarden/angular/tools/send/send.component";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -15,6 +14,7 @@ import { SendView } from "@bitwarden/common/tools/send/models/view/send.view";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 import { BrowserSendComponentState } from "../../../models/browserSendComponentState";
 import { BrowserStateService } from "../../../platform/services/abstractions/browser-state.service";
@@ -51,7 +51,7 @@ export class SendGroupingsComponent extends BaseSendComponent {
     private broadcasterService: BroadcasterService,
     logService: LogService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       sendService,
diff --git a/apps/browser/src/tools/popup/send/send-type.component.ts b/apps/browser/src/tools/popup/send/send-type.component.ts
index c76561586d0..4a2794fdda5 100644
--- a/apps/browser/src/tools/popup/send/send-type.component.ts
+++ b/apps/browser/src/tools/popup/send/send-type.component.ts
@@ -3,7 +3,6 @@ import { ChangeDetectorRef, Component, NgZone } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 import { first } from "rxjs/operators";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { SendComponent as BaseSendComponent } from "@bitwarden/angular/tools/send/send.component";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -16,6 +15,7 @@ import { SendType } from "@bitwarden/common/tools/send/enums/send-type";
 import { SendView } from "@bitwarden/common/tools/send/models/view/send.view";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 import { BrowserComponentState } from "../../../models/browserComponentState";
 import { BrowserStateService } from "../../../platform/services/abstractions/browser-state.service";
@@ -51,7 +51,7 @@ export class SendTypeComponent extends BaseSendComponent {
     private router: Router,
     logService: LogService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       sendService,
diff --git a/apps/browser/src/tools/popup/settings/export.component.ts b/apps/browser/src/tools/popup/settings/export.component.ts
index e21f3b9bd48..d34b86a9e46 100644
--- a/apps/browser/src/tools/popup/settings/export.component.ts
+++ b/apps/browser/src/tools/popup/settings/export.component.ts
@@ -2,7 +2,6 @@ import { Component } from "@angular/core";
 import { UntypedFormBuilder } from "@angular/forms";
 import { Router } from "@angular/router";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ExportComponent as BaseExportComponent } from "@bitwarden/angular/tools/export/components/export.component";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -12,6 +11,7 @@ import { FileDownloadService } from "@bitwarden/common/platform/abstractions/fil
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/exporter/vault-export";
 
 @Component({
@@ -31,7 +31,7 @@ export class ExportComponent extends BaseExportComponent {
     userVerificationService: UserVerificationService,
     formBuilder: UntypedFormBuilder,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cryptoService,
diff --git a/apps/browser/src/vault/fido2/content/content-script.ts b/apps/browser/src/vault/fido2/content/content-script.ts
index 2fcf0bef900..eb266aff4d0 100644
--- a/apps/browser/src/vault/fido2/content/content-script.ts
+++ b/apps/browser/src/vault/fido2/content/content-script.ts
@@ -1,65 +1,80 @@
 import { Message, MessageType } from "./messaging/message";
 import { Messenger } from "./messaging/messenger";
 
-const s = document.createElement("script");
-s.src = chrome.runtime.getURL("content/fido2/page-script.js");
-(document.head || document.documentElement).appendChild(s);
+function checkFido2FeatureEnabled() {
+  chrome.runtime.sendMessage(
+    { command: "checkFido2FeatureEnabled" },
+    (response: { result?: boolean }) => initializeFido2ContentScript(response.result)
+  );
+}
 
-const messenger = Messenger.forDOMCommunication(window);
-
-messenger.handler = async (message, abortController) => {
-  const abortHandler = () =>
-    chrome.runtime.sendMessage({
-      command: "fido2AbortRequest",
-      abortedRequestId: message.metadata.requestId,
-    });
-  abortController.signal.addEventListener("abort", abortHandler);
-
-  if (message.type === MessageType.CredentialCreationRequest) {
-    return new Promise((resolve, reject) => {
-      chrome.runtime.sendMessage(
-        {
-          command: "fido2RegisterCredentialRequest",
-          data: message.data,
-          requestId: message.metadata.requestId,
-        },
-        (response) => {
-          if (response.error !== undefined) {
-            return reject(response.error);
-          }
-
-          resolve({
-            type: MessageType.CredentialCreationResponse,
-            result: response.result,
-          });
-        }
-      );
-    });
+function initializeFido2ContentScript(isFido2FeatureEnabled: boolean) {
+  if (isFido2FeatureEnabled !== true) {
+    return;
   }
 
-  if (message.type === MessageType.CredentialGetRequest) {
-    return new Promise((resolve, reject) => {
-      chrome.runtime.sendMessage(
-        {
-          command: "fido2GetCredentialRequest",
-          data: message.data,
-          requestId: message.metadata.requestId,
-        },
-        (response) => {
-          if (response.error !== undefined) {
-            return reject(response.error);
+  const s = document.createElement("script");
+  s.src = chrome.runtime.getURL("content/fido2/page-script.js");
+  (document.head || document.documentElement).appendChild(s);
+
+  const messenger = Messenger.forDOMCommunication(window);
+
+  messenger.handler = async (message, abortController) => {
+    const abortHandler = () =>
+      chrome.runtime.sendMessage({
+        command: "fido2AbortRequest",
+        abortedRequestId: message.metadata.requestId,
+      });
+    abortController.signal.addEventListener("abort", abortHandler);
+
+    if (message.type === MessageType.CredentialCreationRequest) {
+      return new Promise((resolve, reject) => {
+        chrome.runtime.sendMessage(
+          {
+            command: "fido2RegisterCredentialRequest",
+            data: message.data,
+            requestId: message.metadata.requestId,
+          },
+          (response) => {
+            if (response.error !== undefined) {
+              return reject(response.error);
+            }
+
+            resolve({
+              type: MessageType.CredentialCreationResponse,
+              result: response.result,
+            });
           }
+        );
+      });
+    }
 
-          resolve({
-            type: MessageType.CredentialGetResponse,
-            result: response.result,
-          });
-        }
-      );
-    }).finally(() =>
-      abortController.signal.removeEventListener("abort", abortHandler)
-    ) as Promise<Message>;
-  }
+    if (message.type === MessageType.CredentialGetRequest) {
+      return new Promise((resolve, reject) => {
+        chrome.runtime.sendMessage(
+          {
+            command: "fido2GetCredentialRequest",
+            data: message.data,
+            requestId: message.metadata.requestId,
+          },
+          (response) => {
+            if (response.error !== undefined) {
+              return reject(response.error);
+            }
 
-  return undefined;
-};
+            resolve({
+              type: MessageType.CredentialGetResponse,
+              result: response.result,
+            });
+          }
+        );
+      }).finally(() =>
+        abortController.signal.removeEventListener("abort", abortHandler)
+      ) as Promise<Message>;
+    }
+
+    return undefined;
+  };
+}
+
+checkFido2FeatureEnabled();
diff --git a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
index 68a63fb062d..6148e31dd6d 100644
--- a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts
@@ -3,7 +3,6 @@ import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 import { first } from "rxjs/operators";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AddEditComponent as BaseAddEditComponent } from "@bitwarden/angular/vault/components/add-edit.component";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
@@ -21,6 +20,7 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde
 import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
 import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
 import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view";
+import { DialogService } from "@bitwarden/components";
 
 import { BrowserApi } from "../../../../platform/browser/browser-api";
 import { PopupUtilsService } from "../../../../popup/services/popup-utils.service";
@@ -55,7 +55,7 @@ export class AddEditComponent extends BaseAddEditComponent {
     passwordRepromptService: PasswordRepromptService,
     logService: LogService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/browser/src/vault/popup/components/vault/attachments.component.ts b/apps/browser/src/vault/popup/components/vault/attachments.component.ts
index 7c1107caa42..5047c9bfd1e 100644
--- a/apps/browser/src/vault/popup/components/vault/attachments.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/attachments.component.ts
@@ -3,7 +3,6 @@ import { Component } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { first } from "rxjs/operators";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AttachmentsComponent as BaseAttachmentsComponent } from "@bitwarden/angular/vault/components/attachments.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -13,6 +12,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-vault-attachments",
@@ -33,7 +33,7 @@ export class AttachmentsComponent extends BaseAttachmentsComponent {
     stateService: StateService,
     logService: LogService,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/browser/src/vault/popup/components/vault/view.component.html b/apps/browser/src/vault/popup/components/vault/view.component.html
index 4aa8d01ac17..b85d1473de1 100644
--- a/apps/browser/src/vault/popup/components/vault/view.component.html
+++ b/apps/browser/src/vault/popup/components/vault/view.component.html
@@ -619,7 +619,7 @@
         *ngIf="
           cipher.type !== cipherType.SecureNote &&
           !cipher.isDeleted &&
-          !inPopout &&
+          (!this.inPopout || this.loadAction) &&
           cipher.type != cipherType.Fido2Key
         "
       >
diff --git a/apps/browser/src/vault/popup/components/vault/view.component.ts b/apps/browser/src/vault/popup/components/vault/view.component.ts
index eef06770b3f..57f9b676cd0 100644
--- a/apps/browser/src/vault/popup/components/vault/view.component.ts
+++ b/apps/browser/src/vault/popup/components/vault/view.component.ts
@@ -1,9 +1,9 @@
 import { Location } from "@angular/common";
 import { ChangeDetectorRef, Component, NgZone } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
+import { Subject, takeUntil } from "rxjs";
 import { first } from "rxjs/operators";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ViewComponent as BaseViewComponent } from "@bitwarden/angular/vault/components/view.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
@@ -23,6 +23,7 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde
 import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
 import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view";
+import { DialogService } from "@bitwarden/components";
 
 import { AutofillService } from "../../../../autofill/services/abstractions/autofill.service";
 import { BrowserApi } from "../../../../platform/browser/browser-api";
@@ -30,6 +31,17 @@ import { PopupUtilsService } from "../../../../popup/services/popup-utils.servic
 
 const BroadcasterSubscriptionId = "ChildViewComponent";
 
+export const AUTOFILL_ID = "autofill";
+export const COPY_USERNAME_ID = "copy-username";
+export const COPY_PASSWORD_ID = "copy-password";
+export const COPY_VERIFICATIONCODE_ID = "copy-totp";
+
+type LoadAction =
+  | typeof AUTOFILL_ID
+  | typeof COPY_USERNAME_ID
+  | typeof COPY_PASSWORD_ID
+  | typeof COPY_VERIFICATIONCODE_ID;
+
 @Component({
   selector: "app-vault-view",
   templateUrl: "view.component.html",
@@ -38,9 +50,14 @@ export class ViewComponent extends BaseViewComponent {
   showAttachments = true;
   pageDetails: any[] = [];
   tab: any;
+  senderTabId?: number;
+  loadAction?: LoadAction;
+  uilocation?: "popout" | "popup" | "sidebar" | "tab";
   loadPageDetailsTimeout: number;
   inPopout = false;
 
+  private destroy$ = new Subject<void>();
+
   constructor(
     cipherService: CipherService,
     folderService: FolderService,
@@ -65,7 +82,7 @@ export class ViewComponent extends BaseViewComponent {
     passwordRepromptService: PasswordRepromptService,
     logService: LogService,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
@@ -91,7 +108,14 @@ export class ViewComponent extends BaseViewComponent {
   }
 
   ngOnInit() {
-    this.inPopout = this.popupUtilsService.inPopout(window);
+    this.route.queryParams.pipe(takeUntil(this.destroy$)).subscribe((value) => {
+      this.loadAction = value?.action;
+      this.senderTabId = parseInt(value?.senderTabId, 10) || undefined;
+      this.uilocation = value?.uilocation;
+    });
+
+    this.inPopout = this.uilocation === "popout" || this.popupUtilsService.inPopout(window);
+
     // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
     this.route.queryParams.pipe(first()).subscribe(async (params) => {
       if (params.cipherId) {
@@ -132,6 +156,8 @@ export class ViewComponent extends BaseViewComponent {
   }
 
   ngOnDestroy() {
+    this.destroy$.next();
+    this.destroy$.complete();
     super.ngOnDestroy();
     this.broadcasterService.unsubscribe(BroadcasterSubscriptionId);
   }
@@ -139,6 +165,27 @@ export class ViewComponent extends BaseViewComponent {
   async load() {
     await super.load();
     await this.loadPageDetails();
+
+    switch (this.loadAction) {
+      case AUTOFILL_ID:
+        this.fillCipher();
+        return;
+      case COPY_USERNAME_ID:
+        await this.copy(this.cipher.login.username, "username", "Username");
+        break;
+      case COPY_PASSWORD_ID:
+        await this.copy(this.cipher.login.password, "password", "Password");
+        break;
+      case COPY_VERIFICATIONCODE_ID:
+        await this.copy(this.cipher.login.totp, "verificationCodeTotp", "TOTP");
+        break;
+      default:
+        break;
+    }
+
+    if (this.inPopout && this.loadAction) {
+      this.close();
+    }
   }
 
   async edit() {
@@ -189,6 +236,10 @@ export class ViewComponent extends BaseViewComponent {
     const didAutofill = await this.doAutofill();
     if (didAutofill) {
       this.platformUtilsService.showToast("success", null, this.i18nService.t("autoFillSuccess"));
+
+      if (this.inPopout) {
+        this.close();
+      }
     }
   }
 
@@ -253,15 +304,30 @@ export class ViewComponent extends BaseViewComponent {
   }
 
   close() {
+    if (this.senderTabId) {
+      BrowserApi.focusTab(this.senderTabId);
+    }
+
+    if (this.inPopout) {
+      window.close();
+      return;
+    }
+
     this.location.back();
   }
 
   private async loadPageDetails() {
     this.pageDetails = [];
     this.tab = await BrowserApi.getTabFromCurrentWindow();
-    if (this.tab == null) {
+
+    if (this.senderTabId) {
+      this.tab = await BrowserApi.getTab(this.senderTabId);
+    }
+
+    if (!this.tab) {
       return;
     }
+
     BrowserApi.tabSendMessage(this.tab, {
       command: "collectPageDetails",
       tab: this.tab,
diff --git a/apps/browser/src/vault/popup/settings/folder-add-edit.component.ts b/apps/browser/src/vault/popup/settings/folder-add-edit.component.ts
index 9acd0a7b4f3..8266cc883a7 100644
--- a/apps/browser/src/vault/popup/settings/folder-add-edit.component.ts
+++ b/apps/browser/src/vault/popup/settings/folder-add-edit.component.ts
@@ -3,13 +3,13 @@ import { FormBuilder } from "@angular/forms";
 import { ActivatedRoute, Router } from "@angular/router";
 import { first } from "rxjs/operators";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { FolderAddEditComponent as BaseFolderAddEditComponent } from "@bitwarden/angular/vault/components/folder-add-edit.component";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { FolderApiServiceAbstraction } from "@bitwarden/common/vault/abstractions/folder/folder-api.service.abstraction";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-folder-add-edit",
@@ -25,7 +25,7 @@ export class FolderAddEditComponent extends BaseFolderAddEditComponent {
     private router: Router,
     private route: ActivatedRoute,
     logService: LogService,
-    dialogService: DialogServiceAbstraction,
+    dialogService: DialogService,
     formBuilder: FormBuilder
   ) {
     super(
diff --git a/apps/browser/tsconfig.json b/apps/browser/tsconfig.json
index 9220b89c424..9624939c872 100644
--- a/apps/browser/tsconfig.json
+++ b/apps/browser/tsconfig.json
@@ -14,7 +14,8 @@
       "@bitwarden/auth": ["../../libs/auth/src"],
       "@bitwarden/common/*": ["../../libs/common/src/*"],
       "@bitwarden/components": ["../../libs/components/src"],
-      "@bitwarden/exporter/*": ["../../libs/exporter/src/*"]
+      "@bitwarden/exporter/*": ["../../libs/exporter/src/*"],
+      "@bitwarden/vault": ["../../libs/auth/src"]
     },
     "useDefineForClassFields": false
   },
diff --git a/apps/cli/package.json b/apps/cli/package.json
index 7c6e50e22a2..1efd131911e 100644
--- a/apps/cli/package.json
+++ b/apps/cli/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@bitwarden/cli",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2023.7.0",
+  "version": "2023.8.0",
   "keywords": [
     "bitwarden",
     "password",
@@ -49,29 +49,29 @@
   "dependencies": {
     "@koa/multer": "3.0.2",
     "@koa/router": "12.0.0",
-    "argon2": "0.30.3",
+    "argon2": "0.31.0",
     "big-integer": "1.6.51",
     "browser-hrtime": "1.1.8",
     "chalk": "4.1.2",
     "commander": "7.2.0",
     "form-data": "4.0.0",
     "https-proxy-agent": "5.0.1",
-    "inquirer": "8.2.5",
+    "inquirer": "8.2.6",
     "jsdom": "22.1.0",
     "jszip": "3.10.1",
     "koa": "2.14.2",
-    "koa-bodyparser": "4.4.0",
+    "koa-bodyparser": "4.4.1",
     "koa-json": "2.0.2",
     "lowdb": "1.0.0",
     "lunr": "2.3.9",
     "multer": "1.4.5-lts.1",
-    "node-fetch": "2.6.11",
+    "node-fetch": "2.6.12",
     "node-forge": "1.3.1",
     "open": "8.4.2",
     "papaparse": "5.4.1",
     "proper-lockfile": "4.1.2",
     "rxjs": "7.8.1",
-    "tldts": "6.0.5",
+    "tldts": "6.0.14",
     "zxcvbn": "4.4.2"
   }
 }
diff --git a/apps/cli/src/auth/commands/lock.command.ts b/apps/cli/src/auth/commands/lock.command.ts
index 3a33024a6ff..912d4a74917 100644
--- a/apps/cli/src/auth/commands/lock.command.ts
+++ b/apps/cli/src/auth/commands/lock.command.ts
@@ -1,4 +1,4 @@
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 
 import { Response } from "../../models/response";
 import { MessageResponse } from "../../models/response/message.response";
diff --git a/apps/cli/src/auth/commands/login.command.ts b/apps/cli/src/auth/commands/login.command.ts
index fe9284e2e80..c6e16ccecd8 100644
--- a/apps/cli/src/auth/commands/login.command.ts
+++ b/apps/cli/src/auth/commands/login.command.ts
@@ -406,15 +406,15 @@ export class LoginCommand {
     }
 
     try {
-      const { newPasswordHash, newEncKey, hint } = await this.collectNewMasterPasswordDetails(
+      const { newPasswordHash, newUserKey, hint } = await this.collectNewMasterPasswordDetails(
         "Your master password does not meet one or more of your organization policies. In order to access the vault, you must update your master password now."
       );
 
       const request = new PasswordRequest();
-      request.masterPasswordHash = await this.cryptoService.hashPassword(currentPassword, null);
+      request.masterPasswordHash = await this.cryptoService.hashMasterKey(currentPassword, null);
       request.masterPasswordHint = hint;
       request.newMasterPasswordHash = newPasswordHash;
-      request.key = newEncKey[1].encryptedString;
+      request.key = newUserKey[1].encryptedString;
 
       await this.apiService.postPassword(request);
 
@@ -444,12 +444,12 @@ export class LoginCommand {
     }
 
     try {
-      const { newPasswordHash, newEncKey, hint } = await this.collectNewMasterPasswordDetails(
+      const { newPasswordHash, newUserKey, hint } = await this.collectNewMasterPasswordDetails(
         "An organization administrator recently changed your master password. In order to access the vault, you must update your master password now."
       );
 
       const request = new UpdateTempPasswordRequest();
-      request.key = newEncKey[1].encryptedString;
+      request.key = newUserKey[1].encryptedString;
       request.newMasterPasswordHash = newPasswordHash;
       request.masterPasswordHint = hint;
 
@@ -467,8 +467,8 @@ export class LoginCommand {
 
   /**
    * Collect new master password and hint from the CLI. The collected password
-   * is validated against any applicable master password policies and a new encryption
-   * key is generated
+   * is validated against any applicable master password policies, a new master
+   * key is generated, and we use it to re-encrypt the user key
    * @param prompt - Message that is displayed during the initial prompt
    * @param error
    */
@@ -477,7 +477,7 @@ export class LoginCommand {
     error?: string
   ): Promise<{
     newPasswordHash: string;
-    newEncKey: [SymmetricCryptoKey, EncString];
+    newUserKey: [SymmetricCryptoKey, EncString];
     hint?: string;
   }> {
     if (this.email == null || this.email === "undefined") {
@@ -559,21 +559,24 @@ export class LoginCommand {
     const kdfConfig = await this.stateService.getKdfConfig();
 
     // Create new key and hash new password
-    const newKey = await this.cryptoService.makeKey(
+    const newMasterKey = await this.cryptoService.makeMasterKey(
       masterPassword,
       this.email.trim().toLowerCase(),
       kdf,
       kdfConfig
     );
-    const newPasswordHash = await this.cryptoService.hashPassword(masterPassword, newKey);
+    const newPasswordHash = await this.cryptoService.hashMasterKey(masterPassword, newMasterKey);
 
-    // Grab user's current enc key
-    const userEncKey = await this.cryptoService.getEncKey();
+    // Grab user key
+    const userKey = await this.cryptoService.getUserKey();
+    if (!userKey) {
+      throw new Error("User key not found.");
+    }
 
-    // Create new encKey for the User
-    const newEncKey = await this.cryptoService.remakeEncKey(newKey, userEncKey);
+    // Re-encrypt user key with new master key
+    const newUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(newMasterKey, userKey);
 
-    return { newPasswordHash, newEncKey, hint: masterPasswordHint };
+    return { newPasswordHash, newUserKey: newUserKey, hint: masterPasswordHint };
   }
 
   private async handleCaptchaRequired(
diff --git a/apps/cli/src/auth/commands/unlock.command.ts b/apps/cli/src/auth/commands/unlock.command.ts
index 30625672126..9901fe29300 100644
--- a/apps/cli/src/auth/commands/unlock.command.ts
+++ b/apps/cli/src/auth/commands/unlock.command.ts
@@ -44,17 +44,17 @@ export class UnlockCommand {
     const email = await this.stateService.getEmail();
     const kdf = await this.stateService.getKdfType();
     const kdfConfig = await this.stateService.getKdfConfig();
-    const key = await this.cryptoService.makeKey(password, email, kdf, kdfConfig);
-    const storedKeyHash = await this.cryptoService.getKeyHash();
+    const masterKey = await this.cryptoService.makeMasterKey(password, email, kdf, kdfConfig);
+    const storedKeyHash = await this.cryptoService.getMasterKeyHash();
 
     let passwordValid = false;
-    if (key != null) {
+    if (masterKey != null) {
       if (storedKeyHash != null) {
-        passwordValid = await this.cryptoService.compareAndUpdateKeyHash(password, key);
+        passwordValid = await this.cryptoService.compareAndUpdateKeyHash(password, masterKey);
       } else {
-        const serverKeyHash = await this.cryptoService.hashPassword(
+        const serverKeyHash = await this.cryptoService.hashMasterKey(
           password,
-          key,
+          masterKey,
           HashPurpose.ServerAuthorization
         );
         const request = new SecretVerificationRequest();
@@ -62,12 +62,12 @@ export class UnlockCommand {
         try {
           await this.apiService.postAccountVerifyPassword(request);
           passwordValid = true;
-          const localKeyHash = await this.cryptoService.hashPassword(
+          const localKeyHash = await this.cryptoService.hashMasterKey(
             password,
-            key,
+            masterKey,
             HashPurpose.LocalAuthorization
           );
-          await this.cryptoService.setKeyHash(localKeyHash);
+          await this.cryptoService.setMasterKeyHash(localKeyHash);
         } catch {
           // Ignore
         }
@@ -75,7 +75,9 @@ export class UnlockCommand {
     }
 
     if (passwordValid) {
-      await this.cryptoService.setKey(key);
+      await this.cryptoService.setMasterKey(masterKey);
+      const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
+      await this.cryptoService.setUserKey(userKey);
 
       if (await this.keyConnectorService.getConvertAccountRequired()) {
         const convertToKeyConnectorCommand = new ConvertToKeyConnectorCommand(
diff --git a/apps/cli/src/bw.ts b/apps/cli/src/bw.ts
index 29c1443a713..1bcaa1a2acf 100644
--- a/apps/cli/src/bw.ts
+++ b/apps/cli/src/bw.ts
@@ -12,7 +12,13 @@ import { OrganizationService } from "@bitwarden/common/admin-console/services/or
 import { PolicyApiService } from "@bitwarden/common/admin-console/services/policy/policy-api.service";
 import { PolicyService } from "@bitwarden/common/admin-console/services/policy/policy.service";
 import { ProviderService } from "@bitwarden/common/admin-console/services/provider.service";
+import { AuthRequestCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-crypto.service.abstraction";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
+import { AuthRequestCryptoServiceImplementation } from "@bitwarden/common/auth/services/auth-request-crypto.service.implementation";
 import { AuthService } from "@bitwarden/common/auth/services/auth.service";
+import { DeviceTrustCryptoService } from "@bitwarden/common/auth/services/device-trust-crypto.service.implementation";
+import { DevicesApiServiceImplementation } from "@bitwarden/common/auth/services/devices-api.service.implementation";
 import { KeyConnectorService } from "@bitwarden/common/auth/services/key-connector.service";
 import { TokenService } from "@bitwarden/common/auth/services/token.service";
 import { TwoFactorService } from "@bitwarden/common/auth/services/two-factor.service";
@@ -38,8 +44,8 @@ import { OrganizationUserServiceImplementation } from "@bitwarden/common/service
 import { SearchService } from "@bitwarden/common/services/search.service";
 import { SettingsService } from "@bitwarden/common/services/settings.service";
 import { TotpService } from "@bitwarden/common/services/totp.service";
-import { VaultTimeoutService } from "@bitwarden/common/services/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/services/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/services/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService } from "@bitwarden/common/services/vault-timeout/vault-timeout.service";
 import {
   PasswordGenerationService,
   PasswordGenerationServiceAbstraction,
@@ -140,6 +146,9 @@ export class Main {
   organizationApiService: OrganizationApiServiceAbstraction;
   syncNotifierService: SyncNotifierService;
   sendApiService: SendApiService;
+  devicesApiService: DevicesApiServiceAbstraction;
+  deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction;
+  authRequestCryptoService: AuthRequestCryptoServiceAbstraction;
 
   constructor() {
     let p = null;
@@ -315,6 +324,20 @@ export class Main {
       this.stateService
     );
 
+    this.devicesApiService = new DevicesApiServiceImplementation(this.apiService);
+    this.deviceTrustCryptoService = new DeviceTrustCryptoService(
+      this.cryptoFunctionService,
+      this.cryptoService,
+      this.encryptService,
+      this.stateService,
+      this.appIdService,
+      this.devicesApiService,
+      this.i18nService,
+      this.platformUtilsService
+    );
+
+    this.authRequestCryptoService = new AuthRequestCryptoServiceImplementation(this.cryptoService);
+
     this.authService = new AuthService(
       this.cryptoService,
       this.apiService,
@@ -330,17 +353,27 @@ export class Main {
       this.i18nService,
       this.encryptService,
       this.passwordStrengthService,
-      this.policyService
+      this.policyService,
+      this.deviceTrustCryptoService,
+      this.authRequestCryptoService
     );
 
-    const lockedCallback = async () =>
-      await this.cryptoService.clearStoredKey(KeySuffixOptions.Auto);
+    const lockedCallback = async (userId?: string) =>
+      await this.cryptoService.clearStoredUserKey(KeySuffixOptions.Auto);
+
+    this.userVerificationService = new UserVerificationService(
+      this.stateService,
+      this.cryptoService,
+      this.i18nService,
+      this.userVerificationApiService
+    );
 
     this.vaultTimeoutSettingsService = new VaultTimeoutSettingsService(
       this.cryptoService,
       this.tokenService,
       this.policyService,
-      this.stateService
+      this.stateService,
+      this.userVerificationService
     );
 
     this.vaultTimeoutService = new VaultTimeoutService(
@@ -351,7 +384,6 @@ export class Main {
       this.platformUtilsService,
       this.messagingService,
       this.searchService,
-      this.keyConnectorService,
       this.stateService,
       this.authService,
       this.vaultTimeoutSettingsService,
@@ -406,12 +438,6 @@ export class Main {
     this.sendProgram = new SendProgram(this);
 
     this.userVerificationApiService = new UserVerificationApiService(this.apiService);
-
-    this.userVerificationService = new UserVerificationService(
-      this.cryptoService,
-      this.i18nService,
-      this.userVerificationApiService
-    );
   }
 
   async run() {
diff --git a/apps/cli/src/commands/serve.command.ts b/apps/cli/src/commands/serve.command.ts
index 8808dcaafb8..78c7c0c481b 100644
--- a/apps/cli/src/commands/serve.command.ts
+++ b/apps/cli/src/commands/serve.command.ts
@@ -5,7 +5,6 @@ import * as koa from "koa";
 import * as koaBodyParser from "koa-bodyparser";
 import * as koaJson from "koa-json";
 
-import { KeySuffixOptions } from "@bitwarden/common/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 
 import { ConfirmCommand } from "../admin-console/commands/confirm.command";
@@ -425,11 +424,7 @@ export class ServeCommand {
       this.processResponse(res, Response.error("You are not logged in."));
       return true;
     }
-    if (await this.main.cryptoService.hasKeyInMemory()) {
-      return false;
-    } else if (await this.main.cryptoService.hasKeyStored(KeySuffixOptions.Auto)) {
-      // load key into memory
-      await this.main.cryptoService.getKey();
+    if (await this.main.cryptoService.hasUserKey()) {
       return false;
     }
     this.processResponse(res, Response.error("Vault is locked."));
diff --git a/apps/cli/src/locales/en/messages.json b/apps/cli/src/locales/en/messages.json
index 4b6524b7ccb..e12b30af2c0 100644
--- a/apps/cli/src/locales/en/messages.json
+++ b/apps/cli/src/locales/en/messages.json
@@ -46,5 +46,8 @@
   },
   "ssoKeyConnectorError": {
     "message": "Key Connector error: make sure Key Connector is available and working correctly."
+  },
+  "unsupportedEncryptedImport": {
+    "message": "Importing encrypted files is currently not supported."
   }
 }
diff --git a/apps/cli/src/program.ts b/apps/cli/src/program.ts
index 700a31b3c66..9eca236a3a0 100644
--- a/apps/cli/src/program.ts
+++ b/apps/cli/src/program.ts
@@ -2,7 +2,6 @@ import * as chalk from "chalk";
 import * as program from "commander";
 
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
-import { KeySuffixOptions } from "@bitwarden/common/enums";
 
 import { LockCommand } from "./auth/commands/lock.command";
 import { LoginCommand } from "./auth/commands/login.command";
@@ -597,11 +596,8 @@ export class Program {
 
   protected async exitIfLocked() {
     await this.exitIfNotAuthed();
-    if (await this.main.cryptoService.hasKeyInMemory()) {
+    if (await this.main.cryptoService.hasUserKey()) {
       return;
-    } else if (await this.main.cryptoService.hasKeyStored(KeySuffixOptions.Auto)) {
-      // load key into memory
-      await this.main.cryptoService.getKey();
     } else if (process.env.BW_NOINTERACTION !== "true") {
       // must unlock
       if (await this.main.keyConnectorService.getUsesKeyConnector()) {
diff --git a/apps/cli/src/tools/import.command.ts b/apps/cli/src/tools/import.command.ts
index 0080197aa74..c013d3c6b62 100644
--- a/apps/cli/src/tools/import.command.ts
+++ b/apps/cli/src/tools/import.command.ts
@@ -67,7 +67,9 @@ export class ImportCommand {
     try {
       let contents;
       if (format === "1password1pux") {
-        contents = await CliUtils.extract1PuxContent(filepath);
+        contents = await CliUtils.extractZipContent(filepath, "export.data");
+      } else if (format === "protonpass" && filepath.endsWith(".zip")) {
+        contents = await CliUtils.extractZipContent(filepath, "Proton Pass/data.json");
       } else {
         contents = await CliUtils.readFile(filepath);
       }
diff --git a/apps/cli/src/utils.ts b/apps/cli/src/utils.ts
index d5e442ded19..f8780dbec63 100644
--- a/apps/cli/src/utils.ts
+++ b/apps/cli/src/utils.ts
@@ -46,7 +46,7 @@ export class CliUtils {
     });
   }
 
-  static extract1PuxContent(input: string): Promise<string> {
+  static extractZipContent(input: string, filepath: string): Promise<string> {
     return new Promise<string>((resolve, reject) => {
       let p: string = null;
       if (input != null && input !== "") {
@@ -65,7 +65,7 @@ export class CliUtils {
         }
         JSZip.loadAsync(data).then(
           (zip) => {
-            resolve(zip.file("export.data").async("string"));
+            resolve(zip.file(filepath).async("string"));
           },
           (reason) => {
             reject(reason);
@@ -74,6 +74,7 @@ export class CliUtils {
       });
     });
   }
+
   /**
    * Save the given data to a file and determine the target file if necessary.
    * If output is non-empty, it is used as target filename. Otherwise the target filename is
diff --git a/apps/cli/src/vault/create.command.ts b/apps/cli/src/vault/create.command.ts
index 49a61e6e59d..3f4d53e9737 100644
--- a/apps/cli/src/vault/create.command.ts
+++ b/apps/cli/src/vault/create.command.ts
@@ -126,8 +126,8 @@ export class CreateCommand {
       return Response.error("Premium status is required to use this feature.");
     }
 
-    const encKey = await this.cryptoService.getEncKey();
-    if (encKey == null) {
+    const userKey = await this.cryptoService.getUserKey();
+    if (userKey == null) {
       return Response.error(
         "You must update your encryption key before you can use this feature. " +
           "See https://help.bitwarden.com/article/update-encryption-key/"
diff --git a/apps/desktop/desktop_native/package.json b/apps/desktop/desktop_native/package.json
index fe37602768e..44958043707 100644
--- a/apps/desktop/desktop_native/package.json
+++ b/apps/desktop/desktop_native/package.json
@@ -11,7 +11,7 @@
   "author": "",
   "license": "GPL-3.0",
   "devDependencies": {
-    "@napi-rs/cli": "2.16.1"
+    "@napi-rs/cli": "2.16.2"
   },
   "napi": {
     "name": "desktop_native",
diff --git a/apps/desktop/electron-builder.json b/apps/desktop/electron-builder.json
index e92a80c4972..8e6d300218a 100644
--- a/apps/desktop/electron-builder.json
+++ b/apps/desktop/electron-builder.json
@@ -97,6 +97,7 @@
   },
   "dmg": {
     "icon": "dmg.icns",
+    "sign": false,
     "contents": [
       {
         "x": 150,
diff --git a/apps/desktop/native-messaging-test-runner/package-lock.json b/apps/desktop/native-messaging-test-runner/package-lock.json
index d90b46ea702..a30da02ad9e 100644
--- a/apps/desktop/native-messaging-test-runner/package-lock.json
+++ b/apps/desktop/native-messaging-test-runner/package-lock.json
@@ -14,12 +14,12 @@
         "module-alias": "2.2.3",
         "node-ipc": "9.2.1",
         "ts-node": "10.9.1",
-        "uuid": "8.3.2",
+        "uuid": "9.0.0",
         "yargs": "17.7.2"
       },
       "devDependencies": {
         "@tsconfig/node16": "1.0.4",
-        "@types/node": "18.16.16",
+        "@types/node": "18.17.5",
         "@types/node-ipc": "9.2.0",
         "typescript": "4.7.4"
       }
@@ -99,9 +99,9 @@
       "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA=="
     },
     "node_modules/@types/node": {
-      "version": "18.16.16",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.16.16.tgz",
-      "integrity": "sha512-NpaM49IGQQAUlBhHMF82QH80J08os4ZmyF9MkpCzWAGuOHqE4gTEbhzd7L3l5LmWuZ6E0OiC1FweQ4tsiW35+g=="
+      "version": "18.17.5",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.17.5.tgz",
+      "integrity": "sha512-xNbS75FxH6P4UXTPUJp/zNPq6/xsfdJKussCWNOnz4aULWIRwMgP1LgaB5RiBnMX1DPCYenuqGZfnIAx5mbFLA=="
     },
     "node_modules/@types/node-ipc": {
       "version": "9.2.0",
@@ -374,9 +374,9 @@
       }
     },
     "node_modules/uuid": {
-      "version": "8.3.2",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz",
-      "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==",
+      "version": "9.0.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.0.tgz",
+      "integrity": "sha512-MXcSTerfPa4uqyzStbRoTgt5XIe3x5+42+q1sDuy3R5MDk66URdLMOZe5aPX/SQd+kuYAh0FdP/pO28IkQyTeg==",
       "bin": {
         "uuid": "dist/bin/uuid"
       }
diff --git a/apps/desktop/native-messaging-test-runner/package.json b/apps/desktop/native-messaging-test-runner/package.json
index 70e69fd51ae..cd848a9768a 100644
--- a/apps/desktop/native-messaging-test-runner/package.json
+++ b/apps/desktop/native-messaging-test-runner/package.json
@@ -19,12 +19,12 @@
     "module-alias": "2.2.3",
     "node-ipc": "9.2.1",
     "ts-node": "10.9.1",
-    "uuid": "8.3.2",
+    "uuid": "9.0.0",
     "yargs": "17.7.2"
   },
   "devDependencies": {
     "@tsconfig/node16": "1.0.4",
-    "@types/node": "18.16.16",
+    "@types/node": "18.17.5",
     "@types/node-ipc": "9.2.0",
     "typescript": "4.7.4"
   },
diff --git a/apps/desktop/package.json b/apps/desktop/package.json
index 2aa4d3e26c5..1591840905e 100644
--- a/apps/desktop/package.json
+++ b/apps/desktop/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@bitwarden/desktop",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2023.7.2",
+  "version": "2023.8.0",
   "keywords": [
     "bitwarden",
     "password",
diff --git a/apps/desktop/scripts/after-sign.js b/apps/desktop/scripts/after-sign.js
index 4ef3023946a..0b181f90f62 100644
--- a/apps/desktop/scripts/after-sign.js
+++ b/apps/desktop/scripts/after-sign.js
@@ -53,8 +53,9 @@ async function run(context) {
     const appleId = process.env.APPLE_ID_USERNAME || process.env.APPLEID;
     const appleIdPassword = process.env.APPLE_ID_PASSWORD || `@keychain:AC_PASSWORD`;
     return await notarize({
-      appBundleId: "com.bitwarden.desktop",
+      tool: "notarytool",
       appPath: appPath,
+      teamId: "LTZ2PFU5D6",
       appleId: appleId,
       appleIdPassword: appleIdPassword,
     });
diff --git a/apps/desktop/src/app/accounts/settings.component.html b/apps/desktop/src/app/accounts/settings.component.html
index 30deb88cfa2..c3087809c06 100644
--- a/apps/desktop/src/app/accounts/settings.component.html
+++ b/apps/desktop/src/app/accounts/settings.component.html
@@ -55,43 +55,69 @@
                 [formControl]="form.controls.vaultTimeout"
                 ngDefaultControl
               ></app-vault-timeout-input>
-              <div class="form-group">
-                <label>{{ "vaultTimeoutAction" | i18n }}</label>
-                <div class="radio radio-mt-2">
-                  <label for="vaultTimeoutActionLock">
-                    <input
-                      type="radio"
-                      id="vaultTimeoutActionLock"
-                      value="{{ VaultTimeoutAction.Lock }}"
-                      aria-describedby="vaultTimeoutActionLockHelp"
-                      formControlName="vaultTimeoutAction"
-                    />
-                    {{ "lock" | i18n }}
-                  </label>
+              <ng-container
+                *ngIf="availableVaultTimeoutActions$ | async as availableVaultTimeoutActions"
+              >
+                <div class="form-group">
+                  <label>{{ "vaultTimeoutAction" | i18n }}</label>
+                  <div class="radio radio-mt-2">
+                    <label for="vaultTimeoutActionLock">
+                      <!--
+                        Using [attr.disabled] because reactive forms don't support disabling individual radio buttons, see:
+                        https://github.com/angular/angular/issues/11763
+                      -->
+                      <input
+                        type="radio"
+                        id="vaultTimeoutActionLock"
+                        value="{{ VaultTimeoutAction.Lock }}"
+                        aria-describedby="vaultTimeoutActionLockHelp"
+                        formControlName="vaultTimeoutAction"
+                        [attr.disabled]="
+                          !availableVaultTimeoutActions.includes(VaultTimeoutAction.Lock)
+                            ? true
+                            : null
+                        "
+                      />
+                      {{ "lock" | i18n }}
+                    </label>
+                  </div>
+                  <small id="vaultTimeoutActionLockHelp" class="help-block">{{
+                    "vaultTimeoutActionLockDesc" | i18n
+                  }}</small>
+                  <div class="radio">
+                    <label for="vaultTimeoutActionLogOut">
+                      <input
+                        type="radio"
+                        id="vaultTimeoutActionLogOut"
+                        value="{{ VaultTimeoutAction.LogOut }}"
+                        aria-describedby="vaultTimeoutActionLogOutHelp"
+                        formControlName="vaultTimeoutAction"
+                        [attr.disabled]="
+                          !availableVaultTimeoutActions.includes(VaultTimeoutAction.LogOut)
+                            ? true
+                            : null
+                        "
+                      />
+                      {{ "logOut" | i18n }}
+                    </label>
+                  </div>
+                  <small id="vaultTimeoutActionLogOutHelp" class="help-block">{{
+                    "vaultTimeoutActionLogOutDesc" | i18n
+                  }}</small>
                 </div>
-                <small id="vaultTimeoutActionLockHelp" class="help-block">{{
-                  "vaultTimeoutActionLockDesc" | i18n
-                }}</small>
-                <div class="radio">
-                  <label for="vaultTimeoutActionLogOut">
-                    <input
-                      type="radio"
-                      id="vaultTimeoutActionLogOut"
-                      value="{{ VaultTimeoutAction.LogOut }}"
-                      aria-describedby="vaultTimeoutActionLogOutHelp"
-                      formControlName="vaultTimeoutAction"
-                    />
-                    {{ "logOut" | i18n }}
-                  </label>
+                <div
+                  *ngIf="!availableVaultTimeoutActions.includes(VaultTimeoutAction.Lock)"
+                  class="form-group"
+                >
+                  <small id="unlockMethodNeededToChangeTimeoutActionHelp" class="help-block">{{
+                    "unlockMethodNeededToChangeTimeoutActionDesc" | i18n
+                  }}</small>
                 </div>
-                <small id="vaultTimeoutActionLogOutHelp" class="help-block">{{
-                  "vaultTimeoutActionLogOutDesc" | i18n
-                }}</small>
-              </div>
+              </ng-container>
               <div class="form-group">
                 <div class="checkbox">
                   <label for="pin">
-                    <input id="pin" type="checkbox" formControlName="pin" (change)="updatePin()" />
+                    <input id="pin" type="checkbox" formControlName="pin" />
                     {{ "unlockWithPin" | i18n }}
                   </label>
                 </div>
@@ -99,12 +125,7 @@
               <div class="form-group" *ngIf="supportsBiometric">
                 <div class="checkbox">
                   <label for="biometric">
-                    <input
-                      id="biometric"
-                      type="checkbox"
-                      formControlName="biometric"
-                      (change)="updateBiometric()"
-                    />
+                    <input id="biometric" type="checkbox" formControlName="biometric" />
                     {{ biometricText | i18n }}
                   </label>
                 </div>
@@ -125,7 +146,14 @@
                   </label>
                 </div>
               </div>
-              <div class="form-group" *ngIf="supportsBiometric && this.form.value.biometric">
+              <div
+                class="form-group"
+                *ngIf="
+                  supportsBiometric &&
+                  this.form.value.biometric &&
+                  (userHasMasterPassword || (this.form.value.pin && userHasPinSet))
+                "
+              >
                 <div class="checkbox form-group-child">
                   <label for="requirePasswordOnStart">
                     <input
diff --git a/apps/desktop/src/app/accounts/settings.component.ts b/apps/desktop/src/app/accounts/settings.component.ts
index 162cb338bca..7ccf4aca770 100644
--- a/apps/desktop/src/app/accounts/settings.component.ts
+++ b/apps/desktop/src/app/accounts/settings.component.ts
@@ -1,15 +1,15 @@
 import { Component, OnInit } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
-import { Observable, Subject } from "rxjs";
-import { concatMap, debounceTime, filter, map, takeUntil, tap } from "rxjs/operators";
+import { BehaviorSubject, firstValueFrom, Observable, Subject } from "rxjs";
+import { concatMap, debounceTime, filter, map, switchMap, takeUntil, tap } from "rxjs/operators";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { AbstractThemingService } from "@bitwarden/angular/services/theming/theming.service.abstraction";
 import { SettingsService } from "@bitwarden/common/abstractions/settings.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
+import { UserVerificationService as UserVerificationServiceAbstraction } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { DeviceType, ThemeType, KeySuffixOptions } from "@bitwarden/common/enums";
 import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -17,12 +17,12 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { DialogService } from "@bitwarden/components";
 
 import { flagEnabled } from "../../platform/flags";
 import { ElectronStateService } from "../../platform/services/electron-state.service.abstraction";
 import { isWindowsStore } from "../../utils";
 import { SetPinComponent } from "../components/set-pin.component";
-
 @Component({
   selector: "app-settings",
   templateUrl: "settings.component.html",
@@ -61,12 +61,16 @@ export class SettingsComponent implements OnInit {
 
   currentUserEmail: string;
 
+  availableVaultTimeoutActions$: Observable<VaultTimeoutAction[]>;
   vaultTimeoutPolicyCallout: Observable<{
     timeout: { hours: number; minutes: number };
     action: "lock" | "logOut";
   }>;
   previousVaultTimeout: number = null;
 
+  userHasMasterPassword: boolean;
+  userHasPinSet: boolean;
+
   form = this.formBuilder.group({
     // Security
     vaultTimeout: [null as number | null],
@@ -97,6 +101,7 @@ export class SettingsComponent implements OnInit {
     locale: [null as string | null],
   });
 
+  private refreshTimeoutSettings$ = new BehaviorSubject<void>(undefined);
   private destroy$ = new Subject<void>();
 
   constructor(
@@ -111,7 +116,8 @@ export class SettingsComponent implements OnInit {
     private modalService: ModalService,
     private themingService: AbstractThemingService,
     private settingsService: SettingsService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService,
+    private userVerificationService: UserVerificationServiceAbstraction
   ) {
     const isMac = this.platformUtilsService.getDevice() === DeviceType.MacOsDesktop;
 
@@ -189,6 +195,8 @@ export class SettingsComponent implements OnInit {
   }
 
   async ngOnInit() {
+    this.userHasMasterPassword = await this.userVerificationService.hasMasterPassword();
+
     this.isWindows = (await this.platformUtilsService.getDevice()) === DeviceType.WindowsDesktop;
 
     if ((await this.stateService.getUserId()) == null) {
@@ -196,6 +204,10 @@ export class SettingsComponent implements OnInit {
     }
     this.currentUserEmail = await this.stateService.getEmail();
 
+    this.availableVaultTimeoutActions$ = this.refreshTimeoutSettings$.pipe(
+      switchMap(() => this.vaultTimeoutSettingsService.availableVaultTimeoutActions$())
+    );
+
     // Load timeout policy
     this.vaultTimeoutPolicyCallout = this.policyService.get$(PolicyType.MaximumVaultTimeout).pipe(
       filter((policy) => policy != null),
@@ -219,11 +231,15 @@ export class SettingsComponent implements OnInit {
     );
 
     // Load initial values
-    const pinSet = await this.vaultTimeoutSettingsService.isPinLockSet();
+    const pinStatus = await this.vaultTimeoutSettingsService.isPinLockSet();
+    this.userHasPinSet = pinStatus !== "DISABLED";
+
     const initialValues = {
       vaultTimeout: await this.vaultTimeoutSettingsService.getVaultTimeout(),
-      vaultTimeoutAction: await this.vaultTimeoutSettingsService.getVaultTimeoutAction(),
-      pin: pinSet[0] || pinSet[1],
+      vaultTimeoutAction: await firstValueFrom(
+        this.vaultTimeoutSettingsService.vaultTimeoutAction$()
+      ),
+      pin: this.userHasPinSet,
       biometric: await this.vaultTimeoutSettingsService.isBiometricLockSet(),
       autoPromptBiometrics: !(await this.stateService.getDisableAutoBiometricsPrompt()),
       requirePasswordOnStart:
@@ -264,6 +280,15 @@ export class SettingsComponent implements OnInit {
     this.autoPromptBiometricsText = await this.stateService.getNoAutoPromptBiometricsText();
     this.previousVaultTimeout = this.form.value.vaultTimeout;
 
+    this.refreshTimeoutSettings$
+      .pipe(
+        switchMap(() => this.vaultTimeoutSettingsService.vaultTimeoutAction$()),
+        takeUntil(this.destroy$)
+      )
+      .subscribe((action) => {
+        this.form.controls.vaultTimeoutAction.setValue(action, { emitEvent: false });
+      });
+
     // Form events
     this.form.controls.vaultTimeout.valueChanges
       .pipe(
@@ -284,6 +309,26 @@ export class SettingsComponent implements OnInit {
       )
       .subscribe();
 
+    this.form.controls.pin.valueChanges
+      .pipe(
+        concatMap(async (value) => {
+          await this.updatePin(value);
+          this.refreshTimeoutSettings$.next();
+        }),
+        takeUntil(this.destroy$)
+      )
+      .subscribe();
+
+    this.form.controls.biometric.valueChanges
+      .pipe(
+        concatMap(async (enabled) => {
+          await this.updateBiometric(enabled);
+          this.refreshTimeoutSettings$.next();
+        }),
+        takeUntil(this.destroy$)
+      )
+      .subscribe();
+
     this.form.controls.enableBrowserIntegration.valueChanges
       .pipe(takeUntil(this.destroy$))
       .subscribe((enabled) => {
@@ -300,7 +345,7 @@ export class SettingsComponent implements OnInit {
       const confirmed = await this.dialogService.openSimpleDialog({
         title: { key: "warning" },
         content: { key: "neverLockWarning" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!confirmed) {
@@ -336,7 +381,7 @@ export class SettingsComponent implements OnInit {
       const confirmed = await this.dialogService.openSimpleDialog({
         title: { key: "vaultTimeoutLogOutConfirmationTitle" },
         content: { key: "vaultTimeoutLogOutConfirmation" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!confirmed) {
@@ -362,52 +407,64 @@ export class SettingsComponent implements OnInit {
     );
   }
 
-  async updatePin() {
-    if (this.form.value.pin) {
+  async updatePin(value: boolean) {
+    if (value) {
       const ref = this.modalService.open(SetPinComponent, { allowMultipleModals: true });
 
       if (ref == null) {
-        this.form.controls.pin.setValue(false);
+        this.form.controls.pin.setValue(false, { emitEvent: false });
         return;
       }
 
-      this.form.controls.pin.setValue(await ref.onClosedPromise());
+      this.userHasPinSet = await ref.onClosedPromise();
+      this.form.controls.pin.setValue(this.userHasPinSet, { emitEvent: false });
     }
-    if (!this.form.value.pin) {
-      await this.cryptoService.clearPinProtectedKey();
+    if (!value) {
+      // If user turned off PIN without having a MP and has biometric + require MP/PIN on restart enabled
+      if (this.form.value.requirePasswordOnStart && !this.userHasMasterPassword) {
+        // then must turn that off to prevent user from getting into bad state
+        this.form.controls.requirePasswordOnStart.setValue(false);
+        await this.updateRequirePasswordOnStart();
+      }
+
       await this.vaultTimeoutSettingsService.clear();
     }
+    this.messagingService.send("redrawMenu");
   }
 
-  async updateBiometric() {
+  async updateBiometric(enabled: boolean) {
     // NOTE: A bug in angular causes [ngModel] to not reflect the backing field value
     // causing the checkbox to remain checked even if authentication fails.
     // The bug should resolve itself once the angular issue is resolved.
     // See: https://github.com/angular/angular/issues/13063
 
-    if (!this.form.value.biometric || !this.supportsBiometric) {
-      this.form.controls.biometric.setValue(false);
-      await this.stateService.setBiometricUnlock(null);
-      await this.cryptoService.toggleKey();
-      return;
-    }
+    try {
+      if (!enabled || !this.supportsBiometric) {
+        this.form.controls.biometric.setValue(false, { emitEvent: false });
+        await this.stateService.setBiometricUnlock(null);
+        await this.cryptoService.refreshAdditionalKeys();
+        return;
+      }
 
-    await this.stateService.setBiometricUnlock(true);
-    if (this.isWindows) {
-      // Recommended settings for Windows Hello
-      this.form.controls.requirePasswordOnStart.setValue(true);
-      this.form.controls.autoPromptBiometrics.setValue(false);
-      await this.stateService.setDisableAutoBiometricsPrompt(true);
-      await this.stateService.setBiometricRequirePasswordOnStart(true);
-      await this.stateService.setDismissedBiometricRequirePasswordOnStart();
-    }
-    await this.cryptoService.toggleKey();
+      await this.stateService.setBiometricUnlock(true);
+      if (this.isWindows) {
+        // Recommended settings for Windows Hello
+        this.form.controls.requirePasswordOnStart.setValue(true);
+        this.form.controls.autoPromptBiometrics.setValue(false);
+        await this.stateService.setDisableAutoBiometricsPrompt(true);
+        await this.stateService.setBiometricRequirePasswordOnStart(true);
+        await this.stateService.setDismissedBiometricRequirePasswordOnStart();
+      }
+      await this.cryptoService.refreshAdditionalKeys();
 
-    // Validate the key is stored in case biometrics fail.
-    const biometricSet = await this.cryptoService.hasKeyStored(KeySuffixOptions.Biometric);
-    this.form.controls.biometric.setValue(biometricSet);
-    if (!biometricSet) {
-      await this.stateService.setBiometricUnlock(null);
+      // Validate the key is stored in case biometrics fail.
+      const biometricSet = await this.cryptoService.hasUserKeyStored(KeySuffixOptions.Biometric);
+      this.form.controls.biometric.setValue(biometricSet, { emitEvent: false });
+      if (!biometricSet) {
+        await this.stateService.setBiometricUnlock(null);
+      }
+    } finally {
+      this.messagingService.send("redrawMenu");
     }
   }
 
@@ -435,7 +492,7 @@ export class SettingsComponent implements OnInit {
       await this.stateService.setBiometricEncryptionClientKeyHalf(null);
     }
     await this.stateService.setDismissedBiometricRequirePasswordOnStart();
-    await this.cryptoService.toggleKey();
+    await this.cryptoService.refreshAdditionalKeys();
   }
 
   async saveFavicons() {
@@ -465,7 +522,7 @@ export class SettingsComponent implements OnInit {
       const confirm = await this.dialogService.openSimpleDialog({
         title: { key: "confirmTrayTitle" },
         content: { key: "confirmTrayDesc" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (confirm) {
@@ -527,7 +584,7 @@ export class SettingsComponent implements OnInit {
         content: { key: "browserIntegrationMasOnlyDesc" },
         acceptButtonText: { key: "ok" },
         cancelButtonText: null,
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       this.form.controls.enableBrowserIntegration.setValue(false);
@@ -538,7 +595,7 @@ export class SettingsComponent implements OnInit {
         content: { key: "browserIntegrationWindowsStoreDesc" },
         acceptButtonText: { key: "ok" },
         cancelButtonText: null,
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       this.form.controls.enableBrowserIntegration.setValue(false);
@@ -549,7 +606,7 @@ export class SettingsComponent implements OnInit {
         content: { key: "browserIntegrationLinuxDesc" },
         acceptButtonText: { key: "ok" },
         cancelButtonText: null,
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       this.form.controls.enableBrowserIntegration.setValue(false);
diff --git a/apps/desktop/src/app/app-routing.module.ts b/apps/desktop/src/app/app-routing.module.ts
index 6dd6b2142fb..8e057bd68d5 100644
--- a/apps/desktop/src/app/app-routing.module.ts
+++ b/apps/desktop/src/app/app-routing.module.ts
@@ -1,13 +1,20 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
-import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
-import { LockGuard } from "@bitwarden/angular/auth/guards/lock.guard";
+import {
+  AuthGuard,
+  lockGuard,
+  redirectGuard,
+  tdeDecryptionRequiredGuard,
+} from "@bitwarden/angular/auth/guards";
+import { canAccessFeature } from "@bitwarden/angular/guard/feature-flag.guard";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
 import { AccessibilityCookieComponent } from "../auth/accessibility-cookie.component";
 import { LoginGuard } from "../auth/guards/login.guard";
 import { HintComponent } from "../auth/hint.component";
 import { LockComponent } from "../auth/lock.component";
+import { LoginDecryptionOptionsComponent } from "../auth/login/login-decryption-options/login-decryption-options.component";
 import { LoginWithDeviceComponent } from "../auth/login/login-with-device.component";
 import { LoginComponent } from "../auth/login/login.component";
 import { RegisterComponent } from "../auth/register.component";
@@ -21,11 +28,16 @@ import { VaultComponent } from "../vault/app/vault/vault.component";
 import { SendComponent } from "./tools/send/send.component";
 
 const routes: Routes = [
-  { path: "", redirectTo: "/vault", pathMatch: "full" },
+  {
+    path: "",
+    pathMatch: "full",
+    children: [], // Children lets us have an empty component.
+    canActivate: [redirectGuard({ loggedIn: "/vault", loggedOut: "/login", locked: "/lock" })],
+  },
   {
     path: "lock",
     component: LockComponent,
-    canActivate: [LockGuard],
+    canActivate: [lockGuard()],
   },
   {
     path: "login",
@@ -36,7 +48,19 @@ const routes: Routes = [
     path: "login-with-device",
     component: LoginWithDeviceComponent,
   },
+  {
+    path: "admin-approval-requested",
+    component: LoginWithDeviceComponent,
+  },
   { path: "2fa", component: TwoFactorComponent },
+  {
+    path: "login-initiated",
+    component: LoginDecryptionOptionsComponent,
+    canActivate: [
+      tdeDecryptionRequiredGuard(),
+      canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
+    ],
+  },
   { path: "register", component: RegisterComponent },
   {
     path: "vault",
diff --git a/apps/desktop/src/app/app.component.ts b/apps/desktop/src/app/app.component.ts
index 320c93a05ef..b5321a2bc83 100644
--- a/apps/desktop/src/app/app.component.ts
+++ b/apps/desktop/src/app/app.component.ts
@@ -15,19 +15,20 @@ import { IndividualConfig, ToastrService } from "ngx-toastr";
 import { firstValueFrom, Subject, takeUntil } from "rxjs";
 
 import { ModalRef } from "@bitwarden/angular/components/modal/modal.ref";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { EventUploadService } from "@bitwarden/common/abstractions/event/event-upload.service";
 import { NotificationsService } from "@bitwarden/common/abstractions/notifications.service";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { SettingsService } from "@bitwarden/common/abstractions/settings.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { ForceResetPasswordReason } from "@bitwarden/common/auth/models/domain/force-reset-password-reason";
+import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -43,10 +44,11 @@ import { CollectionService } from "@bitwarden/common/vault/abstractions/collecti
 import { InternalFolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
+import { DialogService } from "@bitwarden/components";
 
 import { DeleteAccountComponent } from "../auth/delete-account.component";
 import { LoginApprovalComponent } from "../auth/login/login-approval.component";
-import { MenuUpdateRequest } from "../main/menu/menu.updater";
+import { MenuAccount, MenuUpdateRequest } from "../main/menu/menu.updater";
 import { PremiumComponent } from "../vault/app/accounts/premium.component";
 import { FolderAddEditComponent } from "../vault/app/vault/folder-add-edit.component";
 
@@ -77,6 +79,7 @@ const systemTimeoutOptions = {
     <ng-template #appGenerator></ng-template>
     <ng-template #loginApproval></ng-template>
     <app-header></app-header>
+
     <div id="container">
       <div class="loading" *ngIf="loading">
         <i class="bwi bwi-spinner bwi-spin bwi-3x" aria-hidden="true"></i>
@@ -137,8 +140,9 @@ export class AppComponent implements OnInit, OnDestroy {
     private policyService: InternalPolicyService,
     private modalService: ModalService,
     private keyConnectorService: KeyConnectorService,
+    private userVerificationService: UserVerificationService,
     private configService: ConfigServiceAbstraction,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   ngOnInit() {
@@ -246,7 +250,7 @@ export class AppComponent implements OnInit, OnDestroy {
                 this.i18nService.t("yourAccountsFingerprint") + ":\n" + fingerprint.join("-"),
               acceptButtonText: { key: "learnMore" },
               cancelButtonText: { key: "close" },
-              type: SimpleDialogType.INFO,
+              type: "info",
             });
 
             if (result) {
@@ -281,7 +285,7 @@ export class AppComponent implements OnInit, OnDestroy {
               title: { key: "premiumRequired" },
               content: { key: "premiumRequiredDesc" },
               acceptButtonText: { key: "learnMore" },
-              type: SimpleDialogType.SUCCESS,
+              type: "success",
             });
             if (premiumConfirmed) {
               await this.openModal<PremiumComponent>(PremiumComponent, this.premiumRef);
@@ -293,7 +297,7 @@ export class AppComponent implements OnInit, OnDestroy {
               title: { key: "emailVerificationRequired" },
               content: { key: "emailVerificationRequiredDesc" },
               acceptButtonText: { key: "learnMore" },
-              type: SimpleDialogType.INFO,
+              type: "info",
             });
             if (emailVerificationConfirmed) {
               this.platformUtilsService.launchUri(
@@ -400,6 +404,9 @@ export class AppComponent implements OnInit, OnDestroy {
               await this.openLoginApproval(message.notificationId);
             }
             break;
+          case "redrawMenu":
+            await this.updateAppMenu();
+            break;
         }
       });
     });
@@ -488,28 +495,32 @@ export class AppComponent implements OnInit, OnDestroy {
       updateRequest = {
         accounts: null,
         activeUserId: null,
-        hideChangeMasterPassword: true,
       };
     } else {
-      const accounts: { [userId: string]: any } = {};
+      const accounts: { [userId: string]: MenuAccount } = {};
       for (const i in stateAccounts) {
         if (i != null && stateAccounts[i]?.profile?.userId != null) {
           const userId = stateAccounts[i].profile.userId;
+          const availableTimeoutActions = await firstValueFrom(
+            this.vaultTimeoutSettingsService.availableVaultTimeoutActions$(userId)
+          );
+
           accounts[userId] = {
             isAuthenticated: await this.stateService.getIsAuthenticated({
               userId: userId,
             }),
             isLocked:
               (await this.authService.getAuthStatus(userId)) === AuthenticationStatus.Locked,
+            isLockable: availableTimeoutActions.includes(VaultTimeoutAction.Lock),
             email: stateAccounts[i].profile.email,
             userId: stateAccounts[i].profile.userId,
+            hasMasterPassword: await this.userVerificationService.hasMasterPassword(userId),
           };
         }
       }
       updateRequest = {
         accounts: accounts,
         activeUserId: await this.stateService.getUserId(),
-        hideChangeMasterPassword: await this.keyConnectorService.getUsesKeyConnector(),
       };
     }
 
diff --git a/apps/desktop/src/app/components/user-verification.component.html b/apps/desktop/src/app/components/user-verification.component.html
index 10b16a04087..7db7e54b66a 100644
--- a/apps/desktop/src/app/components/user-verification.component.html
+++ b/apps/desktop/src/app/components/user-verification.component.html
@@ -1,4 +1,4 @@
-<ng-container *ngIf="!usesKeyConnector">
+<ng-container *ngIf="hasMasterPassword">
   <div class="box-content-row" appBoxRow>
     <label for="masterPassword">{{ "masterPass" | i18n }}</label>
     <input
@@ -14,7 +14,7 @@
     />
   </div>
 </ng-container>
-<ng-container *ngIf="usesKeyConnector">
+<ng-container *ngIf="!hasMasterPassword">
   <div class="box-content-row" appBoxRow>
     <label class="d-block">{{ "sendVerificationCode" | i18n }}</label>
     <button
diff --git a/apps/desktop/src/app/services/init.service.ts b/apps/desktop/src/app/services/init.service.ts
index 78840d14329..34300aed931 100644
--- a/apps/desktop/src/app/services/init.service.ts
+++ b/apps/desktop/src/app/services/init.service.ts
@@ -4,7 +4,6 @@ import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { AbstractThemingService } from "@bitwarden/angular/services/theming/theming.service.abstraction";
 import { EventUploadService as EventUploadServiceAbstraction } from "@bitwarden/common/abstractions/event/event-upload.service";
 import { NotificationsService as NotificationsServiceAbstraction } from "@bitwarden/common/abstractions/notifications.service";
-import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
 import { TwoFactorService as TwoFactorServiceAbstraction } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { CryptoService as CryptoServiceAbstraction } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
@@ -14,7 +13,7 @@ import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "@bitwar
 import { StateService as StateServiceAbstraction } from "@bitwarden/common/platform/abstractions/state.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
 import { EventUploadService } from "@bitwarden/common/services/event/event-upload.service";
-import { VaultTimeoutService } from "@bitwarden/common/services/vaultTimeout/vaultTimeout.service";
+import { VaultTimeoutService } from "@bitwarden/common/services/vault-timeout/vault-timeout.service";
 import { SyncService as SyncServiceAbstraction } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 
 import { I18nService } from "../../platform/services/i18n.service";
@@ -26,7 +25,7 @@ export class InitService {
     @Inject(WINDOW) private win: Window,
     private environmentService: EnvironmentServiceAbstraction,
     private syncService: SyncServiceAbstraction,
-    private vaultTimeoutService: VaultTimeoutServiceAbstraction,
+    private vaultTimeoutService: VaultTimeoutService,
     private i18nService: I18nServiceAbstraction,
     private eventUploadService: EventUploadServiceAbstraction,
     private twoFactorService: TwoFactorServiceAbstraction,
@@ -48,7 +47,7 @@ export class InitService {
       // TODO: Remove this when implementing ticket PM-2637
       this.environmentService.initialized = true;
       this.syncService.fullSync(true);
-      (this.vaultTimeoutService as VaultTimeoutService).init(true);
+      await this.vaultTimeoutService.init(true);
       const locale = await this.stateService.getLocale();
       await (this.i18nService as I18nService).init(locale);
       (this.eventUploadService as EventUploadService).init(true);
diff --git a/apps/desktop/src/app/services/services.module.ts b/apps/desktop/src/app/services/services.module.ts
index bee3ae4c7e1..ded0366dc16 100644
--- a/apps/desktop/src/app/services/services.module.ts
+++ b/apps/desktop/src/app/services/services.module.ts
@@ -1,6 +1,5 @@
 import { APP_INITIALIZER, InjectionToken, NgModule } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import {
   SECURE_STORAGE,
   STATE_FACTORY,
@@ -40,6 +39,7 @@ import { SystemService } from "@bitwarden/common/platform/services/system.servic
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { CipherService as CipherServiceAbstraction } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { PasswordRepromptService as PasswordRepromptServiceAbstraction } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
+import { DialogService } from "@bitwarden/components";
 
 import { LoginGuard } from "../../auth/guards/login.guard";
 import { Account } from "../../models/account";
@@ -52,7 +52,6 @@ import { ElectronRendererStorageService } from "../../platform/services/electron
 import { ElectronStateService } from "../../platform/services/electron-state.service";
 import { ElectronStateService as ElectronStateServiceAbstraction } from "../../platform/services/electron-state.service.abstraction";
 import { I18nService } from "../../platform/services/i18n.service";
-import { ElectronDialogService } from "../../services/electron-dialog.service";
 import { EncryptedMessageHandlerService } from "../../services/encrypted-message-handler.service";
 import { NativeMessageHandlerService } from "../../services/native-message-handler.service";
 import { NativeMessagingService } from "../../services/native-messaging.service";
@@ -73,6 +72,7 @@ const RELOAD_CALLBACK = new InjectionToken<() => any>("RELOAD_CALLBACK");
     NativeMessagingService,
     SearchBarService,
     LoginGuard,
+    DialogService,
     {
       provide: APP_INITIALIZER,
       useFactory: (initService: InitService) => initService.init(),
@@ -178,10 +178,6 @@ const RELOAD_CALLBACK = new InjectionToken<() => any>("RELOAD_CALLBACK");
       useClass: LoginService,
       deps: [StateServiceAbstraction],
     },
-    {
-      provide: DialogServiceAbstraction,
-      useClass: ElectronDialogService,
-    },
     {
       provide: CryptoServiceAbstraction,
       useClass: ElectronCryptoService,
diff --git a/apps/desktop/src/app/tools/export/export.component.ts b/apps/desktop/src/app/tools/export/export.component.ts
index 770c3bf5f53..94121afc8d2 100644
--- a/apps/desktop/src/app/tools/export/export.component.ts
+++ b/apps/desktop/src/app/tools/export/export.component.ts
@@ -1,9 +1,6 @@
-import * as os from "os";
-
 import { Component, OnInit } from "@angular/core";
 import { UntypedFormBuilder } from "@angular/forms";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ExportComponent as BaseExportComponent } from "@bitwarden/angular/tools/export/components/export.component";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -14,6 +11,7 @@ import { FileDownloadService } from "@bitwarden/common/platform/abstractions/fil
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/exporter/vault-export";
 
 const BroadcasterSubscriptionId = "ExportComponent";
@@ -35,7 +33,7 @@ export class ExportComponent extends BaseExportComponent implements OnInit {
     private broadcasterService: BroadcasterService,
     logService: LogService,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cryptoService,
@@ -56,26 +54,4 @@ export class ExportComponent extends BaseExportComponent implements OnInit {
   ngOnDestroy() {
     this.broadcasterService.unsubscribe(BroadcasterSubscriptionId);
   }
-
-  async warningDialog() {
-    if (this.encryptedFormat) {
-      return await this.dialogService.openSimpleDialog({
-        title: { key: "confirmVaultExport" },
-        content:
-          this.i18nService.t("encExportKeyWarningDesc") +
-          os.EOL +
-          os.EOL +
-          this.i18nService.t("encExportAccountWarningDesc"),
-        acceptButtonText: { key: "exportVault" },
-        type: SimpleDialogType.WARNING,
-      });
-    } else {
-      return await this.dialogService.openSimpleDialog({
-        title: { key: "confirmVaultExport" },
-        content: { key: "exportWarningDesc" },
-        acceptButtonText: { key: "exportVault" },
-        type: SimpleDialogType.WARNING,
-      });
-    }
-  }
 }
diff --git a/apps/desktop/src/app/tools/send/add-edit.component.ts b/apps/desktop/src/app/tools/send/add-edit.component.ts
index adfdb0fa64a..de5d2a601ab 100644
--- a/apps/desktop/src/app/tools/send/add-edit.component.ts
+++ b/apps/desktop/src/app/tools/send/add-edit.component.ts
@@ -1,7 +1,6 @@
 import { DatePipe } from "@angular/common";
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AddEditComponent as BaseAddEditComponent } from "@bitwarden/angular/tools/send/add-edit.component";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -12,6 +11,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-send-add-edit",
@@ -29,7 +29,7 @@ export class AddEditComponent extends BaseAddEditComponent {
     policyService: PolicyService,
     logService: LogService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
diff --git a/apps/desktop/src/app/tools/send/send.component.ts b/apps/desktop/src/app/tools/send/send.component.ts
index 8cdc90d9950..7ad98ceda1e 100644
--- a/apps/desktop/src/app/tools/send/send.component.ts
+++ b/apps/desktop/src/app/tools/send/send.component.ts
@@ -1,6 +1,5 @@
 import { Component, NgZone, OnDestroy, OnInit, ViewChild } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { SendComponent as BaseSendComponent } from "@bitwarden/angular/tools/send/send.component";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -12,6 +11,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { SendView } from "@bitwarden/common/tools/send/models/view/send.view";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 import { invokeMenu, RendererMenuItem } from "../../../utils";
 import { SearchBarService } from "../../layout/search/search-bar.service";
@@ -48,7 +48,7 @@ export class SendComponent extends BaseSendComponent implements OnInit, OnDestro
     private searchBarService: SearchBarService,
     logService: LogService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       sendService,
diff --git a/apps/desktop/src/auth/lock.component.html b/apps/desktop/src/auth/lock.component.html
index 5db58b5937b..a863fd52115 100644
--- a/apps/desktop/src/auth/lock.component.html
+++ b/apps/desktop/src/auth/lock.component.html
@@ -4,8 +4,12 @@
     <p>{{ "yourVaultIsLocked" | i18n }}</p>
     <div class="box last">
       <div class="box-content">
-        <div class="box-content-row box-content-row-flex" appBoxRow *ngIf="!hideInput">
-          <div class="row-main" *ngIf="pinLock">
+        <div
+          class="box-content-row box-content-row-flex"
+          appBoxRow
+          *ngIf="pinEnabled || masterPasswordEnabled"
+        >
+          <div class="row-main" *ngIf="pinEnabled">
             <label for="pin">{{ "pin" | i18n }}</label>
             <input
               id="pin"
@@ -17,7 +21,7 @@
               appInputVerbatim
             />
           </div>
-          <div class="row-main" *ngIf="!pinLock">
+          <div class="row-main" *ngIf="masterPasswordEnabled && !pinEnabled">
             <label for="masterPassword">{{ "masterPass" | i18n }}</label>
             <input
               id="masterPassword"
@@ -57,14 +61,14 @@
         <button
           type="button"
           class="btn block"
-          [ngClass]="{ 'primary font-weight-bold': hideInput }"
+          [ngClass]="{ 'primary font-weight-bold': !pinEnabled && !masterPasswordEnabled }"
           (click)="unlockBiometric()"
         >
           {{ biometricText | i18n }}
         </button>
       </div>
       <div class="buttons-row">
-        <button type="submit" class="btn primary block" *ngIf="!hideInput">
+        <button type="submit" class="btn primary block" *ngIf="pinEnabled || masterPasswordEnabled">
           <i class="bwi bwi-unlock" aria-hidden="true"></i> <b>{{ "unlock" | i18n }}</b>
         </button>
         <button type="button" class="btn block" (click)="logOut()">
diff --git a/apps/desktop/src/auth/lock.component.ts b/apps/desktop/src/auth/lock.component.ts
index 36dff381ca2..f1732e95e03 100644
--- a/apps/desktop/src/auth/lock.component.ts
+++ b/apps/desktop/src/auth/lock.component.ts
@@ -3,13 +3,13 @@ import { ActivatedRoute, Router } from "@angular/router";
 import { ipcRenderer } from "electron";
 
 import { LockComponent as BaseLockComponent } from "@bitwarden/angular/auth/components/lock.component";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { DeviceType, KeySuffixOptions } from "@bitwarden/common/enums";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -19,6 +19,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
+import { DialogService } from "@bitwarden/components";
 
 import { ElectronStateService } from "../platform/services/electron-state.service.abstraction";
 import { BiometricStorageAction, BiometricMessage } from "../types/biometric-message";
@@ -51,8 +52,9 @@ export class LockComponent extends BaseLockComponent {
     policyService: InternalPolicyService,
     passwordStrengthService: PasswordStrengthServiceAbstraction,
     logService: LogService,
-    keyConnectorService: KeyConnectorService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService,
+    deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    userVerificationService: UserVerificationService
   ) {
     super(
       router,
@@ -66,13 +68,14 @@ export class LockComponent extends BaseLockComponent {
       stateService,
       apiService,
       logService,
-      keyConnectorService,
       ngZone,
       policyApiService,
       policyService,
       passwordStrengthService,
       route,
-      dialogService
+      dialogService,
+      deviceTrustCryptoService,
+      userVerificationService
     );
   }
 
@@ -132,7 +135,7 @@ export class LockComponent extends BaseLockComponent {
     const userId = await this.stateService.getUserId();
     const val = await ipcRenderer.invoke("biometric", {
       action: BiometricStorageAction.EnabledForUser,
-      key: `${userId}_masterkey_biometric`,
+      key: `${userId}_user_biometric`,
       keySuffix: KeySuffixOptions.Biometric,
       userId: userId,
     } as BiometricMessage);
@@ -140,7 +143,7 @@ export class LockComponent extends BaseLockComponent {
   }
 
   private focusInput() {
-    document.getElementById(this.pinLock ? "pin" : "masterPassword").focus();
+    document.getElementById(this.pinEnabled ? "pin" : "masterPassword")?.focus();
   }
 
   private async displayBiometricUpdateWarning(): Promise<void> {
@@ -156,7 +159,7 @@ export class LockComponent extends BaseLockComponent {
       const response = await this.dialogService.openSimpleDialog({
         title: { key: "windowsBiometricUpdateWarningTitle" },
         content: { key: "windowsBiometricUpdateWarning" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       await this.stateService.setBiometricRequirePasswordOnStart(response);
diff --git a/apps/desktop/src/auth/login/login-decryption-options/login-decryption-options.component.html b/apps/desktop/src/auth/login/login-decryption-options/login-decryption-options.component.html
new file mode 100644
index 00000000000..d2abb2071d0
--- /dev/null
+++ b/apps/desktop/src/auth/login/login-decryption-options/login-decryption-options.component.html
@@ -0,0 +1,66 @@
+<div id="login-decryption-options-page">
+  <div id="content" class="content">
+    <img class="logo-image" alt="Bitwarden" />
+
+    <div class="container loading-spinner" *ngIf="loading">
+      <i class="bwi bwi-spinner bwi-spin bwi-3x" aria-hidden="true"></i>
+    </div>
+
+    <ng-container *ngIf="!loading">
+      <h1 id="heading">{{ "loginInitiated" | i18n }}</h1>
+      <h6
+        *ngIf="data.state == State.ExistingUserUntrustedDevice"
+        id="subHeading"
+        class="standard-bottom-margin"
+      >
+        {{ "deviceApprovalRequired" | i18n }}
+      </h6>
+
+      <form id="rememberDeviceForm" class="standard-bottom-margin" [formGroup]="rememberDeviceForm">
+        <div class="checkbox">
+          <label for="rememberDevice">
+            <input
+              id="rememberDevice"
+              type="checkbox"
+              name="rememberDevice"
+              formControlName="rememberDevice"
+            />
+            {{ "rememberThisDevice" | i18n }}
+          </label>
+        </div>
+        <span id="rememberThisDeviceHintText">{{ "uncheckIfPublicDevice" | i18n }}</span>
+      </form>
+
+      <div *ngIf="data.state == State.ExistingUserUntrustedDevice" class="buttons with-rows">
+        <div class="buttons-row" *ngIf="data.showApproveFromOtherDeviceBtn">
+          <button (click)="approveFromOtherDevice()" type="button" class="btn primary block">
+            {{ "approveFromYourOtherDevice" | i18n }}
+          </button>
+        </div>
+        <div class="buttons-row" *ngIf="data.showReqAdminApprovalBtn">
+          <button (click)="requestAdminApproval()" type="button" class="btn block">
+            {{ "requestAdminApproval" | i18n }}
+          </button>
+        </div>
+        <div class="buttons-row" *ngIf="data.showApproveWithMasterPasswordBtn">
+          <button (click)="approveWithMasterPassword()" type="button" class="btn block">
+            {{ "approveWithMasterPassword" | i18n }}
+          </button>
+        </div>
+      </div>
+
+      <div *ngIf="data.state == State.NewUser" class="buttons with-rows">
+        <div class="buttons-row">
+          <button (click)="createUser()" type="button" class="btn block">
+            {{ "continue" | i18n }}
+          </button>
+        </div>
+      </div>
+
+      <div style="text-align: center">
+        <p class="no-margin">{{ "loggingInAs" | i18n }} {{ data.userEmail }}</p>
+        <a [routerLink]="[]" (click)="logOut()">{{ "notYou" | i18n }}</a>
+      </div>
+    </ng-container>
+  </div>
+</div>
diff --git a/apps/desktop/src/auth/login/login-decryption-options/login-decryption-options.component.ts b/apps/desktop/src/auth/login/login-decryption-options/login-decryption-options.component.ts
new file mode 100644
index 00000000000..f64ec977ce7
--- /dev/null
+++ b/apps/desktop/src/auth/login/login-decryption-options/login-decryption-options.component.ts
@@ -0,0 +1,19 @@
+import { Component } from "@angular/core";
+
+import { BaseLoginDecryptionOptionsComponent } from "@bitwarden/angular/auth/components/base-login-decryption-options.component";
+
+@Component({
+  selector: "desktop-login-decryption-options",
+  templateUrl: "login-decryption-options.component.html",
+})
+export class LoginDecryptionOptionsComponent extends BaseLoginDecryptionOptionsComponent {
+  override async createUser(): Promise<void> {
+    try {
+      await super.createUser();
+      this.messagingService.send("redrawMenu");
+      await this.router.navigate(["/vault"]);
+    } catch (error) {
+      this.validationService.showError(error);
+    }
+  }
+}
diff --git a/apps/desktop/src/auth/login/login-with-device.component.html b/apps/desktop/src/auth/login/login-with-device.component.html
index 29fb1034942..a81c92ad1d1 100644
--- a/apps/desktop/src/auth/login/login-with-device.component.html
+++ b/apps/desktop/src/auth/login/login-with-device.component.html
@@ -1,40 +1,72 @@
 <div id="login-with-device-page">
   <div id="content" class="content">
     <img class="logo-image" alt="Bitwarden" />
-    <p class="lead text-center">{{ "logInInitiated" | i18n }}</p>
 
-    <div class="box last">
-      <div class="box-content">
-        <div class="box-content-row" appBoxRow>
-          <div class="section">
-            <p class="section">{{ "notificationSentDevice" | i18n }}</p>
-            <p>
-              {{ "fingerprintMatchInfo" | i18n }}
-            </p>
-          </div>
+    <ng-container *ngIf="state == StateEnum.StandardAuthRequest">
+      <p class="lead text-center">{{ "loginInitiated" | i18n }}</p>
 
-          <div class="fingerprint section">
-            <h4>{{ "fingerprintPhraseHeader" | i18n }}</h4>
-            <code>{{ fingerprintPhrase }}</code>
-          </div>
+      <div class="box last">
+        <div class="box-content">
+          <div class="box-content-row" appBoxRow>
+            <div class="section">
+              <p class="section">{{ "notificationSentDevice" | i18n }}</p>
+              <p>
+                {{ "fingerprintMatchInfo" | i18n }}
+              </p>
+            </div>
 
-          <div class="section" *ngIf="showResendNotification">
-            <a [routerLink]="[]" disabled="true" (click)="startPasswordlessLogin()">{{
-              "resendNotification" | i18n
-            }}</a>
-          </div>
+            <div class="fingerprint section">
+              <h4>{{ "fingerprintPhraseHeader" | i18n }}</h4>
+              <code>{{ fingerprintPhrase }}</code>
+            </div>
 
-          <div class="sub-options another-method">
-            <p class="no-margin description-text">
-              {{ "needAnotherOption" | i18n }}
-              <a type="button" class="text text-primary" (click)="goToLogin()">
-                {{ "viewAllLoginOptions" | i18n }}
-              </a>
-            </p>
+            <div class="section" *ngIf="showResendNotification">
+              <a [routerLink]="[]" disabled="true" (click)="startPasswordlessLogin()">{{
+                "resendNotification" | i18n
+              }}</a>
+            </div>
+
+            <div class="sub-options another-method">
+              <p class="no-margin description-text">
+                {{ "needAnotherOption" | i18n }}
+                <a type="button" class="text text-primary" (click)="back()">
+                  {{ "viewAllLoginOptions" | i18n }}
+                </a>
+              </p>
+            </div>
           </div>
         </div>
       </div>
-    </div>
+    </ng-container>
+
+    <ng-container *ngIf="state == StateEnum.AdminAuthRequest">
+      <p class="lead text-center">{{ "adminApprovalRequested" | i18n }}</p>
+
+      <div class="box last">
+        <div class="box-content">
+          <div class="box-content-row" appBoxRow>
+            <div class="section">
+              <p class="section">{{ "adminApprovalRequestSentToAdmins" | i18n }}</p>
+              <p class="section">{{ "youWillBeNotifiedOnceApproved" | i18n }}</p>
+            </div>
+
+            <div class="fingerprint section">
+              <h4>{{ "fingerprintPhraseHeader" | i18n }}</h4>
+              <code>{{ fingerprintPhrase }}</code>
+            </div>
+
+            <div class="sub-options another-method">
+              <p class="no-margin description-text">
+                {{ "troubleLoggingIn" | i18n }}
+                <a type="button" class="text text-primary" (click)="back()">
+                  {{ "viewAllLoginOptions" | i18n }}
+                </a>
+              </p>
+            </div>
+          </div>
+        </div>
+      </div>
+    </ng-container>
   </div>
 </div>
 <ng-template #environment></ng-template>
diff --git a/apps/desktop/src/auth/login/login-with-device.component.ts b/apps/desktop/src/auth/login/login-with-device.component.ts
index 3b3ee83ae49..daca2d19936 100644
--- a/apps/desktop/src/auth/login/login-with-device.component.ts
+++ b/apps/desktop/src/auth/login/login-with-device.component.ts
@@ -1,3 +1,4 @@
+import { Location } from "@angular/common";
 import { Component, OnDestroy, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
 import { Router } from "@angular/router";
 
@@ -5,7 +6,9 @@ import { LoginWithDeviceComponent as BaseLoginWithDeviceComponent } from "@bitwa
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { AnonymousHubService } from "@bitwarden/common/abstractions/anonymousHub.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AuthRequestCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-crypto.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
@@ -50,7 +53,10 @@ export class LoginWithDeviceComponent
     private modalService: ModalService,
     syncService: SyncService,
     stateService: StateService,
-    loginService: LoginService
+    loginService: LoginService,
+    deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    authReqCryptoService: AuthRequestCryptoServiceAbstraction,
+    private location: Location
   ) {
     super(
       router,
@@ -67,7 +73,9 @@ export class LoginWithDeviceComponent
       anonymousHubService,
       validationService,
       stateService,
-      loginService
+      loginService,
+      deviceTrustCryptoService,
+      authReqCryptoService
     );
 
     super.onSuccessfulLogin = () => {
@@ -100,7 +108,7 @@ export class LoginWithDeviceComponent
     super.ngOnDestroy();
   }
 
-  goToLogin() {
-    this.router.navigate(["/login"]);
+  back() {
+    this.location.back();
   }
 }
diff --git a/apps/desktop/src/auth/login/login.component.ts b/apps/desktop/src/auth/login/login.component.ts
index 00aa0300f61..45b330f6dae 100644
--- a/apps/desktop/src/auth/login/login.component.ts
+++ b/apps/desktop/src/auth/login/login.component.ts
@@ -7,8 +7,8 @@ import { EnvironmentSelectorComponent } from "@bitwarden/angular/auth/components
 import { LoginComponent as BaseLoginComponent } from "@bitwarden/angular/auth/components/login.component";
 import { FormValidationErrorsService } from "@bitwarden/angular/platform/abstractions/form-validation-errors.service";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
-import { DevicesApiServiceAbstraction } from "@bitwarden/common/abstractions/devices/devices-api.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
diff --git a/apps/desktop/src/auth/login/login.module.ts b/apps/desktop/src/auth/login/login.module.ts
index 35ad83e9db0..9fb2b28915a 100644
--- a/apps/desktop/src/auth/login/login.module.ts
+++ b/apps/desktop/src/auth/login/login.module.ts
@@ -5,12 +5,18 @@ import { EnvironmentSelectorComponent } from "@bitwarden/angular/auth/components
 
 import { SharedModule } from "../../app/shared/shared.module";
 
+import { LoginDecryptionOptionsComponent } from "./login-decryption-options/login-decryption-options.component";
 import { LoginWithDeviceComponent } from "./login-with-device.component";
 import { LoginComponent } from "./login.component";
 
 @NgModule({
   imports: [SharedModule, RouterModule],
-  declarations: [LoginComponent, LoginWithDeviceComponent, EnvironmentSelectorComponent],
+  declarations: [
+    LoginComponent,
+    LoginWithDeviceComponent,
+    EnvironmentSelectorComponent,
+    LoginDecryptionOptionsComponent,
+  ],
   exports: [LoginComponent, LoginWithDeviceComponent],
 })
 export class LoginModule {}
diff --git a/apps/desktop/src/auth/register.component.ts b/apps/desktop/src/auth/register.component.ts
index f4324f12379..db38fd4721c 100644
--- a/apps/desktop/src/auth/register.component.ts
+++ b/apps/desktop/src/auth/register.component.ts
@@ -4,7 +4,6 @@ import { Router } from "@angular/router";
 
 import { RegisterComponent as BaseRegisterComponent } from "@bitwarden/angular/components/register.component";
 import { FormValidationErrorsService } from "@bitwarden/angular/platform/abstractions/form-validation-errors.service";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
@@ -16,6 +15,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { DialogService } from "@bitwarden/components";
 
 const BroadcasterSubscriptionId = "RegisterComponent";
 
@@ -40,7 +40,7 @@ export class RegisterComponent extends BaseRegisterComponent implements OnInit,
     private ngZone: NgZone,
     logService: LogService,
     auditService: AuditService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       formValidationErrorService,
diff --git a/apps/desktop/src/auth/set-password.component.ts b/apps/desktop/src/auth/set-password.component.ts
index b710e96b7ee..fedd70b3133 100644
--- a/apps/desktop/src/auth/set-password.component.ts
+++ b/apps/desktop/src/auth/set-password.component.ts
@@ -2,7 +2,6 @@ import { Component, NgZone, OnDestroy } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { SetPasswordComponent as BaseSetPasswordComponent } from "@bitwarden/angular/components/set-password.component";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
@@ -16,6 +15,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 const BroadcasterSubscriptionId = "SetPasswordComponent";
 
@@ -41,7 +41,7 @@ export class SetPasswordComponent extends BaseSetPasswordComponent implements On
     stateService: StateService,
     organizationApiService: OrganizationApiServiceAbstraction,
     organizationUserService: OrganizationUserService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
diff --git a/apps/desktop/src/auth/sso.component.ts b/apps/desktop/src/auth/sso.component.ts
index 75f380b0ed3..22badf9d69d 100644
--- a/apps/desktop/src/auth/sso.component.ts
+++ b/apps/desktop/src/auth/sso.component.ts
@@ -4,6 +4,7 @@ import { ActivatedRoute, Router } from "@angular/router";
 import { SsoComponent as BaseSsoComponent } from "@bitwarden/angular/auth/components/sso.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -30,7 +31,8 @@ export class SsoComponent extends BaseSsoComponent {
     cryptoFunctionService: CryptoFunctionService,
     environmentService: EnvironmentService,
     passwordGenerationService: PasswordGenerationServiceAbstraction,
-    logService: LogService
+    logService: LogService,
+    configService: ConfigServiceAbstraction
   ) {
     super(
       authService,
@@ -43,11 +45,17 @@ export class SsoComponent extends BaseSsoComponent {
       cryptoFunctionService,
       environmentService,
       passwordGenerationService,
-      logService
+      logService,
+      configService
     );
-    super.onSuccessfulLogin = () => {
-      return syncService.fullSync(true);
+    super.onSuccessfulLogin = async () => {
+      syncService.fullSync(true);
     };
+
+    super.onSuccessfulLoginTde = async () => {
+      syncService.fullSync(true);
+    };
+
     this.redirectUri = "bitwarden://sso-callback";
     this.clientId = "desktop";
   }
diff --git a/apps/desktop/src/auth/two-factor.component.ts b/apps/desktop/src/auth/two-factor.component.ts
index ee3764027a5..bf3545820b9 100644
--- a/apps/desktop/src/auth/two-factor.component.ts
+++ b/apps/desktop/src/auth/two-factor.component.ts
@@ -1,7 +1,8 @@
-import { Component, ViewChild, ViewContainerRef } from "@angular/core";
+import { Component, Inject, ViewChild, ViewContainerRef } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { TwoFactorComponent as BaseTwoFactorComponent } from "@bitwarden/angular/auth/components/two-factor.component";
+import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
@@ -9,6 +10,7 @@ import { LoginService } from "@bitwarden/common/auth/abstractions/login.service"
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -43,7 +45,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     logService: LogService,
     twoFactorService: TwoFactorService,
     appIdService: AppIdService,
-    loginService: LoginService
+    loginService: LoginService,
+    configService: ConfigServiceAbstraction,
+    @Inject(WINDOW) protected win: Window
   ) {
     super(
       authService,
@@ -51,18 +55,22 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       i18nService,
       apiService,
       platformUtilsService,
-      window,
+      win,
       environmentService,
       stateService,
       route,
       logService,
       twoFactorService,
       appIdService,
-      loginService
+      loginService,
+      configService
     );
-    super.onSuccessfulLogin = () => {
-      this.loginService.clearValues();
-      return syncService.fullSync(true);
+    super.onSuccessfulLogin = async () => {
+      syncService.fullSync(true);
+    };
+
+    super.onSuccessfulLoginTde = async () => {
+      syncService.fullSync(true);
     };
   }
 
diff --git a/apps/desktop/src/images/bwi-passkey.png b/apps/desktop/src/images/bwi-passkey.png
new file mode 100644
index 00000000000..702be33446e
Binary files /dev/null and b/apps/desktop/src/images/bwi-passkey.png differ
diff --git a/apps/desktop/src/locales/af/messages.json b/apps/desktop/src/locales/af/messages.json
index 5913597ee88..9200627a107 100644
--- a/apps/desktop/src/locales/af/messages.json
+++ b/apps/desktop/src/locales/af/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Permanent geskrapte item"
   },
-  "restoreItem": {
-    "message": "Stel item terug"
-  },
-  "restoreItemConfirmation": {
-    "message": "Is u seker u wil hierdie item terugstel?"
-  },
   "restoredItem": {
     "message": "Teruggestelde item"
   },
diff --git a/apps/desktop/src/locales/ar/messages.json b/apps/desktop/src/locales/ar/messages.json
index a65781e73d4..9469fee3f65 100644
--- a/apps/desktop/src/locales/ar/messages.json
+++ b/apps/desktop/src/locales/ar/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "تم حذف العنصر بشكل دائم"
   },
-  "restoreItem": {
-    "message": "استعادة العنصر"
-  },
-  "restoreItemConfirmation": {
-    "message": "هل أنت متأكد من أنك تريد استعادة هذا العنصر؟"
-  },
   "restoredItem": {
     "message": "العنصر المستعاد"
   },
diff --git a/apps/desktop/src/locales/az/messages.json b/apps/desktop/src/locales/az/messages.json
index 3d1608a5490..405e71d6308 100644
--- a/apps/desktop/src/locales/az/messages.json
+++ b/apps/desktop/src/locales/az/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Element birdəfəlik silindi"
   },
-  "restoreItem": {
-    "message": "Elementi bərpa et"
-  },
-  "restoreItemConfirmation": {
-    "message": "Elementi bərpa etmək istədiyinizə əminsiniz?"
-  },
   "restoredItem": {
     "message": "Element bərpa edildi"
   },
diff --git a/apps/desktop/src/locales/be/messages.json b/apps/desktop/src/locales/be/messages.json
index c8f182caeb0..24c955a4983 100644
--- a/apps/desktop/src/locales/be/messages.json
+++ b/apps/desktop/src/locales/be/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Элемент выдалены назаўсёды"
   },
-  "restoreItem": {
-    "message": "Аднавіць элемент"
-  },
-  "restoreItemConfirmation": {
-    "message": "Вы сапраўды хочаце аднавіць гэты элемент?"
-  },
   "restoredItem": {
     "message": "Элемент адноўлены"
   },
@@ -2253,7 +2247,7 @@
     "message": "Рэкамендаваныя налады абнаўлення"
   },
   "loggingInOn": {
-    "message": "Logging in on"
+    "message": "Увайсці на"
   },
   "usDomain": {
     "message": "bitwarden.com"
diff --git a/apps/desktop/src/locales/bg/messages.json b/apps/desktop/src/locales/bg/messages.json
index 27a7a85fc24..192725c8dbc 100644
--- a/apps/desktop/src/locales/bg/messages.json
+++ b/apps/desktop/src/locales/bg/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Записът е изтрит окончателно"
   },
-  "restoreItem": {
-    "message": "Възстановяване на запис"
-  },
-  "restoreItemConfirmation": {
-    "message": "Сигурни ли сте, че искате да възстановите записа?"
-  },
   "restoredItem": {
     "message": "Записът е възстановен"
   },
diff --git a/apps/desktop/src/locales/bn/messages.json b/apps/desktop/src/locales/bn/messages.json
index 1c33383916c..1091afe5e1f 100644
--- a/apps/desktop/src/locales/bn/messages.json
+++ b/apps/desktop/src/locales/bn/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "বস্তুটি স্থায়ীভাবে মুছে ফেলা হয়েছে"
   },
-  "restoreItem": {
-    "message": "বস্তু পুনরুদ্ধার"
-  },
-  "restoreItemConfirmation": {
-    "message": "আপনি কি নিশ্চিত যে আপনি এই বস্তুটি পুনরুদ্ধার করতে চান?"
-  },
   "restoredItem": {
     "message": "বস্তু পুনরুদ্ধারকৃত"
   },
diff --git a/apps/desktop/src/locales/bs/messages.json b/apps/desktop/src/locales/bs/messages.json
index 61ea872f9aa..1e501600751 100644
--- a/apps/desktop/src/locales/bs/messages.json
+++ b/apps/desktop/src/locales/bs/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/ca/messages.json b/apps/desktop/src/locales/ca/messages.json
index e098741ff5d..85123ba4b64 100644
--- a/apps/desktop/src/locales/ca/messages.json
+++ b/apps/desktop/src/locales/ca/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Element suprimit definitivament"
   },
-  "restoreItem": {
-    "message": "Restaura l'element"
-  },
-  "restoreItemConfirmation": {
-    "message": "Esteu segur que voleu restaurar aquest element?"
-  },
   "restoredItem": {
     "message": "Element restaurat"
   },
diff --git a/apps/desktop/src/locales/cs/messages.json b/apps/desktop/src/locales/cs/messages.json
index 8cef76fbe57..8792bfa4bbf 100644
--- a/apps/desktop/src/locales/cs/messages.json
+++ b/apps/desktop/src/locales/cs/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Položka byla trvale smazána"
   },
-  "restoreItem": {
-    "message": "Obnovit položku"
-  },
-  "restoreItemConfirmation": {
-    "message": "Opravdu chcete tuto položku obnovit?"
-  },
   "restoredItem": {
     "message": "Položka byla obnovena"
   },
diff --git a/apps/desktop/src/locales/cy/messages.json b/apps/desktop/src/locales/cy/messages.json
index ede96425e9c..48da8c3453e 100644
--- a/apps/desktop/src/locales/cy/messages.json
+++ b/apps/desktop/src/locales/cy/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/da/messages.json b/apps/desktop/src/locales/da/messages.json
index 9c182c1aeeb..7d5076d8a4d 100644
--- a/apps/desktop/src/locales/da/messages.json
+++ b/apps/desktop/src/locales/da/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Emne slettet permanent"
   },
-  "restoreItem": {
-    "message": "Gendan emne"
-  },
-  "restoreItemConfirmation": {
-    "message": "Sikker på, at du vil gendanne dette emne?"
-  },
   "restoredItem": {
     "message": "Emne gendannet"
   },
diff --git a/apps/desktop/src/locales/de/messages.json b/apps/desktop/src/locales/de/messages.json
index bf9ce7fe4a8..32b90bedf1f 100644
--- a/apps/desktop/src/locales/de/messages.json
+++ b/apps/desktop/src/locales/de/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Eintrag dauerhaft gelöscht"
   },
-  "restoreItem": {
-    "message": "Eintrag wiederherstellen"
-  },
-  "restoreItemConfirmation": {
-    "message": "Soll dieser Eintrag wirklich wiederhergestellt werden?"
-  },
   "restoredItem": {
     "message": "Eintrag wiederhergestellt"
   },
diff --git a/apps/desktop/src/locales/el/messages.json b/apps/desktop/src/locales/el/messages.json
index 43f20a5f21d..faf687baaa6 100644
--- a/apps/desktop/src/locales/el/messages.json
+++ b/apps/desktop/src/locales/el/messages.json
@@ -1393,7 +1393,7 @@
     "message": "Ξεκλειδώστε με το Windows Hello"
   },
   "additionalWindowsHelloSettings": {
-    "message": "Additional Windows Hello settings"
+    "message": "Πρόσθετες ρυθμίσεις του Windows Hello"
   },
   "windowsHelloConsentMessage": {
     "message": "Επαληθεύστε για το Bitwarden."
@@ -1408,13 +1408,13 @@
     "message": "Ξεκλειδώστε το vault σας"
   },
   "autoPromptWindowsHello": {
-    "message": "Ζητήστε από τα Windows Γεια σας κατά την έναρξη"
+    "message": "Εμφάνιση Windows Hello κατά την εκκίνηση της εφαρμογής"
   },
   "autoPromptTouchId": {
     "message": "Ερώτηση για το Touch ID κατά την εκκίνηση"
   },
   "requirePasswordOnStart": {
-    "message": "Require password or PIN on app start"
+    "message": "Να απαιτείται κωδικός πρόσβασης ή PIN κατά την εκκίνηση της εφαρμογής"
   },
   "recommendedForSecurity": {
     "message": "Συνίσταται για ασφάλεια."
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Μόνιμα Διεγραμμένο Στοιχείο"
   },
-  "restoreItem": {
-    "message": "Ανάκτηση Στοιχείου"
-  },
-  "restoreItemConfirmation": {
-    "message": "Είστε βέβαιοι ότι θέλετε να ανακτήσετε αυτό το στοιχείο;"
-  },
   "restoredItem": {
     "message": "Στοιχείο που έχει Ανακτηθεί"
   },
diff --git a/apps/desktop/src/locales/en/messages.json b/apps/desktop/src/locales/en/messages.json
index ac507762eda..6477cdfb13b 100644
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -1492,6 +1492,9 @@
   "vaultTimeoutActionLogOutDesc": {
     "message": "Re-authentication is required to access your vault again."
   },
+  "unlockMethodNeededToChangeTimeoutActionDesc": {
+    "message": "Set up an unlock method to change your vault timeout action."
+  },
   "lock": {
     "message": "Lock",
     "description": "Verb form: to make secure or inaccesible by"
@@ -1512,12 +1515,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
@@ -2112,8 +2109,8 @@
   "logInWithAnotherDevice": {
     "message": "Log in with another device"
   },
-  "logInInitiated": {
-    "message": "Log in initiated"
+  "loginInitiated": {
+    "message": "Login initiated"
   },
   "notificationSentDevice": {
     "message": "A notification has been sent to your device."
@@ -2252,6 +2249,34 @@
   "windowsBiometricUpdateWarningTitle": {
     "message": "Recommended Settings Update"
   },
+  "deviceApprovalRequired": {
+    "message": "Device approval required. Select an approval option below:"
+  },
+  "rememberThisDevice": {
+    "message": "Remember this device"
+  },
+  "uncheckIfPublicDevice": {
+    "message": "Uncheck if using a public device"
+  },
+  "approveFromYourOtherDevice": {
+    "message": "Approve from your other device"
+  },
+  "requestAdminApproval": {
+    "message": "Request admin approval"
+  },
+  "approveWithMasterPassword": {
+    "message": "Approve with master password"
+  },
+  "region": {
+    "message": "Region"
+  },
+  "ssoIdentifierRequired": {
+    "message": "Organization SSO identifier is required."
+  },
+  "eu": {
+    "message": "EU",
+    "description": "European Union"
+  },
   "loggingInOn": {
     "message": "Logging in on"
   },
@@ -2267,6 +2292,130 @@
   "accessDenied": {
     "message": "Access denied. You do not have permission to view this page."
   },
+  "accountSuccessfullyCreated": {
+    "message": "Account successfully created!"
+  },
+  "adminApprovalRequested": {
+    "message": "Admin approval requested"
+  },
+  "adminApprovalRequestSentToAdmins": {
+    "message": "Your request has been sent to your admin."
+  },
+  "youWillBeNotifiedOnceApproved": {
+    "message": "You will be notified once approved."
+  },
+  "troubleLoggingIn": {
+    "message": "Trouble logging in?"
+  },
+  "loginApproved": {
+    "message": "Login approved"
+  },
+  "userEmailMissing": {
+    "message": "User email missing"
+  },
+  "deviceTrusted": {
+    "message": "Device trusted"
+  },
+  "inputRequired": {
+    "message": "Input is required."
+  },
+  "required": {
+    "message": "required"
+  },
+  "search": {
+    "message": "Search"
+  },
+  "inputMinLength": {
+    "message": "Input must be at least $COUNT$ characters long.",
+    "placeholders": {
+      "count": {
+        "content": "$1",
+        "example": "8"
+      }
+    }
+  },
+  "inputMaxLength": {
+    "message": "Input must not exceed $COUNT$ characters in length.",
+    "placeholders": {
+      "count": {
+        "content": "$1",
+        "example": "20"
+      }
+    }
+  },
+  "inputForbiddenCharacters": {
+    "message": "The following characters are not allowed: $CHARACTERS$",
+    "placeholders": {
+      "characters": {
+        "content": "$1",
+        "example": "@, #, $, %"
+      }
+    }
+  },
+  "inputMinValue": {
+    "message": "Input value must be at least $MIN$.",
+    "placeholders": {
+      "min": {
+        "content": "$1",
+        "example": "8"
+      }
+    }
+  },
+  "inputMaxValue": {
+    "message": "Input value must not exceed $MAX$.",
+    "placeholders": {
+      "max": {
+        "content": "$1",
+        "example": "100"
+      }
+    }
+  },
+  "multipleInputEmails": {
+    "message": "1 or more emails are invalid"
+  },
+  "inputTrimValidator": {
+    "message": "Input must not contain only whitespace.",
+    "description": "Notification to inform the user that a form's input can't contain only whitespace."
+  },
+  "inputEmail": {
+    "message": "Input is not an email address."
+  },
+  "fieldsNeedAttention": {
+    "message": "$COUNT$ field(s) above need your attention.",
+    "placeholders": {
+      "count": {
+        "content": "$1",
+        "example": "4"
+      }
+    }
+  },
+  "selectPlaceholder": {
+    "message": "-- Select --"
+  },
+  "multiSelectPlaceholder": {
+    "message": "-- Type to filter --"
+  },
+  "multiSelectLoading": {
+    "message": "Retrieving options..."
+  },
+  "multiSelectNotFound": {
+    "message": "No items found"
+  },
+  "multiSelectClearAll": {
+    "message": "Clear all"
+  },
+  "plusNMore": {
+    "message": "+ $QUANTITY$ more",
+    "placeholders": {
+      "quantity": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
+  "submenu": {
+    "message": "Submenu"
+  },
   "typePasskey": {
     "message": "Passkey"
   },
diff --git a/apps/desktop/src/locales/en_GB/messages.json b/apps/desktop/src/locales/en_GB/messages.json
index 428d6910662..8726c2787a0 100644
--- a/apps/desktop/src/locales/en_GB/messages.json
+++ b/apps/desktop/src/locales/en_GB/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/en_IN/messages.json b/apps/desktop/src/locales/en_IN/messages.json
index d40c23fda48..afda50b77db 100644
--- a/apps/desktop/src/locales/en_IN/messages.json
+++ b/apps/desktop/src/locales/en_IN/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Permanently deleted item"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Restored item"
   },
diff --git a/apps/desktop/src/locales/eo/messages.json b/apps/desktop/src/locales/eo/messages.json
index e72cd6515ea..ee7ff21b8e2 100644
--- a/apps/desktop/src/locales/eo/messages.json
+++ b/apps/desktop/src/locales/eo/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/es/messages.json b/apps/desktop/src/locales/es/messages.json
index 9e31f09379a..0e959cb622c 100644
--- a/apps/desktop/src/locales/es/messages.json
+++ b/apps/desktop/src/locales/es/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Elemento eliminado de forma permanente"
   },
-  "restoreItem": {
-    "message": "Restaurar elemento"
-  },
-  "restoreItemConfirmation": {
-    "message": "¿Estás seguro de que quieres restaurar este elemento?"
-  },
   "restoredItem": {
     "message": "Elemento restaurado"
   },
diff --git a/apps/desktop/src/locales/et/messages.json b/apps/desktop/src/locales/et/messages.json
index 2b74589df25..b3b30715f44 100644
--- a/apps/desktop/src/locales/et/messages.json
+++ b/apps/desktop/src/locales/et/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Kirje on jäädavalt kustutatud"
   },
-  "restoreItem": {
-    "message": "Taasta kirje"
-  },
-  "restoreItemConfirmation": {
-    "message": "Oled kindel, et soovid selle kirje taastada?"
-  },
   "restoredItem": {
     "message": "Kirje on taastatud"
   },
diff --git a/apps/desktop/src/locales/eu/messages.json b/apps/desktop/src/locales/eu/messages.json
index b2f553bbf35..248f50e42a5 100644
--- a/apps/desktop/src/locales/eu/messages.json
+++ b/apps/desktop/src/locales/eu/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Elementua betirako ezabatua"
   },
-  "restoreItem": {
-    "message": "Berreskuratu elementua"
-  },
-  "restoreItemConfirmation": {
-    "message": "Ziur al zaude elementu hau berreskuratu nahi duzula?"
-  },
   "restoredItem": {
     "message": "Elementua berreskuratua"
   },
diff --git a/apps/desktop/src/locales/fa/messages.json b/apps/desktop/src/locales/fa/messages.json
index 655d016c0f1..783b16f5329 100644
--- a/apps/desktop/src/locales/fa/messages.json
+++ b/apps/desktop/src/locales/fa/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "مورد برای همیشه حذف شد"
   },
-  "restoreItem": {
-    "message": "بازیابی مورد"
-  },
-  "restoreItemConfirmation": {
-    "message": "آیا مطمئن هستید که می‌خواهید این مورد را بازیابی کنید؟"
-  },
   "restoredItem": {
     "message": "مورد بازیابی شد"
   },
diff --git a/apps/desktop/src/locales/fi/messages.json b/apps/desktop/src/locales/fi/messages.json
index ac4e0ad6c68..63d1208b397 100644
--- a/apps/desktop/src/locales/fi/messages.json
+++ b/apps/desktop/src/locales/fi/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Kohde poistettiin pysyvästi"
   },
-  "restoreItem": {
-    "message": "Palauta kohde"
-  },
-  "restoreItemConfirmation": {
-    "message": "Haluatko varmasti palauttaa kohteen?"
-  },
   "restoredItem": {
     "message": "Kohde palautettiin"
   },
diff --git a/apps/desktop/src/locales/fil/messages.json b/apps/desktop/src/locales/fil/messages.json
index 99719bd9c78..08194034bbc 100644
--- a/apps/desktop/src/locales/fil/messages.json
+++ b/apps/desktop/src/locales/fil/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanenteng tinanggal"
   },
-  "restoreItem": {
-    "message": "Ibalik ang item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Sigurado ka bang gusto mong ibalik ang item na ito?"
-  },
   "restoredItem": {
     "message": "Item na nai-restore"
   },
diff --git a/apps/desktop/src/locales/fr/messages.json b/apps/desktop/src/locales/fr/messages.json
index 15c77a1a49b..93262111b75 100644
--- a/apps/desktop/src/locales/fr/messages.json
+++ b/apps/desktop/src/locales/fr/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Élément supprimé définitivement"
   },
-  "restoreItem": {
-    "message": "Restaurer l'élément"
-  },
-  "restoreItemConfirmation": {
-    "message": "Êtes-vous sûr de vouloir restaurer cet élément ?"
-  },
   "restoredItem": {
     "message": "Élément restauré"
   },
diff --git a/apps/desktop/src/locales/gl/messages.json b/apps/desktop/src/locales/gl/messages.json
index ede96425e9c..48da8c3453e 100644
--- a/apps/desktop/src/locales/gl/messages.json
+++ b/apps/desktop/src/locales/gl/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/he/messages.json b/apps/desktop/src/locales/he/messages.json
index e804caddc6f..1c0f7af6f4c 100644
--- a/apps/desktop/src/locales/he/messages.json
+++ b/apps/desktop/src/locales/he/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "פריט שנמחק לצמיתות"
   },
-  "restoreItem": {
-    "message": "שחזר פריט"
-  },
-  "restoreItemConfirmation": {
-    "message": "האם אתה בטוח שברצונך לשחזר פריט זה?"
-  },
   "restoredItem": {
     "message": "פריט ששוחזר"
   },
diff --git a/apps/desktop/src/locales/hi/messages.json b/apps/desktop/src/locales/hi/messages.json
index c8e4e16e954..6c3c6768632 100644
--- a/apps/desktop/src/locales/hi/messages.json
+++ b/apps/desktop/src/locales/hi/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/hr/messages.json b/apps/desktop/src/locales/hr/messages.json
index 042af715e53..e9967830fb3 100644
--- a/apps/desktop/src/locales/hr/messages.json
+++ b/apps/desktop/src/locales/hr/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Stavka trajno izbrisana"
   },
-  "restoreItem": {
-    "message": "Vrati stavku"
-  },
-  "restoreItemConfirmation": {
-    "message": "Sigurno želiš vratiti ovu stavku?"
-  },
   "restoredItem": {
     "message": "Stavka vraćena"
   },
diff --git a/apps/desktop/src/locales/hu/messages.json b/apps/desktop/src/locales/hu/messages.json
index 74745499079..e6c86a99381 100644
--- a/apps/desktop/src/locales/hu/messages.json
+++ b/apps/desktop/src/locales/hu/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Elem végleges törlése"
   },
-  "restoreItem": {
-    "message": "Elem visszaállítása"
-  },
-  "restoreItemConfirmation": {
-    "message": "Biztosan visszaállításra kerüljön ezt az elem?"
-  },
   "restoredItem": {
     "message": "Visszaállított elem"
   },
diff --git a/apps/desktop/src/locales/id/messages.json b/apps/desktop/src/locales/id/messages.json
index 21bbdd12c36..751b2addd0a 100644
--- a/apps/desktop/src/locales/id/messages.json
+++ b/apps/desktop/src/locales/id/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item Terhapus Permanen"
   },
-  "restoreItem": {
-    "message": "Pulihkan Item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Apakah Anda yakin ingin memulihkan item ini?"
-  },
   "restoredItem": {
     "message": "Item Yang Dipulihkan"
   },
diff --git a/apps/desktop/src/locales/it/messages.json b/apps/desktop/src/locales/it/messages.json
index 3e977e9f200..1153e28230f 100644
--- a/apps/desktop/src/locales/it/messages.json
+++ b/apps/desktop/src/locales/it/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Elemento eliminato definitivamente"
   },
-  "restoreItem": {
-    "message": "Ripristina elemento"
-  },
-  "restoreItemConfirmation": {
-    "message": "Sei sicuro di voler ripristinare questo elemento?"
-  },
   "restoredItem": {
     "message": "Elemento ripristinato"
   },
diff --git a/apps/desktop/src/locales/ja/messages.json b/apps/desktop/src/locales/ja/messages.json
index 155af2e5259..92973480a80 100644
--- a/apps/desktop/src/locales/ja/messages.json
+++ b/apps/desktop/src/locales/ja/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "完全に削除されたアイテム"
   },
-  "restoreItem": {
-    "message": "アイテムをリストア"
-  },
-  "restoreItemConfirmation": {
-    "message": "このアイテムをリストアしますか？"
-  },
   "restoredItem": {
     "message": "リストアされたアイテム"
   },
diff --git a/apps/desktop/src/locales/ka/messages.json b/apps/desktop/src/locales/ka/messages.json
index ede96425e9c..48da8c3453e 100644
--- a/apps/desktop/src/locales/ka/messages.json
+++ b/apps/desktop/src/locales/ka/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/km/messages.json b/apps/desktop/src/locales/km/messages.json
index ede96425e9c..48da8c3453e 100644
--- a/apps/desktop/src/locales/km/messages.json
+++ b/apps/desktop/src/locales/km/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/kn/messages.json b/apps/desktop/src/locales/kn/messages.json
index 24833fa4383..d77dc3aea1d 100644
--- a/apps/desktop/src/locales/kn/messages.json
+++ b/apps/desktop/src/locales/kn/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "ಶಾಶ್ವತವಾಗಿ ಅಳಿಸಲಾದ ಐಟಂ"
   },
-  "restoreItem": {
-    "message": "ಐಟಂ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಿ"
-  },
-  "restoreItemConfirmation": {
-    "message": "ಈ ಐಟಂ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಲು ನೀವು ಖಚಿತವಾಗಿ ಬಯಸುವಿರಾ?"
-  },
   "restoredItem": {
     "message": "ಐಟಂ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಲಾಗಿದೆ"
   },
diff --git a/apps/desktop/src/locales/ko/messages.json b/apps/desktop/src/locales/ko/messages.json
index 87dad22d31e..7973d5f7477 100644
--- a/apps/desktop/src/locales/ko/messages.json
+++ b/apps/desktop/src/locales/ko/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "영구적으로 삭제된 항목"
   },
-  "restoreItem": {
-    "message": "항목 복원"
-  },
-  "restoreItemConfirmation": {
-    "message": "정말 이 항목을 복원하시겠습니까?"
-  },
   "restoredItem": {
     "message": "복원된 항목"
   },
diff --git a/apps/desktop/src/locales/lv/messages.json b/apps/desktop/src/locales/lv/messages.json
index 961e3cf593c..96f175d6c6a 100644
--- a/apps/desktop/src/locales/lv/messages.json
+++ b/apps/desktop/src/locales/lv/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Vienums neatgriezeniski izdzēsts"
   },
-  "restoreItem": {
-    "message": "Atjaunot vienumu"
-  },
-  "restoreItemConfirmation": {
-    "message": "Vai tiešām atjaunot šo vienumu?"
-  },
   "restoredItem": {
     "message": "Vienums atjaunots"
   },
diff --git a/apps/desktop/src/locales/me/messages.json b/apps/desktop/src/locales/me/messages.json
index 63e8c9bfa2e..5de6adb4a19 100644
--- a/apps/desktop/src/locales/me/messages.json
+++ b/apps/desktop/src/locales/me/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/ml/messages.json b/apps/desktop/src/locales/ml/messages.json
index 94d2c8f37c5..31d3ad94c0c 100644
--- a/apps/desktop/src/locales/ml/messages.json
+++ b/apps/desktop/src/locales/ml/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "എന്നെന്നേക്കുമായി നീക്കം ചെയ്ത ഇനം"
   },
-  "restoreItem": {
-    "message": "ഇനം വീണ്ടെടുക്കുക"
-  },
-  "restoreItemConfirmation": {
-    "message": "ഈ ഇനം വീണ്ടെടുക്കണമെന്ന് ഉറപ്പാണോ?"
-  },
   "restoredItem": {
     "message": "വീണ്ടെടുത്ത ഇനങ്ങൾ"
   },
diff --git a/apps/desktop/src/locales/mr/messages.json b/apps/desktop/src/locales/mr/messages.json
index ede96425e9c..48da8c3453e 100644
--- a/apps/desktop/src/locales/mr/messages.json
+++ b/apps/desktop/src/locales/mr/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/my/messages.json b/apps/desktop/src/locales/my/messages.json
index 69b25d3e763..2e516ccedf9 100644
--- a/apps/desktop/src/locales/my/messages.json
+++ b/apps/desktop/src/locales/my/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/nb/messages.json b/apps/desktop/src/locales/nb/messages.json
index 85683848236..230dd97fa8d 100644
--- a/apps/desktop/src/locales/nb/messages.json
+++ b/apps/desktop/src/locales/nb/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Slett objektet permanent"
   },
-  "restoreItem": {
-    "message": "Gjenopprett objekt"
-  },
-  "restoreItemConfirmation": {
-    "message": "Er du sikker på at du vil gjenopprette dette objektet?"
-  },
   "restoredItem": {
     "message": "Gjenopprettet objekt"
   },
diff --git a/apps/desktop/src/locales/ne/messages.json b/apps/desktop/src/locales/ne/messages.json
index ede96425e9c..48da8c3453e 100644
--- a/apps/desktop/src/locales/ne/messages.json
+++ b/apps/desktop/src/locales/ne/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/nl/messages.json b/apps/desktop/src/locales/nl/messages.json
index 257c86c4c34..29b7a06d226 100644
--- a/apps/desktop/src/locales/nl/messages.json
+++ b/apps/desktop/src/locales/nl/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Definitief verwijderd item"
   },
-  "restoreItem": {
-    "message": "Item herstellen"
-  },
-  "restoreItemConfirmation": {
-    "message": "Weet je zeker dat je dit item wilt herstellen?"
-  },
   "restoredItem": {
     "message": "Hersteld item"
   },
diff --git a/apps/desktop/src/locales/nn/messages.json b/apps/desktop/src/locales/nn/messages.json
index e80dc037e49..81ac6a7a123 100644
--- a/apps/desktop/src/locales/nn/messages.json
+++ b/apps/desktop/src/locales/nn/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/or/messages.json b/apps/desktop/src/locales/or/messages.json
index d0a30e5e327..b9276d540fc 100644
--- a/apps/desktop/src/locales/or/messages.json
+++ b/apps/desktop/src/locales/or/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/pl/messages.json b/apps/desktop/src/locales/pl/messages.json
index 68c3bec739f..f33df082bcd 100644
--- a/apps/desktop/src/locales/pl/messages.json
+++ b/apps/desktop/src/locales/pl/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Element został trwale usunięty"
   },
-  "restoreItem": {
-    "message": "Przywróć element"
-  },
-  "restoreItemConfirmation": {
-    "message": "Czy na pewno chcesz przywrócić ten element?"
-  },
   "restoredItem": {
     "message": "Element został przywrócony"
   },
diff --git a/apps/desktop/src/locales/pt_BR/messages.json b/apps/desktop/src/locales/pt_BR/messages.json
index 6af040aa65a..e0653acefa2 100644
--- a/apps/desktop/src/locales/pt_BR/messages.json
+++ b/apps/desktop/src/locales/pt_BR/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item Permanentemente Excluído"
   },
-  "restoreItem": {
-    "message": "Restaurar Item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Você tem certeza que deseja restaurar esse item?"
-  },
   "restoredItem": {
     "message": "Item Restaurado"
   },
diff --git a/apps/desktop/src/locales/pt_PT/messages.json b/apps/desktop/src/locales/pt_PT/messages.json
index 523af403436..5714aaf142b 100644
--- a/apps/desktop/src/locales/pt_PT/messages.json
+++ b/apps/desktop/src/locales/pt_PT/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item eliminado permanentemente"
   },
-  "restoreItem": {
-    "message": "Restaurar item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Tem a certeza de que pretende restaurar este item?"
-  },
   "restoredItem": {
     "message": "Item restaurado"
   },
@@ -2125,7 +2119,7 @@
     "message": "Frase de impressão digital"
   },
   "needAnotherOption": {
-    "message": "O início de sessão com o dispositivo deve ser ativado nas definições da aplicação Bitwarden. Necessita de outra opção?"
+    "message": "O início de sessão com o dispositivo deve ser ativado nas definições da aplicação Bitwarden. Precisa de outra opção?"
   },
   "viewAllLoginOptions": {
     "message": "Ver todas as opções de início de sessão"
diff --git a/apps/desktop/src/locales/ro/messages.json b/apps/desktop/src/locales/ro/messages.json
index 2ea79931dfd..bdd645da39f 100644
--- a/apps/desktop/src/locales/ro/messages.json
+++ b/apps/desktop/src/locales/ro/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Articol șters permanent"
   },
-  "restoreItem": {
-    "message": "Restaurare articol"
-  },
-  "restoreItemConfirmation": {
-    "message": "Sigur doriți să restabiliți acest articol?"
-  },
   "restoredItem": {
     "message": "Articol restabilit"
   },
diff --git a/apps/desktop/src/locales/ru/messages.json b/apps/desktop/src/locales/ru/messages.json
index 4ee6c0146a2..4326a105fe0 100644
--- a/apps/desktop/src/locales/ru/messages.json
+++ b/apps/desktop/src/locales/ru/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Элемент удален навсегда"
   },
-  "restoreItem": {
-    "message": "Восстановить элемент"
-  },
-  "restoreItemConfirmation": {
-    "message": "Вы уверены, что хотите восстановить этот элемент?"
-  },
   "restoredItem": {
     "message": "Элемент восстановлен"
   },
diff --git a/apps/desktop/src/locales/si/messages.json b/apps/desktop/src/locales/si/messages.json
index dd521ed5e5d..20268275344 100644
--- a/apps/desktop/src/locales/si/messages.json
+++ b/apps/desktop/src/locales/si/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/sk/messages.json b/apps/desktop/src/locales/sk/messages.json
index 752ef8e44fb..384f4474a55 100644
--- a/apps/desktop/src/locales/sk/messages.json
+++ b/apps/desktop/src/locales/sk/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Položka natrvalo odstránená"
   },
-  "restoreItem": {
-    "message": "Obnoviť položku"
-  },
-  "restoreItemConfirmation": {
-    "message": "Naozaj chcete obnoviť túto položku?"
-  },
   "restoredItem": {
     "message": "Obnovená položka"
   },
diff --git a/apps/desktop/src/locales/sl/messages.json b/apps/desktop/src/locales/sl/messages.json
index 2dd3e77b911..4574e72ce8b 100644
--- a/apps/desktop/src/locales/sl/messages.json
+++ b/apps/desktop/src/locales/sl/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/sr/messages.json b/apps/desktop/src/locales/sr/messages.json
index e77a89fe2c7..87ec155c15f 100644
--- a/apps/desktop/src/locales/sr/messages.json
+++ b/apps/desktop/src/locales/sr/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Трајно избрисана ставка"
   },
-  "restoreItem": {
-    "message": "Врати ставку"
-  },
-  "restoreItemConfirmation": {
-    "message": "Да ли сте сигурни да желите да вратите ову ставку?"
-  },
   "restoredItem": {
     "message": "Ставка враћена"
   },
diff --git a/apps/desktop/src/locales/sv/messages.json b/apps/desktop/src/locales/sv/messages.json
index 01fe1731e00..20b78cbf5cd 100644
--- a/apps/desktop/src/locales/sv/messages.json
+++ b/apps/desktop/src/locales/sv/messages.json
@@ -33,7 +33,7 @@
     "message": "Samlingar"
   },
   "searchVault": {
-    "message": "Sök i valvet"
+    "message": "Sök i valv"
   },
   "addItem": {
     "message": "Lägg till objekt"
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Raderade objekt permanent"
   },
-  "restoreItem": {
-    "message": "Återställ objekt"
-  },
-  "restoreItemConfirmation": {
-    "message": "Är du säker på att du vill återställa detta objekt?"
-  },
   "restoredItem": {
     "message": "Återställde objekt"
   },
diff --git a/apps/desktop/src/locales/te/messages.json b/apps/desktop/src/locales/te/messages.json
index ede96425e9c..48da8c3453e 100644
--- a/apps/desktop/src/locales/te/messages.json
+++ b/apps/desktop/src/locales/te/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/th/messages.json b/apps/desktop/src/locales/th/messages.json
index 7221191a142..1b7bdba09b6 100644
--- a/apps/desktop/src/locales/th/messages.json
+++ b/apps/desktop/src/locales/th/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Item permanently deleted"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
diff --git a/apps/desktop/src/locales/tr/messages.json b/apps/desktop/src/locales/tr/messages.json
index 340dfd753ab..3c323d9d106 100644
--- a/apps/desktop/src/locales/tr/messages.json
+++ b/apps/desktop/src/locales/tr/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Kayıt kalıcı olarak silindi"
   },
-  "restoreItem": {
-    "message": "Kaydı geri yükle"
-  },
-  "restoreItemConfirmation": {
-    "message": "Bu ögeyi geri yüklemek istediğinizden emin misiniz?"
-  },
   "restoredItem": {
     "message": "Kayıt geri yüklendi"
   },
diff --git a/apps/desktop/src/locales/uk/messages.json b/apps/desktop/src/locales/uk/messages.json
index 5b9afdc1000..29b9b31f783 100644
--- a/apps/desktop/src/locales/uk/messages.json
+++ b/apps/desktop/src/locales/uk/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Запис остаточно видалено"
   },
-  "restoreItem": {
-    "message": "Відновити запис"
-  },
-  "restoreItemConfirmation": {
-    "message": "Ви дійсно хочете відновити цей запис?"
-  },
   "restoredItem": {
     "message": "Запис відновлено"
   },
@@ -2253,7 +2247,7 @@
     "message": "Оновлення рекомендованих налаштувань"
   },
   "loggingInOn": {
-    "message": "Logging in on"
+    "message": "Увійти на"
   },
   "usDomain": {
     "message": "bitwarden.com"
diff --git a/apps/desktop/src/locales/vi/messages.json b/apps/desktop/src/locales/vi/messages.json
index 6f69be27586..8f21ac75264 100644
--- a/apps/desktop/src/locales/vi/messages.json
+++ b/apps/desktop/src/locales/vi/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "Đã xóa vĩnh viễn mục"
   },
-  "restoreItem": {
-    "message": "Khôi phục mục"
-  },
-  "restoreItemConfirmation": {
-    "message": "Bạn có chắc chắn muốn khôi phục mục này không?"
-  },
   "restoredItem": {
     "message": "Mục đã được khôi phục"
   },
diff --git a/apps/desktop/src/locales/zh_CN/messages.json b/apps/desktop/src/locales/zh_CN/messages.json
index 8e03d9521fe..a44284a79df 100644
--- a/apps/desktop/src/locales/zh_CN/messages.json
+++ b/apps/desktop/src/locales/zh_CN/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "项目已永久删除"
   },
-  "restoreItem": {
-    "message": "恢复项目"
-  },
-  "restoreItemConfirmation": {
-    "message": "您确定要恢复此项目吗？"
-  },
   "restoredItem": {
     "message": "项目已恢复"
   },
diff --git a/apps/desktop/src/locales/zh_TW/messages.json b/apps/desktop/src/locales/zh_TW/messages.json
index bf0ce480427..b13dd8f7a74 100644
--- a/apps/desktop/src/locales/zh_TW/messages.json
+++ b/apps/desktop/src/locales/zh_TW/messages.json
@@ -1512,12 +1512,6 @@
   "permanentlyDeletedItem": {
     "message": "項目已永久刪除"
   },
-  "restoreItem": {
-    "message": "還原項目"
-  },
-  "restoreItemConfirmation": {
-    "message": "您確定要恢復此項目嗎？"
-  },
   "restoredItem": {
     "message": "項目已還原"
   },
diff --git a/apps/desktop/src/main/menu/menu.account.ts b/apps/desktop/src/main/menu/menu.account.ts
index 10a6d6d77d5..5060a4934c5 100644
--- a/apps/desktop/src/main/menu/menu.account.ts
+++ b/apps/desktop/src/main/menu/menu.account.ts
@@ -15,14 +15,15 @@ export class AccountMenu implements IMenubarMenu {
   }
 
   get items(): MenuItemConstructorOptions[] {
-    return [
-      this.premiumMembership,
-      this.changeMasterPassword,
-      this.twoStepLogin,
-      this.fingerprintPhrase,
-      this.separator,
-      this.deleteAccount,
-    ];
+    const items = [this.premiumMembership];
+    if (this._hasMasterPassword) {
+      items.push(this.changeMasterPassword);
+    }
+    items.push(this.twoStepLogin);
+    items.push(this.fingerprintPhrase);
+    items.push(this.separator);
+    items.push(this.deleteAccount);
+    return items;
   }
 
   private readonly _i18nService: I18nService;
@@ -30,19 +31,22 @@ export class AccountMenu implements IMenubarMenu {
   private readonly _webVaultUrl: string;
   private readonly _window: BrowserWindow;
   private readonly _isLocked: boolean;
+  private readonly _hasMasterPassword: boolean;
 
   constructor(
     i18nService: I18nService,
     messagingService: MessagingService,
     webVaultUrl: string,
     window: BrowserWindow,
-    isLocked: boolean
+    isLocked: boolean,
+    hasMasterPassword: boolean
   ) {
     this._i18nService = i18nService;
     this._messagingService = messagingService;
     this._webVaultUrl = webVaultUrl;
     this._window = window;
     this._isLocked = isLocked;
+    this._hasMasterPassword = hasMasterPassword;
   }
 
   private get premiumMembership(): MenuItemConstructorOptions {
diff --git a/apps/desktop/src/main/menu/menu.bitwarden.ts b/apps/desktop/src/main/menu/menu.bitwarden.ts
index 3c3a16702ee..6873f679de7 100644
--- a/apps/desktop/src/main/menu/menu.bitwarden.ts
+++ b/apps/desktop/src/main/menu/menu.bitwarden.ts
@@ -52,9 +52,10 @@ export class BitwardenMenu extends FirstMenu implements IMenubarMenu {
     updater: UpdaterMain,
     window: BrowserWindow,
     accounts: { [userId: string]: MenuAccount },
-    isLocked: boolean
+    isLocked: boolean,
+    isLockable: boolean
   ) {
-    super(i18nService, messagingService, updater, window, accounts, isLocked);
+    super(i18nService, messagingService, updater, window, accounts, isLocked, isLockable);
   }
 
   private get aboutBitwarden(): MenuItemConstructorOptions {
diff --git a/apps/desktop/src/main/menu/menu.file.ts b/apps/desktop/src/main/menu/menu.file.ts
index 618acdc7fe1..173b6066aba 100644
--- a/apps/desktop/src/main/menu/menu.file.ts
+++ b/apps/desktop/src/main/menu/menu.file.ts
@@ -51,9 +51,10 @@ export class FileMenu extends FirstMenu implements IMenubarMenu {
     updater: UpdaterMain,
     window: BrowserWindow,
     accounts: { [userId: string]: MenuAccount },
-    isLocked: boolean
+    isLocked: boolean,
+    isLockable: boolean
   ) {
-    super(i18nService, messagingService, updater, window, accounts, isLocked);
+    super(i18nService, messagingService, updater, window, accounts, isLocked, isLockable);
   }
 
   private get addNewLogin(): MenuItemConstructorOptions {
diff --git a/apps/desktop/src/main/menu/menu.first.ts b/apps/desktop/src/main/menu/menu.first.ts
index 805956f2632..b164e280d0b 100644
--- a/apps/desktop/src/main/menu/menu.first.ts
+++ b/apps/desktop/src/main/menu/menu.first.ts
@@ -9,33 +9,24 @@ import { UpdaterMain } from "../updater.main";
 import { MenuAccount } from "./menu.updater";
 
 export class FirstMenu {
-  protected readonly _i18nService: I18nService;
-  protected readonly _updater: UpdaterMain;
-  protected readonly _messagingService: MessagingService;
-  protected readonly _accounts: { [userId: string]: MenuAccount };
-  protected readonly _window: BrowserWindow;
-  protected readonly _isLocked: boolean;
-
   constructor(
-    i18nService: I18nService,
-    messagingService: MessagingService,
-    updater: UpdaterMain,
-    window: BrowserWindow,
-    accounts: { [userId: string]: MenuAccount },
-    isLocked: boolean
-  ) {
-    this._i18nService = i18nService;
-    this._updater = updater;
-    this._messagingService = messagingService;
-    this._window = window;
-    this._accounts = accounts;
-    this._isLocked = isLocked;
-  }
+    protected readonly _i18nService: I18nService,
+    protected readonly _messagingService: MessagingService,
+    protected readonly _updater: UpdaterMain,
+    protected readonly _window: BrowserWindow,
+    protected readonly _accounts: { [userId: string]: MenuAccount },
+    protected readonly _isLocked: boolean,
+    protected readonly _isLockable: boolean
+  ) {}
 
   protected get hasAccounts(): boolean {
     return this._accounts != null && Object.keys(this._accounts).length > 0;
   }
 
+  protected get hasLockableAccounts(): boolean {
+    return this._accounts != null && Object.values(this._accounts).some((a) => a.isLockable);
+  }
+
   protected get checkForUpdates(): MenuItemConstructorOptions {
     return {
       id: "checkForUpdates",
@@ -66,23 +57,29 @@ export class FirstMenu {
       id: "lock",
       label: this.localize("lockVault"),
       submenu: this.lockSubmenu,
-      enabled: this.hasAccounts,
+      enabled: this.hasLockableAccounts,
     };
   }
 
   protected get lockSubmenu(): MenuItemConstructorOptions[] {
     const value: MenuItemConstructorOptions[] = [];
     for (const userId in this._accounts) {
-      if (userId == null) {
+      if (!userId) {
+        continue;
+      }
+
+      const account = this._accounts[userId];
+
+      if (account == null || !account.isLockable) {
         continue;
       }
 
       value.push({
-        label: this._accounts[userId].email,
-        id: `lockNow_${this._accounts[userId].userId}`,
-        click: () => this.sendMessage("lockVault", { userId: this._accounts[userId].userId }),
-        enabled: !this._accounts[userId].isLocked,
-        visible: this._accounts[userId].isAuthenticated,
+        label: account.email,
+        id: `lockNow_${account.userId}`,
+        click: () => this.sendMessage("lockVault", { userId: account.userId }),
+        enabled: !account.isLocked,
+        visible: account.isAuthenticated,
       });
     }
     return value;
diff --git a/apps/desktop/src/main/menu/menu.updater.ts b/apps/desktop/src/main/menu/menu.updater.ts
index 75454a56f86..170804cae25 100644
--- a/apps/desktop/src/main/menu/menu.updater.ts
+++ b/apps/desktop/src/main/menu/menu.updater.ts
@@ -1,5 +1,4 @@
 export class MenuUpdateRequest {
-  hideChangeMasterPassword: boolean;
   activeUserId: string;
   accounts: { [userId: string]: MenuAccount };
 }
@@ -7,6 +6,8 @@ export class MenuUpdateRequest {
 export class MenuAccount {
   isAuthenticated: boolean;
   isLocked: boolean;
+  isLockable: boolean;
   userId: string;
   email: string;
+  hasMasterPassword: boolean;
 }
diff --git a/apps/desktop/src/main/menu/menubar.ts b/apps/desktop/src/main/menu/menubar.ts
index 6ac28a1c8db..c3f37ecbffb 100644
--- a/apps/desktop/src/main/menu/menubar.ts
+++ b/apps/desktop/src/main/menu/menubar.ts
@@ -62,6 +62,10 @@ export class Menubar {
       isLocked = updateRequest.accounts[updateRequest.activeUserId]?.isLocked ?? true;
     }
 
+    const isLockable = !isLocked && updateRequest?.accounts[updateRequest.activeUserId]?.isLockable;
+    const hasMasterPassword =
+      updateRequest?.accounts[updateRequest.activeUserId]?.hasMasterPassword ?? false;
+
     this.items = [
       new FileMenu(
         i18nService,
@@ -69,11 +73,19 @@ export class Menubar {
         updaterMain,
         windowMain.win,
         updateRequest?.accounts,
-        isLocked
+        isLocked,
+        isLockable
       ),
       new EditMenu(i18nService, messagingService, isLocked),
       new ViewMenu(i18nService, messagingService, isLocked),
-      new AccountMenu(i18nService, messagingService, webVaultUrl, windowMain.win, isLocked),
+      new AccountMenu(
+        i18nService,
+        messagingService,
+        webVaultUrl,
+        windowMain.win,
+        isLocked,
+        hasMasterPassword
+      ),
       new WindowMenu(i18nService, messagingService, windowMain),
       new HelpMenu(
         i18nService,
@@ -91,7 +103,8 @@ export class Menubar {
             updaterMain,
             windowMain.win,
             updateRequest?.accounts,
-            isLocked
+            isLocked,
+            isLockable
           ),
         ],
         ...this.items,
diff --git a/apps/desktop/src/main/window.main.ts b/apps/desktop/src/main/window.main.ts
index 6faac0c684c..4ea28c74c5f 100644
--- a/apps/desktop/src/main/window.main.ts
+++ b/apps/desktop/src/main/window.main.ts
@@ -236,7 +236,7 @@ export class WindowMain {
       case "light":
         return "#ededed";
       case "dark":
-        return "#222222";
+        return "#15181e";
       case "nord":
         return "#3b4252";
     }
diff --git a/apps/desktop/src/package-lock.json b/apps/desktop/src/package-lock.json
index a918154c431..7906eec92f4 100644
--- a/apps/desktop/src/package-lock.json
+++ b/apps/desktop/src/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@bitwarden/desktop",
-  "version": "2023.7.2",
+  "version": "2023.8.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@bitwarden/desktop",
-      "version": "2023.7.2",
+      "version": "2023.8.0",
       "license": "GPL-3.0",
       "dependencies": {
         "@bitwarden/desktop-native": "file:../desktop_native"
diff --git a/apps/desktop/src/package.json b/apps/desktop/src/package.json
index fe011c02e59..75951b6df0d 100644
--- a/apps/desktop/src/package.json
+++ b/apps/desktop/src/package.json
@@ -2,7 +2,7 @@
   "name": "@bitwarden/desktop",
   "productName": "Bitwarden",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2023.7.2",
+  "version": "2023.8.0",
   "author": "Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)",
   "homepage": "https://bitwarden.com",
   "license": "GPL-3.0",
diff --git a/apps/desktop/src/platform/services/electron-crypto.service.spec.ts b/apps/desktop/src/platform/services/electron-crypto.service.spec.ts
new file mode 100644
index 00000000000..92f9391b131
--- /dev/null
+++ b/apps/desktop/src/platform/services/electron-crypto.service.spec.ts
@@ -0,0 +1,91 @@
+import { mock, mockReset } from "jest-mock-extended";
+
+import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
+import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import {
+  SymmetricCryptoKey,
+  UserKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { CsprngArray } from "@bitwarden/common/types/csprng";
+
+import { ElectronCryptoService } from "./electron-crypto.service";
+import { ElectronStateService } from "./electron-state.service.abstraction";
+
+describe("electronCryptoService", () => {
+  let electronCryptoService: ElectronCryptoService;
+
+  const cryptoFunctionService = mock<CryptoFunctionService>();
+  const encryptService = mock<EncryptService>();
+  const platformUtilService = mock<PlatformUtilsService>();
+  const logService = mock<LogService>();
+  const stateService = mock<ElectronStateService>();
+
+  const mockUserId = "mock user id";
+
+  beforeEach(() => {
+    mockReset(cryptoFunctionService);
+    mockReset(encryptService);
+    mockReset(platformUtilService);
+    mockReset(logService);
+    mockReset(stateService);
+
+    electronCryptoService = new ElectronCryptoService(
+      cryptoFunctionService,
+      encryptService,
+      platformUtilService,
+      logService,
+      stateService
+    );
+  });
+
+  it("instantiates", () => {
+    expect(electronCryptoService).not.toBeFalsy();
+  });
+
+  describe("setUserKey", () => {
+    let mockUserKey: UserKey;
+
+    beforeEach(() => {
+      const mockRandomBytes = new Uint8Array(64) as CsprngArray;
+      mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey;
+    });
+
+    describe("Biometric Key refresh", () => {
+      it("sets an Biometric key if getBiometricUnlock is true and the platform supports secure storage", async () => {
+        stateService.getBiometricUnlock.mockResolvedValue(true);
+        platformUtilService.supportsSecureStorage.mockReturnValue(true);
+        stateService.getBiometricRequirePasswordOnStart.mockResolvedValue(false);
+
+        await electronCryptoService.setUserKey(mockUserKey, mockUserId);
+
+        expect(stateService.setUserKeyBiometric).toHaveBeenCalledWith(
+          expect.objectContaining({ key: expect.any(String), clientEncKeyHalf: null }),
+          {
+            userId: mockUserId,
+          }
+        );
+      });
+
+      it("clears the Biometric key if getBiometricUnlock is false or the platform does not support secure storage", async () => {
+        stateService.getBiometricUnlock.mockResolvedValue(true);
+        platformUtilService.supportsSecureStorage.mockReturnValue(false);
+
+        await electronCryptoService.setUserKey(mockUserKey, mockUserId);
+
+        expect(stateService.setUserKeyBiometric).toHaveBeenCalledWith(null, {
+          userId: mockUserId,
+        });
+      });
+
+      it("clears the old deprecated Biometric key whenever a User Key is set", async () => {
+        await electronCryptoService.setUserKey(mockUserKey, mockUserId);
+
+        expect(stateService.setCryptoMasterKeyBiometric).toHaveBeenCalledWith(null, {
+          userId: mockUserId,
+        });
+      });
+    });
+  });
+});
diff --git a/apps/desktop/src/platform/services/electron-crypto.service.ts b/apps/desktop/src/platform/services/electron-crypto.service.ts
index 1fb90e52ca4..e21d2001977 100644
--- a/apps/desktop/src/platform/services/electron-crypto.service.ts
+++ b/apps/desktop/src/platform/services/electron-crypto.service.ts
@@ -4,7 +4,12 @@ import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
+import {
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { CryptoService } from "@bitwarden/common/platform/services/crypto.service";
 import { CsprngString } from "@bitwarden/common/types/csprng";
 
@@ -21,36 +26,80 @@ export class ElectronCryptoService extends CryptoService {
     super(cryptoFunctionService, encryptService, platformUtilsService, logService, stateService);
   }
 
-  protected override async storeKey(key: SymmetricCryptoKey, userId?: string) {
-    await super.storeKey(key, userId);
+  override async hasUserKeyStored(keySuffix: KeySuffixOptions, userId?: string): Promise<boolean> {
+    if (keySuffix === KeySuffixOptions.Biometric) {
+      // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3474)
+      const oldKey = await this.stateService.hasCryptoMasterKeyBiometric({ userId: userId });
+      return oldKey || (await this.stateService.hasUserKeyBiometric({ userId: userId }));
+    }
+    return super.hasUserKeyStored(keySuffix, userId);
+  }
+
+  override async clearStoredUserKey(keySuffix: KeySuffixOptions, userId?: string): Promise<void> {
+    if (keySuffix === KeySuffixOptions.Biometric) {
+      this.stateService.setUserKeyBiometric(null, { userId: userId });
+      this.clearDeprecatedKeys(KeySuffixOptions.Biometric, userId);
+      return;
+    }
+    super.clearStoredUserKey(keySuffix, userId);
+  }
+
+  protected override async storeAdditionalKeys(key: UserKey, userId?: string) {
+    await super.storeAdditionalKeys(key, userId);
 
     const storeBiometricKey = await this.shouldStoreKey(KeySuffixOptions.Biometric, userId);
 
     if (storeBiometricKey) {
       await this.storeBiometricKey(key, userId);
     } else {
-      await this.stateService.setCryptoMasterKeyBiometric(null, { userId: userId });
+      await this.stateService.setUserKeyBiometric(null, { userId: userId });
     }
+    await this.clearDeprecatedKeys(KeySuffixOptions.Biometric, userId);
   }
 
-  protected async storeBiometricKey(key: SymmetricCryptoKey, userId?: string): Promise<void> {
+  protected override async getKeyFromStorage(
+    keySuffix: KeySuffixOptions,
+    userId?: string
+  ): Promise<UserKey> {
+    if (keySuffix === KeySuffixOptions.Biometric) {
+      await this.migrateBiometricKeyIfNeeded(userId);
+      const userKey = await this.stateService.getUserKeyBiometric({ userId: userId });
+      return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey)) as UserKey;
+    }
+    return await super.getKeyFromStorage(keySuffix, userId);
+  }
+
+  protected async storeBiometricKey(key: UserKey, userId?: string): Promise<void> {
     let clientEncKeyHalf: CsprngString = null;
     if (await this.stateService.getBiometricRequirePasswordOnStart({ userId })) {
       clientEncKeyHalf = await this.getBiometricEncryptionClientKeyHalf(userId);
     }
-    await this.stateService.setCryptoMasterKeyBiometric(
+    await this.stateService.setUserKeyBiometric(
       { key: key.keyB64, clientEncKeyHalf },
       { userId: userId }
     );
   }
 
+  protected async shouldStoreKey(keySuffix: KeySuffixOptions, userId?: string): Promise<boolean> {
+    if (keySuffix === KeySuffixOptions.Biometric) {
+      const biometricUnlock = await this.stateService.getBiometricUnlock({ userId: userId });
+      return biometricUnlock && this.platformUtilService.supportsSecureStorage();
+    }
+    return await super.shouldStoreKey(keySuffix, userId);
+  }
+
+  protected override async clearAllStoredUserKeys(userId?: string): Promise<void> {
+    await this.stateService.setUserKeyBiometric(null, { userId: userId });
+    super.clearAllStoredUserKeys(userId);
+  }
+
   private async getBiometricEncryptionClientKeyHalf(userId?: string): Promise<CsprngString | null> {
     try {
       let biometricKey = await this.stateService
         .getBiometricEncryptionClientKeyHalf({ userId })
         .then((result) => result?.decrypt(null /* user encrypted */))
         .then((result) => result as CsprngString);
-      const userKey = await this.getKeyForUserEncryption();
+      const userKey = await this.getUserKeyWithLegacySupport();
       if (biometricKey == null && userKey != null) {
         const keyBytes = await this.cryptoFunctionService.randomBytes(32);
         biometricKey = Utils.fromBufferToUtf8(keyBytes) as CsprngString;
@@ -63,4 +112,34 @@ export class ElectronCryptoService extends CryptoService {
       return null;
     }
   }
+
+  // --LEGACY METHODS--
+  // We previously used the master key for additional keys, but now we use the user key.
+  // These methods support migrating the old keys to the new ones.
+  // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3475)
+
+  override async clearDeprecatedKeys(keySuffix: KeySuffixOptions, userId?: string) {
+    if (keySuffix === KeySuffixOptions.Biometric) {
+      await this.stateService.setCryptoMasterKeyBiometric(null, { userId: userId });
+    }
+
+    super.clearDeprecatedKeys(keySuffix, userId);
+  }
+
+  private async migrateBiometricKeyIfNeeded(userId?: string) {
+    if (await this.stateService.hasCryptoMasterKeyBiometric({ userId })) {
+      const oldBiometricKey = await this.stateService.getCryptoMasterKeyBiometric({ userId });
+      // decrypt
+      const masterKey = new SymmetricCryptoKey(Utils.fromB64ToArray(oldBiometricKey)) as MasterKey;
+      let encUserKey = await this.stateService.getEncryptedCryptoSymmetricKey();
+      encUserKey = encUserKey ?? (await this.stateService.getMasterKeyEncryptedUserKey());
+      if (!encUserKey) {
+        throw new Error("No user key found during biometric migration");
+      }
+      const userKey = await this.decryptUserKeyWithMasterKey(masterKey, new EncString(encUserKey));
+      // migrate
+      await this.storeBiometricKey(userKey, userId);
+      await this.stateService.setCryptoMasterKeyBiometric(null, { userId });
+    }
+  }
 }
diff --git a/apps/desktop/src/platform/services/electron-state.service.ts b/apps/desktop/src/platform/services/electron-state.service.ts
index 334cab96698..0503aeb52a3 100644
--- a/apps/desktop/src/platform/services/electron-state.service.ts
+++ b/apps/desktop/src/platform/services/electron-state.service.ts
@@ -98,6 +98,10 @@ export class ElectronStateService
       options
     );
 
+    if (b64DeviceKey == null) {
+      return null;
+    }
+
     return new SymmetricCryptoKey(Utils.fromB64ToArray(b64DeviceKey)) as DeviceKey;
   }
 
diff --git a/apps/desktop/src/scss/box.scss b/apps/desktop/src/scss/box.scss
index 2b720eac69c..9dbdc80a5bf 100644
--- a/apps/desktop/src/scss/box.scss
+++ b/apps/desktop/src/scss/box.scss
@@ -504,3 +504,26 @@
     }
   }
 }
+
+.details {
+  .inner-content {
+    .box-content-row-flex:not([type="button"]) {
+      @media (max-width: 875px) {
+        flex-direction: column;
+        align-items: start;
+      }
+
+      .action-buttons {
+        @media (max-width: 875px) {
+          margin-left: 0;
+        }
+      }
+
+      .row-btn:first-of-type {
+        @media (max-width: 875px) {
+          margin-left: -8px;
+        }
+      }
+    }
+  }
+}
diff --git a/apps/desktop/src/scss/pages.scss b/apps/desktop/src/scss/pages.scss
index 5b3ad4a8583..fda75e834f3 100644
--- a/apps/desktop/src/scss/pages.scss
+++ b/apps/desktop/src/scss/pages.scss
@@ -5,7 +5,8 @@
 #lock-page,
 #sso-page,
 #set-password-page,
-#remove-password-page {
+#remove-password-page,
+#login-decryption-options-page {
   display: flex;
   justify-content: center;
   align-items: center;
@@ -53,7 +54,8 @@
 #hint-page,
 #two-factor-page,
 #lock-page,
-#update-temp-password-page {
+#update-temp-password-page,
+#login-decryption-options-page {
   .content {
     width: 325px;
     transition: width 0.25s linear;
@@ -189,7 +191,8 @@
 }
 
 #login-page,
-#login-with-device-page {
+#login-with-device-page,
+#login-decryption-options-page {
   flex-direction: column;
   justify-content: unset;
   padding-top: 20px;
@@ -273,3 +276,14 @@
     }
   }
 }
+
+#login-decryption-options-page {
+  .standard-bottom-margin {
+    margin-bottom: 20px;
+  }
+
+  #rememberThisDeviceHintText {
+    font-size: $font-size-small;
+    color: $text-muted;
+  }
+}
diff --git a/apps/desktop/src/scss/plugins.scss b/apps/desktop/src/scss/plugins.scss
index 1bb171bb804..aed093d53be 100644
--- a/apps/desktop/src/scss/plugins.scss
+++ b/apps/desktop/src/scss/plugins.scss
@@ -5,11 +5,17 @@
 
 .toast-container {
   .toast-close-button {
+    @include themify($themes) {
+      color: themed("toastTextColor");
+    }
     font-size: 18px;
     margin-right: 4px;
   }
 
   .ngx-toastr {
+    @include themify($themes) {
+      color: themed("toastTextColor");
+    }
     align-items: center;
     background-image: none !important;
     border-radius: $border-radius;
diff --git a/apps/desktop/src/scss/variables.scss b/apps/desktop/src/scss/variables.scss
index 439eff2f2f0..b99881134d5 100644
--- a/apps/desktop/src/scss/variables.scss
+++ b/apps/desktop/src/scss/variables.scss
@@ -66,7 +66,6 @@ $themes: (
     listItemBackgroundColor: $background-color,
     listItemBackgroundHoverColor: $list-item-hover,
     listItemBorderColor: $border-color,
-    groupingsActiveColor: darken($background-color-alt, 5%),
     disabledIconColor: $list-icon-color,
     headingColor: $gray-light,
     headingButtonColor: lighten($gray-light, 30%),
@@ -96,6 +95,7 @@ $themes: (
     passwordCountText: #212529,
     calloutBorderColor: $border-color-dark,
     calloutBackgroundColor: $background-color,
+    toastTextColor: #ffffff,
     accountSwitcherBackgroundColor: $background-color,
     accountSwitcherTextColor: #ffffff,
     svgSuffix: "-light.svg",
@@ -104,60 +104,60 @@ $themes: (
   ),
   dark: (
     textColor: #ffffff,
-    borderColor: #2f2f2f,
-    backgroundColor: #363636,
+    borderColor: #15181e,
+    backgroundColor: #1f242e,
     borderColorAlt: #6e788a,
-    backgroundColorAlt: #3d3d3d,
+    backgroundColorAlt: #2f343d,
     // Ensure the `window.main.ts` is updated with this value
-    backgroundColorAlt2: #222222,
-    scrollbarColor: #4d4d4d,
-    scrollbarHoverColor: #5f5f5f,
-    boxBackgroundColor: #363636,
-    boxBackgroundHoverColor: #3f3f3f,
-    boxBorderColor: #2f2f2f,
-    headerBackgroundColor: #363636,
-    headerBorderColor: #272727,
-    headerInputBackgroundColor: #222222,
-    headerInputBackgroundFocusColor: #1d1d1d,
+    backgroundColorAlt2: #15181e,
+    scrollbarColor: #6e788a,
+    scrollbarHoverColor: #8d94a5,
+    boxBackgroundColor: #2f343d,
+    boxBackgroundHoverColor: #3c424e,
+    boxBorderColor: #4c525f,
+    headerBackgroundColor: #2f343d,
+    headerBorderColor: #15181e,
+    headerInputBackgroundColor: #3c424e,
+    headerInputBackgroundFocusColor: #4c525f,
     headerInputColor: #ffffff,
-    headerInputPlaceholderColor: #707070,
-    listItemBackgroundColor: #363636,
-    listItemBackgroundHoverColor: #3c3c3c,
-    listItemBorderColor: #2f2f2f,
-    groupingsActiveColor: #292929,
-    disabledIconColor: #c7c7cd,
-    headingColor: #a3a3a3,
-    headingButtonColor: #a3a3a3,
+    headerInputPlaceholderColor: #bac0ce,
+    listItemBackgroundColor: #1f242e,
+    listItemBackgroundHoverColor: #2f343d,
+    listItemBorderColor: #4c525f,
+    disabledIconColor: #6e7689,
+    headingColor: #bac0ce,
+    headingButtonColor: #bac0ce,
     headingButtonHoverColor: #ffffff,
-    labelColor: #a3a3a3,
-    mutedColor: #a3a3a3,
-    totpStrokeColor: #cacaca,
-    boxRowButtonColor: #cacaca,
+    labelColor: #bac0ce,
+    mutedColor: #bac0ce,
+    totpStrokeColor: #4c525f,
+    boxRowButtonColor: #bac0ce,
     boxRowButtonHoverColor: #ffffff,
-    inputBorderColor: #222222,
-    inputBackgroundColor: #363636,
-    inputPlaceholderColor: #707070,
-    buttonBackgroundColor: #363636,
-    buttonBorderColor: #1f1f1f,
-    buttonColor: #e0e0e0,
-    buttonPrimaryColor: #46ace7,
-    buttonDangerColor: #ff3e24,
-    primaryColor: #52bdfb,
-    primaryAccentColor: #3ea1da,
-    dangerColor: #ff3e24,
-    successColor: $brand-success,
-    infoColor: $brand-info,
-    warningColor: $brand-warning,
+    inputBorderColor: #4c525f,
+    inputBackgroundColor: #2f343d,
+    inputPlaceholderColor: #bac0ce,
+    buttonBackgroundColor: #272b32,
+    buttonBorderColor: #4c525f,
+    buttonColor: #bac0ce,
+    buttonPrimaryColor: #6f9df1,
+    buttonDangerColor: #ff8d85,
+    primaryColor: #6f9df1,
+    primaryAccentColor: #6f9df1,
+    dangerColor: #ff8d85,
+    successColor: #52e07c,
+    infoColor: #a4b0c6,
+    warningColor: #ffeb66,
     logoSuffix: "white",
-    passwordNumberColor: #52bdfb,
-    passwordSpecialColor: #ff7c70,
+    passwordNumberColor: #6f9df1,
+    passwordSpecialColor: #ff8d85,
     passwordCountText: #ffffff,
-    calloutBorderColor: #2f2f2f,
-    calloutBackgroundColor: #363636,
-    accountSwitcherBackgroundColor: #2f2f2f,
+    calloutBorderColor: #4c525f,
+    calloutBackgroundColor: #3c424e,
+    toastTextColor: #1f242e,
+    accountSwitcherBackgroundColor: #2f343d,
     accountSwitcherTextColor: #ffffff,
     svgSuffix: "-dark.svg",
-    hrColor: #a3a3a3,
+    hrColor: #bac0ce,
     codeColor: $code-color,
   ),
   nord: (
@@ -182,7 +182,6 @@ $themes: (
     listItemBackgroundColor: $nord2,
     listItemBackgroundHoverColor: $nord3,
     listItemBorderColor: $nord1,
-    groupingsActiveColor: $nord3,
     disabledIconColor: $nord5,
     headingColor: $nord4,
     headingButtonColor: $nord5,
@@ -212,6 +211,7 @@ $themes: (
     passwordCountText: $nord5,
     calloutBorderColor: $nord1,
     calloutBackgroundColor: $nord2,
+    toastTextColor: #ffffff,
     accountSwitcherBackgroundColor: $nord0,
     accountSwitcherTextColor: $nord5,
     svgSuffix: "-dark.svg",
diff --git a/apps/desktop/src/services/electron-dialog.service.ts b/apps/desktop/src/services/electron-dialog.service.ts
deleted file mode 100644
index e49e39e811b..00000000000
--- a/apps/desktop/src/services/electron-dialog.service.ts
+++ /dev/null
@@ -1,62 +0,0 @@
-import { ipcRenderer } from "electron";
-
-import {
-  DialogService,
-  SimpleDialogOptions,
-  SimpleDialogType,
-} from "@bitwarden/angular/services/dialog";
-
-// Electron supports a limited set of dialog types
-// https://www.electronjs.org/docs/latest/api/dialog#dialogshowmessageboxbrowserwindow-options
-const electronTypeMap: Record<SimpleDialogType, string> = {
-  [SimpleDialogType.PRIMARY]: "info",
-  [SimpleDialogType.SUCCESS]: "info",
-  [SimpleDialogType.INFO]: "info",
-  [SimpleDialogType.WARNING]: "warning",
-  [SimpleDialogType.DANGER]: "error",
-};
-
-export class ElectronDialogService extends DialogService {
-  async openSimpleDialog(options: SimpleDialogOptions) {
-    const defaultCancel =
-      options.cancelButtonText === undefined
-        ? options.acceptButtonText == null
-          ? "no"
-          : "cancel"
-        : null;
-
-    return this.legacyShowDialog(
-      this.translate(options.content),
-      this.translate(options.title),
-      this.translate(options.acceptButtonText, "yes"),
-      this.translate(options.cancelButtonText, defaultCancel),
-      options.type
-    );
-  }
-
-  private async legacyShowDialog(
-    body: string,
-    title?: string,
-    confirmText?: string,
-    cancelText?: string,
-    type?: SimpleDialogType
-  ) {
-    const buttons = [confirmText == null ? this.i18nService.t("ok") : confirmText];
-    if (cancelText != null) {
-      buttons.push(cancelText);
-    }
-
-    const result = await ipcRenderer.invoke("showMessageBox", {
-      type: electronTypeMap[type] ?? "none",
-      title: title,
-      message: title,
-      detail: body,
-      buttons: buttons,
-      cancelId: buttons.length === 2 ? 1 : null,
-      defaultId: 0,
-      noLink: true,
-    });
-
-    return Promise.resolve(result.response === 0);
-  }
-}
diff --git a/apps/desktop/src/services/native-message-handler.service.ts b/apps/desktop/src/services/native-message-handler.service.ts
index 644dfe8f906..9f5f1d460df 100644
--- a/apps/desktop/src/services/native-message-handler.service.ts
+++ b/apps/desktop/src/services/native-message-handler.service.ts
@@ -8,7 +8,7 @@ import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.se
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
+import { EncryptedString, EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { StateService } from "@bitwarden/common/platform/services/state.service";
 
@@ -144,7 +144,9 @@ export class NativeMessageHandlerService {
   }
 
   private async handleEncryptedMessage(message: EncryptedMessage) {
-    message.encryptedCommand = EncString.fromJSON(message.encryptedCommand.toString());
+    message.encryptedCommand = EncString.fromJSON(
+      message.encryptedCommand.toString() as EncryptedString
+    );
     const decryptedCommandData = await this.decryptPayload(message);
     const { command } = decryptedCommandData;
 
diff --git a/apps/desktop/src/services/native-messaging.service.ts b/apps/desktop/src/services/native-messaging.service.ts
index 7647410fd75..3928778f313 100644
--- a/apps/desktop/src/services/native-messaging.service.ts
+++ b/apps/desktop/src/services/native-messaging.service.ts
@@ -136,14 +136,23 @@ export class NativeMessagingService {
           });
         }
 
-        const key = await this.cryptoService.getKeyFromStorage(
+        const userKey = await this.cryptoService.getUserKeyFromStorage(
           KeySuffixOptions.Biometric,
           message.userId
         );
+        const masterKey = await this.cryptoService.getMasterKey(message.userId);
 
-        if (key != null) {
+        if (userKey != null) {
+          // we send the master key still for backwards compatibility
+          // with older browser extensions
+          // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3472)
           this.send(
-            { command: "biometricUnlock", response: "unlocked", keyB64: key.keyB64 },
+            {
+              command: "biometricUnlock",
+              response: "unlocked",
+              keyB64: masterKey?.keyB64,
+              userKeyB64: userKey.keyB64,
+            },
             appId
           );
         } else {
diff --git a/apps/desktop/src/vault/app/accounts/premium.component.ts b/apps/desktop/src/vault/app/accounts/premium.component.ts
index fd275d6ed7d..b4dff821cc8 100644
--- a/apps/desktop/src/vault/app/accounts/premium.component.ts
+++ b/apps/desktop/src/vault/app/accounts/premium.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { PremiumComponent as BasePremiumComponent } from "@bitwarden/angular/vault/components/premium.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -8,6 +7,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-premium",
@@ -20,7 +20,7 @@ export class PremiumComponent extends BasePremiumComponent {
     apiService: ApiService,
     logService: LogService,
     stateService: StateService,
-    dialogService: DialogServiceAbstraction,
+    dialogService: DialogService,
     environmentService: EnvironmentService
   ) {
     super(
diff --git a/apps/desktop/src/vault/app/vault/add-edit.component.ts b/apps/desktop/src/vault/app/vault/add-edit.component.ts
index aa7eba32838..8a90d6a7e1a 100644
--- a/apps/desktop/src/vault/app/vault/add-edit.component.ts
+++ b/apps/desktop/src/vault/app/vault/add-edit.component.ts
@@ -1,7 +1,6 @@
 import { Component, NgZone, OnChanges, OnDestroy, ViewChild } from "@angular/core";
 import { NgForm } from "@angular/forms";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AddEditComponent as BaseAddEditComponent } from "@bitwarden/angular/vault/components/add-edit.component";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
@@ -18,6 +17,7 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi
 import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
+import { DialogService } from "@bitwarden/components";
 
 const BroadcasterSubscriptionId = "AddEditComponent";
 
@@ -45,7 +45,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnChanges,
     logService: LogService,
     organizationService: OrganizationService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/desktop/src/vault/app/vault/attachments.component.ts b/apps/desktop/src/vault/app/vault/attachments.component.ts
index edee15fc4e5..bcb1704c0d0 100644
--- a/apps/desktop/src/vault/app/vault/attachments.component.ts
+++ b/apps/desktop/src/vault/app/vault/attachments.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AttachmentsComponent as BaseAttachmentsComponent } from "@bitwarden/angular/vault/components/attachments.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -10,6 +9,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-vault-attachments",
@@ -25,7 +25,7 @@ export class AttachmentsComponent extends BaseAttachmentsComponent {
     logService: LogService,
     stateService: StateService,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/desktop/src/vault/app/vault/folder-add-edit.component.ts b/apps/desktop/src/vault/app/vault/folder-add-edit.component.ts
index d9035ad7416..a4055441599 100644
--- a/apps/desktop/src/vault/app/vault/folder-add-edit.component.ts
+++ b/apps/desktop/src/vault/app/vault/folder-add-edit.component.ts
@@ -1,13 +1,13 @@
 import { Component } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { FolderAddEditComponent as BaseFolderAddEditComponent } from "@bitwarden/angular/vault/components/folder-add-edit.component";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { FolderApiServiceAbstraction } from "@bitwarden/common/vault/abstractions/folder/folder-api.service.abstraction";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-folder-add-edit",
@@ -20,7 +20,7 @@ export class FolderAddEditComponent extends BaseFolderAddEditComponent {
     i18nService: I18nService,
     platformUtilsService: PlatformUtilsService,
     logService: LogService,
-    dialogService: DialogServiceAbstraction,
+    dialogService: DialogService,
     formBuilder: FormBuilder
   ) {
     super(
diff --git a/apps/desktop/src/vault/app/vault/vault.component.ts b/apps/desktop/src/vault/app/vault/vault.component.ts
index f6c3780412b..5270141f8a8 100644
--- a/apps/desktop/src/vault/app/vault/vault.component.ts
+++ b/apps/desktop/src/vault/app/vault/vault.component.ts
@@ -11,7 +11,6 @@ import { ActivatedRoute, Router } from "@angular/router";
 import { first } from "rxjs/operators";
 
 import { ModalRef } from "@bitwarden/angular/components/modal/modal.ref";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { VaultFilter } from "@bitwarden/angular/vault/vault-filter/models/vault-filter.model";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
@@ -29,6 +28,7 @@ import { CipherRepromptType } from "@bitwarden/common/vault/enums/cipher-repromp
 import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
+import { DialogService } from "@bitwarden/components";
 
 import { SearchBarService } from "../../../app/layout/search/search-bar.service";
 import { GeneratorComponent } from "../../../app/tools/generator.component";
@@ -102,7 +102,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     private stateService: StateService,
     private searchBarService: SearchBarService,
     private apiService: ApiService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -692,7 +692,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "unsavedChangesTitle" },
       content: { key: "unsavedChangesConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
     return !confirmed;
   }
diff --git a/apps/desktop/src/vault/app/vault/view.component.ts b/apps/desktop/src/vault/app/vault/view.component.ts
index 07fd92e0320..b6bf63d6e64 100644
--- a/apps/desktop/src/vault/app/vault/view.component.ts
+++ b/apps/desktop/src/vault/app/vault/view.component.ts
@@ -7,7 +7,6 @@ import {
   Output,
 } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ViewComponent as BaseViewComponent } from "@bitwarden/angular/vault/components/view.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
@@ -26,6 +25,7 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { DialogService } from "@bitwarden/components";
 
 const BroadcasterSubscriptionId = "ViewComponent";
 
@@ -55,7 +55,7 @@ export class ViewComponent extends BaseViewComponent implements OnChanges {
     logService: LogService,
     stateService: StateService,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/desktop/tsconfig.json b/apps/desktop/tsconfig.json
index f34ba7cfae4..d587997f9e6 100644
--- a/apps/desktop/tsconfig.json
+++ b/apps/desktop/tsconfig.json
@@ -14,7 +14,8 @@
       "@bitwarden/auth": ["../../libs/auth/src"],
       "@bitwarden/common/*": ["../../libs/common/src/*"],
       "@bitwarden/components": ["../../libs/components/src"],
-      "@bitwarden/exporter/*": ["../../libs/exporter/src/*"]
+      "@bitwarden/exporter/*": ["../../libs/exporter/src/*"],
+      "@bitwarden/vault": ["../../libs/vault/src"]
     },
     "useDefineForClassFields": false
   },
diff --git a/apps/web/package.json b/apps/web/package.json
index ca3f8aeb7ac..51686ed2ec8 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/web-vault",
-  "version": "2023.7.1",
+  "version": "2023.8.0",
   "scripts": {
     "build:oss": "webpack",
     "build:bit": "webpack -c ../../bitwarden_license/bit-web/webpack.config.js",
diff --git a/apps/web/src/app/admin-console/organizations/guards/is-paid-org.guard.ts b/apps/web/src/app/admin-console/organizations/guards/is-paid-org.guard.ts
index 10d39d110e4..2d18ff56cfc 100644
--- a/apps/web/src/app/admin-console/organizations/guards/is-paid-org.guard.ts
+++ b/apps/web/src/app/admin-console/organizations/guards/is-paid-org.guard.ts
@@ -1,9 +1,9 @@
 import { Injectable } from "@angular/core";
 import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from "@angular/router";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
+import { DialogService } from "@bitwarden/components";
 
 @Injectable({
   providedIn: "root",
@@ -13,7 +13,7 @@ export class IsPaidOrgGuard implements CanActivate {
     private router: Router,
     private organizationService: OrganizationService,
     private messagingService: MessagingService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot) {
@@ -31,7 +31,7 @@ export class IsPaidOrgGuard implements CanActivate {
           content: { key: "notAvailableForFreeOrganization" },
           acceptButtonText: { key: "ok" },
           cancelButtonText: null,
-          type: SimpleDialogType.INFO,
+          type: "info",
         });
         return false;
       } else {
diff --git a/apps/web/src/app/admin-console/organizations/manage/entity-events.component.ts b/apps/web/src/app/admin-console/organizations/manage/entity-events.component.ts
index e27efc43dbd..afcb315e5ac 100644
--- a/apps/web/src/app/admin-console/organizations/manage/entity-events.component.ts
+++ b/apps/web/src/app/admin-console/organizations/manage/entity-events.component.ts
@@ -3,7 +3,6 @@ import { Component, Inject, OnInit } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
 
 import { UserNamePipe } from "@bitwarden/angular/pipes/user-name.pipe";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
 import { EventResponse } from "@bitwarden/common/models/response/event.response";
@@ -13,7 +12,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
-import { TableDataSource } from "@bitwarden/components";
+import { DialogService, TableDataSource } from "@bitwarden/components";
 
 import { EventService } from "../../../core";
 import { SharedModule } from "../../../shared";
@@ -186,7 +185,7 @@ export class EntityEventsComponent implements OnInit {
  * @param config Configuration for the dialog
  */
 export const openEntityEventsDialog = (
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config: DialogConfig<EntityEventsDialogParams>
 ) => {
   return dialogService.open<void, EntityEventsDialogParams>(EntityEventsComponent, config);
diff --git a/apps/web/src/app/admin-console/organizations/manage/group-add-edit.component.ts b/apps/web/src/app/admin-console/organizations/manage/group-add-edit.component.ts
index 11b32f430be..d2f4fb1d20d 100644
--- a/apps/web/src/app/admin-console/organizations/manage/group-add-edit.component.ts
+++ b/apps/web/src/app/admin-console/organizations/manage/group-add-edit.component.ts
@@ -3,7 +3,6 @@ import { ChangeDetectorRef, Component, Inject, OnDestroy, OnInit } from "@angula
 import { FormBuilder, Validators } from "@angular/forms";
 import { catchError, combineLatest, from, map, of, Subject, switchMap, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
@@ -14,6 +13,7 @@ import { CollectionService } from "@bitwarden/common/vault/abstractions/collecti
 import { CollectionData } from "@bitwarden/common/vault/models/data/collection.data";
 import { Collection } from "@bitwarden/common/vault/models/domain/collection";
 import { CollectionDetailsResponse } from "@bitwarden/common/vault/models/response/collection.response";
+import { DialogService } from "@bitwarden/components";
 
 import { InternalGroupService as GroupService, GroupView } from "../core";
 import {
@@ -64,7 +64,7 @@ export enum GroupAddEditDialogResultType {
  * @param config Configuration for the dialog
  */
 export const openGroupAddEditDialog = (
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config: DialogConfig<GroupAddEditDialogParams>
 ) => {
   return dialogService.open<GroupAddEditDialogResultType, GroupAddEditDialogParams>(
@@ -181,7 +181,7 @@ export class GroupAddEditComponent implements OnInit, OnDestroy {
     private logService: LogService,
     private formBuilder: FormBuilder,
     private changeDetectorRef: ChangeDetectorRef,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {
     this.tabIndex = params.initialTab ?? GroupAddEditTabType.Info;
   }
@@ -273,7 +273,7 @@ export class GroupAddEditComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: this.group.name,
       content: { key: "deleteGroupConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
     if (!confirmed) {
       return false;
diff --git a/apps/web/src/app/admin-console/organizations/manage/groups.component.ts b/apps/web/src/app/admin-console/organizations/manage/groups.component.ts
index 82e5acba213..f2167c0e5f3 100644
--- a/apps/web/src/app/admin-console/organizations/manage/groups.component.ts
+++ b/apps/web/src/app/admin-console/organizations/manage/groups.component.ts
@@ -15,7 +15,6 @@ import {
 import { first } from "rxjs/operators";
 
 import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
@@ -32,6 +31,7 @@ import {
   CollectionResponse,
 } from "@bitwarden/common/vault/models/response/collection.response";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
+import { DialogService } from "@bitwarden/components";
 
 import { InternalGroupService as GroupService, GroupView } from "../core";
 
@@ -127,7 +127,7 @@ export class GroupsComponent implements OnInit, OnDestroy {
     private route: ActivatedRoute,
     private i18nService: I18nService,
     private modalService: ModalService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private platformUtilsService: PlatformUtilsService,
     private searchService: SearchService,
     private logService: LogService,
@@ -236,7 +236,7 @@ export class GroupsComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: groupRow.details.name,
       content: { key: "deleteGroupConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
     if (!confirmed) {
       return false;
@@ -269,7 +269,7 @@ export class GroupsComponent implements OnInit, OnDestroy {
         placeholders: [groupsToDelete.length.toString()],
       },
       content: deleteMessage,
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
     if (!confirmed) {
       return false;
diff --git a/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-confirm.component.ts b/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-confirm.component.ts
index 31ced8aee10..ae754faabe7 100644
--- a/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-confirm.component.ts
+++ b/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-confirm.component.ts
@@ -7,6 +7,7 @@ import { OrganizationUserStatusType } from "@bitwarden/common/admin-console/enum
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 
 import { BulkUserDetails } from "./bulk-status.component";
 
@@ -98,7 +99,7 @@ export class BulkConfirmComponent implements OnInit {
     );
   }
 
-  protected getCryptoKey() {
+  protected getCryptoKey(): Promise<SymmetricCryptoKey> {
     return this.cryptoService.getOrgKey(this.organizationId);
   }
 
diff --git a/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-enable-sm-dialog.component.ts b/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-enable-sm-dialog.component.ts
index 9bb8fcbb100..b76b640513c 100644
--- a/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-enable-sm-dialog.component.ts
+++ b/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-enable-sm-dialog.component.ts
@@ -1,11 +1,10 @@
 import { DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
 import { Component, Inject, OnInit } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { TableDataSource } from "@bitwarden/components";
+import { DialogService, TableDataSource } from "@bitwarden/components";
 
 import { OrganizationUserView } from "../../../core";
 
@@ -44,7 +43,7 @@ export class BulkEnableSecretsManagerDialogComponent implements OnInit {
     this.dialogRef.close();
   };
 
-  static open(dialogService: DialogServiceAbstraction, data: BulkEnableSecretsManagerDialogData) {
+  static open(dialogService: DialogService, data: BulkEnableSecretsManagerDialogData) {
     return dialogService.open<unknown, BulkEnableSecretsManagerDialogData>(
       BulkEnableSecretsManagerDialogComponent,
       { data }
diff --git a/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts b/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
index d6c0f9ffc6f..1d1a156269b 100644
--- a/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
+++ b/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
@@ -3,7 +3,6 @@ import { Component, Inject, OnDestroy, OnInit } from "@angular/core";
 import { FormBuilder, Validators } from "@angular/forms";
 import { combineLatest, of, shareReplay, Subject, switchMap, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import {
@@ -15,6 +14,7 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
+import { DialogService } from "@bitwarden/components";
 
 import { flagEnabled } from "../../../../../../utils/flags";
 import { CollectionAdminService } from "../../../../../vault/core/collection-admin.service";
@@ -134,7 +134,7 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
     private groupService: GroupService,
     private userService: UserAdminService,
     private organizationUserService: OrganizationUserService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -389,7 +389,7 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
     let confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "removeUserIdAccess", placeholders: [this.params.name] },
       content: { key: message },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -426,7 +426,7 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
       title: { key: "revokeUserId", placeholders: [this.params.name] },
       content: { key: "revokeUserConfirmation" },
       acceptButtonText: { key: "revokeAccess" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -496,7 +496,7 @@ export class MemberDialogComponent implements OnInit, OnDestroy {
         key: "removeOrgUserNoMasterPasswordDesc",
         placeholders: [this.params.name],
       },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
   }
 }
@@ -557,7 +557,7 @@ function mapToGroupAccessSelections(groups: string[]): AccessItemValue[] {
  * @param config Configuration for the dialog
  */
 export function openUserAddEditDialog(
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config: DialogConfig<MemberDialogParams>
 ) {
   return dialogService.open<MemberDialogResult, MemberDialogParams>(MemberDialogComponent, config);
diff --git a/apps/web/src/app/admin-console/organizations/members/components/reset-password.component.ts b/apps/web/src/app/admin-console/organizations/members/components/reset-password.component.ts
index 55f935c575e..7d0fae37e0a 100644
--- a/apps/web/src/app/admin-console/organizations/members/components/reset-password.component.ts
+++ b/apps/web/src/app/admin-console/organizations/members/components/reset-password.component.ts
@@ -10,7 +10,6 @@ import {
 import { Subject, takeUntil } from "rxjs";
 import zxcvbn from "zxcvbn";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { PasswordStrengthComponent } from "@bitwarden/angular/shared/components/password-strength/password-strength.component";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
 import { OrganizationUserResetPasswordRequest } from "@bitwarden/common/abstractions/organization-user/requests";
@@ -23,8 +22,12 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import {
+  SymmetricCryptoKey,
+  UserKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-reset-password",
@@ -54,7 +57,7 @@ export class ResetPasswordComponent implements OnInit, OnDestroy {
     private cryptoService: CryptoService,
     private logService: LogService,
     private organizationUserService: OrganizationUserService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -140,7 +143,7 @@ export class ResetPasswordComponent implements OnInit, OnDestroy {
       const result = await this.dialogService.openSimpleDialog({
         title: { key: "weakMasterPassword" },
         content: { key: "weakMasterPasswordDesc" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!result) {
@@ -171,26 +174,32 @@ export class ResetPasswordComponent implements OnInit, OnDestroy {
             orgSymKey
           );
 
-          // Decrypt User's Reset Password Key to get EncKey
+          // Decrypt User's Reset Password Key to get UserKey
           const decValue = await this.cryptoService.rsaDecrypt(resetPasswordKey, decPrivateKey);
-          const userEncKey = new SymmetricCryptoKey(decValue);
+          const existingUserKey = new SymmetricCryptoKey(decValue) as UserKey;
 
-          // Create new key and hash new password
-          const newKey = await this.cryptoService.makeKey(
+          // Create new master key and hash new password
+          const newMasterKey = await this.cryptoService.makeMasterKey(
             this.newPassword,
             this.email.trim().toLowerCase(),
             kdfType,
             new KdfConfig(kdfIterations, kdfMemory, kdfParallelism)
           );
-          const newPasswordHash = await this.cryptoService.hashPassword(this.newPassword, newKey);
+          const newMasterKeyHash = await this.cryptoService.hashMasterKey(
+            this.newPassword,
+            newMasterKey
+          );
 
-          // Create new encKey for the User
-          const newEncKey = await this.cryptoService.remakeEncKey(newKey, userEncKey);
+          // Create new encrypted user key for the User
+          const newUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(
+            newMasterKey,
+            existingUserKey
+          );
 
           // Create request
           const request = new OrganizationUserResetPasswordRequest();
-          request.key = newEncKey[1].encryptedString;
-          request.newMasterPasswordHash = newPasswordHash;
+          request.key = newUserKey[1].encryptedString;
+          request.newMasterPasswordHash = newMasterKeyHash;
 
           // Change user's password
           return this.organizationUserService.putOrganizationUserResetPassword(
diff --git a/apps/web/src/app/admin-console/organizations/members/people.component.ts b/apps/web/src/app/admin-console/organizations/members/people.component.ts
index 8c4d565c85f..e696609d170 100644
--- a/apps/web/src/app/admin-console/organizations/members/people.component.ts
+++ b/apps/web/src/app/admin-console/organizations/members/people.component.ts
@@ -16,12 +16,6 @@ import {
 
 import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe";
 import { UserNamePipe } from "@bitwarden/angular/pipes/user-name.pipe";
-import {
-  DialogServiceAbstraction,
-  SimpleDialogCloseType,
-  SimpleDialogOptions,
-  SimpleDialogType,
-} from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
@@ -55,6 +49,7 @@ import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.serv
 import { CollectionData } from "@bitwarden/common/vault/models/data/collection.data";
 import { Collection } from "@bitwarden/common/vault/models/domain/collection";
 import { CollectionDetailsResponse } from "@bitwarden/common/vault/models/response/collection.response";
+import { DialogService, SimpleDialogOptions } from "@bitwarden/components";
 
 import { flagEnabled } from "../../../../utils/flags";
 import { openEntityEventsDialog } from "../../../admin-console/organizations/manage/entity-events.component";
@@ -125,7 +120,7 @@ export class PeopleComponent
     private organizationService: OrganizationService,
     private organizationApiService: OrganizationApiServiceAbstraction,
     private organizationUserService: OrganizationUserService,
-    dialogService: DialogServiceAbstraction,
+    dialogService: DialogService,
     private router: Router,
     private groupService: GroupService,
     private collectionService: CollectionService
@@ -359,7 +354,7 @@ export class PeopleComponent
           : "freeOrgInvLimitReachedNoManageBilling",
         this.organization.seats
       ),
-      type: SimpleDialogType.PRIMARY,
+      type: "primary",
     };
 
     if (this.organization.canEditSubscription) {
@@ -371,12 +366,12 @@ export class PeopleComponent
 
     const simpleDialog = this.dialogService.openSimpleDialogRef(orgUpgradeSimpleDialogOpts);
 
-    firstValueFrom(simpleDialog.closed).then((result: SimpleDialogCloseType | undefined) => {
+    firstValueFrom(simpleDialog.closed).then((result: boolean | undefined) => {
       if (!result) {
         return;
       }
 
-      if (result == SimpleDialogCloseType.ACCEPT && this.organization.canEditSubscription) {
+      if (result && this.organization.canEditSubscription) {
         this.router.navigate(["/organizations", this.organization.id, "billing", "subscription"], {
           queryParams: { upgrade: true },
         });
@@ -581,7 +576,7 @@ export class PeopleComponent
         placeholders: [this.userNamePipe.transform(user)],
       },
       content: { key: content },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -600,7 +595,7 @@ export class PeopleComponent
       title: { key: "revokeAccess", placeholders: [this.userNamePipe.transform(user)] },
       content: this.revokeWarningMessage(),
       acceptButtonText: { key: "revokeAccess" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -676,7 +671,7 @@ export class PeopleComponent
         key: "removeOrgUserNoMasterPasswordDesc",
         placeholders: [this.userNamePipe.transform(user)],
       },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
   }
 }
diff --git a/apps/web/src/app/admin-console/organizations/organization-routing.module.ts b/apps/web/src/app/admin-console/organizations/organization-routing.module.ts
index dca1b18530a..c4ca1dc241f 100644
--- a/apps/web/src/app/admin-console/organizations/organization-routing.module.ts
+++ b/apps/web/src/app/admin-console/organizations/organization-routing.module.ts
@@ -1,7 +1,7 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
-import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
+import { AuthGuard } from "@bitwarden/angular/auth/guards";
 import {
   canAccessOrgAdmin,
   canAccessGroupsTab,
diff --git a/apps/web/src/app/admin-console/organizations/settings/account.component.ts b/apps/web/src/app/admin-console/organizations/settings/account.component.ts
index f8628ed1f79..8900e626a3c 100644
--- a/apps/web/src/app/admin-console/organizations/settings/account.component.ts
+++ b/apps/web/src/app/admin-console/organizations/settings/account.component.ts
@@ -3,7 +3,6 @@ import { FormBuilder, Validators } from "@angular/forms";
 import { ActivatedRoute, Router } from "@angular/router";
 import { combineLatest, lastValueFrom, Subject, switchMap, takeUntil, from } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
@@ -15,6 +14,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { DialogService } from "@bitwarden/components";
 
 import { ApiKeyComponent } from "../../../settings/api-key.component";
 import { PurgeVaultComponent } from "../../../settings/purge-vault.component";
@@ -75,7 +75,7 @@ export class AccountComponent {
     private router: Router,
     private organizationService: OrganizationService,
     private organizationApiService: OrganizationApiServiceAbstraction,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private formBuilder: FormBuilder
   ) {}
 
diff --git a/apps/web/src/app/admin-console/organizations/settings/components/delete-organization-dialog.component.ts b/apps/web/src/app/admin-console/organizations/settings/components/delete-organization-dialog.component.ts
index f52115c268f..389514d35f2 100644
--- a/apps/web/src/app/admin-console/organizations/settings/components/delete-organization-dialog.component.ts
+++ b/apps/web/src/app/admin-console/organizations/settings/components/delete-organization-dialog.component.ts
@@ -3,7 +3,6 @@ import { Component, Inject, OnDestroy, OnInit } from "@angular/core";
 import { FormBuilder, FormControl, Validators } from "@angular/forms";
 import { combineLatest, Subject, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
@@ -15,6 +14,7 @@ import { Verification } from "@bitwarden/common/types/verification";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { DialogService } from "@bitwarden/components";
 
 import { UserVerificationModule } from "../../../../auth/shared/components/user-verification";
 import { SharedModule } from "../../../../shared/shared.module";
@@ -168,7 +168,7 @@ export class DeleteOrganizationDialogComponent implements OnInit, OnDestroy {
  * @param config Configuration for the dialog
  */
 export function openDeleteOrganizationDialog(
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config: DialogConfig<DeleteOrganizationDialogParams>
 ) {
   return dialogService.open<DeleteOrganizationDialogResult, DeleteOrganizationDialogParams>(
diff --git a/apps/web/src/app/admin-console/organizations/sponsorships/families-for-enterprise-setup.component.ts b/apps/web/src/app/admin-console/organizations/sponsorships/families-for-enterprise-setup.component.ts
index e7e81431cb9..c3a687a7f95 100644
--- a/apps/web/src/app/admin-console/organizations/sponsorships/families-for-enterprise-setup.component.ts
+++ b/apps/web/src/app/admin-console/organizations/sponsorships/families-for-enterprise-setup.component.ts
@@ -3,7 +3,6 @@ import { ActivatedRoute, Router } from "@angular/router";
 import { lastValueFrom, Observable, Subject } from "rxjs";
 import { first, map, takeUntil } from "rxjs/operators";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
@@ -14,6 +13,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 import { OrganizationPlansComponent } from "../../../billing/settings/organization-plans.component";
 import {
@@ -62,7 +62,7 @@ export class FamiliesForEnterpriseSetupComponent implements OnInit, OnDestroy {
     private syncService: SyncService,
     private validationService: ValidationService,
     private organizationService: OrganizationService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
diff --git a/apps/web/src/app/admin-console/organizations/tools/import-export/org-export.component.ts b/apps/web/src/app/admin-console/organizations/tools/import-export/org-export.component.ts
index 35d445cb41c..9ea1442fd13 100644
--- a/apps/web/src/app/admin-console/organizations/tools/import-export/org-export.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/import-export/org-export.component.ts
@@ -2,7 +2,6 @@ import { Component } from "@angular/core";
 import { UntypedFormBuilder } from "@angular/forms";
 import { ActivatedRoute } from "@angular/router";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
@@ -12,6 +11,7 @@ import { FileDownloadService } from "@bitwarden/common/platform/abstractions/fil
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/exporter/vault-export";
 
 import { ExportComponent } from "../../../../tools/import-export/export.component";
@@ -34,7 +34,7 @@ export class OrganizationExportComponent extends ExportComponent {
     userVerificationService: UserVerificationService,
     formBuilder: UntypedFormBuilder,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cryptoService,
diff --git a/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts b/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts
index 3e1067a1da8..3c9b5858e04 100644
--- a/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts
@@ -3,7 +3,6 @@ import { FormBuilder } from "@angular/forms";
 import { ActivatedRoute, Router } from "@angular/router";
 import { switchMap, takeUntil } from "rxjs/operators";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import {
   canAccessVaultTab,
@@ -17,6 +16,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 import { ImportServiceAbstraction } from "@bitwarden/importer";
 
 import { ImportComponent } from "../../../../tools/import-export/import.component";
@@ -44,7 +44,7 @@ export class OrganizationImportComponent extends ImportComponent {
     logService: LogService,
     modalService: ModalService,
     syncService: SyncService,
-    dialogService: DialogServiceAbstraction,
+    dialogService: DialogService,
     folderService: FolderService,
     collectionService: CollectionService,
     formBuilder: FormBuilder
@@ -91,7 +91,7 @@ export class OrganizationImportComponent extends ImportComponent {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "warning" },
       content: { key: "importWarning", placeholders: [this.organization.name] },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts b/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
index a533967d8f5..535d7d375ab 100644
--- a/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
+++ b/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
@@ -58,8 +58,8 @@ export class EnrollMasterPasswordReset {
         const publicKey = Utils.fromB64ToArray(orgKeys.publicKey);
 
         // RSA Encrypt user's encKey.key with organization public key
-        const encKey = await this.cryptoService.getEncKey();
-        const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey);
+        const userKey = await this.cryptoService.getUserKey();
+        const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey);
         keyString = encryptedKey.encryptedString;
         toastStringRef = "enrollPasswordResetSuccess";
 
diff --git a/apps/web/src/app/admin-console/settings/sponsoring-org-row.component.ts b/apps/web/src/app/admin-console/settings/sponsoring-org-row.component.ts
index aa1bcf0b4fc..715fc6eba08 100644
--- a/apps/web/src/app/admin-console/settings/sponsoring-org-row.component.ts
+++ b/apps/web/src/app/admin-console/settings/sponsoring-org-row.component.ts
@@ -2,12 +2,12 @@ import { formatDate } from "@angular/common";
 import { Component, EventEmitter, Input, Output, OnInit } from "@angular/core";
 import { firstValueFrom } from "rxjs";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "[sponsoring-org-row]",
@@ -32,7 +32,7 @@ export class SponsoringOrgRowComponent implements OnInit {
     private i18nService: I18nService,
     private logService: LogService,
     private platformUtilsService: PlatformUtilsService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -73,7 +73,7 @@ export class SponsoringOrgRowComponent implements OnInit {
       title: `${this.i18nService.t("remove")} ${this.sponsoringOrg.familySponsorshipFriendlyName}?`,
       content: { key: "revokeSponsorshipConfirmation" },
       acceptButtonText: { key: "remove" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/apps/web/src/app/app.component.ts b/apps/web/src/app/app.component.ts
index 9a22ea20b41..3066dbe093c 100644
--- a/apps/web/src/app/app.component.ts
+++ b/apps/web/src/app/app.component.ts
@@ -7,12 +7,11 @@ import { IndividualConfig, ToastrService } from "ngx-toastr";
 import { Subject, takeUntil } from "rxjs";
 import Swal from "sweetalert2";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { EventUploadService } from "@bitwarden/common/abstractions/event/event-upload.service";
 import { NotificationsService } from "@bitwarden/common/abstractions/notifications.service";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { SettingsService } from "@bitwarden/common/abstractions/settings.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
@@ -27,6 +26,7 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi
 import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { InternalFolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 import { PolicyListService } from "./admin-console/core/policy-list.service";
 import {
@@ -82,7 +82,7 @@ export class AppComponent implements OnDestroy, OnInit {
     protected policyListService: PolicyListService,
     private keyConnectorService: KeyConnectorService,
     private configService: ConfigServiceAbstraction,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   ngOnInit() {
@@ -145,7 +145,7 @@ export class AppComponent implements OnDestroy, OnInit {
               title: { key: "upgradeOrganization" },
               content: { key: "upgradeOrganizationDesc" },
               acceptButtonText: { key: "upgradeOrganization" },
-              type: SimpleDialogType.INFO,
+              type: "info",
             });
             if (upgradeConfirmed) {
               this.router.navigate([
@@ -162,7 +162,7 @@ export class AppComponent implements OnDestroy, OnInit {
               title: { key: "premiumRequired" },
               content: { key: "premiumRequiredDesc" },
               acceptButtonText: { key: "upgrade" },
-              type: SimpleDialogType.SUCCESS,
+              type: "success",
             });
             if (premiumConfirmed) {
               this.router.navigate(["settings/subscription/premium"]);
@@ -174,7 +174,7 @@ export class AppComponent implements OnDestroy, OnInit {
               title: { key: "emailVerificationRequired" },
               content: { key: "emailVerificationRequiredDesc" },
               acceptButtonText: { key: "learnMore" },
-              type: SimpleDialogType.INFO,
+              type: "info",
             });
             if (emailVerificationConfirmed) {
               this.platformUtilsService.launchUri(
diff --git a/apps/web/src/app/auth/accept-organization.component.ts b/apps/web/src/app/auth/accept-organization.component.ts
index bdc3511f760..ef2dda138dd 100644
--- a/apps/web/src/app/auth/accept-organization.component.ts
+++ b/apps/web/src/app/auth/accept-organization.component.ts
@@ -18,6 +18,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { OrgKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 
 import { BaseAcceptComponent } from "../common/base.accept.component";
 
@@ -108,16 +109,14 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {
     const request = new OrganizationUserAcceptInitRequest();
     request.token = qParams.token;
 
-    const [encryptedOrgShareKey, orgShareKey] = await this.cryptoService.makeShareKey();
-    const [orgPublicKey, encryptedOrgPrivateKey] = await this.cryptoService.makeKeyPair(
-      orgShareKey
-    );
+    const [encryptedOrgKey, orgKey] = await this.cryptoService.makeOrgKey<OrgKey>();
+    const [orgPublicKey, encryptedOrgPrivateKey] = await this.cryptoService.makeKeyPair(orgKey);
     const collection = await this.cryptoService.encrypt(
       this.i18nService.t("defaultCollection"),
-      orgShareKey
+      orgKey
     );
 
-    request.key = encryptedOrgShareKey.encryptedString;
+    request.key = encryptedOrgKey.encryptedString;
     request.keys = new OrganizationKeysRequest(
       orgPublicKey,
       encryptedOrgPrivateKey.encryptedString
@@ -141,8 +140,8 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {
       const publicKey = Utils.fromB64ToArray(response.publicKey);
 
       // RSA Encrypt user's encKey.key with organization public key
-      const encKey = await this.cryptoService.getEncKey();
-      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey);
+      const userKey = await this.cryptoService.getUserKey();
+      const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey);
 
       // Add reset password key to accept request
       request.resetPasswordKey = encryptedKey.encryptedString;
diff --git a/apps/web/src/app/auth/lock.component.ts b/apps/web/src/app/auth/lock.component.ts
index 27e531c327a..bd6ede32f49 100644
--- a/apps/web/src/app/auth/lock.component.ts
+++ b/apps/web/src/app/auth/lock.component.ts
@@ -2,13 +2,13 @@ import { Component, NgZone } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { LockComponent as BaseLockComponent } from "@bitwarden/angular/auth/components/lock.component";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -17,6 +17,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
+import { DialogService } from "@bitwarden/components";
 
 import { RouterService } from "../core";
 
@@ -38,13 +39,14 @@ export class LockComponent extends BaseLockComponent {
     stateService: StateService,
     apiService: ApiService,
     logService: LogService,
-    keyConnectorService: KeyConnectorService,
     ngZone: NgZone,
     policyApiService: PolicyApiServiceAbstraction,
     policyService: InternalPolicyService,
     passwordStrengthService: PasswordStrengthServiceAbstraction,
-    dialogService: DialogServiceAbstraction,
-    route: ActivatedRoute
+    route: ActivatedRoute,
+    dialogService: DialogService,
+    deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    userVerificationService: UserVerificationService
   ) {
     super(
       router,
@@ -58,13 +60,14 @@ export class LockComponent extends BaseLockComponent {
       stateService,
       apiService,
       logService,
-      keyConnectorService,
       ngZone,
       policyApiService,
       policyService,
       passwordStrengthService,
       route,
-      dialogService
+      dialogService,
+      deviceTrustCryptoService,
+      userVerificationService
     );
   }
 
diff --git a/apps/web/src/app/auth/login/login-decryption-options/login-decryption-options.component.html b/apps/web/src/app/auth/login/login-decryption-options/login-decryption-options.component.html
new file mode 100644
index 00000000000..ed59cc12388
--- /dev/null
+++ b/apps/web/src/app/auth/login/login-decryption-options/login-decryption-options.component.html
@@ -0,0 +1,105 @@
+<div class="tw-container tw-mx-auto">
+  <div
+    class="tw-mx-auto tw-mt-5 tw-flex tw-max-w-lg tw-flex-col tw-items-center tw-justify-center tw-p-8"
+  >
+    <div class="tw-mb-6">
+      <img class="logo logo-themed" alt="Bitwarden" />
+    </div>
+
+    <ng-container *ngIf="loading">
+      <p class="text-center">
+        <i
+          class="bwi bwi-spinner bwi-spin bwi-2x text-muted"
+          title="{{ 'loading' | i18n }}"
+          aria-hidden="true"
+        ></i>
+        <span class="sr-only">{{ "loading" | i18n }}</span>
+      </p>
+    </ng-container>
+
+    <div
+      *ngIf="!loading"
+      class="tw-w-full tw-rounded-md tw-border tw-border-solid tw-border-secondary-300 tw-bg-background tw-p-6"
+    >
+      <ng-container *ngIf="data.state == State.ExistingUserUntrustedDevice">
+        <h2 bitTypography="h2" class="tw-mb-6">{{ "loginInitiated" | i18n }}</h2>
+
+        <p bitTypography="body1" class="tw-mb-6">
+          {{ "deviceApprovalRequired" | i18n }}
+        </p>
+
+        <form [formGroup]="rememberDeviceForm">
+          <bit-form-control>
+            <input type="checkbox" bitCheckbox formControlName="rememberDevice" />
+            <bit-label>{{ "rememberThisDevice" | i18n }} </bit-label>
+            <bit-hint bitTypography="body2">{{ "uncheckIfPublicDevice" | i18n }}</bit-hint>
+          </bit-form-control>
+        </form>
+
+        <div class="tw-mb-6 tw-flex tw-flex-col tw-space-y-3">
+          <button
+            *ngIf="data.showApproveFromOtherDeviceBtn"
+            (click)="approveFromOtherDevice()"
+            bitButton
+            type="button"
+            buttonType="primary"
+            block
+          >
+            {{ "approveFromYourOtherDevice" | i18n }}
+          </button>
+
+          <button
+            *ngIf="data.showReqAdminApprovalBtn"
+            (click)="requestAdminApproval()"
+            bitButton
+            type="button"
+            buttonType="secondary"
+          >
+            {{ "requestAdminApproval" | i18n }}
+          </button>
+
+          <button
+            *ngIf="data.showApproveWithMasterPasswordBtn"
+            (click)="approveWithMasterPassword()"
+            bitButton
+            type="button"
+            buttonType="secondary"
+            block
+          >
+            {{ "approveWithMasterPassword" | i18n }}
+          </button>
+        </div>
+      </ng-container>
+
+      <ng-container *ngIf="data.state == State.NewUser">
+        <h2 bitTypography="h2" class="tw-mb-6">{{ "loggedInExclamation" | i18n }}</h2>
+
+        <form [formGroup]="rememberDeviceForm">
+          <bit-form-control>
+            <input type="checkbox" bitCheckbox formControlName="rememberDevice" />
+            <bit-label>{{ "rememberThisDevice" | i18n }} </bit-label>
+            <bit-hint bitTypography="body2">{{ "uncheckIfPublicDevice" | i18n }}</bit-hint>
+          </bit-form-control>
+        </form>
+
+        <button
+          bitButton
+          type="button"
+          buttonType="primary"
+          block
+          class="tw-mb-6"
+          [bitAction]="createUserAction"
+        >
+          {{ "continue" | i18n }}
+        </button>
+      </ng-container>
+
+      <hr class="tw-mb-6 tw-mt-0" />
+
+      <div class="tw-m-0 tw-text-sm">
+        <p class="tw-mb-1">{{ "loggingInAs" | i18n }} {{ data.userEmail }}</p>
+        <a [routerLink]="[]" (click)="logOut()">{{ "notYou" | i18n }}</a>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/apps/web/src/app/auth/login/login-decryption-options/login-decryption-options.component.ts b/apps/web/src/app/auth/login/login-decryption-options/login-decryption-options.component.ts
new file mode 100644
index 00000000000..2c97bd227f9
--- /dev/null
+++ b/apps/web/src/app/auth/login/login-decryption-options/login-decryption-options.component.ts
@@ -0,0 +1,21 @@
+import { Component } from "@angular/core";
+
+import { BaseLoginDecryptionOptionsComponent } from "@bitwarden/angular/auth/components/base-login-decryption-options.component";
+@Component({
+  selector: "web-login-decryption-options",
+  templateUrl: "login-decryption-options.component.html",
+})
+export class LoginDecryptionOptionsComponent extends BaseLoginDecryptionOptionsComponent {
+  override async createUser(): Promise<void> {
+    try {
+      await super.createUser();
+      await this.router.navigate(["/vault"]);
+    } catch (error) {
+      this.validationService.showError(error);
+    }
+  }
+
+  createUserAction = async (): Promise<void> => {
+    return this.createUser();
+  };
+}
diff --git a/apps/web/src/app/auth/login/login-with-device.component.html b/apps/web/src/app/auth/login/login-with-device.component.html
index f190f8f5c6e..80811ac8b64 100644
--- a/apps/web/src/app/auth/login/login-with-device.component.html
+++ b/apps/web/src/app/auth/login/login-with-device.component.html
@@ -5,42 +5,71 @@
 >
   <div>
     <img class="logo logo-themed" alt="Bitwarden" />
-    <p class="tw-mx-4 tw-mb-4 tw-mt-3 tw-text-center tw-text-xl">
-      {{ "loginOrCreateNewAccount" | i18n }}
-    </p>
 
-    <div
-      class="tw-mt-3 tw-rounded-md tw-border tw-border-solid tw-border-secondary-300 tw-bg-background tw-p-6"
-    >
-      <h2 class="tw-mb-6 tw-text-xl tw-font-semibold">{{ "logInInitiated" | i18n }}</h2>
+    <ng-container *ngIf="state == StateEnum.StandardAuthRequest">
+      <p class="tw-mx-4 tw-mb-4 tw-mt-3 tw-text-center tw-text-xl">
+        {{ "loginOrCreateNewAccount" | i18n }}
+      </p>
 
-      <div class="tw-text-light">
-        <p class="tw-mb-6">{{ "notificationSentDevice" | i18n }}</p>
+      <div
+        class="tw-mt-3 tw-rounded-md tw-border tw-border-solid tw-border-secondary-300 tw-bg-background tw-p-6"
+      >
+        <h2 class="tw-mb-6 tw-text-xl tw-font-semibold">{{ "loginInitiated" | i18n }}</h2>
 
-        <p class="tw-mb-6">
-          {{ "fingerprintMatchInfo" | i18n }}
-        </p>
+        <div class="tw-text-light">
+          <p class="tw-mb-6">{{ "notificationSentDevice" | i18n }}</p>
+
+          <p class="tw-mb-6">
+            {{ "fingerprintMatchInfo" | i18n }}
+          </p>
+        </div>
+
+        <div class="tw-mb-6">
+          <h4 class="tw-font-semibold">{{ "fingerprintPhraseHeader" | i18n }}</h4>
+          <p>
+            <code>{{ fingerprintPhrase }}</code>
+          </p>
+        </div>
+
+        <div class="tw-my-10" *ngIf="showResendNotification">
+          <a [routerLink]="[]" disabled="true" (click)="startPasswordlessLogin()">{{
+            "resendNotification" | i18n
+          }}</a>
+        </div>
+
+        <hr />
+
+        <div class="tw-text-light tw-mt-3">
+          {{ "loginWithDeviceEnabledNote" | i18n }}
+          <a routerLink="/login">{{ "viewAllLoginOptions" | i18n }}</a>
+        </div>
       </div>
+    </ng-container>
+    <ng-container *ngIf="state == StateEnum.AdminAuthRequest">
+      <div
+        class="tw-mt-3 tw-rounded-md tw-border tw-border-solid tw-border-secondary-300 tw-bg-background tw-p-6"
+      >
+        <h2 class="tw-mb-6 tw-text-xl tw-font-semibold">{{ "adminApprovalRequested" | i18n }}</h2>
 
-      <div class="tw-mb-6">
-        <h4 class="tw-font-semibold">{{ "fingerprintPhraseHeader" | i18n }}</h4>
-        <p>
-          <code>{{ fingerprintPhrase }}</code>
-        </p>
+        <div class="tw-text-light">
+          <p class="tw-mb-6">{{ "adminApprovalRequestSentToAdmins" | i18n }}</p>
+          <p class="tw-mb-6">{{ "youWillBeNotifiedOnceApproved" | i18n }}</p>
+        </div>
+
+        <div class="tw-mb-6">
+          <h4 class="tw-font-semibold">{{ "fingerprintPhraseHeader" | i18n }}</h4>
+          <p>
+            <code>{{ fingerprintPhrase }}</code>
+          </p>
+        </div>
+
+        <hr />
+
+        <div class="tw-text-light tw-mt-3">
+          {{ "troubleLoggingIn" | i18n }}
+          <a routerLink="/login-initiated">{{ "viewAllLoginOptions" | i18n }}</a>
+        </div>
       </div>
-
-      <div class="tw-my-10" *ngIf="showResendNotification">
-        <a [routerLink]="[]" disabled="true" (click)="startPasswordlessLogin()">{{
-          "resendNotification" | i18n
-        }}</a>
-      </div>
-
-      <hr />
-
-      <div class="tw-text-light tw-mt-3">
-        {{ "loginWithDeviceEnabledNote" | i18n }}
-        <a routerLink="/login">{{ "viewAllLoginOptions" | i18n }}</a>
-      </div>
-    </div>
+    </ng-container>
   </div>
 </div>
diff --git a/apps/web/src/app/auth/login/login-with-device.component.ts b/apps/web/src/app/auth/login/login-with-device.component.ts
index c5e73bf04b1..ff66bdb886b 100644
--- a/apps/web/src/app/auth/login/login-with-device.component.ts
+++ b/apps/web/src/app/auth/login/login-with-device.component.ts
@@ -4,7 +4,9 @@ import { Router } from "@angular/router";
 import { LoginWithDeviceComponent as BaseLoginWithDeviceComponent } from "@bitwarden/angular/auth/components/login-with-device.component";
 import { AnonymousHubService } from "@bitwarden/common/abstractions/anonymousHub.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AuthRequestCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-crypto.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
@@ -41,7 +43,9 @@ export class LoginWithDeviceComponent
     anonymousHubService: AnonymousHubService,
     validationService: ValidationService,
     stateService: StateService,
-    loginService: LoginService
+    loginService: LoginService,
+    deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    authReqCryptoService: AuthRequestCryptoServiceAbstraction
   ) {
     super(
       router,
@@ -58,7 +62,9 @@ export class LoginWithDeviceComponent
       anonymousHubService,
       validationService,
       stateService,
-      loginService
+      loginService,
+      deviceTrustCryptoService,
+      authReqCryptoService
     );
   }
 }
diff --git a/apps/web/src/app/auth/login/login.component.ts b/apps/web/src/app/auth/login/login.component.ts
index e3d0c35c981..bcddfcf173d 100644
--- a/apps/web/src/app/auth/login/login.component.ts
+++ b/apps/web/src/app/auth/login/login.component.ts
@@ -6,7 +6,6 @@ import { first } from "rxjs/operators";
 
 import { LoginComponent as BaseLoginComponent } from "@bitwarden/angular/auth/components/login.component";
 import { FormValidationErrorsService } from "@bitwarden/angular/platform/abstractions/form-validation-errors.service";
-import { DevicesApiServiceAbstraction } from "@bitwarden/common/abstractions/devices/devices-api.service.abstraction";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyData } from "@bitwarden/common/admin-console/models/data/policy.data";
@@ -14,6 +13,7 @@ import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/mod
 import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
 import { PolicyResponse } from "@bitwarden/common/admin-console/models/response/policy.response";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
diff --git a/apps/web/src/app/auth/login/login.module.ts b/apps/web/src/app/auth/login/login.module.ts
index b01fa015888..2a074ca2a61 100644
--- a/apps/web/src/app/auth/login/login.module.ts
+++ b/apps/web/src/app/auth/login/login.module.ts
@@ -4,12 +4,13 @@ import { CheckboxModule } from "@bitwarden/components";
 
 import { SharedModule } from "../../../app/shared";
 
+import { LoginDecryptionOptionsComponent } from "./login-decryption-options/login-decryption-options.component";
 import { LoginWithDeviceComponent } from "./login-with-device.component";
 import { LoginComponent } from "./login.component";
 
 @NgModule({
   imports: [SharedModule, CheckboxModule],
-  declarations: [LoginComponent, LoginWithDeviceComponent],
-  exports: [LoginComponent, LoginWithDeviceComponent],
+  declarations: [LoginComponent, LoginWithDeviceComponent, LoginDecryptionOptionsComponent],
+  exports: [LoginComponent, LoginWithDeviceComponent, LoginDecryptionOptionsComponent],
 })
 export class LoginModule {}
diff --git a/apps/web/src/app/auth/recover-two-factor.component.ts b/apps/web/src/app/auth/recover-two-factor.component.ts
index 06816d85460..2d6140780a0 100644
--- a/apps/web/src/app/auth/recover-two-factor.component.ts
+++ b/apps/web/src/app/auth/recover-two-factor.component.ts
@@ -35,7 +35,7 @@ export class RecoverTwoFactorComponent {
       request.recoveryCode = this.recoveryCode.replace(/\s/g, "").toLowerCase();
       request.email = this.email.trim().toLowerCase();
       const key = await this.authService.makePreloginKey(this.masterPassword, request.email);
-      request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, key);
+      request.masterPasswordHash = await this.cryptoService.hashMasterKey(this.masterPassword, key);
       this.formPromise = this.apiService.postTwoFactorRecover(request);
       await this.formPromise;
       this.platformUtilsService.showToast(
diff --git a/apps/web/src/app/auth/register-form/register-form.component.html b/apps/web/src/app/auth/register-form/register-form.component.html
index 44a53fb6e40..9a5220c57d4 100644
--- a/apps/web/src/app/auth/register-form/register-form.component.html
+++ b/apps/web/src/app/auth/register-form/register-form.component.html
@@ -123,8 +123,7 @@
       </bit-label>
     </div>
 
-    <hr />
-    <div class="tw-flex tw-space-x-2 tw-pt-2">
+    <div class="tw-space-x-2 tw-pt-2">
       <ng-container *ngIf="!accountCreated">
         <button
           [block]="true"
@@ -135,10 +134,6 @@
         >
           {{ "createAccount" | i18n }}
         </button>
-        <a bitButton [block]="true" buttonType="secondary" routerLink="/login">
-          <i class="bwi bwi-sign-in tw-mr-2"></i>
-          {{ "logIn" | i18n }}
-        </a>
       </ng-container>
       <ng-container *ngIf="accountCreated">
         <button
@@ -152,6 +147,10 @@
         </button>
       </ng-container>
     </div>
+    <p class="tw-m-0 tw-mt-5 tw-text-sm">
+      {{ "alreadyHaveAccount" | i18n }}
+      <a routerLink="/login">{{ "logIn" | i18n }}</a>
+    </p>
     <bit-error-summary *ngIf="showErrorSummary" [formGroup]="formGroup"></bit-error-summary>
   </div>
 </form>
diff --git a/apps/web/src/app/auth/register-form/register-form.component.ts b/apps/web/src/app/auth/register-form/register-form.component.ts
index 887f5562481..0a494ec333e 100644
--- a/apps/web/src/app/auth/register-form/register-form.component.ts
+++ b/apps/web/src/app/auth/register-form/register-form.component.ts
@@ -4,7 +4,6 @@ import { Router } from "@angular/router";
 
 import { RegisterComponent as BaseRegisterComponent } from "@bitwarden/angular/components/register.component";
 import { FormValidationErrorsService } from "@bitwarden/angular/platform/abstractions/form-validation-errors.service";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -18,6 +17,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-register-form",
@@ -46,7 +46,7 @@ export class RegisterFormComponent extends BaseRegisterComponent {
     environmentService: EnvironmentService,
     logService: LogService,
     auditService: AuditService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       formValidationErrorService,
diff --git a/apps/web/src/app/auth/set-password.component.ts b/apps/web/src/app/auth/set-password.component.ts
index fcce84a9c2a..49320ced5d8 100644
--- a/apps/web/src/app/auth/set-password.component.ts
+++ b/apps/web/src/app/auth/set-password.component.ts
@@ -2,7 +2,6 @@ import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { SetPasswordComponent as BaseSetPasswordComponent } from "@bitwarden/angular/components/set-password.component";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
@@ -15,6 +14,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-set-password",
@@ -36,7 +36,7 @@ export class SetPasswordComponent extends BaseSetPasswordComponent {
     stateService: StateService,
     organizationApiService: OrganizationApiServiceAbstraction,
     organizationUserService: OrganizationUserService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
diff --git a/apps/web/src/app/settings/change-password.component.html b/apps/web/src/app/auth/settings/change-password.component.html
similarity index 94%
rename from apps/web/src/app/settings/change-password.component.html
rename to apps/web/src/app/auth/settings/change-password.component.html
index 3321b8f9dfe..7088cb5a686 100644
--- a/apps/web/src/app/settings/change-password.component.html
+++ b/apps/web/src/app/auth/settings/change-password.component.html
@@ -89,12 +89,12 @@
       <input
         class="form-check-input"
         type="checkbox"
-        id="rotateEncKey"
-        name="RotateEncKey"
-        [(ngModel)]="rotateEncKey"
-        (change)="rotateEncKeyClicked()"
+        id="rotateUserKey"
+        name="RotateUserKey"
+        [(ngModel)]="rotateUserKey"
+        (change)="rotateUserKeyClicked()"
       />
-      <label class="form-check-label" for="rotateEncKey">
+      <label class="form-check-label" for="rotateUserKey">
         {{ "rotateAccountEncKey" | i18n }}
       </label>
       <a
diff --git a/apps/web/src/app/settings/change-password.component.ts b/apps/web/src/app/auth/settings/change-password.component.ts
similarity index 81%
rename from apps/web/src/app/settings/change-password.component.ts
rename to apps/web/src/app/auth/settings/change-password.component.ts
index 4b6d5d5af4b..00baee44d0a 100644
--- a/apps/web/src/app/settings/change-password.component.ts
+++ b/apps/web/src/app/auth/settings/change-password.component.ts
@@ -3,7 +3,6 @@ import { Router } from "@angular/router";
 import { firstValueFrom } from "rxjs";
 
 import { ChangePasswordComponent as BaseChangePasswordComponent } from "@bitwarden/angular/auth/components/change-password.component";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
@@ -11,7 +10,9 @@ import { OrganizationUserResetPasswordEnrollmentRequest } from "@bitwarden/commo
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { EmergencyAccessStatusType } from "@bitwarden/common/auth/enums/emergency-access-status-type";
 import { EmergencyAccessUpdateRequest } from "@bitwarden/common/auth/models/request/emergency-access-update.request";
 import { PasswordRequest } from "@bitwarden/common/auth/models/request/password.request";
@@ -23,7 +24,11 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import {
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { SendWithIdRequest } from "@bitwarden/common/tools/send/models/request/send-with-id.request";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
@@ -32,13 +37,14 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CipherWithIdRequest } from "@bitwarden/common/vault/models/request/cipher-with-id.request";
 import { FolderWithIdRequest } from "@bitwarden/common/vault/models/request/folder-with-id.request";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-change-password",
   templateUrl: "change-password.component.html",
 })
 export class ChangePasswordComponent extends BaseChangePasswordComponent {
-  rotateEncKey = false;
+  rotateUserKey = false;
   currentMasterPassword: string;
   masterPasswordHint: string;
   checkForBreaches = true;
@@ -63,7 +69,9 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
     private router: Router,
     private organizationApiService: OrganizationApiServiceAbstraction,
     private organizationUserService: OrganizationUserService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService,
+    private userVerificationService: UserVerificationService,
+    private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction
   ) {
     super(
       i18nService,
@@ -78,7 +86,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
   }
 
   async ngOnInit() {
-    if (await this.keyConnectorService.getUsesKeyConnector()) {
+    if (!(await this.userVerificationService.hasMasterPassword())) {
       this.router.navigate(["/settings/security/two-factor"]);
     }
 
@@ -88,8 +96,8 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
     this.characterMinimumMessage = this.i18nService.t("characterMinimum", this.minimumLength);
   }
 
-  async rotateEncKeyClicked() {
-    if (this.rotateEncKey) {
+  async rotateUserKeyClicked() {
+    if (this.rotateUserKey) {
       const ciphers = await this.cipherService.getAllDecrypted();
       let hasOldAttachments = false;
       if (ciphers != null) {
@@ -107,7 +115,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
           content: { key: "oldAttachmentsNeedFixDesc" },
           acceptButtonText: { key: "learnMore" },
           cancelButtonText: { key: "close" },
-          type: SimpleDialogType.WARNING,
+          type: "warning",
         });
 
         if (learnMore) {
@@ -115,7 +123,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
             "https://bitwarden.com/help/attachments/#add-storage-space"
           );
         }
-        this.rotateEncKey = false;
+        this.rotateUserKey = false;
         return;
       }
 
@@ -127,18 +135,18 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
           this.i18nService.t("updateEncryptionKeyExportWarning") +
           " " +
           this.i18nService.t("rotateEncKeyConfirmation"),
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!result) {
-        this.rotateEncKey = false;
+        this.rotateUserKey = false;
       }
     }
   }
 
   async submit() {
-    const hasEncKey = await this.cryptoService.hasEncKey();
-    if (!hasEncKey) {
+    const hasUserKey = await this.cryptoService.hasUserKey();
+    if (!hasUserKey) {
       this.platformUtilsService.showToast("error", null, this.i18nService.t("updateKey"));
       return;
     }
@@ -170,7 +178,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
       return false;
     }
 
-    if (this.rotateEncKey) {
+    if (this.rotateUserKey) {
       await this.syncService.fullSync(true);
     }
 
@@ -179,22 +187,23 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
 
   async performSubmitActions(
     newMasterPasswordHash: string,
-    newKey: SymmetricCryptoKey,
-    newEncKey: [SymmetricCryptoKey, EncString]
+    newMasterKey: MasterKey,
+    newUserKey: [UserKey, EncString]
   ) {
+    const masterKey = await this.cryptoService.getOrDeriveMasterKey(this.currentMasterPassword);
     const request = new PasswordRequest();
-    request.masterPasswordHash = await this.cryptoService.hashPassword(
+    request.masterPasswordHash = await this.cryptoService.hashMasterKey(
       this.currentMasterPassword,
-      null
+      masterKey
     );
     request.masterPasswordHint = this.masterPasswordHint;
     request.newMasterPasswordHash = newMasterPasswordHash;
-    request.key = newEncKey[1].encryptedString;
+    request.key = newUserKey[1].encryptedString;
 
     try {
-      if (this.rotateEncKey) {
+      if (this.rotateUserKey) {
         this.formPromise = this.apiService.postPassword(request).then(() => {
-          return this.updateKey(newKey, request.newMasterPasswordHash);
+          return this.updateKey(newMasterKey, request.newMasterPasswordHash);
         });
       } else {
         this.formPromise = this.apiService.postPassword(request);
@@ -213,16 +222,16 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
     }
   }
 
-  private async updateKey(key: SymmetricCryptoKey, masterPasswordHash: string) {
-    const encKey = await this.cryptoService.makeEncKey(key);
-    const privateKey = await this.cryptoService.getPrivateKey();
+  private async updateKey(masterKey: MasterKey, masterPasswordHash: string) {
+    const [newUserKey, masterKeyEncUserKey] = await this.cryptoService.makeUserKey(masterKey);
+    const userPrivateKey = await this.cryptoService.getPrivateKey();
     let encPrivateKey: EncString = null;
-    if (privateKey != null) {
-      encPrivateKey = await this.cryptoService.encrypt(privateKey, encKey[0]);
+    if (userPrivateKey != null) {
+      encPrivateKey = await this.cryptoService.encrypt(userPrivateKey, newUserKey);
     }
     const request = new UpdateKeyRequest();
     request.privateKey = encPrivateKey != null ? encPrivateKey.encryptedString : null;
-    request.key = encKey[1].encryptedString;
+    request.key = masterKeyEncUserKey.encryptedString;
     request.masterPasswordHash = masterPasswordHash;
 
     const folders = await firstValueFrom(this.folderService.folderViews$);
@@ -230,7 +239,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
       if (folders[i].id == null) {
         continue;
       }
-      const folder = await this.folderService.encrypt(folders[i], encKey[0]);
+      const folder = await this.folderService.encrypt(folders[i], newUserKey);
       request.folders.push(new FolderWithIdRequest(folder));
     }
 
@@ -240,24 +249,26 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
         continue;
       }
 
-      const cipher = await this.cipherService.encrypt(ciphers[i], encKey[0]);
+      const cipher = await this.cipherService.encrypt(ciphers[i], newUserKey);
       request.ciphers.push(new CipherWithIdRequest(cipher));
     }
 
     const sends = await firstValueFrom(this.sendService.sends$);
     await Promise.all(
       sends.map(async (send) => {
-        const cryptoKey = await this.cryptoService.decryptToBytes(send.key, null);
-        send.key = (await this.cryptoService.encrypt(cryptoKey, encKey[0])) ?? send.key;
+        const sendKey = await this.cryptoService.decryptToBytes(send.key, null);
+        send.key = (await this.cryptoService.encrypt(sendKey, newUserKey)) ?? send.key;
         request.sends.push(new SendWithIdRequest(send));
       })
     );
 
+    await this.deviceTrustCryptoService.rotateDevicesTrust(newUserKey, masterPasswordHash);
+
     await this.apiService.postAccountKey(request);
 
-    await this.updateEmergencyAccesses(encKey[0]);
+    await this.updateEmergencyAccesses(newUserKey);
 
-    await this.updateAllResetPasswordKeys(encKey[0], masterPasswordHash);
+    await this.updateAllResetPasswordKeys(newUserKey, masterPasswordHash);
   }
 
   private async updateEmergencyAccesses(encKey: SymmetricCryptoKey) {
@@ -285,7 +296,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
     }
   }
 
-  private async updateAllResetPasswordKeys(encKey: SymmetricCryptoKey, masterPasswordHash: string) {
+  private async updateAllResetPasswordKeys(userKey: UserKey, masterPasswordHash: string) {
     const orgs = await this.organizationService.getAll();
 
     for (const org of orgs) {
@@ -299,7 +310,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
       const publicKey = Utils.fromB64ToArray(response?.publicKey);
 
       // Re-enroll - encrypt user's encKey.key with organization public key
-      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey);
+      const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey);
 
       // Create/Execute request
       const request = new OrganizationUserResetPasswordEnrollmentRequest();
diff --git a/apps/web/src/app/auth/settings/emergency-access/emergency-access-attachments.component.ts b/apps/web/src/app/auth/settings/emergency-access/emergency-access-attachments.component.ts
index a62f56bbc6a..77ed083e57b 100644
--- a/apps/web/src/app/auth/settings/emergency-access/emergency-access-attachments.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/emergency-access-attachments.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AttachmentsComponent as BaseAttachmentsComponent } from "@bitwarden/angular/vault/components/attachments.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -11,6 +10,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { AttachmentView } from "@bitwarden/common/vault/models/view/attachment.view";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "emergency-access-attachments",
@@ -29,7 +29,7 @@ export class EmergencyAccessAttachmentsComponent extends BaseAttachmentsComponen
     apiService: ApiService,
     logService: LogService,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/web/src/app/auth/settings/emergency-access/emergency-access-takeover.component.ts b/apps/web/src/app/auth/settings/emergency-access/emergency-access-takeover.component.ts
index 026529dc116..db9917bb931 100644
--- a/apps/web/src/app/auth/settings/emergency-access/emergency-access-takeover.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/emergency-access-takeover.component.ts
@@ -2,7 +2,6 @@ import { Component, EventEmitter, Input, OnDestroy, OnInit, Output } from "@angu
 import { takeUntil } from "rxjs";
 
 import { ChangePasswordComponent } from "@bitwarden/angular/auth/components/change-password.component";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyData } from "@bitwarden/common/admin-console/models/data/policy.data";
@@ -17,8 +16,12 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import {
+  SymmetricCryptoKey,
+  UserKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "emergency-access-takeover",
@@ -48,7 +51,7 @@ export class EmergencyAccessTakeoverComponent
     policyService: PolicyService,
     private apiService: ApiService,
     private logService: LogService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
@@ -91,9 +94,9 @@ export class EmergencyAccessTakeoverComponent
     );
 
     const oldKeyBuffer = await this.cryptoService.rsaDecrypt(takeoverResponse.keyEncrypted);
-    const oldEncKey = new SymmetricCryptoKey(oldKeyBuffer);
+    const oldUserKey = new SymmetricCryptoKey(oldKeyBuffer) as UserKey;
 
-    if (oldEncKey == null) {
+    if (oldUserKey == null) {
       this.platformUtilsService.showToast(
         "error",
         this.i18nService.t("errorOccurred"),
@@ -102,7 +105,7 @@ export class EmergencyAccessTakeoverComponent
       return;
     }
 
-    const key = await this.cryptoService.makeKey(
+    const masterKey = await this.cryptoService.makeMasterKey(
       this.masterPassword,
       this.email,
       takeoverResponse.kdf,
@@ -112,12 +115,12 @@ export class EmergencyAccessTakeoverComponent
         takeoverResponse.kdfParallelism
       )
     );
-    const masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, key);
+    const masterKeyHash = await this.cryptoService.hashMasterKey(this.masterPassword, masterKey);
 
-    const encKey = await this.cryptoService.remakeEncKey(key, oldEncKey);
+    const encKey = await this.cryptoService.encryptUserKeyWithMasterKey(masterKey, oldUserKey);
 
     const request = new EmergencyAccessPasswordRequest();
-    request.newMasterPasswordHash = masterPasswordHash;
+    request.newMasterPasswordHash = masterKeyHash;
     request.key = encKey[1].encryptedString;
 
     this.apiService.postEmergencyAccessPassword(this.emergencyAccessId, request);
diff --git a/apps/web/src/app/auth/settings/emergency-access/emergency-access-view.component.ts b/apps/web/src/app/auth/settings/emergency-access/emergency-access-view.component.ts
index 95079802489..f7936d361b4 100644
--- a/apps/web/src/app/auth/settings/emergency-access/emergency-access-view.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/emergency-access-view.component.ts
@@ -5,7 +5,10 @@ import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { EmergencyAccessViewResponse } from "@bitwarden/common/auth/models/response/emergency-access.response";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import {
+  SymmetricCryptoKey,
+  UserKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherData } from "@bitwarden/common/vault/models/data/cipher.data";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
@@ -87,13 +90,13 @@ export class EmergencyAccessViewComponent implements OnInit {
 
     const decCiphers: CipherView[] = [];
     const oldKeyBuffer = await this.cryptoService.rsaDecrypt(response.keyEncrypted);
-    const oldEncKey = new SymmetricCryptoKey(oldKeyBuffer);
+    const oldUserKey = new SymmetricCryptoKey(oldKeyBuffer) as UserKey;
 
     const promises: any[] = [];
     ciphers.forEach((cipherResponse) => {
       const cipherData = new CipherData(cipherResponse);
       const cipher = new Cipher(cipherData);
-      promises.push(cipher.decrypt(oldEncKey).then((c) => decCiphers.push(c)));
+      promises.push(cipher.decrypt(oldUserKey).then((c) => decCiphers.push(c)));
     });
 
     await Promise.all(promises);
diff --git a/apps/web/src/app/auth/settings/emergency-access/emergency-access.component.ts b/apps/web/src/app/auth/settings/emergency-access/emergency-access.component.ts
index fd1158ed477..06b51102228 100644
--- a/apps/web/src/app/auth/settings/emergency-access/emergency-access.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/emergency-access.component.ts
@@ -1,7 +1,6 @@
 import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
 
 import { UserNamePipe } from "@bitwarden/angular/pipes/user-name.pipe";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
@@ -19,6 +18,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { DialogService } from "@bitwarden/components";
 
 import { EmergencyAccessAddEditComponent } from "./emergency-access-add-edit.component";
 import { EmergencyAccessConfirmComponent } from "./emergency-access-confirm.component";
@@ -56,7 +56,7 @@ export class EmergencyAccessComponent implements OnInit {
     private logService: LogService,
     private stateService: StateService,
     private organizationService: OrganizationService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -174,7 +174,7 @@ export class EmergencyAccessComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: this.userNamePipe.transform(details),
       content: { key: "removeUserConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -207,7 +207,7 @@ export class EmergencyAccessComponent implements OnInit {
         placeholders: [details.waitTimeDays.toString()],
       },
       acceptButtonText: { key: "requestAccess" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -236,7 +236,7 @@ export class EmergencyAccessComponent implements OnInit {
         placeholders: [this.userNamePipe.transform(details), type],
       },
       acceptButtonText: { key: "approve" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -300,9 +300,12 @@ export class EmergencyAccessComponent implements OnInit {
     }
   }
 
-  // Encrypt the master password hash using the grantees public key, and send it to bitwarden for escrow.
+  // Encrypt the user key with the grantees public key, and send it to bitwarden for escrow.
   private async doConfirmation(details: EmergencyAccessGranteeDetailsResponse) {
-    const encKey = await this.cryptoService.getEncKey();
+    const userKey = await this.cryptoService.getUserKey();
+    if (!userKey) {
+      throw new Error("No user key found");
+    }
     const publicKeyResponse = await this.apiService.getUserPublicKey(details.granteeId);
     const publicKey = Utils.fromB64ToArray(publicKeyResponse.publicKey);
 
@@ -315,7 +318,7 @@ export class EmergencyAccessComponent implements OnInit {
       // Ignore errors since it's just a debug message
     }
 
-    const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey);
+    const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey);
     const request = new EmergencyAccessConfirmRequest();
     request.key = encryptedKey.encryptedString;
     await this.apiService.postEmergencyAccessConfirm(details.id, request);
diff --git a/apps/web/src/app/auth/settings/emergency-access/emergency-add-edit.component.ts b/apps/web/src/app/auth/settings/emergency-access/emergency-add-edit.component.ts
index 8c3269fbdb5..925ebbf3ea6 100644
--- a/apps/web/src/app/auth/settings/emergency-access/emergency-add-edit.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/emergency-add-edit.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { TotpService } from "@bitwarden/common/abstractions/totp.service";
@@ -18,6 +17,7 @@ import { CollectionService } from "@bitwarden/common/vault/abstractions/collecti
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
+import { DialogService } from "@bitwarden/components";
 
 import { AddEditComponent as BaseAddEditComponent } from "../../../vault/individual-vault/add-edit.component";
 
@@ -47,7 +47,7 @@ export class EmergencyAddEditComponent extends BaseAddEditComponent {
     organizationService: OrganizationService,
     logService: LogService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/web/src/app/auth/settings/two-factor-authenticator.component.ts b/apps/web/src/app/auth/settings/two-factor-authenticator.component.ts
index 29cc6df156f..1687f366fff 100644
--- a/apps/web/src/app/auth/settings/two-factor-authenticator.component.ts
+++ b/apps/web/src/app/auth/settings/two-factor-authenticator.component.ts
@@ -1,6 +1,5 @@
 import { Component, OnDestroy, OnInit } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -12,6 +11,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { DialogService } from "@bitwarden/components";
 
 import { TwoFactorBaseComponent } from "./two-factor-base.component";
 
@@ -52,7 +52,7 @@ export class TwoFactorAuthenticatorComponent
     platformUtilsService: PlatformUtilsService,
     logService: LogService,
     private stateService: StateService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       apiService,
diff --git a/apps/web/src/app/auth/settings/two-factor-base.component.ts b/apps/web/src/app/auth/settings/two-factor-base.component.ts
index d60da177a59..24178a676c4 100644
--- a/apps/web/src/app/auth/settings/two-factor-base.component.ts
+++ b/apps/web/src/app/auth/settings/two-factor-base.component.ts
@@ -1,6 +1,5 @@
 import { Directive, EventEmitter, Output } from "@angular/core";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -11,6 +10,7 @@ import { AuthResponseBase } from "@bitwarden/common/auth/types/auth-response";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 @Directive()
 export abstract class TwoFactorBaseComponent {
@@ -32,7 +32,7 @@ export abstract class TwoFactorBaseComponent {
     protected platformUtilsService: PlatformUtilsService,
     protected logService: LogService,
     protected userVerificationService: UserVerificationService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {}
 
   protected auth(authResponse: AuthResponseBase) {
@@ -54,7 +54,7 @@ export abstract class TwoFactorBaseComponent {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "disable" },
       content: { key: "twoStepDisableDesc" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/apps/web/src/app/auth/settings/two-factor-duo.component.ts b/apps/web/src/app/auth/settings/two-factor-duo.component.ts
index 354f58f7f2b..45ec065e080 100644
--- a/apps/web/src/app/auth/settings/two-factor-duo.component.ts
+++ b/apps/web/src/app/auth/settings/two-factor-duo.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -10,6 +9,7 @@ import { AuthResponse } from "@bitwarden/common/auth/types/auth-response";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { TwoFactorBaseComponent } from "./two-factor-base.component";
 
@@ -32,7 +32,7 @@ export class TwoFactorDuoComponent extends TwoFactorBaseComponent {
     platformUtilsService: PlatformUtilsService,
     logService: LogService,
     userVerificationService: UserVerificationService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       apiService,
diff --git a/apps/web/src/app/auth/settings/two-factor-email.component.ts b/apps/web/src/app/auth/settings/two-factor-email.component.ts
index 8a7976a19e5..1ca6d31b46f 100644
--- a/apps/web/src/app/auth/settings/two-factor-email.component.ts
+++ b/apps/web/src/app/auth/settings/two-factor-email.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -12,6 +11,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { DialogService } from "@bitwarden/components";
 
 import { TwoFactorBaseComponent } from "./two-factor-base.component";
 
@@ -36,7 +36,7 @@ export class TwoFactorEmailComponent extends TwoFactorBaseComponent {
     logService: LogService,
     userVerificationService: UserVerificationService,
     private stateService: StateService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       apiService,
diff --git a/apps/web/src/app/auth/settings/two-factor-verify.component.html b/apps/web/src/app/auth/settings/two-factor-verify.component.html
index 523514f1ae8..87d6b099846 100644
--- a/apps/web/src/app/auth/settings/two-factor-verify.component.html
+++ b/apps/web/src/app/auth/settings/two-factor-verify.component.html
@@ -1,6 +1,5 @@
 <form #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate>
   <div class="modal-body">
-    <p>{{ "twoStepLoginAuthDesc" | i18n }}</p>
     <app-user-verification [(ngModel)]="secret" ngDefaultControl name="secret">
     </app-user-verification>
   </div>
diff --git a/apps/web/src/app/auth/settings/two-factor-webauthn.component.ts b/apps/web/src/app/auth/settings/two-factor-webauthn.component.ts
index d528e81a8c1..4a9f7ceba31 100644
--- a/apps/web/src/app/auth/settings/two-factor-webauthn.component.ts
+++ b/apps/web/src/app/auth/settings/two-factor-webauthn.component.ts
@@ -1,6 +1,5 @@
 import { Component, NgZone } from "@angular/core";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -15,6 +14,7 @@ import { AuthResponse } from "@bitwarden/common/auth/types/auth-response";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { TwoFactorBaseComponent } from "./two-factor-base.component";
 
@@ -51,7 +51,7 @@ export class TwoFactorWebAuthnComponent extends TwoFactorBaseComponent {
     private ngZone: NgZone,
     logService: LogService,
     userVerificationService: UserVerificationService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       apiService,
@@ -98,7 +98,7 @@ export class TwoFactorWebAuthnComponent extends TwoFactorBaseComponent {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: name,
       content: { key: "removeU2fConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/apps/web/src/app/auth/settings/two-factor-yubikey.component.ts b/apps/web/src/app/auth/settings/two-factor-yubikey.component.ts
index b9d2bd69f88..32e9da7c959 100644
--- a/apps/web/src/app/auth/settings/two-factor-yubikey.component.ts
+++ b/apps/web/src/app/auth/settings/two-factor-yubikey.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -10,6 +9,7 @@ import { AuthResponse } from "@bitwarden/common/auth/types/auth-response";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { TwoFactorBaseComponent } from "./two-factor-base.component";
 
@@ -38,7 +38,7 @@ export class TwoFactorYubiKeyComponent extends TwoFactorBaseComponent {
     platformUtilsService: PlatformUtilsService,
     logService: LogService,
     userVerificationService: UserVerificationService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       apiService,
diff --git a/apps/web/src/app/auth/shared/components/user-verification/user-verification-prompt.component.ts b/apps/web/src/app/auth/shared/components/user-verification/user-verification-prompt.component.ts
index 2abacd3e8a5..17667416174 100644
--- a/apps/web/src/app/auth/shared/components/user-verification/user-verification-prompt.component.ts
+++ b/apps/web/src/app/auth/shared/components/user-verification/user-verification-prompt.component.ts
@@ -3,11 +3,11 @@ import { Component, Inject } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
 
 import { UserVerificationPromptComponent as BaseUserVerificationPrompt } from "@bitwarden/angular/auth/components/user-verification-prompt.component";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ModalConfig } from "@bitwarden/angular/services/modal.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 export interface UserVerificationPromptParams {
   confirmDescription: string;
@@ -50,7 +50,7 @@ export class UserVerificationPromptComponent extends BaseUserVerificationPrompt
  * @param config Configuration for the dialog
  */
 export const openUserVerificationPrompt = (
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config: DialogConfig<UserVerificationPromptParams>
 ) => {
   return dialogService.open<boolean, UserVerificationPromptParams>(
diff --git a/apps/web/src/app/auth/shared/components/user-verification/user-verification.component.html b/apps/web/src/app/auth/shared/components/user-verification/user-verification.component.html
index a15ce41738b..0770ea4dfe1 100644
--- a/apps/web/src/app/auth/shared/components/user-verification/user-verification.component.html
+++ b/apps/web/src/app/auth/shared/components/user-verification/user-verification.component.html
@@ -1,4 +1,4 @@
-<ng-container *ngIf="!usesKeyConnector">
+<ng-container *ngIf="hasMasterPassword">
   <bit-form-field disableMargin>
     <bit-label>{{ "masterPass" | i18n }}</bit-label>
     <input
@@ -14,7 +14,7 @@
     <bit-hint>{{ "confirmIdentity" | i18n }}</bit-hint>
   </bit-form-field>
 </ng-container>
-<ng-container *ngIf="usesKeyConnector">
+<ng-container *ngIf="!hasMasterPassword">
   <div class="tw-mb-6">
     <label class="tw-block">{{ "sendVerificationCode" | i18n }}</label>
     <button type="button" bitButton buttonType="secondary" [bitAction]="requestOTP" appAutofocus>
diff --git a/apps/web/src/app/auth/sso.component.ts b/apps/web/src/app/auth/sso.component.ts
index 0b1ec0e0006..fbd626db7ff 100644
--- a/apps/web/src/app/auth/sso.component.ts
+++ b/apps/web/src/app/auth/sso.component.ts
@@ -10,6 +10,7 @@ import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { HttpStatusCode } from "@bitwarden/common/enums";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -39,7 +40,8 @@ export class SsoComponent extends BaseSsoComponent {
     logService: LogService,
     private orgDomainApiService: OrgDomainApiServiceAbstraction,
     private loginService: LoginService,
-    private validationService: ValidationService
+    private validationService: ValidationService,
+    configService: ConfigServiceAbstraction
   ) {
     super(
       authService,
@@ -52,7 +54,8 @@ export class SsoComponent extends BaseSsoComponent {
       cryptoFunctionService,
       environmentService,
       passwordGenerationService,
-      logService
+      logService,
+      configService
     );
     this.redirectUri = window.location.origin + "/sso-connector.html";
     this.clientId = "web";
diff --git a/apps/web/src/app/auth/two-factor.component.ts b/apps/web/src/app/auth/two-factor.component.ts
index 57b384e97cc..29903317619 100644
--- a/apps/web/src/app/auth/two-factor.component.ts
+++ b/apps/web/src/app/auth/two-factor.component.ts
@@ -1,7 +1,8 @@
-import { Component, ViewChild, ViewContainerRef } from "@angular/core";
+import { Component, Inject, ViewChild, ViewContainerRef } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 
 import { TwoFactorComponent as BaseTwoFactorComponent } from "@bitwarden/angular/auth/components/two-factor.component";
+import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
@@ -9,6 +10,7 @@ import { LoginService } from "@bitwarden/common/auth/abstractions/login.service"
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -42,7 +44,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     twoFactorService: TwoFactorService,
     appIdService: AppIdService,
     private routerService: RouterService,
-    loginService: LoginService
+    loginService: LoginService,
+    configService: ConfigServiceAbstraction,
+    @Inject(WINDOW) protected win: Window
   ) {
     super(
       authService,
@@ -50,14 +54,15 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       i18nService,
       apiService,
       platformUtilsService,
-      window,
+      win,
       environmentService,
       stateService,
       route,
       logService,
       twoFactorService,
       appIdService,
-      loginService
+      loginService,
+      configService
     );
     this.onSuccessfulLoginNavigate = this.goAfterLogIn;
   }
@@ -81,7 +86,7 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     );
   }
 
-  async goAfterLogIn() {
+  goAfterLogIn = async () => {
     this.loginService.clearValues();
     const previousUrl = this.routerService.getPreviousUrl();
     if (previousUrl) {
@@ -103,9 +108,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
 
       this.router.navigate([this.successRoute], {
         queryParams: {
-          identifier: this.identifier,
+          identifier: this.orgIdentifier,
         },
       });
     }
-  }
+  };
 }
diff --git a/apps/web/src/app/auth/update-password.component.ts b/apps/web/src/app/auth/update-password.component.ts
index 6c8e81fb4bb..d4e1e360e99 100644
--- a/apps/web/src/app/auth/update-password.component.ts
+++ b/apps/web/src/app/auth/update-password.component.ts
@@ -2,7 +2,6 @@ import { Component } from "@angular/core";
 import { Router } from "@angular/router";
 
 import { UpdatePasswordComponent as BaseUpdatePasswordComponent } from "@bitwarden/angular/auth/components/update-password.component";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
@@ -13,6 +12,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-update-password",
@@ -31,7 +31,7 @@ export class UpdatePasswordComponent extends BaseUpdatePasswordComponent {
     logService: LogService,
     stateService: StateService,
     userVerificationService: UserVerificationService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       router,
diff --git a/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts b/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts
index f03fb72faf2..dedc99edcb1 100644
--- a/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts
+++ b/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts
@@ -3,7 +3,6 @@ import { Component, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { concatMap, Subject, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalConfig, ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
@@ -19,6 +18,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { DialogService } from "@bitwarden/components";
 
 import {
   BillingSyncApiKeyComponent,
@@ -47,8 +47,8 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
   firstLoaded = false;
   loading: boolean;
 
-  private readonly _smBetaEndingDate = new Date(2023, 7, 25);
-  private readonly _smGracePeriodEndingDate = new Date(2023, 9, 24);
+  private readonly _smBetaEndingDate = new Date(2023, 7, 15);
+  private readonly _smGracePeriodEndingDate = new Date(2023, 10, 14);
 
   private destroy$ = new Subject<void>();
 
@@ -61,7 +61,7 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
     private organizationService: OrganizationService,
     private organizationApiService: OrganizationApiServiceAbstraction,
     private route: ActivatedRoute,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private configService: ConfigServiceAbstraction,
     private datePipe: DatePipe
   ) {}
@@ -279,7 +279,7 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "cancelSubscription" },
       content: { key: "cancelConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -307,7 +307,7 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "reinstateSubscription" },
       content: { key: "reinstateConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -379,7 +379,7 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy
       title: { key: "removeSponsorship" },
       content: { key: "removeSponsorshipConfirmation" },
       acceptButtonText: { key: "remove" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/apps/web/src/app/billing/settings/organization-plans.component.ts b/apps/web/src/app/billing/settings/organization-plans.component.ts
index 7d9f76708ea..c84d9511a17 100644
--- a/apps/web/src/app/billing/settings/organization-plans.component.ts
+++ b/apps/web/src/app/billing/settings/organization-plans.component.ts
@@ -31,7 +31,10 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import {
+  OrgKey,
+  SymmetricCryptoKey,
+} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 
 import { secretsManagerSubscribeFormFactory } from "../organizations/secrets-manager/sm-subscribe.component";
@@ -314,16 +317,11 @@ export class OrganizationPlansComponent implements OnInit, OnDestroy {
       return 0;
     }
 
-    let subTotal = plan.basePrice;
-    if (plan.hasAdditionalSeatsOption && formValues.userSeats) {
-      subTotal += this.seatTotal(plan, formValues.userSeats);
-    }
-
-    if (plan.hasAdditionalStorageOption && formValues.additionalServiceAccounts) {
-      subTotal += this.additionalServiceAccountTotal(this.selectedPlan);
-    }
-
-    return subTotal;
+    return (
+      plan.basePrice +
+      this.seatTotal(plan, formValues.userSeats) +
+      this.additionalServiceAccountTotal(plan)
+    );
   }
 
   get freeTrial() {
@@ -420,19 +418,19 @@ export class OrganizationPlansComponent implements OnInit, OnDestroy {
       const doSubmit = async (): Promise<string> => {
         let orgId: string = null;
         if (this.createOrganization) {
-          const shareKey = await this.cryptoService.makeShareKey();
-          const key = shareKey[0].encryptedString;
+          const orgKey = await this.cryptoService.makeOrgKey<OrgKey>();
+          const key = orgKey[0].encryptedString;
           const collection = await this.cryptoService.encrypt(
             this.i18nService.t("defaultCollection"),
-            shareKey[1]
+            orgKey[1]
           );
           const collectionCt = collection.encryptedString;
-          const orgKeys = await this.cryptoService.makeKeyPair(shareKey[1]);
+          const orgKeys = await this.cryptoService.makeKeyPair(orgKey[1]);
 
           if (this.selfHosted) {
             orgId = await this.createSelfHosted(key, collectionCt, orgKeys);
           } else {
-            orgId = await this.createCloudHosted(key, collectionCt, orgKeys, shareKey[1]);
+            orgId = await this.createCloudHosted(key, collectionCt, orgKeys, orgKey[1]);
           }
 
           this.platformUtilsService.showToast(
diff --git a/apps/web/src/app/billing/settings/payment-method.component.ts b/apps/web/src/app/billing/settings/payment-method.component.ts
index 4792e0fb715..a5509262629 100644
--- a/apps/web/src/app/billing/settings/payment-method.component.ts
+++ b/apps/web/src/app/billing/settings/payment-method.component.ts
@@ -2,7 +2,6 @@ import { Component, OnInit, ViewChild } from "@angular/core";
 import { FormBuilder, FormControl, Validators } from "@angular/forms";
 import { ActivatedRoute, Router } from "@angular/router";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationResponse } from "@bitwarden/common/admin-console/models/response/organization.response";
@@ -12,6 +11,7 @@ import { VerifyBankRequest } from "@bitwarden/common/models/request/verify-bank.
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { TaxInfoComponent } from "./tax-info.component";
 
@@ -57,7 +57,7 @@ export class PaymentMethodComponent implements OnInit {
     private logService: LogService,
     private route: ActivatedRoute,
     private formBuilder: FormBuilder,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -100,7 +100,7 @@ export class PaymentMethodComponent implements OnInit {
         content: { key: "cannotPerformInAppPurchase" },
         acceptButtonText: { key: "ok" },
         cancelButtonText: null,
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       return;
@@ -122,7 +122,7 @@ export class PaymentMethodComponent implements OnInit {
         content: { key: "cannotPerformInAppPurchase" },
         acceptButtonText: { key: "ok" },
         cancelButtonText: null,
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       return;
diff --git a/apps/web/src/app/billing/settings/user-subscription.component.ts b/apps/web/src/app/billing/settings/user-subscription.component.ts
index 278c39d22f3..d058f7f1051 100644
--- a/apps/web/src/app/billing/settings/user-subscription.component.ts
+++ b/apps/web/src/app/billing/settings/user-subscription.component.ts
@@ -1,7 +1,6 @@
 import { Component, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SubscriptionResponse } from "@bitwarden/common/billing/models/response/subscription.response";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -10,6 +9,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-user-subscription",
@@ -36,7 +36,7 @@ export class UserSubscriptionComponent implements OnInit {
     private router: Router,
     private logService: LogService,
     private fileDownloadService: FileDownloadService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private environmentService: EnvironmentService
   ) {
     this.selfHosted = platformUtilsService.isSelfHost();
@@ -75,7 +75,7 @@ export class UserSubscriptionComponent implements OnInit {
         content: { key: "manageSubscriptionFromStore" },
         acceptButtonText: { key: "ok" },
         cancelButtonText: null,
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       return;
@@ -84,7 +84,7 @@ export class UserSubscriptionComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "reinstateSubscription" },
       content: { key: "reinstateConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -112,7 +112,7 @@ export class UserSubscriptionComponent implements OnInit {
         content: { key: "manageSubscriptionFromStore" },
         acceptButtonText: { key: "ok" },
         cancelButtonText: null,
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       return;
@@ -121,7 +121,7 @@ export class UserSubscriptionComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "cancelSubscription" },
       content: { key: "cancelConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -175,7 +175,7 @@ export class UserSubscriptionComponent implements OnInit {
         content: { key: "cannotPerformInAppPurchase" },
         acceptButtonText: { key: "ok" },
         cancelButtonText: null,
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       return;
diff --git a/apps/web/src/app/common/base.people.component.ts b/apps/web/src/app/common/base.people.component.ts
index e14706c2e92..d4093ad28b4 100644
--- a/apps/web/src/app/common/base.people.component.ts
+++ b/apps/web/src/app/common/base.people.component.ts
@@ -2,7 +2,6 @@ import { Directive, ViewChild, ViewContainerRef } from "@angular/core";
 
 import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe";
 import { UserNamePipe } from "@bitwarden/angular/pipes/user-name.pipe";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
@@ -21,6 +20,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { DialogService } from "@bitwarden/components";
 
 import { OrganizationUserView } from "../admin-console/organizations/core/views/organization-user.view";
 import { UserConfirmComponent } from "../admin-console/organizations/manage/user-confirm.component";
@@ -110,7 +110,7 @@ export abstract class BasePeopleComponent<
     private searchPipe: SearchPipe,
     protected userNamePipe: UserNamePipe,
     protected stateService: StateService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {}
 
   abstract edit(user: UserType): void;
@@ -222,7 +222,7 @@ export abstract class BasePeopleComponent<
     return this.dialogService.openSimpleDialog({
       title: this.userNamePipe.transform(user),
       content: { key: "removeUserConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
   }
 
@@ -252,7 +252,7 @@ export abstract class BasePeopleComponent<
       title: { key: "revokeAccess", placeholders: [this.userNamePipe.transform(user)] },
       content: this.revokeWarningMessage(),
       acceptButtonText: { key: "revokeAccess" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
   }
 
diff --git a/apps/web/src/app/core/event.service.ts b/apps/web/src/app/core/event.service.ts
index 1247c5a3678..d3e8f2d158f 100644
--- a/apps/web/src/app/core/event.service.ts
+++ b/apps/web/src/app/core/event.service.ts
@@ -80,6 +80,9 @@ export class EventService {
       case EventType.User_MigratedKeyToKeyConnector:
         msg = humanReadableMsg = this.i18nService.t("migratedKeyConnector");
         break;
+      case EventType.User_RequestedDeviceApproval:
+        msg = humanReadableMsg = this.i18nService.t("requestedDeviceApproval");
+        break;
       // Cipher
       case EventType.Cipher_Created:
         msg = this.i18nService.t("createdItemId", this.formatCipherId(ev, options));
@@ -307,6 +310,20 @@ export class EventService {
           this.getShortId(ev.organizationUserId)
         );
         break;
+      case EventType.OrganizationUser_ApprovedAuthRequest:
+        msg = this.i18nService.t("approvedAuthRequest", this.formatOrgUserId(ev));
+        humanReadableMsg = this.i18nService.t(
+          "approvedAuthRequest",
+          this.getShortId(ev.organizationUserId)
+        );
+        break;
+      case EventType.OrganizationUser_RejectedAuthRequest:
+        msg = this.i18nService.t("rejectedAuthRequest", this.formatOrgUserId(ev));
+        humanReadableMsg = this.i18nService.t(
+          "rejectedAuthRequest",
+          this.getShortId(ev.organizationUserId)
+        );
+        break;
       // Org
       case EventType.Organization_Updated:
         msg = humanReadableMsg = this.i18nService.t("editedOrgSettings");
diff --git a/apps/web/src/app/core/init.service.ts b/apps/web/src/app/core/init.service.ts
index 8e0e0d600ff..3437c4f3e93 100644
--- a/apps/web/src/app/core/init.service.ts
+++ b/apps/web/src/app/core/init.service.ts
@@ -4,7 +4,6 @@ import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { AbstractThemingService } from "@bitwarden/angular/services/theming/theming.service.abstraction";
 import { EventUploadService as EventUploadServiceAbstraction } from "@bitwarden/common/abstractions/event/event-upload.service";
 import { NotificationsService as NotificationsServiceAbstraction } from "@bitwarden/common/abstractions/notifications.service";
-import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
 import { TwoFactorService as TwoFactorServiceAbstraction } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { CryptoService as CryptoServiceAbstraction } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
@@ -16,7 +15,7 @@ import { I18nService as I18nServiceAbstraction } from "@bitwarden/common/platfor
 import { StateService as StateServiceAbstraction } from "@bitwarden/common/platform/abstractions/state.service";
 import { ContainerService } from "@bitwarden/common/platform/services/container.service";
 import { EventUploadService } from "@bitwarden/common/services/event/event-upload.service";
-import { VaultTimeoutService as VaultTimeoutService } from "@bitwarden/common/services/vaultTimeout/vaultTimeout.service";
+import { VaultTimeoutService } from "@bitwarden/common/services/vault-timeout/vault-timeout.service";
 
 import { I18nService } from "../core/i18n.service";
 
@@ -26,7 +25,7 @@ export class InitService {
     @Inject(WINDOW) private win: Window,
     private environmentService: EnvironmentServiceAbstraction,
     private notificationsService: NotificationsServiceAbstraction,
-    private vaultTimeoutService: VaultTimeoutServiceAbstraction,
+    private vaultTimeoutService: VaultTimeoutService,
     private i18nService: I18nServiceAbstraction,
     private eventUploadService: EventUploadServiceAbstraction,
     private twoFactorService: TwoFactorServiceAbstraction,
@@ -48,7 +47,7 @@ export class InitService {
       this.environmentService.initialized = true;
 
       setTimeout(() => this.notificationsService.init(), 3000);
-      (this.vaultTimeoutService as VaultTimeoutService).init(true);
+      await this.vaultTimeoutService.init(true);
       const locale = await this.stateService.getLocale();
       await (this.i18nService as I18nService).init(locale);
       (this.eventUploadService as EventUploadService).init(true);
diff --git a/apps/web/src/app/guards/home.guard.ts b/apps/web/src/app/guards/home.guard.ts
deleted file mode 100644
index bbcf3448c7c..00000000000
--- a/apps/web/src/app/guards/home.guard.ts
+++ /dev/null
@@ -1,24 +0,0 @@
-import { Injectable } from "@angular/core";
-import { ActivatedRouteSnapshot, CanActivate, Router } from "@angular/router";
-
-import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
-import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
-
-@Injectable({
-  providedIn: "root",
-})
-export class HomeGuard implements CanActivate {
-  constructor(private router: Router, private authService: AuthService) {}
-
-  async canActivate(route: ActivatedRouteSnapshot) {
-    const authStatus = await this.authService.getAuthStatus();
-
-    if (authStatus === AuthenticationStatus.LoggedOut) {
-      return this.router.createUrlTree(["/login"], { queryParams: route.queryParams });
-    }
-    if (authStatus === AuthenticationStatus.Locked) {
-      return this.router.createUrlTree(["/lock"], { queryParams: route.queryParams });
-    }
-    return this.router.createUrlTree(["/vault"], { queryParams: route.queryParams });
-  }
-}
diff --git a/apps/web/src/app/layouts/navbar.component.html b/apps/web/src/app/layouts/navbar.component.html
index edb7836554b..cecd5599abd 100644
--- a/apps/web/src/app/layouts/navbar.component.html
+++ b/apps/web/src/app/layouts/navbar.component.html
@@ -84,7 +84,7 @@
               {{ "getApps" | i18n }}
             </a>
             <bit-menu-divider></bit-menu-divider>
-            <button bitMenuItem type="button" (click)="lock()">
+            <button *ngIf="canLock$ | async" bitMenuItem type="button" (click)="lock()">
               <i class="bwi bwi-fw bwi-lock" aria-hidden="true"></i>
               {{ "lockNow" | i18n }}
             </button>
diff --git a/apps/web/src/app/layouts/navbar.component.ts b/apps/web/src/app/layouts/navbar.component.ts
index f2721663314..8dc36e4fb37 100644
--- a/apps/web/src/app/layouts/navbar.component.ts
+++ b/apps/web/src/app/layouts/navbar.component.ts
@@ -1,6 +1,7 @@
 import { Component, OnInit } from "@angular/core";
-import { Observable } from "rxjs";
+import { map, Observable } from "rxjs";
 
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
 import {
   canAccessAdmin,
   OrganizationService,
@@ -8,6 +9,7 @@ import {
 import { ProviderService } from "@bitwarden/common/admin-console/abstractions/provider.service";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
+import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { Provider } from "@bitwarden/common/models/domain/provider";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -26,6 +28,7 @@ export class NavbarComponent implements OnInit {
   providers: Provider[] = [];
   userId: string;
   organizations$: Observable<Organization[]>;
+  canLock$: Observable<boolean>;
 
   constructor(
     private messagingService: MessagingService,
@@ -34,6 +37,7 @@ export class NavbarComponent implements OnInit {
     private providerService: ProviderService,
     private syncService: SyncService,
     private organizationService: OrganizationService,
+    private vaultTimeoutSettingsService: VaultTimeoutSettingsService,
     private i18nService: I18nService
   ) {
     this.selfHosted = this.platformUtilsService.isSelfHost();
@@ -56,6 +60,9 @@ export class NavbarComponent implements OnInit {
     this.organizations$ = this.organizationService.memberOrganizations$.pipe(
       canAccessAdmin(this.i18nService)
     );
+    this.canLock$ = this.vaultTimeoutSettingsService
+      .availableVaultTimeoutActions$()
+      .pipe(map((actions) => actions.includes(VaultTimeoutAction.Lock)));
   }
 
   lock() {
diff --git a/apps/web/src/app/oss-routing.module.ts b/apps/web/src/app/oss-routing.module.ts
index 0f7a15b17ad..e6f4caa112b 100644
--- a/apps/web/src/app/oss-routing.module.ts
+++ b/apps/web/src/app/oss-routing.module.ts
@@ -1,9 +1,15 @@
 import { NgModule } from "@angular/core";
 import { Route, RouterModule, Routes } from "@angular/router";
 
-import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
-import { LockGuard } from "@bitwarden/angular/auth/guards/lock.guard";
-import { UnauthGuard } from "@bitwarden/angular/auth/guards/unauth.guard";
+import {
+  AuthGuard,
+  lockGuard,
+  redirectGuard,
+  tdeDecryptionRequiredGuard,
+  UnauthGuard,
+} from "@bitwarden/angular/auth/guards";
+import { canAccessFeature } from "@bitwarden/angular/guard/feature-flag.guard";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
 import { SubscriptionRoutingModule } from "../app/billing/settings/subscription-routing.module";
 import { flagEnabled, Flags } from "../utils/flags";
@@ -16,6 +22,7 @@ import { AcceptEmergencyComponent } from "./auth/accept-emergency.component";
 import { AcceptOrganizationComponent } from "./auth/accept-organization.component";
 import { HintComponent } from "./auth/hint.component";
 import { LockComponent } from "./auth/lock.component";
+import { LoginDecryptionOptionsComponent } from "./auth/login/login-decryption-options/login-decryption-options.component";
 import { LoginWithDeviceComponent } from "./auth/login/login-with-device.component";
 import { LoginComponent } from "./auth/login/login.component";
 import { RecoverDeleteComponent } from "./auth/recover-delete.component";
@@ -31,7 +38,6 @@ import { UpdatePasswordComponent } from "./auth/update-password.component";
 import { UpdateTempPasswordComponent } from "./auth/update-temp-password.component";
 import { VerifyEmailTokenComponent } from "./auth/verify-email-token.component";
 import { VerifyRecoverDeleteComponent } from "./auth/verify-recover-delete.component";
-import { HomeGuard } from "./guards/home.guard";
 import { FrontendLayoutComponent } from "./layouts/frontend-layout.component";
 import { UserLayoutComponent } from "./layouts/user-layout.component";
 import { ReportsModule } from "./reports";
@@ -56,7 +62,7 @@ const routes: Routes = [
         path: "",
         pathMatch: "full",
         children: [], // Children lets us have an empty component.
-        canActivate: [HomeGuard], // Redirects either to vault, login or lock page.
+        canActivate: [redirectGuard()], // Redirects either to vault, login, or lock page.
       },
       { path: "login", component: LoginComponent, canActivate: [UnauthGuard] },
       {
@@ -64,7 +70,20 @@ const routes: Routes = [
         component: LoginWithDeviceComponent,
         data: { titleId: "loginWithDevice" },
       },
+      {
+        path: "admin-approval-requested",
+        component: LoginWithDeviceComponent,
+        data: { titleId: "loginWithDevice" },
+      },
       { path: "2fa", component: TwoFactorComponent, canActivate: [UnauthGuard] },
+      {
+        path: "login-initiated",
+        component: LoginDecryptionOptionsComponent,
+        canActivate: [
+          tdeDecryptionRequiredGuard(),
+          canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
+        ],
+      },
       {
         path: "register",
         component: TrialInitiationComponent,
@@ -96,7 +115,7 @@ const routes: Routes = [
       {
         path: "lock",
         component: LockComponent,
-        canActivate: [LockGuard],
+        canActivate: [lockGuard()],
       },
       { path: "verify-email", component: VerifyEmailTokenComponent },
       {
diff --git a/apps/web/src/app/reports/reports-routing.module.ts b/apps/web/src/app/reports/reports-routing.module.ts
index cfb90d092fe..6bbba15c9b4 100644
--- a/apps/web/src/app/reports/reports-routing.module.ts
+++ b/apps/web/src/app/reports/reports-routing.module.ts
@@ -1,7 +1,7 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
-import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
+import { AuthGuard } from "@bitwarden/angular/auth/guards";
 
 import { HasPremiumGuard } from "../core/guards/has-premium.guard";
 
diff --git a/apps/web/src/app/settings/account.component.ts b/apps/web/src/app/settings/account.component.ts
index 4cedadc40e7..45f5375654d 100644
--- a/apps/web/src/app/settings/account.component.ts
+++ b/apps/web/src/app/settings/account.component.ts
@@ -1,9 +1,7 @@
 import { Component, ViewChild, ViewContainerRef } from "@angular/core";
 
 import { ModalService } from "@bitwarden/angular/services/modal.service";
-import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 
 import { DeauthorizeSessionsComponent } from "../auth/settings/deauthorize-sessions.component";
 
@@ -26,13 +24,11 @@ export class AccountComponent {
 
   constructor(
     private modalService: ModalService,
-    private apiService: ApiService,
-    private keyConnectorService: KeyConnectorService,
-    private stateService: StateService
+    private userVerificationService: UserVerificationService
   ) {}
 
   async ngOnInit() {
-    this.showChangeEmail = !(await this.keyConnectorService.getUsesKeyConnector());
+    this.showChangeEmail = await this.userVerificationService.hasMasterPassword();
   }
 
   async deauthorizeSessions() {
diff --git a/apps/web/src/app/settings/change-email.component.ts b/apps/web/src/app/settings/change-email.component.ts
index c28bf3dcfd6..76e78fcba9d 100644
--- a/apps/web/src/app/settings/change-email.component.ts
+++ b/apps/web/src/app/settings/change-email.component.ts
@@ -42,8 +42,8 @@ export class ChangeEmailComponent implements OnInit {
   }
 
   async submit() {
-    const hasEncKey = await this.cryptoService.hasEncKey();
-    if (!hasEncKey) {
+    const hasUserKey = await this.cryptoService.hasUserKey();
+    if (!hasUserKey) {
       this.platformUtilsService.showToast("error", null, this.i18nService.t("updateKey"));
       return;
     }
@@ -52,7 +52,10 @@ export class ChangeEmailComponent implements OnInit {
     if (!this.tokenSent) {
       const request = new EmailTokenRequest();
       request.newEmail = this.newEmail;
-      request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);
+      request.masterPasswordHash = await this.cryptoService.hashMasterKey(
+        this.masterPassword,
+        await this.cryptoService.getOrDeriveMasterKey(this.masterPassword)
+      );
       try {
         this.formPromise = this.apiService.postEmailToken(request);
         await this.formPromise;
@@ -64,21 +67,24 @@ export class ChangeEmailComponent implements OnInit {
       const request = new EmailRequest();
       request.token = this.token;
       request.newEmail = this.newEmail;
-      request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);
+      request.masterPasswordHash = await this.cryptoService.hashMasterKey(
+        this.masterPassword,
+        await this.cryptoService.getOrDeriveMasterKey(this.masterPassword)
+      );
       const kdf = await this.stateService.getKdfType();
       const kdfConfig = await this.stateService.getKdfConfig();
-      const newKey = await this.cryptoService.makeKey(
+      const newMasterKey = await this.cryptoService.makeMasterKey(
         this.masterPassword,
         this.newEmail,
         kdf,
         kdfConfig
       );
-      request.newMasterPasswordHash = await this.cryptoService.hashPassword(
+      request.newMasterPasswordHash = await this.cryptoService.hashMasterKey(
         this.masterPassword,
-        newKey
+        newMasterKey
       );
-      const newEncKey = await this.cryptoService.remakeEncKey(newKey);
-      request.key = newEncKey[1].encryptedString;
+      const newUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(newMasterKey);
+      request.key = newUserKey[1].encryptedString;
       try {
         this.formPromise = this.apiService.postEmail(request);
         await this.formPromise;
diff --git a/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts b/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
index ebf74f44570..dd2a8c45d95 100644
--- a/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
+++ b/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts
@@ -46,8 +46,8 @@ export class ChangeKdfConfirmationComponent {
 
   async submit() {
     this.loading = true;
-    const hasEncKey = await this.cryptoService.hasEncKey();
-    if (!hasEncKey) {
+    const hasUserKey = await this.cryptoService.hasUserKey();
+    if (!hasUserKey) {
       this.platformUtilsService.showToast("error", null, this.i18nService.t("updateKey"));
       return;
     }
@@ -75,17 +75,21 @@ export class ChangeKdfConfirmationComponent {
     request.kdfIterations = this.kdfConfig.iterations;
     request.kdfMemory = this.kdfConfig.memory;
     request.kdfParallelism = this.kdfConfig.parallelism;
-    request.masterPasswordHash = await this.cryptoService.hashPassword(masterPassword, null);
+    const masterKey = await this.cryptoService.getOrDeriveMasterKey(masterPassword);
+    request.masterPasswordHash = await this.cryptoService.hashMasterKey(masterPassword, masterKey);
     const email = await this.stateService.getEmail();
-    const newKey = await this.cryptoService.makeKey(
+    const newMasterKey = await this.cryptoService.makeMasterKey(
       masterPassword,
       email,
       this.kdf,
       this.kdfConfig
     );
-    request.newMasterPasswordHash = await this.cryptoService.hashPassword(masterPassword, newKey);
-    const newEncKey = await this.cryptoService.remakeEncKey(newKey);
-    request.key = newEncKey[1].encryptedString;
+    request.newMasterPasswordHash = await this.cryptoService.hashMasterKey(
+      masterPassword,
+      newMasterKey
+    );
+    const newUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(newMasterKey);
+    request.key = newUserKey[1].encryptedString;
 
     await this.apiService.postAccountKdf(request);
   }
diff --git a/apps/web/src/app/settings/change-kdf/change-kdf.component.ts b/apps/web/src/app/settings/change-kdf/change-kdf.component.ts
index d0acf2c1d5b..3da4c5ea1d4 100644
--- a/apps/web/src/app/settings/change-kdf/change-kdf.component.ts
+++ b/apps/web/src/app/settings/change-kdf/change-kdf.component.ts
@@ -1,6 +1,5 @@
 import { Component, OnInit } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { KdfConfig } from "@bitwarden/common/auth/models/domain/kdf-config";
 import {
   DEFAULT_KDF_CONFIG,
@@ -11,6 +10,7 @@ import {
   KdfType,
 } from "@bitwarden/common/enums";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { DialogService } from "@bitwarden/components";
 
 import { ChangeKdfConfirmationComponent } from "./change-kdf-confirmation.component";
 
@@ -25,7 +25,7 @@ export class ChangeKdfComponent implements OnInit {
   kdfOptions: any[] = [];
   recommendedPbkdf2Iterations = DEFAULT_PBKDF2_ITERATIONS;
 
-  constructor(private stateService: StateService, private dialogService: DialogServiceAbstraction) {
+  constructor(private stateService: StateService, private dialogService: DialogService) {
     this.kdfOptions = [
       { name: "PBKDF2 SHA-256", value: KdfType.PBKDF2_SHA256 },
       { name: "Argon2id", value: KdfType.Argon2id },
diff --git a/apps/web/src/app/settings/preferences.component.html b/apps/web/src/app/settings/preferences.component.html
index f8a81103cb3..8fabe7e62ac 100644
--- a/apps/web/src/app/settings/preferences.component.html
+++ b/apps/web/src/app/settings/preferences.component.html
@@ -27,37 +27,45 @@
       </app-vault-timeout-input>
     </div>
   </div>
-  <div class="form-group">
-    <label>{{ "vaultTimeoutAction" | i18n }}</label>
-    <div class="form-check form-check-block">
-      <input
-        class="form-check-input"
-        type="radio"
-        name="vaultTimeoutAction"
-        id="vaultTimeoutActionLock"
-        value="{{ VaultTimeoutAction.Lock }}"
-        formControlName="vaultTimeoutAction"
-      />
-      <label class="form-check-label" for="vaultTimeoutActionLock">
-        {{ "lock" | i18n }}
-        <small>{{ "vaultTimeoutActionLockDesc" | i18n }}</small>
-      </label>
+  <ng-container *ngIf="availableVaultTimeoutActions$ | async as availableVaultTimeoutActions">
+    <div *ngIf="availableVaultTimeoutActions.length > 1" class="form-group">
+      <label>{{ "vaultTimeoutAction" | i18n }}</label>
+      <div
+        *ngIf="availableVaultTimeoutActions.includes(VaultTimeoutAction.Lock)"
+        class="form-check form-check-block"
+      >
+        <input
+          class="form-check-input"
+          type="radio"
+          name="vaultTimeoutAction"
+          id="vaultTimeoutActionLock"
+          value="{{ VaultTimeoutAction.Lock }}"
+          formControlName="vaultTimeoutAction"
+        />
+        <label class="form-check-label" for="vaultTimeoutActionLock">
+          {{ "lock" | i18n }}
+          <small>{{ "vaultTimeoutActionLockDesc" | i18n }}</small>
+        </label>
+      </div>
+      <div
+        *ngIf="availableVaultTimeoutActions.includes(VaultTimeoutAction.LogOut)"
+        class="form-check mt-2 form-check-block"
+      >
+        <input
+          class="form-check-input"
+          type="radio"
+          name="vaultTimeoutAction"
+          id="vaultTimeoutActionLogOut"
+          value="{{ VaultTimeoutAction.LogOut }}"
+          formControlName="vaultTimeoutAction"
+        />
+        <label class="form-check-label" for="vaultTimeoutActionLogOut">
+          {{ "logOut" | i18n }}
+          <small>{{ "vaultTimeoutActionLogOutDesc" | i18n }}</small>
+        </label>
+      </div>
     </div>
-    <div class="form-check mt-2 form-check-block">
-      <input
-        class="form-check-input"
-        type="radio"
-        name="vaultTimeoutAction"
-        id="vaultTimeoutActionLogOut"
-        value="{{ VaultTimeoutAction.LogOut }}"
-        formControlName="vaultTimeoutAction"
-      />
-      <label class="form-check-label" for="vaultTimeoutActionLogOut">
-        {{ "logOut" | i18n }}
-        <small>{{ "vaultTimeoutActionLogOutDesc" | i18n }}</small>
-      </label>
-    </div>
-  </div>
+  </ng-container>
   <div class="row">
     <div class="col-6">
       <div class="form-group">
diff --git a/apps/web/src/app/settings/preferences.component.ts b/apps/web/src/app/settings/preferences.component.ts
index 7a9b3c9a1c6..9412a3e8b66 100644
--- a/apps/web/src/app/settings/preferences.component.ts
+++ b/apps/web/src/app/settings/preferences.component.ts
@@ -1,11 +1,10 @@
 import { Component, OnInit } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
-import { concatMap, filter, map, Observable, Subject, takeUntil, tap } from "rxjs";
+import { concatMap, filter, firstValueFrom, map, Observable, Subject, takeUntil, tap } from "rxjs";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { AbstractThemingService } from "@bitwarden/angular/services/theming/theming.service.abstraction";
 import { SettingsService } from "@bitwarden/common/abstractions/settings.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { ThemeType } from "@bitwarden/common/enums";
@@ -15,6 +14,7 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-preferences",
@@ -24,6 +24,8 @@ export class PreferencesComponent implements OnInit {
   // For use in template
   protected readonly VaultTimeoutAction = VaultTimeoutAction;
 
+  protected availableVaultTimeoutActions$: Observable<VaultTimeoutAction[]>;
+
   vaultTimeoutPolicyCallout: Observable<{
     timeout: { hours: number; minutes: number };
     action: VaultTimeoutAction;
@@ -55,7 +57,7 @@ export class PreferencesComponent implements OnInit {
     private messagingService: MessagingService,
     private themingService: AbstractThemingService,
     private settingsService: SettingsService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {
     this.vaultTimeoutOptions = [
       { name: i18nService.t("oneMinute"), value: 1 },
@@ -89,6 +91,9 @@ export class PreferencesComponent implements OnInit {
   }
 
   async ngOnInit() {
+    this.availableVaultTimeoutActions$ =
+      this.vaultTimeoutSettingsService.availableVaultTimeoutActions$();
+
     this.vaultTimeoutPolicyCallout = this.policyService.get$(PolicyType.MaximumVaultTimeout).pipe(
       filter((policy) => policy != null),
       map((policy) => {
@@ -117,7 +122,7 @@ export class PreferencesComponent implements OnInit {
             const confirmed = await this.dialogService.openSimpleDialog({
               title: { key: "vaultTimeoutLogOutConfirmationTitle" },
               content: { key: "vaultTimeoutLogOutConfirmation" },
-              type: SimpleDialogType.WARNING,
+              type: "warning",
             });
 
             if (!confirmed) {
@@ -133,7 +138,9 @@ export class PreferencesComponent implements OnInit {
       .subscribe();
     const initialFormValues = {
       vaultTimeout: await this.vaultTimeoutSettingsService.getVaultTimeout(),
-      vaultTimeoutAction: await this.vaultTimeoutSettingsService.getVaultTimeoutAction(),
+      vaultTimeoutAction: await firstValueFrom(
+        this.vaultTimeoutSettingsService.vaultTimeoutAction$()
+      ),
       enableFavicons: !(await this.settingsService.getDisableFavicon()),
       enableFullWidth: await this.stateService.getEnableFullWidth(),
       theme: await this.stateService.getTheme(),
diff --git a/apps/web/src/app/settings/security-keys.component.ts b/apps/web/src/app/settings/security-keys.component.ts
index 887ba3d5879..2a01f6d0106 100644
--- a/apps/web/src/app/settings/security-keys.component.ts
+++ b/apps/web/src/app/settings/security-keys.component.ts
@@ -2,7 +2,7 @@ import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
 
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 
 import { ApiKeyComponent } from "./api-key.component";
@@ -20,14 +20,14 @@ export class SecurityKeysComponent implements OnInit {
   showChangeKdf = true;
 
   constructor(
-    private keyConnectorService: KeyConnectorService,
+    private userVerificationService: UserVerificationService,
     private stateService: StateService,
     private modalService: ModalService,
     private apiService: ApiService
   ) {}
 
   async ngOnInit() {
-    this.showChangeKdf = !(await this.keyConnectorService.getUsesKeyConnector());
+    this.showChangeKdf = await this.userVerificationService.hasMasterPassword();
   }
 
   async viewUserApiKey() {
diff --git a/apps/web/src/app/settings/security-routing.module.ts b/apps/web/src/app/settings/security-routing.module.ts
index 1d47a0d7750..d08d4be16fb 100644
--- a/apps/web/src/app/settings/security-routing.module.ts
+++ b/apps/web/src/app/settings/security-routing.module.ts
@@ -1,9 +1,9 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
+import { ChangePasswordComponent } from "../auth/settings/change-password.component";
 import { TwoFactorSetupComponent } from "../auth/settings/two-factor-setup.component";
 
-import { ChangePasswordComponent } from "./change-password.component";
 import { SecurityKeysComponent } from "./security-keys.component";
 import { SecurityComponent } from "./security.component";
 
diff --git a/apps/web/src/app/settings/security.component.ts b/apps/web/src/app/settings/security.component.ts
index 1c70f85edaf..3237a2e6a28 100644
--- a/apps/web/src/app/settings/security.component.ts
+++ b/apps/web/src/app/settings/security.component.ts
@@ -1,6 +1,6 @@
 import { Component } from "@angular/core";
 
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 
 @Component({
   selector: "app-security",
@@ -9,9 +9,9 @@ import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-con
 export class SecurityComponent {
   showChangePassword = true;
 
-  constructor(private keyConnectorService: KeyConnectorService) {}
+  constructor(private userVerificationService: UserVerificationService) {}
 
   async ngOnInit() {
-    this.showChangePassword = !(await this.keyConnectorService.getUsesKeyConnector());
+    this.showChangePassword = await this.userVerificationService.hasMasterPassword();
   }
 }
diff --git a/apps/web/src/app/settings/update-key.component.html b/apps/web/src/app/settings/update-key.component.html
index b39a5eb7e1a..7b94a6dca04 100644
--- a/apps/web/src/app/settings/update-key.component.html
+++ b/apps/web/src/app/settings/update-key.component.html
@@ -1,4 +1,4 @@
-<div class="modal fade" role="dialog" aria-modal="true" aria-labelledby="updateEncKeyTitle">
+<div class="modal fade" role="dialog" aria-modal="true" aria-labelledby="updateUserKeyTitle">
   <div class="modal-dialog modal-dialog-scrollable" role="document">
     <form
       class="modal-content"
@@ -8,7 +8,7 @@
       ngNativeValidate
     >
       <div class="modal-header">
-        <h1 class="modal-title" id="updateEncKeyTitle">{{ "updateEncryptionKey" | i18n }}</h1>
+        <h1 class="modal-title" id="updateUserKeyTitle">{{ "updateEncryptionKey" | i18n }}</h1>
         <button
           type="button"
           class="close"
diff --git a/apps/web/src/app/settings/update-key.component.ts b/apps/web/src/app/settings/update-key.component.ts
index 9f46d732694..8c7d7cf882f 100644
--- a/apps/web/src/app/settings/update-key.component.ts
+++ b/apps/web/src/app/settings/update-key.component.ts
@@ -36,8 +36,8 @@ export class UpdateKeyComponent {
   ) {}
 
   async submit() {
-    const hasEncKey = await this.cryptoService.hasEncKey();
-    if (hasEncKey) {
+    const hasUserKey = await this.cryptoService.hasUserKey();
+    if (hasUserKey) {
       return;
     }
 
@@ -68,17 +68,20 @@ export class UpdateKeyComponent {
   }
 
   private async makeRequest(): Promise<UpdateKeyRequest> {
-    const key = await this.cryptoService.getKey();
-    const encKey = await this.cryptoService.makeEncKey(key);
+    const masterKey = await this.cryptoService.getMasterKey();
+    const newUserKey = await this.cryptoService.makeUserKey(masterKey);
     const privateKey = await this.cryptoService.getPrivateKey();
     let encPrivateKey: EncString = null;
     if (privateKey != null) {
-      encPrivateKey = await this.cryptoService.encrypt(privateKey, encKey[0]);
+      encPrivateKey = await this.cryptoService.encrypt(privateKey, newUserKey[0]);
     }
     const request = new UpdateKeyRequest();
     request.privateKey = encPrivateKey != null ? encPrivateKey.encryptedString : null;
-    request.key = encKey[1].encryptedString;
-    request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);
+    request.key = newUserKey[1].encryptedString;
+    request.masterPasswordHash = await this.cryptoService.hashMasterKey(
+      this.masterPassword,
+      await this.cryptoService.getOrDeriveMasterKey(this.masterPassword)
+    );
 
     await this.syncService.fullSync(true);
 
@@ -87,7 +90,7 @@ export class UpdateKeyComponent {
       if (folders[i].id == null) {
         continue;
       }
-      const folder = await this.folderService.encrypt(folders[i], encKey[0]);
+      const folder = await this.folderService.encrypt(folders[i], newUserKey[0]);
       request.folders.push(new FolderWithIdRequest(folder));
     }
 
@@ -96,7 +99,7 @@ export class UpdateKeyComponent {
       if (ciphers[i].organizationId != null) {
         continue;
       }
-      const cipher = await this.cipherService.encrypt(ciphers[i], encKey[0]);
+      const cipher = await this.cipherService.encrypt(ciphers[i], newUserKey[0]);
       request.ciphers.push(new CipherWithIdRequest(cipher));
     }
 
diff --git a/apps/web/src/app/settings/vault-timeout-input.component.html b/apps/web/src/app/settings/vault-timeout-input.component.html
index eb61770c753..3791fa7e543 100644
--- a/apps/web/src/app/settings/vault-timeout-input.component.html
+++ b/apps/web/src/app/settings/vault-timeout-input.component.html
@@ -9,7 +9,9 @@
     >
       <option *ngFor="let o of vaultTimeoutOptions" [ngValue]="o.value">{{ o.name }}</option>
     </select>
-    <small class="form-text text-muted">{{ "vaultTimeoutDesc" | i18n }}</small>
+    <small class="form-text text-muted">{{
+      ((canLockVault$ | async) ? "vaultTimeoutDesc" : "vaultTimeoutLogoutDesc") | i18n
+    }}</small>
   </div>
   <div class="form-group" *ngIf="showCustom" formGroupName="custom">
     <label for="customVaultTimeout">{{ "customVaultTimeout" | i18n }}</label>
diff --git a/apps/web/src/app/shared/loose-components.module.ts b/apps/web/src/app/shared/loose-components.module.ts
index 0acb456a41e..62702349f95 100644
--- a/apps/web/src/app/shared/loose-components.module.ts
+++ b/apps/web/src/app/shared/loose-components.module.ts
@@ -26,6 +26,7 @@ import { RecoverTwoFactorComponent } from "../auth/recover-two-factor.component"
 import { RegisterFormModule } from "../auth/register-form/register-form.module";
 import { RemovePasswordComponent } from "../auth/remove-password.component";
 import { SetPasswordComponent } from "../auth/set-password.component";
+import { ChangePasswordComponent } from "../auth/settings/change-password.component";
 import { DeauthorizeSessionsComponent } from "../auth/settings/deauthorize-sessions.component";
 import { EmergencyAccessAddEditComponent } from "../auth/settings/emergency-access/emergency-access-add-edit.component";
 import { EmergencyAccessAttachmentsComponent } from "../auth/settings/emergency-access/emergency-access-attachments.component";
@@ -76,7 +77,6 @@ import { ApiKeyComponent } from "../settings/api-key.component";
 import { ChangeAvatarComponent } from "../settings/change-avatar.component";
 import { ChangeEmailComponent } from "../settings/change-email.component";
 import { ChangeKdfModule } from "../settings/change-kdf/change-kdf.module";
-import { ChangePasswordComponent } from "../settings/change-password.component";
 import { DeleteAccountComponent } from "../settings/delete-account.component";
 import { DomainRulesComponent } from "../settings/domain-rules.component";
 import { LowKdfComponent } from "../settings/low-kdf.component";
diff --git a/apps/web/src/app/tools/generator.component.ts b/apps/web/src/app/tools/generator.component.ts
index 425f5cca2ff..05c56141dc2 100644
--- a/apps/web/src/app/tools/generator.component.ts
+++ b/apps/web/src/app/tools/generator.component.ts
@@ -1,7 +1,6 @@
 import { Component } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { GeneratorComponent as BaseGeneratorComponent } from "@bitwarden/angular/tools/generator/components/generator.component";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -9,6 +8,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { UsernameGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/username";
+import { DialogService } from "@bitwarden/components";
 
 import { PasswordGeneratorHistoryComponent } from "./password-generator-history.component";
 
@@ -25,7 +25,7 @@ export class GeneratorComponent extends BaseGeneratorComponent {
     i18nService: I18nService,
     logService: LogService,
     route: ActivatedRoute,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {
     super(
       passwordGenerationService,
diff --git a/apps/web/src/app/tools/import-export/export.component.ts b/apps/web/src/app/tools/import-export/export.component.ts
index 9d57f83f2a1..b4c20384219 100644
--- a/apps/web/src/app/tools/import-export/export.component.ts
+++ b/apps/web/src/app/tools/import-export/export.component.ts
@@ -2,7 +2,6 @@ import { Component } from "@angular/core";
 import { UntypedFormBuilder } from "@angular/forms";
 import { firstValueFrom } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ExportComponent as BaseExportComponent } from "@bitwarden/angular/tools/export/components/export.component";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -13,6 +12,7 @@ import { FileDownloadService } from "@bitwarden/common/platform/abstractions/fil
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/exporter/vault-export";
 
 import { openUserVerificationPrompt } from "../../auth/shared/components/user-verification";
@@ -37,7 +37,7 @@ export class ExportComponent extends BaseExportComponent {
     userVerificationService: UserVerificationService,
     formBuilder: UntypedFormBuilder,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cryptoService,
diff --git a/apps/web/src/app/tools/import-export/import.component.html b/apps/web/src/app/tools/import-export/import.component.html
index 67c2fe45b2a..c9e3285c291 100644
--- a/apps/web/src/app/tools/import-export/import.component.html
+++ b/apps/web/src/app/tools/import-export/import.component.html
@@ -341,6 +341,10 @@
       Log in to "https://vault.passky.org" &rarr; "Import & Export" &rarr; "Export" in the Passky
       section. ("Backup" is unsupported as it is encrypted).
     </ng-container>
+    <ng-container *ngIf="format === 'protonpass'">
+      In the ProtonPass browser extension, go to Settings > Export. Export without PGP encryption
+      and save the zip file.
+    </ng-container>
   </bit-callout>
   <bit-form-field>
     <bit-label>{{ "selectImportFile" | i18n }}</bit-label>
diff --git a/apps/web/src/app/tools/import-export/import.component.ts b/apps/web/src/app/tools/import-export/import.component.ts
index cba1afdba68..eb9201f021d 100644
--- a/apps/web/src/app/tools/import-export/import.component.ts
+++ b/apps/web/src/app/tools/import-export/import.component.ts
@@ -6,7 +6,6 @@ import { concat, Observable, Subject, lastValueFrom, combineLatest } from "rxjs"
 import { map, takeUntil } from "rxjs/operators";
 import Swal, { SweetAlertIcon } from "sweetalert2";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import {
   canAccessImportExport,
@@ -24,6 +23,7 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
 import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
+import { DialogService } from "@bitwarden/components";
 import {
   ImportOption,
   ImportResult,
@@ -75,7 +75,7 @@ export class ImportComponent implements OnInit, OnDestroy {
     private logService: LogService,
     protected modalService: ModalService,
     protected syncService: SyncService,
-    protected dialogService: DialogServiceAbstraction,
+    protected dialogService: DialogService,
     protected folderService: FolderService,
     protected collectionService: CollectionService,
     protected organizationService: OrganizationService,
@@ -326,7 +326,15 @@ export class ImportComponent implements OnInit, OnDestroy {
 
   private getFileContents(file: File): Promise<string> {
     if (this.format === "1password1pux") {
-      return this.extract1PuxContent(file);
+      return this.extractZipContent(file, "export.data");
+    }
+    if (
+      this.format === "protonpass" &&
+      (file.type === "application/zip" ||
+        file.type == "application/x-zip-compressed" ||
+        file.name.endsWith(".zip"))
+    ) {
+      return this.extractZipContent(file, "Proton Pass/data.json");
     }
 
     return new Promise((resolve, reject) => {
@@ -353,11 +361,11 @@ export class ImportComponent implements OnInit, OnDestroy {
     });
   }
 
-  private extract1PuxContent(file: File): Promise<string> {
+  private extractZipContent(zipFile: File, contentFilePath: string): Promise<string> {
     return new JSZip()
-      .loadAsync(file)
+      .loadAsync(zipFile)
       .then((zip) => {
-        return zip.file("export.data").async("string");
+        return zip.file(contentFilePath).async("string");
       })
       .then(
         function success(content) {
diff --git a/apps/web/src/app/tools/send/add-edit.component.ts b/apps/web/src/app/tools/send/add-edit.component.ts
index c7ab4542bcf..cb3e2543e28 100644
--- a/apps/web/src/app/tools/send/add-edit.component.ts
+++ b/apps/web/src/app/tools/send/add-edit.component.ts
@@ -1,7 +1,6 @@
 import { DatePipe } from "@angular/common";
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AddEditComponent as BaseAddEditComponent } from "@bitwarden/angular/tools/send/add-edit.component";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -12,6 +11,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-send-add-edit",
@@ -31,7 +31,7 @@ export class AddEditComponent extends BaseAddEditComponent {
     policyService: PolicyService,
     logService: LogService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
diff --git a/apps/web/src/app/tools/send/send.component.ts b/apps/web/src/app/tools/send/send.component.ts
index 157b64da594..c5ac37e5313 100644
--- a/apps/web/src/app/tools/send/send.component.ts
+++ b/apps/web/src/app/tools/send/send.component.ts
@@ -1,6 +1,5 @@
 import { Component, NgZone, ViewChild, ViewContainerRef } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { SendComponent as BaseSendComponent } from "@bitwarden/angular/tools/send/send.component";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
@@ -13,7 +12,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { SendView } from "@bitwarden/common/tools/send/models/view/send.view";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
-import { NoItemsModule, SearchModule, TableDataSource } from "@bitwarden/components";
+import { DialogService, NoItemsModule, SearchModule, TableDataSource } from "@bitwarden/components";
 
 import { SharedModule } from "../../shared";
 
@@ -56,7 +55,7 @@ export class SendComponent extends BaseSendComponent {
     private broadcasterService: BroadcasterService,
     logService: LogService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       sendService,
diff --git a/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts b/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts
index 1a1d0e645b2..34829f58b6b 100644
--- a/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts
+++ b/apps/web/src/app/vault/components/collection-dialog/collection-dialog.component.ts
@@ -12,7 +12,6 @@ import {
   takeUntil,
 } from "rxjs";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
 import { OrganizationUserUserDetailsResponse } from "@bitwarden/common/abstractions/organization-user/responses";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
@@ -22,7 +21,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CollectionResponse } from "@bitwarden/common/vault/models/response/collection.response";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
-import { BitValidators } from "@bitwarden/components";
+import { DialogService, BitValidators } from "@bitwarden/components";
 
 import { GroupService, GroupView } from "../../../admin-console/organizations/core";
 import { PermissionMode } from "../../../admin-console/organizations/shared/components/access-selector/access-selector.component";
@@ -95,7 +94,7 @@ export class CollectionDialogComponent implements OnInit, OnDestroy {
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
     private organizationUserService: OrganizationUserService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {
     this.tabIndex = params.initialTab ?? CollectionDialogTabType.Info;
   }
@@ -249,7 +248,7 @@ export class CollectionDialogComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: this.collection?.name,
       content: { key: "deleteCollectionConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed && this.params.collectionId) {
@@ -335,7 +334,7 @@ function mapToAccessSelections(collectionDetails: CollectionAdminView): AccessIt
  * @param config Configuration for the dialog
  */
 export function openCollectionDialog(
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config: DialogConfig<CollectionDialogParams>
 ) {
   return dialogService.open<CollectionDialogResult, CollectionDialogParams>(
diff --git a/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html b/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html
index 15440024153..cccecb0b5af 100644
--- a/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html
+++ b/apps/web/src/app/vault/components/vault-items/vault-cipher-row.component.html
@@ -11,11 +11,7 @@
 <td bitCell [ngClass]="RowHeightClass" class="tw-min-w-fit">
   <app-vault-icon [cipher]="cipher"></app-vault-icon>
 </td>
-<td
-  bitCell
-  [ngClass]="RowHeightClass"
-  class="tw-overflow-hidden tw-text-ellipsis tw-whitespace-nowrap"
->
+<td bitCell [ngClass]="RowHeightClass" class="tw-truncate">
   <div class="tw-inline-flex tw-w-full">
     <button
       bitLink
diff --git a/apps/web/src/app/vault/individual-vault/add-edit.component.ts b/apps/web/src/app/vault/individual-vault/add-edit.component.ts
index 8def52774ba..986a1efb55b 100644
--- a/apps/web/src/app/vault/individual-vault/add-edit.component.ts
+++ b/apps/web/src/app/vault/individual-vault/add-edit.component.ts
@@ -1,6 +1,5 @@
 import { Component, OnDestroy, OnInit } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AddEditComponent as BaseAddEditComponent } from "@bitwarden/angular/vault/components/add-edit.component";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
@@ -21,6 +20,7 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde
 import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
 import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
 import { Launchable } from "@bitwarden/common/vault/interfaces/launchable";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-vault-add-edit",
@@ -59,7 +59,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
     logService: LogService,
     passwordRepromptService: PasswordRepromptService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/web/src/app/vault/individual-vault/attachments.component.ts b/apps/web/src/app/vault/individual-vault/attachments.component.ts
index 697cb819665..28eeca34062 100644
--- a/apps/web/src/app/vault/individual-vault/attachments.component.ts
+++ b/apps/web/src/app/vault/individual-vault/attachments.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { AttachmentsComponent as BaseAttachmentsComponent } from "@bitwarden/angular/vault/components/attachments.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -11,6 +10,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { AttachmentView } from "@bitwarden/common/vault/models/view/attachment.view";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-vault-attachments",
@@ -29,7 +29,7 @@ export class AttachmentsComponent extends BaseAttachmentsComponent {
     apiService: ApiService,
     logService: LogService,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-delete-dialog/bulk-delete-dialog.component.ts b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-delete-dialog/bulk-delete-dialog.component.ts
index 239d7a3d4ef..23761f2be8c 100644
--- a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-delete-dialog/bulk-delete-dialog.component.ts
+++ b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-delete-dialog/bulk-delete-dialog.component.ts
@@ -1,7 +1,6 @@
 import { DialogConfig, DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
 import { Component, Inject } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { CollectionBulkDeleteRequest } from "@bitwarden/common/models/request/collection-bulk-delete.request";
@@ -9,6 +8,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherBulkDeleteRequest } from "@bitwarden/common/vault/models/request/cipher-bulk-delete.request";
+import { DialogService } from "@bitwarden/components";
 
 export interface BulkDeleteDialogParams {
   cipherIds?: string[];
@@ -28,7 +28,7 @@ export enum BulkDeleteDialogResult {
  * @param config Configuration for the dialog
  */
 export const openBulkDeleteDialog = (
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config: DialogConfig<BulkDeleteDialogParams>
 ) => {
   return dialogService.open<BulkDeleteDialogResult, BulkDeleteDialogParams>(
diff --git a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-dialogs.module.ts b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-dialogs.module.ts
index 0618025bbfa..848f5629dae 100644
--- a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-dialogs.module.ts
+++ b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-dialogs.module.ts
@@ -4,22 +4,11 @@ import { SharedModule } from "../../../shared";
 
 import { BulkDeleteDialogComponent } from "./bulk-delete-dialog/bulk-delete-dialog.component";
 import { BulkMoveDialogComponent } from "./bulk-move-dialog/bulk-move-dialog.component";
-import { BulkRestoreDialogComponent } from "./bulk-restore-dialog/bulk-restore-dialog.component";
 import { BulkShareDialogComponent } from "./bulk-share-dialog/bulk-share-dialog.component";
 
 @NgModule({
   imports: [SharedModule],
-  declarations: [
-    BulkDeleteDialogComponent,
-    BulkMoveDialogComponent,
-    BulkRestoreDialogComponent,
-    BulkShareDialogComponent,
-  ],
-  exports: [
-    BulkDeleteDialogComponent,
-    BulkMoveDialogComponent,
-    BulkRestoreDialogComponent,
-    BulkShareDialogComponent,
-  ],
+  declarations: [BulkDeleteDialogComponent, BulkMoveDialogComponent, BulkShareDialogComponent],
+  exports: [BulkDeleteDialogComponent, BulkMoveDialogComponent, BulkShareDialogComponent],
 })
 export class BulkDialogsModule {}
diff --git a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-move-dialog/bulk-move-dialog.component.ts b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-move-dialog/bulk-move-dialog.component.ts
index 4be422cf293..5530ca69b3c 100644
--- a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-move-dialog/bulk-move-dialog.component.ts
+++ b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-move-dialog/bulk-move-dialog.component.ts
@@ -3,12 +3,12 @@ import { Component, Inject, OnInit } from "@angular/core";
 import { FormBuilder, Validators } from "@angular/forms";
 import { firstValueFrom, Observable } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
+import { DialogService } from "@bitwarden/components";
 
 export interface BulkMoveDialogParams {
   cipherIds?: string[];
@@ -25,7 +25,7 @@ export enum BulkMoveDialogResult {
  * @param config Configuration for the dialog
  */
 export const openBulkMoveDialog = (
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config: DialogConfig<BulkMoveDialogParams>
 ) => {
   return dialogService.open<BulkMoveDialogResult, BulkMoveDialogParams>(
diff --git a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-restore-dialog/bulk-restore-dialog.component.html b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-restore-dialog/bulk-restore-dialog.component.html
deleted file mode 100644
index 9cfe1bf69bc..00000000000
--- a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-restore-dialog/bulk-restore-dialog.component.html
+++ /dev/null
@@ -1,14 +0,0 @@
-<bit-simple-dialog>
-  <span bitDialogTitle>
-    {{ "restoreSelected" | i18n }}
-  </span>
-  <span bitDialogContent>
-    {{ "restoreSelectedItemsDesc" | i18n : cipherIds.length }}
-  </span>
-  <ng-container bitDialogFooter>
-    <button bitButton type="submit" buttonType="primary" [bitAction]="submit">
-      {{ "restore" | i18n }}
-    </button>
-    <button bitButton type="button" (click)="cancel()">{{ "cancel" | i18n }}</button>
-  </ng-container>
-</bit-simple-dialog>
diff --git a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-restore-dialog/bulk-restore-dialog.component.ts b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-restore-dialog/bulk-restore-dialog.component.ts
deleted file mode 100644
index 94685f9fda0..00000000000
--- a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-restore-dialog/bulk-restore-dialog.component.ts
+++ /dev/null
@@ -1,67 +0,0 @@
-import { DialogConfig, DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
-import { Component, Inject } from "@angular/core";
-
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
-import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
-
-export interface BulkRestoreDialogParams {
-  cipherIds: string[];
-  organization?: Organization;
-}
-
-export enum BulkRestoreDialogResult {
-  Restored = "restored",
-  Canceled = "canceled",
-}
-
-/**
- * Strongly typed helper to open a BulkRestoreDialog
- * @param dialogService Instance of the dialog service that will be used to open the dialog
- * @param config Configuration for the dialog
- */
-export const openBulkRestoreDialog = (
-  dialogService: DialogServiceAbstraction,
-  config: DialogConfig<BulkRestoreDialogParams>
-) => {
-  return dialogService.open<BulkRestoreDialogResult, BulkRestoreDialogParams>(
-    BulkRestoreDialogComponent,
-    config
-  );
-};
-
-@Component({
-  templateUrl: "bulk-restore-dialog.component.html",
-})
-export class BulkRestoreDialogComponent {
-  cipherIds: string[];
-  organization?: Organization;
-
-  constructor(
-    @Inject(DIALOG_DATA) params: BulkRestoreDialogParams,
-    private dialogRef: DialogRef<BulkRestoreDialogResult>,
-    private cipherService: CipherService,
-    private platformUtilsService: PlatformUtilsService,
-    private i18nService: I18nService
-  ) {
-    this.cipherIds = params.cipherIds ?? [];
-    this.organization = params.organization;
-  }
-
-  submit = async () => {
-    const asAdmin = this.organization?.canEditAnyCollection;
-    await this.cipherService.restoreManyWithServer(this.cipherIds, this.organization?.id, asAdmin);
-    this.platformUtilsService.showToast("success", null, this.i18nService.t("restoredItems"));
-    this.close(BulkRestoreDialogResult.Restored);
-  };
-
-  protected cancel() {
-    this.close(BulkRestoreDialogResult.Canceled);
-  }
-
-  private close(result: BulkRestoreDialogResult) {
-    this.dialogRef.close(result);
-  }
-}
diff --git a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-share-dialog/bulk-share-dialog.component.ts b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-share-dialog/bulk-share-dialog.component.ts
index 057ef71b338..f54b2619448 100644
--- a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-share-dialog/bulk-share-dialog.component.ts
+++ b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-share-dialog/bulk-share-dialog.component.ts
@@ -1,7 +1,6 @@
 import { DialogConfig, DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
 import { Component, Inject, OnInit } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -12,6 +11,7 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi
 import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
+import { DialogService } from "@bitwarden/components";
 
 export interface BulkShareDialogParams {
   ciphers: CipherView[];
@@ -29,7 +29,7 @@ export enum BulkShareDialogResult {
  * @param config Configuration for the dialog
  */
 export const openBulkShareDialog = (
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config: DialogConfig<BulkShareDialogParams>
 ) => {
   return dialogService.open<BulkShareDialogResult, BulkShareDialogParams>(
diff --git a/apps/web/src/app/vault/individual-vault/folder-add-edit.component.ts b/apps/web/src/app/vault/individual-vault/folder-add-edit.component.ts
index 707926c0ea9..3dfd6b246c6 100644
--- a/apps/web/src/app/vault/individual-vault/folder-add-edit.component.ts
+++ b/apps/web/src/app/vault/individual-vault/folder-add-edit.component.ts
@@ -2,13 +2,13 @@ import { DIALOG_DATA, DialogConfig, DialogRef } from "@angular/cdk/dialog";
 import { Component, Inject } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { FolderAddEditComponent as BaseFolderAddEditComponent } from "@bitwarden/angular/vault/components/folder-add-edit.component";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { FolderApiServiceAbstraction } from "@bitwarden/common/vault/abstractions/folder/folder-api.service.abstraction";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-folder-add-edit",
@@ -22,7 +22,7 @@ export class FolderAddEditComponent extends BaseFolderAddEditComponent {
     i18nService: I18nService,
     platformUtilsService: PlatformUtilsService,
     logService: LogService,
-    dialogService: DialogServiceAbstraction,
+    dialogService: DialogService,
     formBuilder: FormBuilder,
     protected dialogRef: DialogRef<FolderAddEditDialogResult>,
     @Inject(DIALOG_DATA) params: FolderAddEditDialogParams
@@ -43,7 +43,7 @@ export class FolderAddEditComponent extends BaseFolderAddEditComponent {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "deleteFolder" },
       content: { key: "deleteFolderConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -103,7 +103,7 @@ export enum FolderAddEditDialogResult {
  * @param config Optional configuration for the dialog
  */
 export function openFolderAddEditDialog(
-  dialogService: DialogServiceAbstraction,
+  dialogService: DialogService,
   config?: DialogConfig<FolderAddEditDialogParams>
 ) {
   return dialogService.open<FolderAddEditDialogResult, FolderAddEditDialogParams>(
diff --git a/apps/web/src/app/vault/individual-vault/vault-filter/components/link-sso.component.ts b/apps/web/src/app/vault/individual-vault/vault-filter/components/link-sso.component.ts
index bf16d2513f7..026e1f883a9 100644
--- a/apps/web/src/app/vault/individual-vault/vault-filter/components/link-sso.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-filter/components/link-sso.component.ts
@@ -5,6 +5,7 @@ import { SsoComponent } from "@bitwarden/angular/auth/components/sso.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -32,7 +33,8 @@ export class LinkSsoComponent extends SsoComponent implements AfterContentInit {
     passwordGenerationService: PasswordGenerationServiceAbstraction,
     stateService: StateService,
     environmentService: EnvironmentService,
-    logService: LogService
+    logService: LogService,
+    configService: ConfigServiceAbstraction
   ) {
     super(
       authService,
@@ -45,7 +47,8 @@ export class LinkSsoComponent extends SsoComponent implements AfterContentInit {
       cryptoFunctionService,
       environmentService,
       passwordGenerationService,
-      logService
+      logService,
+      configService
     );
 
     this.returnUri = "/settings/organizations";
diff --git a/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts b/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts
index 4c3b94246da..37d7798743d 100644
--- a/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-filter/components/organization-options.component.ts
@@ -1,7 +1,6 @@
 import { Component, Inject, OnDestroy, OnInit } from "@angular/core";
 import { map, Subject, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
@@ -15,6 +14,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 import { EnrollMasterPasswordReset } from "../../../../admin-console/organizations/users/enroll-master-password-reset.component";
 import { OptionsInput } from "../shared/components/vault-filter-section.component";
@@ -42,7 +42,7 @@ export class OrganizationOptionsComponent implements OnInit, OnDestroy {
     private logService: LogService,
     private organizationApiService: OrganizationApiServiceAbstraction,
     private organizationUserService: OrganizationUserService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -85,7 +85,7 @@ export class OrganizationOptionsComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: org.name,
       content: { key: "unlinkSsoConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -107,7 +107,7 @@ export class OrganizationOptionsComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: org.name,
       content: { key: "leaveOrganizationConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/apps/web/src/app/vault/individual-vault/vault.component.ts b/apps/web/src/app/vault/individual-vault/vault.component.ts
index 69cb078ede0..6a4e66d6828 100644
--- a/apps/web/src/app/vault/individual-vault/vault.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault.component.ts
@@ -29,7 +29,6 @@ import {
 } from "rxjs/operators";
 
 import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
@@ -37,6 +36,7 @@ import { TotpService } from "@bitwarden/common/abstractions/totp.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { DEFAULT_PBKDF2_ITERATIONS, EventType, KdfType } from "@bitwarden/common/enums";
 import { ServiceUtils } from "@bitwarden/common/misc/serviceUtils";
 import { TreeNode } from "@bitwarden/common/models/domain/tree-node";
@@ -58,7 +58,7 @@ import { CollectionData } from "@bitwarden/common/vault/models/data/collection.d
 import { CollectionDetailsResponse } from "@bitwarden/common/vault/models/response/collection.response";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
-import { Icons } from "@bitwarden/components";
+import { DialogService, Icons } from "@bitwarden/components";
 
 import { UpdateKeyComponent } from "../../settings/update-key.component";
 import { CollectionDialogAction, openCollectionDialog } from "../components/collection-dialog";
@@ -75,10 +75,6 @@ import {
   BulkMoveDialogResult,
   openBulkMoveDialog,
 } from "./bulk-action-dialogs/bulk-move-dialog/bulk-move-dialog.component";
-import {
-  BulkRestoreDialogResult,
-  openBulkRestoreDialog,
-} from "./bulk-action-dialogs/bulk-restore-dialog/bulk-restore-dialog.component";
 import {
   BulkShareDialogResult,
   openBulkShareDialog,
@@ -157,7 +153,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     private changeDetectorRef: ChangeDetectorRef,
     private i18nService: I18nService,
     private modalService: ModalService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private tokenService: TokenService,
     private cryptoService: CryptoService,
     private messagingService: MessagingService,
@@ -177,7 +173,8 @@ export class VaultComponent implements OnInit, OnDestroy {
     private eventCollectionService: EventCollectionService,
     private searchService: SearchService,
     private searchPipe: SearchPipe,
-    private configService: ConfigServiceAbstraction
+    private configService: ConfigServiceAbstraction,
+    private userVerificationService: UserVerificationService
   ) {}
 
   async ngOnInit() {
@@ -192,13 +189,15 @@ export class VaultComponent implements OnInit, OnDestroy {
       first(),
       switchMap(async (params: Params) => {
         this.showVerifyEmail = !(await this.tokenService.getEmailVerified());
-        this.showLowKdf = await this.isLowKdfIteration();
+        this.showLowKdf = (await this.userVerificationService.hasMasterPassword())
+          ? await this.isLowKdfIteration()
+          : false;
         await this.syncService.fullSync(false);
 
         const canAccessPremium = await this.stateService.getCanAccessPremium();
         this.showPremiumCallout =
           !this.showVerifyEmail && !canAccessPremium && !this.platformUtilsService.isSelfHost();
-        this.showUpdateKey = !(await this.cryptoService.hasEncKey());
+        this.showUpdateKey = !(await this.cryptoService.hasUserKey());
 
         const cipherId = getCipherIdFromParams(params);
         if (!cipherId) {
@@ -674,7 +673,7 @@ export class VaultComponent implements OnInit, OnDestroy {
       const confirmed = await this.dialogService.openSimpleDialog({
         title: { key: "passkeyNotCopied" },
         content: { key: "passkeyNotCopiedAlert" },
-        type: SimpleDialogType.INFO,
+        type: "info",
       });
 
       if (!confirmed) {
@@ -695,16 +694,6 @@ export class VaultComponent implements OnInit, OnDestroy {
       return;
     }
 
-    const confirmed = await this.dialogService.openSimpleDialog({
-      title: { key: "restoreItemConfirmation" },
-      content: { key: "restoreItem" },
-      type: SimpleDialogType.WARNING,
-    });
-
-    if (!confirmed) {
-      return false;
-    }
-
     try {
       await this.cipherService.restoreWithServer(c.id);
       this.platformUtilsService.showToast("success", null, this.i18nService.t("restoredItem"));
@@ -729,14 +718,9 @@ export class VaultComponent implements OnInit, OnDestroy {
       return;
     }
 
-    const dialog = openBulkRestoreDialog(this.dialogService, {
-      data: { cipherIds: selectedCipherIds },
-    });
-
-    const result = await lastValueFrom(dialog.closed);
-    if (result === BulkRestoreDialogResult.Restored) {
-      this.refresh();
-    }
+    await this.cipherService.restoreManyWithServer(selectedCipherIds);
+    this.platformUtilsService.showToast("success", null, this.i18nService.t("restoredItems"));
+    this.refresh();
   }
 
   async deleteCipher(c: CipherView): Promise<boolean> {
@@ -749,7 +733,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: permanent ? "permanentlyDeleteItem" : "deleteItem" },
       content: { key: permanent ? "permanentlyDeleteItemConfirmation" : "deleteItemConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/apps/web/src/app/vault/org-vault/add-edit.component.ts b/apps/web/src/app/vault/org-vault/add-edit.component.ts
index 5dd37c42efe..46d8440d489 100644
--- a/apps/web/src/app/vault/org-vault/add-edit.component.ts
+++ b/apps/web/src/app/vault/org-vault/add-edit.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
@@ -20,6 +19,7 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde
 import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
 import { CipherData } from "@bitwarden/common/vault/models/data/cipher.data";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
+import { DialogService } from "@bitwarden/components";
 
 import { AddEditComponent as BaseAddEditComponent } from "../individual-vault/add-edit.component";
 
@@ -49,7 +49,7 @@ export class AddEditComponent extends BaseAddEditComponent {
     passwordRepromptService: PasswordRepromptService,
     organizationService: OrganizationService,
     sendApiService: SendApiService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/web/src/app/vault/org-vault/attachments.component.ts b/apps/web/src/app/vault/org-vault/attachments.component.ts
index 4dc0df74c03..725d4e7ba8c 100644
--- a/apps/web/src/app/vault/org-vault/attachments.component.ts
+++ b/apps/web/src/app/vault/org-vault/attachments.component.ts
@@ -1,6 +1,5 @@
 import { Component } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -13,6 +12,7 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi
 import { CipherData } from "@bitwarden/common/vault/models/data/cipher.data";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
 import { AttachmentView } from "@bitwarden/common/vault/models/view/attachment.view";
+import { DialogService } from "@bitwarden/components";
 
 import { AttachmentsComponent as BaseAttachmentsComponent } from "../individual-vault/attachments.component";
 
@@ -33,7 +33,7 @@ export class AttachmentsComponent extends BaseAttachmentsComponent {
     apiService: ApiService,
     logService: LogService,
     fileDownloadService: FileDownloadService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       cipherService,
diff --git a/apps/web/src/app/vault/org-vault/vault-header/vault-header.component.ts b/apps/web/src/app/vault/org-vault/vault-header/vault-header.component.ts
index 49055e487d3..9282e237af3 100644
--- a/apps/web/src/app/vault/org-vault/vault-header/vault-header.component.ts
+++ b/apps/web/src/app/vault/org-vault/vault-header/vault-header.component.ts
@@ -2,17 +2,12 @@ import { Component, EventEmitter, Input, Output } from "@angular/core";
 import { Router } from "@angular/router";
 import { firstValueFrom } from "rxjs";
 
-import {
-  SimpleDialogType,
-  DialogServiceAbstraction,
-  SimpleDialogCloseType,
-  SimpleDialogOptions,
-} from "@bitwarden/angular/services/dialog";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { ProductType } from "@bitwarden/common/enums";
 import { TreeNode } from "@bitwarden/common/models/domain/tree-node";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { DialogService, SimpleDialogOptions } from "@bitwarden/components";
 
 import { CollectionAdminView } from "../../../vault/core/views/collection-admin.view";
 import { CollectionDialogTabType } from "../../components/collection-dialog";
@@ -64,7 +59,7 @@ export class VaultHeaderComponent {
   constructor(
     private organizationService: OrganizationService,
     private i18nService: I18nService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private collectionAdminService: CollectionAdminService,
     private router: Router
   ) {}
@@ -114,7 +109,7 @@ export class VaultHeaderComponent {
           : "freeOrgMaxCollectionReachedNoManageBilling",
         this.organization.maxCollections
       ),
-      type: SimpleDialogType.PRIMARY,
+      type: "primary",
     };
 
     if (this.organization.canEditSubscription) {
@@ -126,12 +121,12 @@ export class VaultHeaderComponent {
 
     const simpleDialog = this.dialogService.openSimpleDialogRef(orgUpgradeSimpleDialogOpts);
 
-    firstValueFrom(simpleDialog.closed).then((result: SimpleDialogCloseType | undefined) => {
+    firstValueFrom(simpleDialog.closed).then((result: boolean | undefined) => {
       if (!result) {
         return;
       }
 
-      if (result == SimpleDialogCloseType.ACCEPT && this.organization.canEditSubscription) {
+      if (result && this.organization.canEditSubscription) {
         this.router.navigate(["/organizations", this.organization.id, "billing", "subscription"], {
           queryParams: { upgrade: true },
         });
diff --git a/apps/web/src/app/vault/org-vault/vault.component.ts b/apps/web/src/app/vault/org-vault/vault.component.ts
index cfeafbf032c..1cb57e188a9 100644
--- a/apps/web/src/app/vault/org-vault/vault.component.ts
+++ b/apps/web/src/app/vault/org-vault/vault.component.ts
@@ -30,7 +30,6 @@ import {
 } from "rxjs/operators";
 
 import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe";
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
@@ -53,7 +52,7 @@ import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.serv
 import { CipherRepromptType } from "@bitwarden/common/vault/enums/cipher-reprompt-type";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
-import { Icons } from "@bitwarden/components";
+import { DialogService, Icons } from "@bitwarden/components";
 
 import { GroupService, GroupView } from "../../admin-console/organizations/core";
 import { openEntityEventsDialog } from "../../admin-console/organizations/manage/entity-events.component";
@@ -71,10 +70,6 @@ import {
   BulkDeleteDialogResult,
   openBulkDeleteDialog,
 } from "../individual-vault/bulk-action-dialogs/bulk-delete-dialog/bulk-delete-dialog.component";
-import {
-  BulkRestoreDialogResult,
-  openBulkRestoreDialog,
-} from "../individual-vault/bulk-action-dialogs/bulk-restore-dialog/bulk-restore-dialog.component";
 import { RoutedVaultFilterBridgeService } from "../individual-vault/vault-filter/services/routed-vault-filter-bridge.service";
 import { RoutedVaultFilterService } from "../individual-vault/vault-filter/services/routed-vault-filter.service";
 import { createFilterFunction } from "../individual-vault/vault-filter/shared/models/filter-function";
@@ -143,7 +138,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     private syncService: SyncService,
     private i18nService: I18nService,
     private modalService: ModalService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private messagingService: MessagingService,
     private broadcasterService: BroadcasterService,
     private ngZone: NgZone,
@@ -669,16 +664,6 @@ export class VaultComponent implements OnInit, OnDestroy {
       return;
     }
 
-    const confirmed = await this.dialogService.openSimpleDialog({
-      title: { key: "restoreItem" },
-      content: { key: "restoreItemConfirmation" },
-      type: SimpleDialogType.WARNING,
-    });
-
-    if (!confirmed) {
-      return false;
-    }
-
     try {
       const asAdmin = this.organization?.canEditAnyCollection;
       await this.cipherService.restoreWithServer(c.id, asAdmin);
@@ -704,14 +689,9 @@ export class VaultComponent implements OnInit, OnDestroy {
       return;
     }
 
-    const dialog = openBulkRestoreDialog(this.dialogService, {
-      data: { cipherIds: selectedCipherIds, organization: this.organization },
-    });
-
-    const result = await lastValueFrom(dialog.closed);
-    if (result === BulkRestoreDialogResult.Restored) {
-      this.refresh();
-    }
+    await this.cipherService.restoreManyWithServer(selectedCipherIds);
+    this.platformUtilsService.showToast("success", null, this.i18nService.t("restoredItems"));
+    this.refresh();
   }
 
   async deleteCipher(c: CipherView): Promise<boolean> {
@@ -724,7 +704,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: permanent ? "permanentlyDeleteItem" : "deleteItem" },
       content: { key: permanent ? "permanentlyDeleteItemConfirmation" : "deleteItemConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -759,7 +739,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: collection.name,
       content: { key: "deleteCollectionConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/apps/web/src/images/bwi-passkey.png b/apps/web/src/images/bwi-passkey.png
new file mode 100644
index 00000000000..702be33446e
Binary files /dev/null and b/apps/web/src/images/bwi-passkey.png differ
diff --git a/apps/web/src/locales/af/messages.json b/apps/web/src/locales/af/messages.json
index 7b62d7e8932..7a8006178ca 100644
--- a/apps/web/src/locales/af/messages.json
+++ b/apps/web/src/locales/af/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Stel gekose terug"
   },
-  "restoreItem": {
-    "message": "Stel item terug"
-  },
   "restoredItem": {
     "message": "Teruggestelde item"
   },
   "restoredItems": {
     "message": "Teruggestelde items"
   },
-  "restoreItemConfirmation": {
-    "message": "Is u seker u wil hierdie item terugstel?"
-  },
-  "restoreItems": {
-    "message": "Stel items terug"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "U het $COUNT$ item(s) gekies om terug te stel. Is u seker u wil al hierdie items terugstel?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ teruggestel.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Deaktiveer uitstuur van persoonlike kluis"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Verbied gebruikers om hul privaatkluisdata uit te stuur."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Kluisuitstuur gedeaktiveer"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Stuur tans organisasiekluis uit"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Slegs die persoonlike kluisitems wat met $EMAIL$ verbind word, word uitgestuur. Organisasiekluisitems word nie ingesluit nie.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/ar/messages.json b/apps/web/src/locales/ar/messages.json
index ddcc0fa4765..f30ee74d296 100644
--- a/apps/web/src/locales/ar/messages.json
+++ b/apps/web/src/locales/ar/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/az/messages.json b/apps/web/src/locales/az/messages.json
index baf9cc7de75..4eb981124b2 100644
--- a/apps/web/src/locales/az/messages.json
+++ b/apps/web/src/locales/az/messages.json
@@ -1294,10 +1294,10 @@
     "message": "İxrac edilən faylın parolu açılarkən xəta baş verdi. Şifrələmə açarınız, verilənlərin ixracında istifadə olunan şifrələmə açarı ilə uyğunlaşmır."
   },
   "importDestination": {
-    "message": "Import destination"
+    "message": "Hədəfi daxilə köçür"
   },
   "learnAboutImportOptions": {
-    "message": "Learn about your import options"
+    "message": "Daxilə köçürmə seçimlərinizi öyrənin"
   },
   "selectImportFolder": {
     "message": "Bir qovluq seçin"
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Seçiləni bərpa et"
   },
-  "restoreItem": {
-    "message": "Elementi bərpa et"
-  },
   "restoredItem": {
     "message": "Element bərpa edildi"
   },
   "restoredItems": {
     "message": "Elementlər bərpa edildi"
   },
-  "restoreItemConfirmation": {
-    "message": "Elementi bərpa etmək istədiyinizə əminsiniz?"
-  },
-  "restoreItems": {
-    "message": "Elementləri bərpa et"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Bərpa üçün $COUNT$ element seçdiniz. Onların hamısını bərpa etmək istədiyinizə əminsiniz?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "$ID$ elementi bərpa edildi.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Fərdi anbarın ixracını sıradan çıxart"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "İstifadəçilərin fərdi anbar verilənlərini ixrac etməsini əngəlləyir."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Anbar ixracı sıradan çıxarıldı"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Təşkilat anbarının ixracı"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Yalnız $EMAIL$ ilə əlaqəli şəxsi anbar elementləri ixrac ediləcək. Təşkilat anbar elementləri daxil edilmir.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7053,7 +7035,7 @@
     "message": "Əlavə xidmət hesabları"
   },
   "includedServiceAccounts": {
-    "message": "Your plan comes with $COUNT$ service accounts.",
+    "message": "Planınız, $COUNT$ xidmət hesabı ilə gəlir.",
     "placeholders": {
       "count": {
         "content": "$1",
@@ -7086,7 +7068,7 @@
     "message": "Xidmət hesablarını limitlə (ixtiyari)"
   },
   "limitServiceAccountsDesc": {
-    "message": "Set a limit for your service accounts. Once this limit is reached, you will not be able to create new service accounts."
+    "message": "Xidmət hesablarınız üçün bir limit müəyyən edin. Bu limitə çatanda, yeni xidmət hesabı yarada bilməyəcəksiniz."
   },
   "serviceAccountLimit": {
     "message": "Xidmət hesabı limiti (ixtiyari)"
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/be/messages.json b/apps/web/src/locales/be/messages.json
index 965ca2a12ae..d77f02dc377 100644
--- a/apps/web/src/locales/be/messages.json
+++ b/apps/web/src/locales/be/messages.json
@@ -712,7 +712,7 @@
     "message": "Адбылася нечаканая памылка."
   },
   "expirationDateError": {
-    "message": "Please select an expiration date that is in the future."
+    "message": "Выберыце дату завяршэння тэрміну дзеяння ў будучым."
   },
   "emailAddress": {
     "message": "Адрас электроннай пошты"
@@ -955,7 +955,7 @@
     "message": "Скапіяваць праверачны код"
   },
   "copyUuid": {
-    "message": "Copy UUID"
+    "message": "Скапіяваць UUID"
   },
   "warning": {
     "message": "Папярэджанне"
@@ -1294,19 +1294,19 @@
     "message": "Памылка дэшыфроўкі экспартаванага файла. Ваш ключ шыфравання не супадае з ключом шыфравання, які выкарыстоўваецца для экспартавання даных."
   },
   "importDestination": {
-    "message": "Import destination"
+    "message": "Імпартаванне прызначэння"
   },
   "learnAboutImportOptions": {
-    "message": "Learn about your import options"
+    "message": "Даведацца пра параметры імпартавання"
   },
   "selectImportFolder": {
-    "message": "Select a folder"
+    "message": "Выбраць папку"
   },
   "selectImportCollection": {
-    "message": "Select a collection"
+    "message": "Выбраць калекцыю"
   },
   "importTargetHint": {
-    "message": "Select this option if you want the imported file contents moved to a $DESTINATION$",
+    "message": "Выберыце гэты параметр, калі вы хочаце, каб змесціва імпартаванага файла было перамешчанага ў $DESTINATION$",
     "description": "Located as a hint under the import target. Will be appended by either folder or collection, depending if the user is importing into an individual or an organizational vault.",
     "placeholders": {
       "destination": {
@@ -1316,7 +1316,7 @@
     }
   },
   "importUnassignedItemsError": {
-    "message": "File contains unassigned items."
+    "message": "Файл змяшчае непадпісаныя элементы."
   },
   "selectFormat": {
     "message": "Выберыце фармат файла імпартавання"
@@ -3625,7 +3625,7 @@
     "message": "Гэты элемент мае старыя далучаныя файлы, якія неабходна выправіць."
   },
   "attachmentFixDescription": {
-    "message": "This attachment uses outdated encryption. Select 'Fix' to download, re-encrypt, and re-upload the attachment."
+    "message": "Гэта далучэнне выкарыстоўвае састарэлае шыфраванне. Выберыце \"Выправіць\", каб спампаваць, паўторна зашыфраваць і запампаваць гэта далучэнне."
   },
   "fix": {
     "message": "Выправіць",
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Аднавіць выбранае"
   },
-  "restoreItem": {
-    "message": "Аднавіць элемент"
-  },
   "restoredItem": {
     "message": "Элемент адноўлены"
   },
   "restoredItems": {
     "message": "Адноўленыя элементы"
   },
-  "restoreItemConfirmation": {
-    "message": "Вы сапраўды хочаце аднавіць гэты элемент?"
-  },
-  "restoreItems": {
-    "message": "Аднавіць элементы"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Вы выбралі наступную колькасць элементаў для аднаўлення: $COUNT$. Вы сапраўды хочаце аднавіць іх?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Адноўлены элемент $ID$.",
     "placeholders": {
@@ -4739,7 +4721,7 @@
     "message": "Памылка"
   },
   "accountRecoveryManageUsers": {
-    "message": "Manage users must also be granted with the manage account recovery permission"
+    "message": "Для кіравання карыстальнікамі неабходна даць дазвол на кіраванне аднаўленнем уліковым запісам"
   },
   "setupProvider": {
     "message": "Налады пастаўшчыка"
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Выдаліць экспартаванне асабістага сховішча"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Не дазваляць удзельнікам экспартаваць іх індывідуальнае сховішча."
+  "disablePersonalVaultExportDescription": {
+    "message": "Не дазваляць удзельнікам экспартаваць даныя з іх індывідуальнага сховішча."
   },
   "vaultExportDisabled": {
     "message": "Экспартаванне сховішча адключана"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Экспартаванне сховішча арганізацыі"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Будуць экспартаваны толькі асабістыя элементы сховішча, якія звязаны з $EMAIL$. Элементы сховішча арганізацыі не будуць уключаны.",
+  "exportingIndividualVaultDescription": {
+    "message": "Будуць экспартаваны толькі індывідуальныя элементы сховішча, якія звязаны з $EMAIL$. Элементы сховішча арганізацыі не будуць уключаны. Толькі звесткі элемента сховішча будуць экспартаваны і яны не будуць уключаць звязаныя далучэнні.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -5464,7 +5446,7 @@
     }
   },
   "exportingOrganizationVaultDesc": {
-    "message": "Only the organization vault associated with $ORGANIZATION$ will be exported. Items in individual vaults or other organizations will not be included.",
+    "message": "Толькі сховішча арганізацыі, якія звязаны з $ORGANIZATION$ будуць экспартаваны. Элементы асабістага сховішча і элементы з іншых арганізацый не будуць уключаны.",
     "placeholders": {
       "organization": {
         "content": "$1",
@@ -6854,7 +6836,7 @@
     "message": "Абнавіце налады KDF"
   },
   "trustedDevices": {
-    "message": "Trusted devices"
+    "message": "Давераныя прылады"
   },
   "memberDecryptionTdeDescriptionPartOne": {
     "message": "Пасля аўтэнтыфікацыі ўдзельнікі расшыфроўваюць даныя сховішча з выкарыстаннем ключа, які захоўваецца на іх прыладах",
@@ -6985,11 +6967,11 @@
     "message": "Сцяг выбранага рэгіёна"
   },
   "sendsNoItemsTitle": {
-    "message": "No active Sends",
+    "message": "Няма актыўных Send'аў",
     "description": "'Send' is a noun and the name of a feature called 'Bitwarden Send'. It should not be translated."
   },
   "sendsNoItemsMessage": {
-    "message": "Use Send to securely share encrypted information with anyone.",
+    "message": "Выкарыстоўвайце Send'ы, каб бяспечна абагуляць зашыфраваную інфармацыю з іншымі.",
     "description": "'Send' is a noun and the name of a feature called 'Bitwarden Send'. It should not be translated."
   },
   "inviteUsers": {
@@ -7053,7 +7035,7 @@
     "message": "Дадатковыя сэрвісныя ўліковыя запісы"
   },
   "includedServiceAccounts": {
-    "message": "Your plan comes with $COUNT$ service accounts.",
+    "message": "Ваш тарыфны план мае наступную колькасць сэрвісных уліковых запісаў: $COUNT$.",
     "placeholders": {
       "count": {
         "content": "$1",
@@ -7062,7 +7044,7 @@
     }
   },
   "addAdditionalServiceAccounts": {
-    "message": "You can add additional service accounts for $COST$ per month.",
+    "message": "Вы можаце дадаць дадатковую колькасць сэрвісных уліковых запісаў за $COST$ у месяц.",
     "placeholders": {
       "cost": {
         "content": "$1",
@@ -7095,7 +7077,7 @@
     "message": "Максімальны патэнцыйны кошт сэрвісных уліковых запісаў"
   },
   "smBetaEndedDesc": {
-    "message": "The Secrets Manager Beta ended $BETA_ENDING_DATE$. You have $DAYS$ days left to add Secrets Manager to your paid subscription and maintain access to Secrets Manager data. Contact Customer Success to add Secrets Manager to your subscription.",
+    "message": "Перыяд бэта-тэсціравання менеджара сакрэтаў завершыцца $BETA_ENDING_DATE$. Дадайце менеджар сакрэтаў у сваю платную падпіску і захавайце доступ да даных (засталося дзён: $DAYS$). Звяжыцеся з нашай службай падтрымкі, каб дадаць менеджар сакрэтаў у сваю платную падпіску.",
     "placeholders": {
       "beta_ending_date": {
         "content": "$1",
@@ -7108,9 +7090,12 @@
     }
   },
   "betaEnding": {
-    "message": "Beta Ending"
+    "message": "Завяршэнне бэта-версіі"
   },
   "beta": {
-    "message": "Beta"
+    "message": "Бэта"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/bg/messages.json b/apps/web/src/locales/bg/messages.json
index 19010386404..d89b7a33dfa 100644
--- a/apps/web/src/locales/bg/messages.json
+++ b/apps/web/src/locales/bg/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Възстановяване на избраните"
   },
-  "restoreItem": {
-    "message": "Възстановяване на запис"
-  },
   "restoredItem": {
     "message": "Записът е възстановен"
   },
   "restoredItems": {
     "message": "Записите са възстановени"
   },
-  "restoreItemConfirmation": {
-    "message": "Сигурни ли сте, че искате да възстановите записа?"
-  },
-  "restoreItems": {
-    "message": "Възстановяване на записи"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "За възстановяване сте избрали $COUNT$ запис/а. Сигурни ли сте, че искате да ги възстановите?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Запис № $ID$ е възстановен.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Забраняване на изнасянето на личния трезор"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Забранява на потребителите да изнасят данните от своя личен трезор."
+  "disablePersonalVaultExportDescription": {
+    "message": "Да не се разрешава на членовете да изнасят данните от собствените си трезори."
   },
   "vaultExportDisabled": {
     "message": "Изнасянето на трезора е изключено"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Изнасяне на трезора на организацията"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Ще бъдат изнесени само записите от личния трезор свързан с $EMAIL$. Записите в трезора на организацията няма да бъдат включени.",
+  "exportingIndividualVaultDescription": {
+    "message": "Ще бъдат изнесени само отделните записи в трезора, които са свързани с $EMAIL$. Записите от трезора на организацията няма да бъдат включени. Ще бъде изнесена само информацията за записите от трезора, а свързаните прикачени елементи няма да бъдат включени.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Бета"
+  },
+  "alreadyHaveAccount": {
+    "message": "Вече имате регистрация?"
   }
 }
diff --git a/apps/web/src/locales/bn/messages.json b/apps/web/src/locales/bn/messages.json
index be5de14b639..2d4b8b17a3a 100644
--- a/apps/web/src/locales/bn/messages.json
+++ b/apps/web/src/locales/bn/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/bs/messages.json b/apps/web/src/locales/bs/messages.json
index 2780926fbe4..d739cd8531c 100644
--- a/apps/web/src/locales/bs/messages.json
+++ b/apps/web/src/locales/bs/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/ca/messages.json b/apps/web/src/locales/ca/messages.json
index 8f38e86ec2f..a5683fd7dab 100644
--- a/apps/web/src/locales/ca/messages.json
+++ b/apps/web/src/locales/ca/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restaura selecció"
   },
-  "restoreItem": {
-    "message": "Restaura l'element"
-  },
   "restoredItem": {
     "message": "Element restaurat"
   },
   "restoredItems": {
     "message": "Elements restaurats"
   },
-  "restoreItemConfirmation": {
-    "message": "Esteu segur que voleu restaurar aquest element?"
-  },
-  "restoreItems": {
-    "message": "Restaura elements"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Heu seleccionat $COUNT$ elements per restaurar. Esteu segur que voleu restaurar tots aquests elements?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Element $ID$ restaurat.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Inhabilita l'exportació de la caixa forta personal"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Prohibeix als usuaris exportar les dades de la seua caixa forta privada."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "L'exportació de la caixa forta s'ha suprimit"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "S'està exportant la caixa forta de l’organització"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Només s'exportaran els elements personals de la caixa forta associats a $EMAIL$. Els elements de la caixa forta de l'organització no s'inclouran.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/cs/messages.json b/apps/web/src/locales/cs/messages.json
index 7c9c0968353..565d7a0e428 100644
--- a/apps/web/src/locales/cs/messages.json
+++ b/apps/web/src/locales/cs/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Obnovit vybrané"
   },
-  "restoreItem": {
-    "message": "Obnovit položku"
-  },
   "restoredItem": {
     "message": "Položka byla obnovena"
   },
   "restoredItems": {
     "message": "Položky byly obnoveny"
   },
-  "restoreItemConfirmation": {
-    "message": "Opravdu chcete tuto položku obnovit?"
-  },
-  "restoreItems": {
-    "message": "Obnovit položky"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Vybrali jste $COUNT$ položek pro obnovení. Opravdu chcete obnovit všechny vybrané položky?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Položka $ID$ byla obnovena",
     "placeholders": {
@@ -4950,7 +4932,7 @@
   "disablePersonalVaultExport": {
     "message": "Odebrat osobní export trezoru"
   },
-  "disablePersonalVaultExportDesc": {
+  "disablePersonalVaultExportDescription": {
     "message": "Nedovolí, aby členové exportovali svá osobní data trezoru."
   },
   "vaultExportDisabled": {
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exportování trezoru organizace"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Budou exportovány jen osobní položky trezoru spojené s $EMAIL$. Položky trezoru organizace nebudou zahrnuty. Budou exportovány jen informace o položkách trezoru a nebudou zahrnuty související historie hesel ani přílohy.",
+  "exportingIndividualVaultDescription": {
+    "message": "Budou exportovány jen osobní položky trezoru spojené s $EMAIL$. Položky trezoru organizace nebudou zahrnuty. Budou exportovány jen informace o položkách trezoru a nebudou zahrnuty související přílohy.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Už máte účet?"
   }
 }
diff --git a/apps/web/src/locales/cy/messages.json b/apps/web/src/locales/cy/messages.json
index cc3bc7427a2..e69d435ec4a 100644
--- a/apps/web/src/locales/cy/messages.json
+++ b/apps/web/src/locales/cy/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/da/messages.json b/apps/web/src/locales/da/messages.json
index 6e742e4ad8b..41ab1a3a3ec 100644
--- a/apps/web/src/locales/da/messages.json
+++ b/apps/web/src/locales/da/messages.json
@@ -687,7 +687,7 @@
     "message": "Hovedadgangskode kræves angivet igen."
   },
   "masterPasswordMinlength": {
-    "message": "Master password must be at least $VALUE$ characters long.",
+    "message": "Hovedadgangskoden skal udgøre minimum $VALUE$ tegn.",
     "description": "The Master Password must be at least a specific number of characters long.",
     "placeholders": {
       "value": {
@@ -3610,7 +3610,7 @@
     "message": "Svag hovedadgangskode"
   },
   "weakMasterPasswordDesc": {
-    "message": "Hovedadgangskoden du har valgt er svag. Du skal bruge en stærk hovedadgangskode (eller en adgangssætning) for at beskytte din Bitwarden-konto korrekt. Er du sikker på, at du vil bruge denne hovedadgangskode?"
+    "message": "Svag adgangskode fundet. Brug en stærk adgangskode for at beskytte kontoen. Sikker på, at du vil bruge en svag adgangskode?"
   },
   "rotateAccountEncKey": {
     "message": "Rotér også min kontos krypteringsnøgle"
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Gendan valgte"
   },
-  "restoreItem": {
-    "message": "Gendan emne"
-  },
   "restoredItem": {
     "message": "Emne gendannet"
   },
   "restoredItems": {
     "message": "Emner gendannet"
   },
-  "restoreItemConfirmation": {
-    "message": "Sikker på, at dette emne skal gendannes?"
-  },
-  "restoreItems": {
-    "message": "Gendan emner"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "$COUNT$ emne(r) valgt til gendannelse. Sikker på, at de skal gendannes?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Emnet $ID$ gendannet",
     "placeholders": {
@@ -4897,7 +4879,7 @@
     "message": "Minutter"
   },
   "vaultTimeoutPolicyInEffect": {
-    "message": "Organisationspolitikkerne påvirker din boks-timeout. Maks. tilladt boks-timeout udgør $HOURS$ time(r) og $MINUTES$ minut(ter)",
+    "message": "Organisationspolitikker har sat din maks. tilladte boks-timeout. til $HOURS$ time(r) og $MINUTES$ minut(ter).",
     "placeholders": {
       "hours": {
         "content": "$1",
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Fjern individuel bokseksport"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Tillad ikke medlemmer at eksportere deres individuelle boksdata."
+  "disablePersonalVaultExportDescription": {
+    "message": "Tillad ikke medlemmer at eksportere data fra deres individuelle bokse."
   },
   "vaultExportDisabled": {
     "message": "Bokseksport fjernet"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Eksport af organisationsboks"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Kun individuelle boksemner tilknyttet $EMAIL$ eksporteres. Organisationsboksemner medtages ikke. Kun boksemneinformation uden tilhørende adgangskodehistorik eller filvedhæftninger eksporteres.",
+  "exportingIndividualVaultDescription": {
+    "message": "Kun individuelle boksemner tilknyttet $EMAIL$ eksporteres. Organisationsboksemner medtages ikke. Kun boksemneinformation uden tilhørende vedhæftninger eksporteres.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -5869,7 +5851,7 @@
     "description": "Action to create a new secret."
   },
   "copySecretName": {
-    "message": "Kopiér hemmeligheds navn",
+    "message": "Kopiér hemmeligt navn",
     "description": "Action to copy the name of a secret to the system's clipboard."
   },
   "copySecretValue": {
@@ -6094,7 +6076,7 @@
     "description": "Instructions for selecting projects or secrets for a new service account"
   },
   "newSaTypeToFilter": {
-    "message": "Angiv for at filtrere",
+    "message": "Skriv for at filtrere",
     "description": "Instructions for filtering a list of projects or secrets"
   },
   "deleteProjectsToast": {
@@ -6102,7 +6084,7 @@
     "description": "Notifies that the selected projects have been deleted"
   },
   "deleteProjectToast": {
-    "message": "Projektet og alle tilknyttede hemmeligheder er slettet",
+    "message": "Projekt slettet",
     "description": "Notifies that a project has been deleted"
   },
   "deleteProjectDialogMessage": {
@@ -6229,13 +6211,13 @@
     "description": "Invalidates / cancels an access token and as such removes access to secrets for the client application."
   },
   "revokeAccessTokens": {
-    "message": "Revoke access tokens"
+    "message": "Ophæv adgangstokener"
   },
   "revokeAccessTokenDesc": {
-    "message": "Revoking access tokens is permanent and irreversible."
+    "message": "Ophævning af adgangstokener er permanent og irreversibelt."
   },
   "accessTokenRevoked": {
-    "message": "Access tokens revoked",
+    "message": "Adgangstokener ophævet",
     "description": "Toast message after deleting one or multiple access tokens."
   },
   "noAccessTokenSelected": {
@@ -6648,7 +6630,7 @@
     "message": "Opdatér krypteringsindstillingerne for at opfylde nye sikkerhedsanbefalinger og forbedre kontobeskyttelsen."
   },
   "changeKdfLoggedOutWarning": {
-    "message": "Proceeding will log you out of all active sessions. You will need to log back in and complete two-step login setup. We recommend exporting your vault before changing your encryption settings to prevent data loss."
+    "message": "Fortsættes, logges man ud af alle aktive sessioner. Man vil skulle logge ind igen og færdiggøre opsætningen af totrinsindlogning. For at forhindre datatab anbefales det, at boksen eksporteres, inden krypteringsindstillingerne ændres."
   },
   "secretsManager": {
     "message": "Hemmelighedshåndtering"
@@ -6949,7 +6931,7 @@
     "message": "Konto har ikke hovedadgangskode"
   },
   "removeOrgUserNoMasterPasswordDesc": {
-    "message": "Fjernelse af $USER$ uden opsætning af en hovedadgangskode for brugeren kan begrænse den fulde kontoadgang. Fortsæt alligevel?",
+    "message": "Fjernelse af $USER$ uden opsætning af en hovedadgangskode for brugeren kan begrænse vedkommendes fulde kontoadgang. Fortsæt alligevel?",
     "placeholders": {
       "user": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Har allerede en konto?"
   }
 }
diff --git a/apps/web/src/locales/de/messages.json b/apps/web/src/locales/de/messages.json
index 8f04f01be41..fef0a868ebe 100644
--- a/apps/web/src/locales/de/messages.json
+++ b/apps/web/src/locales/de/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Auswahl wiederherstellen"
   },
-  "restoreItem": {
-    "message": "Eintrag wiederherstellen"
-  },
   "restoredItem": {
     "message": "Eintrag wiederhergestellt"
   },
   "restoredItems": {
     "message": "Einträge wiederhergestellt"
   },
-  "restoreItemConfirmation": {
-    "message": "Soll dieser Eintrag wirklich wiederhergestellt werden?"
-  },
-  "restoreItems": {
-    "message": "Einträge wiederherstellen"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Du hast $COUNT$ Eintrag/Einträge zum Wiederherstellen ausgewählt. Bist du sicher, dass du diese(n) Eintrag/Einträge dauerhaft löschen möchtest?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Eintrag $ID$ wiederhergestellt",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Persönlichen Tresor-Export deaktivieren"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Benutzern den Export ihrer privaten Tresor-Daten verbieten."
+  "disablePersonalVaultExportDescription": {
+    "message": "Mitgliedern nicht erlauben, Daten aus ihrem persönlichen Tresor zu exportieren."
   },
   "vaultExportDisabled": {
     "message": "Tresor-Export entfernt"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Tresor der Organisation wird exportiert"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Es werden nur persönliche Tresoreinträge exportiert, die mit $EMAIL$ verbunden sind. Tresoreinträge der Organisation werden nicht berücksichtigt. Es werden nur Informationen der Tresoreinträge exportiert. Diese enthalten nicht den zugehörigen Passwortverlauf oder Anhänge.",
+  "exportingIndividualVaultDescription": {
+    "message": "Es werden nur persönliche Tresoreinträge exportiert, die mit $EMAIL$ verbunden sind. Tresoreinträge der Organisation werden nicht berücksichtigt. Es werden nur Informationen der Tresoreinträge exportiert. Diese enthalten nicht die zugehörigen Anhänge.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Hast du bereits ein Konto?"
   }
 }
diff --git a/apps/web/src/locales/el/messages.json b/apps/web/src/locales/el/messages.json
index 75f8d10f14c..9853fba69d0 100644
--- a/apps/web/src/locales/el/messages.json
+++ b/apps/web/src/locales/el/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Επαναφορά Επιλεγμένων"
   },
-  "restoreItem": {
-    "message": "Ανάκτηση Στοιχείου"
-  },
   "restoredItem": {
     "message": "Στοιχείο που έχει Ανακτηθεί"
   },
   "restoredItems": {
     "message": "Στοιχεία που έχουν Ανακτηθεί"
   },
-  "restoreItemConfirmation": {
-    "message": "Είστε βέβαιοι ότι θέλετε να ανακτήσετε αυτό το στοιχείο;"
-  },
-  "restoreItems": {
-    "message": "Ανάκτηση Στοιχείων"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Έχετε επιλέξει $COUNT$ στοιχείο(α) για ανάκτηση. Είστε βέβαιοι ότι θέλετε να ανακτήσετε όλα αυτά τα στοιχεία;",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Στοιχείο που έχει ανακτηθεί $ID$.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Απενεργοποίηση Εξαγωγής Προσωπικών Vault"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Προσελκύει τους χρήστες να εξάγουν τα προσωπικά τους δεδομένα από το vault."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Εξαγωγή vault Απενεργοποιημένη"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Εξαγωγή Vault Οργανισμού"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Θα εξαχθούν μόνο τα προσωπικά αντικείμενα Vault που σχετίζονται με το $EMAIL$. Τα αντικείμενα Vault οργανισμού δεν θα συμπεριληφθούν.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 7355a507989..8556c4c55ad 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -3536,6 +3536,9 @@
   "vaultTimeoutDesc": {
     "message": "Choose when your vault will take the vault timeout action."
   },
+  "vaultTimeoutLogoutDesc": {
+    "message": "Choose when your vault will be logged out."
+  },
   "oneMinute": {
     "message": "1 minute"
   },
@@ -3842,30 +3845,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4935,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -6853,28 +6838,60 @@
   "updateKdfSettings": {
     "message": "Update KDF settings"
   },
+  "loginInitiated": {
+    "message": "Login initiated"
+  },
+  "deviceApprovalRequired": {
+    "message": "Device approval required. Select an approval option below:"
+  },
+  "rememberThisDevice": {
+    "message": "Remember this device"
+  },
+  "uncheckIfPublicDevice": {
+    "message": "Uncheck if using a public device"
+  },
+  "approveFromYourOtherDevice": {
+    "message": "Approve from your other device"
+  },
+  "requestAdminApproval": {
+    "message": "Request admin approval"
+  },
+  "approveWithMasterPassword": {
+    "message": "Approve with master password"
+  },
+  "trustedDeviceEncryption": {
+    "message": "Trusted device encryption"
+  },
   "trustedDevices": {
     "message": "Trusted devices"
   },
-  "memberDecryptionTdeDescriptionPartOne": {
+  "memberDecryptionOptionTdeDescriptionPartOne": {
     "message": "Once authenticated, members will decrypt vault data using a key stored on their device. The",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy, SSO Required policy, and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
   },
-  "memberDecryptionTdeDescriptionLinkOne": {
+  "memberDecryptionOptionTdeDescriptionLinkOne": {
     "message": "single organization",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy, SSO required policy, and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
   },
-  "memberDecryptionTdeDescriptionPartTwo": {
-    "message": "policy and ",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+  "memberDecryptionOptionTdeDescriptionPartTwo": {
+    "message": "policy,",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy, SSO required policy, and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
   },
-  "memberDecryptionTdeDescriptionLinkTwo": {
+  "memberDecryptionOptionTdeDescriptionLinkTwo": {
+    "message": "SSO required",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy, SSO required policy, and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+  },
+  "memberDecryptionOptionTdeDescriptionPartThree": {
+    "message": "policy, and",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy, SSO required policy, and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+  },
+  "memberDecryptionOptionTdeDescriptionLinkThree": {
     "message": "account recovery administration",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy, SSO required policy, and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
   },
-  "memberDecryptionTdeDescriptionPartThree": {
+  "memberDecryptionOptionTdeDescriptionPartFour": {
     "message": "policy with automatic enrollment will turn on when this option is used.",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy, SSO required policy, and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
   },
   "notFound": {
     "message": "$RESOURCE$ not found",
@@ -6963,6 +6980,27 @@
   "removeMembersWithoutMasterPasswordWarning": {
     "message": "Removing members who do not have master passwords without setting one for them may restrict access to their full account."
   },
+  "approvedAuthRequest": {
+    "message": "Approved device for $ID$.",
+    "placeholders": {
+      "id": {
+        "content": "$1",
+        "example": "First 8 Character of a GUID"
+      }
+    }
+  },
+  "rejectedAuthRequest": {
+    "message": "Denied device for $ID$.",
+    "placeholders": {
+      "id": {
+        "content": "$1",
+        "example": "First 8 Character of a GUID"
+      }
+    }
+  },
+  "requestedDeviceApproval": {
+    "message": "Requested device approval."
+  },
   "startYour7DayFreeTrialOfBitwardenFor": {
     "message": "Start your 7-Day free trial of Bitwarden for $ORG$",
     "placeholders": {
@@ -6984,6 +7022,30 @@
   "selectedRegionFlag": {
     "message": "Selected region flag"
   },
+  "accountSuccessfullyCreated": {
+    "message": "Account successfully created!"
+  },
+  "adminApprovalRequested": {
+    "message": "Admin approval requested"
+  },
+  "adminApprovalRequestSentToAdmins": {
+    "message": "Your request has been sent to your admin."
+  },
+  "youWillBeNotifiedOnceApproved": {
+    "message": "You will be notified once approved."
+  },
+  "troubleLoggingIn": {
+    "message": "Trouble logging in?"
+  },
+  "loginApproved": {
+    "message": "Login approved"
+  },
+  "userEmailMissing": {
+    "message": "User email missing"
+  },
+  "deviceTrusted": {
+    "message": "Device trusted"
+  },
   "sendsNoItemsTitle": {
     "message": "No active Sends",
     "description": "'Send' is a noun and the name of a feature called 'Bitwarden Send'. It should not be translated."
@@ -7094,6 +7156,9 @@
   "maxServiceAccountCost": {
     "message": "Max potential service account cost"
   },
+  "loggedInExclamation": {
+    "message": "Logged in!"
+  },
   "smBetaEndedDesc": {
     "message": "The Secrets Manager Beta ended $BETA_ENDING_DATE$. You have $DAYS$ days left to add Secrets Manager to your paid subscription and maintain access to Secrets Manager data. Contact Customer Success to add Secrets Manager to your subscription.",
     "placeholders": {
@@ -7113,6 +7178,9 @@
   "beta": {
     "message": "Beta"
   },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
+  },
   "typePasskey": {
     "message": "Passkey"
   },
diff --git a/apps/web/src/locales/en_GB/messages.json b/apps/web/src/locales/en_GB/messages.json
index ca217f6ef77..6242719e27b 100644
--- a/apps/web/src/locales/en_GB/messages.json
+++ b/apps/web/src/locales/en_GB/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organisation vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organisation vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/en_IN/messages.json b/apps/web/src/locales/en_IN/messages.json
index ac8fa6dd682..b32a4953288 100644
--- a/apps/web/src/locales/en_IN/messages.json
+++ b/apps/web/src/locales/en_IN/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Restored item"
   },
   "restoredItems": {
     "message": "Restored items"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore all of these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Restored item $ID$.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/eo/messages.json b/apps/web/src/locales/eo/messages.json
index 6f955af6b54..466fdcd4668 100644
--- a/apps/web/src/locales/eo/messages.json
+++ b/apps/web/src/locales/eo/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restarigi elektitajn"
   },
-  "restoreItem": {
-    "message": "Restarigi Artikolon"
-  },
   "restoredItem": {
     "message": "Restarigita elemento"
   },
   "restoredItems": {
     "message": "Restarigitaj Eroj"
   },
-  "restoreItemConfirmation": {
-    "message": "Ĉu vi certe volas restarigi ĉi tiun eron?"
-  },
-  "restoreItems": {
-    "message": "Restarigi erojn"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Vi elektis $COUNT$ eron (j) por restarigi. Ĉu vi certe volas restarigi ĉiujn ĉi tiujn erojn?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Restariĝis ero $ID$.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/es/messages.json b/apps/web/src/locales/es/messages.json
index b9cdefb5b89..ceb58dc9f73 100644
--- a/apps/web/src/locales/es/messages.json
+++ b/apps/web/src/locales/es/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restaurar seleccionados"
   },
-  "restoreItem": {
-    "message": "Restaurar elemento"
-  },
   "restoredItem": {
     "message": "Elemento restaurado"
   },
   "restoredItems": {
     "message": "Elementos restaurados"
   },
-  "restoreItemConfirmation": {
-    "message": "¿Estás seguro de que quieres restaurar este elemento?"
-  },
-  "restoreItems": {
-    "message": "Restaurar elementos"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Has seleccionado $COUNT$ elemento(s) para restaurar. ¿Estás seguro de que quieres restaurar todos estos elementos?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Elemento $ID$ restaurado.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Desactivar exportación de la caja fuerte personal"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Prohíbe a los usuarios exportar sus datos privados de su \ncaja fuerte."
+  "disablePersonalVaultExportDescription": {
+    "message": "No permita a los miembros exportar datos de su caja fuerte individual."
   },
   "vaultExportDisabled": {
     "message": "Exportación de caja fuerte desactivada"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exportando caja fuerte de la organización"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Solo se exportarán los elementos de la caja fuerte personal asociados con $EMAIL$. Los elementos de la caja fuerte de la organización no se incluirán.",
+  "exportingIndividualVaultDescription": {
+    "message": "Solo se exportarán los elementos individuales de la caja fuerte asociados con $EMAIL$. Los elementos de la bóveda de la organización no se incluirán. Solo la información de la caja fuerte será exportada y no incluirá adjuntos asociados.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "¿Ya tienes una cuenta?"
   }
 }
diff --git a/apps/web/src/locales/et/messages.json b/apps/web/src/locales/et/messages.json
index e6646326dcd..9a61812fe92 100644
--- a/apps/web/src/locales/et/messages.json
+++ b/apps/web/src/locales/et/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Taasta valitud"
   },
-  "restoreItem": {
-    "message": "Taasta kirje"
-  },
   "restoredItem": {
     "message": "Kirje on taastatud"
   },
   "restoredItems": {
     "message": "Kirjed on taastatud"
   },
-  "restoreItemConfirmation": {
-    "message": "Oled kindel, et soovid selle kirje taastada?"
-  },
-  "restoreItems": {
-    "message": "Taasta kirjed"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Oled taastamiseks valinud $COUNT$ kirje(t). Oled kindel, et soovid kõik need kirjed taastada?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Taastas kirje $ID$.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Keelustab kasutajate privaatse hoidla andmete eksportimise."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Ainult personaalsed $EMAIL$ alla kuuluvad kirjed eksportidakse. Organisatsiooni kirjeid ei ekspordita.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/eu/messages.json b/apps/web/src/locales/eu/messages.json
index 75e378ecda6..f3bc2526596 100644
--- a/apps/web/src/locales/eu/messages.json
+++ b/apps/web/src/locales/eu/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Hautatuak berreskuratu"
   },
-  "restoreItem": {
-    "message": "Berreskuratu elementua"
-  },
   "restoredItem": {
     "message": "Elementua berreskuratua"
   },
   "restoredItems": {
     "message": "Elementuak berreskuratuak"
   },
-  "restoreItemConfirmation": {
-    "message": "Ziur al zaude elementu hau berreskuratu nahi duzula?"
-  },
-  "restoreItems": {
-    "message": "Berreskuratu elementuak"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "$COUNT$ elementu hautatu dituzu berreskuratzeko. Ziur al zaude elementu horiek guztiak berreskuratu nahi dituzula?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "$ID$ elementua berreskuratua.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Desgaitu kutxa gotor pertsonalaren esportazioa"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Ez utzi kideei kutxa gotor pertsonaleko datuak esportatzen."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Kutxa gotorreko esportazioa desgaituta"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Erakundeko kutxa gotorra esportatzen"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "$EMAIL$-ekin lotutako kutxa gotor pertsonaleko elementuak bakarrik esportatuko dira. Erakundeko kutxa gotorraren elementuak ez dira sartuko.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/fa/messages.json b/apps/web/src/locales/fa/messages.json
index 08246e95942..bbed5086215 100644
--- a/apps/web/src/locales/fa/messages.json
+++ b/apps/web/src/locales/fa/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "بازیابی انتخاب شده"
   },
-  "restoreItem": {
-    "message": "بازیابی مورد"
-  },
   "restoredItem": {
     "message": "مورد بازیابی شد"
   },
   "restoredItems": {
     "message": "موارد بازیابی شد"
   },
-  "restoreItemConfirmation": {
-    "message": "آیا مطمئن هستید که می‌خواهید این مورد را بازیابی کنید؟"
-  },
-  "restoreItems": {
-    "message": "بازیابی موارد"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "شما $COUNT$ مورد را برای بازیابی انتخاب کرده اید. آیا مطمئنید که می‌خواهید تمام این موارد را بازیابی کنید؟",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "مورد $ID$ بازیابی شد",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "حذف برون ریزی گاوصندوق شخصی"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "به اعضا اجازه ندهید که داده‌های گاوصندوق شخصی خود را برون ریزی کنند."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "برون ریزی گاوصندوق غیرفعال شده است"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "در حال برون ریزی گاوصندوق سازمان"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "فقط موارد شخصی گاوصندوق مرتبط با $EMAIL$ برو ریزی خواهند شد. موارد گاوصندوق سازمان شامل نخواهد شد. فقط اطلاعات مورد گاوصندوق برون ریزی خواهد شد و شامل تاریخچه کلمه عبور مرتبط یا پیوست نمی‌شود.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/fi/messages.json b/apps/web/src/locales/fi/messages.json
index f589399377b..b3898f14e71 100644
--- a/apps/web/src/locales/fi/messages.json
+++ b/apps/web/src/locales/fi/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Palauta valitut"
   },
-  "restoreItem": {
-    "message": "Palauta kohde"
-  },
   "restoredItem": {
     "message": "Kohde palautettiin"
   },
   "restoredItems": {
     "message": "Kohteet palautettiin"
   },
-  "restoreItemConfirmation": {
-    "message": "Haluatko varmasti palauttaa kohteen?"
-  },
-  "restoreItems": {
-    "message": "Palauta kohteet"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Olet valinnut palautettavaksi $COUNT$ kohdetta. Haluatko varmasti palauttaa ne?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "$ID$ palautettiin",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Estä yksityisen holvin vienti"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Älä salli jäseniä viemästä yksityisten holviensa tietoja."
+  "disablePersonalVaultExportDescription": {
+    "message": "Älä salli jäsenten viedä henkilökohtaisten holviensa tietoja."
   },
   "vaultExportDisabled": {
     "message": "Holvin vienti poistettiin"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Organisaation holvin vienti"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Vain tunnukseen $EMAIL$ liitetyt yksityisen holvin kohteet viedään. Organisaation holvin kohteita ei sisällytetä. Vain holvin kohteiden tiedot viedään ilman niihin liittyviä salasanojen historiatietoja tai liitteitä.",
+  "exportingIndividualVaultDescription": {
+    "message": "Vain tunnukseen $EMAIL$ liitetyt yksityisen holvin kohteet viedään. Organisaation holvin kohteita ei sisällytetä. Vain holvin kohteiden tiedot viedään ilman niihin liittyviä liitteitä.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -6989,7 +6971,7 @@
     "description": "'Send' is a noun and the name of a feature called 'Bitwarden Send'. It should not be translated."
   },
   "sendsNoItemsMessage": {
-    "message": "Sendeillä voit jakaa salattuja tietoja turvallisesti kenelle tahansa.",
+    "message": "Sendillä voit jakaa salattuja tietoja turvallisesti kenelle tahansa.",
     "description": "'Send' is a noun and the name of a feature called 'Bitwarden Send'. It should not be translated."
   },
   "inviteUsers": {
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Onko sinulla jo tili?"
   }
 }
diff --git a/apps/web/src/locales/fil/messages.json b/apps/web/src/locales/fil/messages.json
index d7260c3d45b..000dee0b5f4 100644
--- a/apps/web/src/locales/fil/messages.json
+++ b/apps/web/src/locales/fil/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Ibalik muli ang napiling"
   },
-  "restoreItem": {
-    "message": "Ibalik ang item"
-  },
   "restoredItem": {
     "message": "Item na nai-restore"
   },
   "restoredItems": {
     "message": "Naibalik ang mga item"
   },
-  "restoreItemConfirmation": {
-    "message": "Sigurado ka bang nais mong ibalik ang item na ito?"
-  },
-  "restoreItems": {
-    "message": "Ibalik muli ang mga item"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Pumili ka ng $COUNT$ (mga) item na ibabalik. Sigurado ka bang gusto mong ibalik ang mga item na ito?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Naibalik ang item $ID$",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Alisin ang indibidwal na pag export ng vault"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Huwag payagan ang mga miyembro na i export ang kanilang indibidwal na data ng vault."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Hindi magagamit ang pag-export ng Vault"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Pag-export ng vault ng organisasyon"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Lamang ang mga item ng indibidwal na vault na nauugnay sa $EMAIL$ ang maie-export. Hindi kasama ang mga item ng vault ng organisasyon.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/fr/messages.json b/apps/web/src/locales/fr/messages.json
index 8796f4d9b45..21e76e9e135 100644
--- a/apps/web/src/locales/fr/messages.json
+++ b/apps/web/src/locales/fr/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restaurer la sélection"
   },
-  "restoreItem": {
-    "message": "Restaurer l'élément"
-  },
   "restoredItem": {
     "message": "Élément restauré"
   },
   "restoredItems": {
     "message": "Éléments restaurés"
   },
-  "restoreItemConfirmation": {
-    "message": "Êtes-vous sûr de vouloir restaurer cet élément ?"
-  },
-  "restoreItems": {
-    "message": "Restaurer les éléments"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Vous avez sélectionné $COUNT$ élément(s) à restaurer. Êtes-vous sûr de vouloir restaurer tous ces éléments ?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Élément $ID$ restauré.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Supprimer l'exportation individuelle du coffre"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Empêche les utilisateurs d'exporter les données de leur coffre privé."
+  "disablePersonalVaultExportDescription": {
+    "message": "Ne pas autoriser les membres à exporter des données de leur coffre individuel."
   },
   "vaultExportDisabled": {
     "message": "Export du coffre supprimé"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Export du coffre de l'organisation"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Seuls les éléments individuels du coffre associés à $EMAIL$ seront exportés. Les éléments du coffre de l'organisation ne seront pas inclus. Seules les informations sur les éléments du coffre seront exportées et n'incluront pas l'historique des mots de passe associés ou pièces jointes.",
+  "exportingIndividualVaultDescription": {
+    "message": "Seuls les éléments individuels du coffre associés à $EMAIL$ seront exportés. Les éléments du coffre de l'organisation ne seront pas inclus. Seules les informations sur les éléments du coffre seront exportées et n'incluront pas les pièces jointes associées.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Vous avez déjà un compte ?"
   }
 }
diff --git a/apps/web/src/locales/gl/messages.json b/apps/web/src/locales/gl/messages.json
index cc3bc7427a2..e69d435ec4a 100644
--- a/apps/web/src/locales/gl/messages.json
+++ b/apps/web/src/locales/gl/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/he/messages.json b/apps/web/src/locales/he/messages.json
index afb6d2214cc..f4e7a66a052 100644
--- a/apps/web/src/locales/he/messages.json
+++ b/apps/web/src/locales/he/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "שחזר בחירה"
   },
-  "restoreItem": {
-    "message": "שחזר פריט"
-  },
   "restoredItem": {
     "message": "פריט ששוחזר"
   },
   "restoredItems": {
     "message": "פריטים ששוחזרו"
   },
-  "restoreItemConfirmation": {
-    "message": "האם אתה בטוח שברצונך לשחזר פריט זה?"
-  },
-  "restoreItems": {
-    "message": "שחזר פריטים"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "בחרת $COUNT$ פריט(ים) לשחזור. האם אתה בטוח שברצונך לשחזר את כל הפריטים הללו?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "פריט ששוחזר $ID$.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/hi/messages.json b/apps/web/src/locales/hi/messages.json
index 51e2caf5319..30364b90e44 100644
--- a/apps/web/src/locales/hi/messages.json
+++ b/apps/web/src/locales/hi/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/hr/messages.json b/apps/web/src/locales/hr/messages.json
index dc852c9f4e6..223d4a22552 100644
--- a/apps/web/src/locales/hr/messages.json
+++ b/apps/web/src/locales/hr/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Vrati odabrano"
   },
-  "restoreItem": {
-    "message": "Vrati stavku"
-  },
   "restoredItem": {
     "message": "Stavka vraćena"
   },
   "restoredItems": {
     "message": "Stavke vraćene"
   },
-  "restoreItemConfirmation": {
-    "message": "Želiš li sigurno vratiti ovu stavku?"
-  },
-  "restoreItems": {
-    "message": "Vrati stavke"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Odabrano je $COUNT$ stavka/i za vraćanje. Sigurno želiš vratiti sve ove stavke?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Stavka $ID$ vraćena",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Onemogući izvoz osobnog trezora"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Onemogućuje korisnike da izvezu svoj osobni trezor."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Izvoz trezora onemogućen"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Izvoz organizacijskog trezora"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Izvest će se samo stavke osobnog trezora povezanog s $EMAIL$. Stavke organizacijskog trezora neće biti uključene. Izvest će se samo informacija o stavci trezora bez pripadajućih podataka o povijesti lozinki i privitaka.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/hu/messages.json b/apps/web/src/locales/hu/messages.json
index cd764ebd422..1abafa98239 100644
--- a/apps/web/src/locales/hu/messages.json
+++ b/apps/web/src/locales/hu/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Kiválasztottak visszaállítása"
   },
-  "restoreItem": {
-    "message": "Elem visszaállítása"
-  },
   "restoredItem": {
     "message": "Az elem visszaállításra került."
   },
   "restoredItems": {
     "message": "Az elemek visszaállításra kerültek."
   },
-  "restoreItemConfirmation": {
-    "message": "Biztosan visszaállításra kerüljön ez az elem?"
-  },
-  "restoreItems": {
-    "message": "Elemek visszaállítása"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "$COUNT$ elem lett kiválasztva visszaállításra. Biztosan visszaállításra kerüljön az összes elem?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "$ID$ azonosítójú elem visszaállításra került.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "A személyes széf exportálás eltávolítása"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "A tagok nem exportálhatnak személyes széf adatokat."
+  "disablePersonalVaultExportDescription": {
+    "message": "Ne engedjük meg a tagoknak, hogy adatokat exportáljanak a saját széfből."
   },
   "vaultExportDisabled": {
     "message": "A széf exportálás nem engedélyezett."
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Szervezeti széf exportálása"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Csak $EMAIL$ email címmel társított személyes széf elemek kerülnek exportálásra. Ebbe nem kerülnek be a szervezeti széf elemek.",
+  "exportingIndividualVaultDescription": {
+    "message": "$EMAIL$ e-mail címhez társított egyedi széfek kerülnek csak exportálásra. A szervezeti széf elemei nem lesznek benne. Csak a széf információk kerülnek exportálásra és nem tartalmazzák a kapcsolódó mellékleteket.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Van már saját fiók?"
   }
 }
diff --git a/apps/web/src/locales/id/messages.json b/apps/web/src/locales/id/messages.json
index eabcdc841f2..b4a568a01b9 100644
--- a/apps/web/src/locales/id/messages.json
+++ b/apps/web/src/locales/id/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Pulihkan yang Dipilih"
   },
-  "restoreItem": {
-    "message": "Pulihkan Item"
-  },
   "restoredItem": {
     "message": "Item yang Dipulihkan"
   },
   "restoredItems": {
     "message": "Item yang Dipulihkan"
   },
-  "restoreItemConfirmation": {
-    "message": "Apakah Anda yakin ingin memulihkan item ini?"
-  },
-  "restoreItems": {
-    "message": "Pulihkan Item"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Anda telah memilih $COUNT$ item untuk dipulihkan. Anda yakin ingin memulihkan semua item ini?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item yang dipulihkan $ID$.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Ekspor Brankas Dinonaktifkan"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/it/messages.json b/apps/web/src/locales/it/messages.json
index 752ca51b8e6..44c7e3d021b 100644
--- a/apps/web/src/locales/it/messages.json
+++ b/apps/web/src/locales/it/messages.json
@@ -875,7 +875,7 @@
     "message": "Usa qualsiasi chiave di sicurezza abilitata WebAuthn per accedere al tuo account."
   },
   "webAuthnMigrated": {
-    "message": "(Migrati da FIDO)"
+    "message": "(Trasferito da FIDO)"
   },
   "emailTitle": {
     "message": "Email"
@@ -1306,7 +1306,7 @@
     "message": "Seleziona una raccolta"
   },
   "importTargetHint": {
-    "message": "Seleziona questa opzione se vuoi che i contenuti del file di importazione siamo spostati in una $DESTINATION$",
+    "message": "Seleziona questa opzione se vuoi che i contenuti del file di importazione siano spostati in una $DESTINATION$",
     "description": "Located as a hint under the import target. Will be appended by either folder or collection, depending if the user is importing into an individual or an organizational vault.",
     "placeholders": {
       "destination": {
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Ripristina selezionati"
   },
-  "restoreItem": {
-    "message": "Ripristina elemento"
-  },
   "restoredItem": {
     "message": "Elemento ripristinato"
   },
   "restoredItems": {
     "message": "Elementi ripristinati"
   },
-  "restoreItemConfirmation": {
-    "message": "Sei sicuro di voler ripristinare questo elemento?"
-  },
-  "restoreItems": {
-    "message": "Ripristina elementi"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Hai selezionato $COUNT$ elementi da ripristinare. Sei sicuro di voler ripristinare questi elementi?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "$ID$ ripristinato",
     "placeholders": {
@@ -4634,7 +4616,7 @@
     "message": "Gli account esistenti con password principali richiederanno ai membri di registrarsi autonomamente prima che gli amministratori possano recuperare i loro account. L'iscrizione automatica attiverà il recupero dell'account per i nuovi membri."
   },
   "accountRecoverySingleOrgRequirementDesc": {
-    "message": "La politica aziendale per l'organizzazione unica deve essere attivata prima di attivare questo politica."
+    "message": "La politica aziendale per l'organizzazione unica deve essere attivata prima di attivare questa politica."
   },
   "resetPasswordPolicyAutoEnroll": {
     "message": "Iscrizione automatica"
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Rimuovi esportazione cassaforte individuale"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Non consentire ai membri di esportare la loro cassaforte individuale."
+  "disablePersonalVaultExportDescription": {
+    "message": "Non consentire ai membri di esportare i dati dalla loro cassaforte individuale."
   },
   "vaultExportDisabled": {
     "message": "Esportazione cassaforte rimossa"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Esportando cassaforte dell'organizzazione"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Solo gli elementi della cassaforte personale associati a $EMAIL$ saranno esportati. Gli elementi della cassaforte dell'organizzazione non saranno inclusi. Solo le informazioni sugli elementi della cassaforte saranno esportate e non includeranno la cronologia delle password o gli allegati.",
+  "exportingIndividualVaultDescription": {
+    "message": "Solo gli elementi della cassaforte personale associati a $EMAIL$ saranno esportati. Gli elementi della cassaforte dell'organizzazione non saranno inclusi. Solo le informazioni sugli elementi della cassaforte saranno esportate e non includeranno gli allegati.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7005,7 +6987,7 @@
     }
   },
   "secretsManagerForPlanDesc": {
-    "message": "Per i team di ingegneria e DevOps per gestire i segreti durante l'intero ciclo di vita dello sviluppo del software."
+    "message": "Per gestire i segreti dei team di software engineering e DevOps durante l'intero ciclo di sviluppo del software."
   },
   "free2PersonOrganization": {
     "message": "Organizzazioni gratis per 2 persone"
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Hai già un account?"
   }
 }
diff --git a/apps/web/src/locales/ja/messages.json b/apps/web/src/locales/ja/messages.json
index 44be0b070f9..76cc9bd53c2 100644
--- a/apps/web/src/locales/ja/messages.json
+++ b/apps/web/src/locales/ja/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "選択したものをリストア"
   },
-  "restoreItem": {
-    "message": "アイテムをリストア"
-  },
   "restoredItem": {
     "message": "リストアされたアイテム"
   },
   "restoredItems": {
     "message": "リストアされたアイテム"
   },
-  "restoreItemConfirmation": {
-    "message": "このアイテムをリストアしますか？"
-  },
-  "restoreItems": {
-    "message": "アイテムをリストア"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "$COUNT$個のアイテムをリストアしようとしています。本当にこれらのアイテムをリストアしますか？",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "アイテム $ID$ をリストアしました。",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "個別の保管庫のエクスポートを削除"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "メンバーが個別の保管庫データをエクスポートすることを許可しない。"
+  "disablePersonalVaultExportDescription": {
+    "message": "メンバーが個人の保管庫からデータをエクスポートすることを許可しません。"
   },
   "vaultExportDisabled": {
     "message": "保管庫のエクスポートが無効化されました"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "組織保管庫のエクスポート"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "$EMAIL$ に関連付けられた個人用保管庫アイテムのみがエクスポートされます。組織用保管庫アイテムは含まれません。",
+  "exportingIndividualVaultDescription": {
+    "message": "$EMAIL$ に関連付けられた個人の保管庫アイテムのみがエクスポートされます。組織の保管庫アイテムは含まれません。 保管庫アイテム情報のみがエクスポートされ、関連する添付ファイルはエクスポートされません。",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "ベータ"
+  },
+  "alreadyHaveAccount": {
+    "message": "既にアカウントをお持ちですか？"
   }
 }
diff --git a/apps/web/src/locales/ka/messages.json b/apps/web/src/locales/ka/messages.json
index 7929c24f01d..4b9edb5adbc 100644
--- a/apps/web/src/locales/ka/messages.json
+++ b/apps/web/src/locales/ka/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/km/messages.json b/apps/web/src/locales/km/messages.json
index cc3bc7427a2..e69d435ec4a 100644
--- a/apps/web/src/locales/km/messages.json
+++ b/apps/web/src/locales/km/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/kn/messages.json b/apps/web/src/locales/kn/messages.json
index 49616196430..0a5dc4e58c0 100644
--- a/apps/web/src/locales/kn/messages.json
+++ b/apps/web/src/locales/kn/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "ಆಯ್ಕೆಮಾಡಿ ಮರುಸ್ಥಾಪಿಸಿ"
   },
-  "restoreItem": {
-    "message": "ಐಟಂ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಿ"
-  },
   "restoredItem": {
     "message": "ಐಟಂ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಲಾಗಿದೆ"
   },
   "restoredItems": {
     "message": "ವಸ್ತುಗಳನ್ನು ಮರುಸ್ಥಾಪಿಸಲಾಗಿದೆ"
   },
-  "restoreItemConfirmation": {
-    "message": "ಈ ಐಟಂ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಲು ನೀವು ಖಚಿತವಾಗಿ ಬಯಸುವಿರಾ?"
-  },
-  "restoreItems": {
-    "message": "ವಸ್ತುಗಳನ್ನು ಮರುಸ್ಥಾಪಿಸಿ"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "ಪುನಃಸ್ಥಾಪಿಸಲು ನೀವು $COUNT$ ಐಟಂ (ಗಳನ್ನು) ಆಯ್ಕೆ ಮಾಡಿದ್ದೀರಿ. ಈ ಎಲ್ಲಾ ವಸ್ತುಗಳನ್ನು ಪುನಃಸ್ಥಾಪಿಸಲು ನೀವು ಖಚಿತವಾಗಿ ಬಯಸುವಿರಾ?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "ಐಟಂ $ID$ ಅನ್ನು ಮರುಸ್ಥಾಪಿಸಲಾಗಿದೆ.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/ko/messages.json b/apps/web/src/locales/ko/messages.json
index a98c4a4d414..86647a0aff6 100644
--- a/apps/web/src/locales/ko/messages.json
+++ b/apps/web/src/locales/ko/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "선택 항목 복원"
   },
-  "restoreItem": {
-    "message": "항목 복구"
-  },
   "restoredItem": {
     "message": "복구된 항목"
   },
   "restoredItems": {
     "message": "복구된 항목"
   },
-  "restoreItemConfirmation": {
-    "message": "정말로 이 항목을 복구하시겠습니까?"
-  },
-  "restoreItems": {
-    "message": "항목 복구"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "복구를 위해 $COUNT$ 개의 항목이 선택되었습니다. 정말로 이 항목들을 모두 복구하시겠습니까?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "$ID$ 항목이 복구되었습니다.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "개인 보관함 내보내기 비활성화"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "보관함 내보내기 비활성화됨"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/lv/messages.json b/apps/web/src/locales/lv/messages.json
index 89954567910..3234a3400a5 100644
--- a/apps/web/src/locales/lv/messages.json
+++ b/apps/web/src/locales/lv/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Atjaunot atlasīto"
   },
-  "restoreItem": {
-    "message": "Atjaunot vienumu"
-  },
   "restoredItem": {
     "message": "Vienums atjaunots"
   },
   "restoredItems": {
     "message": "Vienumi atjaunoti"
   },
-  "restoreItemConfirmation": {
-    "message": "Vai tiešām atjaunot šo vienumu?"
-  },
-  "restoreItems": {
-    "message": "Atjaunot vienumus"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Atjaunošanai ir atlasīts(i) $COUNT$ vienums(i). Vai tiešām atjaunot tos visus?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Vienums $ID$ atjaunots.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Atspējot personīgās glabātavas izgūšanu"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Aizliedz lietotājiem izgūt viņu personīgo glabātavu saturu."
+  "disablePersonalVaultExportDescription": {
+    "message": "Neļaut dalībniekiem izgūt datus no viņu glabātavas."
   },
   "vaultExportDisabled": {
     "message": "Glabātavas izgūšana ir atspējota"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Izdod apvienības glabātavu"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Tiks izdoti tikai personīgie glabātavas vienumi, kas ir saistīti ar $EMAIL$. Apvienības glabātavas vienumi netiks iekļauti.",
+  "exportingIndividualVaultDescription": {
+    "message": "Tiks izgūti tikai atsevišķi glabātavas vienumi, kas ir saistīti ar $EMAIL$. Apvienīgas glabātavas vienumi netiks iekļauti. Tiks izgūta tikai glabātavas vienuma informācija, un saistītie pielikumi netiks iekļauti.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/ml/messages.json b/apps/web/src/locales/ml/messages.json
index 01def969c7d..01bd21a452d 100644
--- a/apps/web/src/locales/ml/messages.json
+++ b/apps/web/src/locales/ml/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "തിരഞ്ഞെടുത്തത് വീണ്ടെടുക്കുക "
   },
-  "restoreItem": {
-    "message": "ഇനം വീണ്ടെടുക്കുക "
-  },
   "restoredItem": {
     "message": "വീണ്ടെടുത്ത ഇനങ്ങൾ"
   },
   "restoredItems": {
     "message": "വീണ്ടെടുത്ത ഇനങ്ങൾ"
   },
-  "restoreItemConfirmation": {
-    "message": "ഈ ഇനം വീണ്ടെടുക്കണമെന്ന് ഉറപ്പാണോ?"
-  },
-  "restoreItems": {
-    "message": "ഇനങ്ങൾ വീണ്ടെടുക്കുക"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "വീണ്ടെടുക്കാൻ നിങ്ങൾ $COUNT$ ഇനം(ങ്ങൾ) തിരഞ്ഞെടുത്തു. ഈ ഇനങ്ങളെല്ലാം വീണ്ടെടുക്കാൻ നിങ്ങൾ ആഗ്രഹിക്കുന്നുണ്ടോ?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "$ID$ എന്ന ഇനം വീണ്ടെടുത്തു.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/mr/messages.json b/apps/web/src/locales/mr/messages.json
index cc3bc7427a2..e69d435ec4a 100644
--- a/apps/web/src/locales/mr/messages.json
+++ b/apps/web/src/locales/mr/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/my/messages.json b/apps/web/src/locales/my/messages.json
index cc3bc7427a2..e69d435ec4a 100644
--- a/apps/web/src/locales/my/messages.json
+++ b/apps/web/src/locales/my/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/nb/messages.json b/apps/web/src/locales/nb/messages.json
index 580fdbd0d41..92bd6ff6051 100644
--- a/apps/web/src/locales/nb/messages.json
+++ b/apps/web/src/locales/nb/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Gjenopprett valgte"
   },
-  "restoreItem": {
-    "message": "Gjenopprett objekt"
-  },
   "restoredItem": {
     "message": "Gjenopprettet objekt"
   },
   "restoredItems": {
     "message": "Gjenopprettete objekter"
   },
-  "restoreItemConfirmation": {
-    "message": "Er du sikker på at du vil gjenopprette dette objektet?"
-  },
-  "restoreItems": {
-    "message": "Gjenopprett objekter"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Du har valgt $COUNT$ objekt(er) som skal gjenopprettes. Er du sikker på at du vil gjenopprette alle disse objektene?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Gjenopprettet objektet $ID$.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Deaktivere personlig hvelv eksport"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Forbud brukere fra å eksportere sine private hvelvdataer."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Hvelveksportering er skrudd av"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Eksporterer organisasjonshvelv"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Bare de personlige hvelv-elementene som er knyttet til $EMAIL$ vil bli eksportert. Organisasjonshvelvets elementer vil ikke bli inkludert.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/ne/messages.json b/apps/web/src/locales/ne/messages.json
index 8e7502dbcf0..53bcac98300 100644
--- a/apps/web/src/locales/ne/messages.json
+++ b/apps/web/src/locales/ne/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/nl/messages.json b/apps/web/src/locales/nl/messages.json
index cb39f72a3b8..896df6c3dd9 100644
--- a/apps/web/src/locales/nl/messages.json
+++ b/apps/web/src/locales/nl/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Selectie herstellen"
   },
-  "restoreItem": {
-    "message": "Item herstellen"
-  },
   "restoredItem": {
     "message": "Hersteld item"
   },
   "restoredItems": {
     "message": "Herstelde items"
   },
-  "restoreItemConfirmation": {
-    "message": "Weet je zeker dat je dit item wilt herstellen?"
-  },
-  "restoreItems": {
-    "message": "Items herstellen"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Je hebt $COUNT$ item(s) geselecteerd voor herstel. Weet je zeker dat je al deze items wilt herstellen?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Hersteld item $ID$.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Persoonlijke kluis exporteren uitschakelen"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Verbiedt gebruikers om hun privékluisgegevens te exporteren."
+  "disablePersonalVaultExportDescription": {
+    "message": "Exporteren van gegevens uit hun individuele kluis niet toestaan."
   },
   "vaultExportDisabled": {
     "message": "Kluis exporteren uitgeschakeld"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Organisatiekluis exporteren"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Exporteert alleen de persoonlijke kluis-items gerelateerd aan $EMAIL$. Geen kluis-items van de organisatie.",
+  "exportingIndividualVaultDescription": {
+    "message": "Alleen de individuele kluisitems geassocieerd met $EMAIL$ worden geëxporteerd. Kluisitems van de organisatie worden niet meegenomen. Alleen informatie over kluisitem wordt geëxporteerd en bevat geen bijlagen.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/nn/messages.json b/apps/web/src/locales/nn/messages.json
index 9023e2ddc77..849a16d4a63 100644
--- a/apps/web/src/locales/nn/messages.json
+++ b/apps/web/src/locales/nn/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/or/messages.json b/apps/web/src/locales/or/messages.json
index cc3bc7427a2..e69d435ec4a 100644
--- a/apps/web/src/locales/or/messages.json
+++ b/apps/web/src/locales/or/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/pl/messages.json b/apps/web/src/locales/pl/messages.json
index 56242ae7891..850c69e3c04 100644
--- a/apps/web/src/locales/pl/messages.json
+++ b/apps/web/src/locales/pl/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Przywróć zaznaczone"
   },
-  "restoreItem": {
-    "message": "Przywróć element"
-  },
   "restoredItem": {
     "message": "Element został przywrócony"
   },
   "restoredItems": {
     "message": "Elementy zostały przywrócone"
   },
-  "restoreItemConfirmation": {
-    "message": "Czy na pewno chcesz przywrócić ten element?"
-  },
-  "restoreItems": {
-    "message": "Przywróć elementy"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Wybrano $COUNT$ elementy(-ów) do przywrócenia. Czy na pewno chcesz przywrócić te elementy?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Element $ID$ został przywrócony",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Wyłącz eksportowanie osobistego sejfu"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Zabrania użytkownikom eksportowania ich prywatnych danych sejfu."
+  "disablePersonalVaultExportDescription": {
+    "message": "Nie zezwalaj użytkownikom na eksport danych z ich indywidualnego sejfu."
   },
   "vaultExportDisabled": {
     "message": "Eksportowanie sejfu zostało wyłączone"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Eksportowanie sejfu organizacji"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Tylko osobiste elementy sejfu powiązane z adresem $EMAIL$ zostaną wyeksportowane. Elementy sejfu należące do organizacji nie będą uwzględnione.",
+  "exportingIndividualVaultDescription": {
+    "message": "Z sejfu zostaną wyeksportowane tylko elementy powiązane z $EMAIL$. Elementy z sejfu organizacji nie będą uwzględnione. Tylko informacje o elemencie zostaną wyeksportowane i nie będą zawierać powiązanych załączników.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Wersja beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Masz już konto?"
   }
 }
diff --git a/apps/web/src/locales/pt_BR/messages.json b/apps/web/src/locales/pt_BR/messages.json
index a8f0cef6c19..0071b585024 100644
--- a/apps/web/src/locales/pt_BR/messages.json
+++ b/apps/web/src/locales/pt_BR/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restaurar Selecionados"
   },
-  "restoreItem": {
-    "message": "Restaurar Item"
-  },
   "restoredItem": {
     "message": "Item Restaurado"
   },
   "restoredItems": {
     "message": "Itens Restaurados"
   },
-  "restoreItemConfirmation": {
-    "message": "Você tem certeza que deseja restaurar esse item?"
-  },
-  "restoreItems": {
-    "message": "Restaurar itens"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Você selecionou $COUNT$ item(ns) para restaurar. Tem certeza que deseja restaurar todos esses itens?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restaurado.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Desabilitar Exportação de Cofre Pessoal"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Proíbe os usuários de exportar seus dados de cofre privados."
+  "disablePersonalVaultExportDescription": {
+    "message": "Não permita que os membros exportem dados do seu cofre individual."
   },
   "vaultExportDisabled": {
     "message": "Exportação de Cofre Desabilitada"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exportando o Cofre da Organização"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Apenas os itens pessoais do cofre associados com $EMAIL$ serão exportados. Os itens do cofre da organização não serão incluídos.",
+  "exportingIndividualVaultDescription": {
+    "message": "Apenas os itens individuais do cofre associados a $EMAIL$ serão exportados. Os itens do cofre da organização não serão incluídos. Apenas as informações de item do cofre serão exportadas e não incluirão anexos associados.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Já tem uma conta?"
   }
 }
diff --git a/apps/web/src/locales/pt_PT/messages.json b/apps/web/src/locales/pt_PT/messages.json
index 1e9e80a7de3..da74f3e225d 100644
--- a/apps/web/src/locales/pt_PT/messages.json
+++ b/apps/web/src/locales/pt_PT/messages.json
@@ -609,7 +609,7 @@
     "message": "Iniciar sessão com o dispositivo"
   },
   "loginWithDeviceEnabledNote": {
-    "message": "O início de sessão com o dispositivo deve ser ativado nas definições da aplicação Bitwarden. Necessita de outra opção?"
+    "message": "O início de sessão com o dispositivo deve ser ativado nas definições da aplicação Bitwarden. Precisa de outra opção?"
   },
   "loginWithMasterPassword": {
     "message": "Iniciar sessão com a palavra-passe mestra"
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restaurar selecionados"
   },
-  "restoreItem": {
-    "message": "Restaurar item"
-  },
   "restoredItem": {
     "message": "Item restaurado"
   },
   "restoredItems": {
     "message": "Itens restaurados"
   },
-  "restoreItemConfirmation": {
-    "message": "Tem a certeza de que pretende restaurar este item?"
-  },
-  "restoreItems": {
-    "message": "Restaurar itens"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Selecionou $COUNT$ item(ns) para restaurar. Tem a certeza de que pretende restaurar estes itens?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restaurado",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remover a exportação do cofre individual"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Não permitir que os membros exportem os seus dados do cofre individual."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Exportação do cofre removida"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "A exportar o cofre da organização"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Apenas os itens do cofre pessoal associado a $EMAIL$ serão exportados. Os itens do cofre da organização não serão incluídos.",
+  "exportingIndividualVaultDescription": {
+    "message": "Apenas os itens de cofre individuais associados a $EMAIL$ serão exportados. Os itens do cofre da organização não serão incluídos. Apenas serão exportadas as informações do item do cofre e não serão incluídos os anexos associados.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Já tem uma conta?"
   }
 }
diff --git a/apps/web/src/locales/ro/messages.json b/apps/web/src/locales/ro/messages.json
index ab162e68fcb..35cbd3ab1cc 100644
--- a/apps/web/src/locales/ro/messages.json
+++ b/apps/web/src/locales/ro/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restaurare selecție"
   },
-  "restoreItem": {
-    "message": "Restaurare articol"
-  },
   "restoredItem": {
     "message": "Articol restaurat"
   },
   "restoredItems": {
     "message": "Articole restaurate"
   },
-  "restoreItemConfirmation": {
-    "message": "Sigur doriți să restabiliți acest articol?"
-  },
-  "restoreItems": {
-    "message": "Restabilire articole"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Ați selectat $COUNT$ articol(e) pentru restabilire. Sigur vreți să restabiliți toate aceste articole?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Articolul $ID$ restaurat",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Înlăturați exportul de seif individual"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Nu permite membrilor să-și exporte datele individuale din seif."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Export de seif înlăturat"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exportul seifului organizației"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Numai articolele de seif individuale asociate cu $EMAIL$ vor fi exportate. Articolele de seif ale organizației nu vor fi incluse.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/ru/messages.json b/apps/web/src/locales/ru/messages.json
index ac6590b76dc..ea3ea6dbc90 100644
--- a/apps/web/src/locales/ru/messages.json
+++ b/apps/web/src/locales/ru/messages.json
@@ -3,7 +3,7 @@
     "message": "Какой это тип элемента?"
   },
   "name": {
-    "message": "Имя"
+    "message": "Название"
   },
   "uri": {
     "message": "URI"
@@ -697,7 +697,7 @@
     }
   },
   "masterPassDoesntMatch": {
-    "message": "Мастер-пароли не совпадают."
+    "message": "Мастер-пароль не совпадает."
   },
   "newAccountCreated": {
     "message": "Ваш аккаунт создан! Теперь вы можете войти в систему."
@@ -1316,7 +1316,7 @@
     }
   },
   "importUnassignedItemsError": {
-    "message": "File contains unassigned items."
+    "message": "Файл содержит неназначенные элементы."
   },
   "selectFormat": {
     "message": "Выберите формат файла импорта"
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Восстановить выбранные"
   },
-  "restoreItem": {
-    "message": "Восстановить элемент"
-  },
   "restoredItem": {
     "message": "Элемент восстановлен"
   },
   "restoredItems": {
     "message": "Элементы восстановлены"
   },
-  "restoreItemConfirmation": {
-    "message": "Вы уверены, что хотите восстановить этот элемент?"
-  },
-  "restoreItems": {
-    "message": "Восстановить элементы"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Выбрано элементов для восстановления: $COUNT$. Вы действительно хотите восстановить эти элементы?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Элемент $ID$ восстановлен.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Удалить экспорт личного хранилища"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Не разрешать пользователям экспортировать данные своего личного хранилища."
+  "disablePersonalVaultExportDescription": {
+    "message": "Запретить пользователям экспортировать данные из их собственного хранилища."
   },
   "vaultExportDisabled": {
     "message": "Экспорт хранилища отключен"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Экспорт хранилища организации"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Будут экспортированы только отдельные элементы хранилища, связанные с $EMAIL$. Элементы хранилища организации включены не будут. Экспортируется только информация об элементах хранилища, не включая связанную историю паролей или вложений.",
+  "exportingIndividualVaultDescription": {
+    "message": "Будут экспортированы только отдельные элементы хранилища, связанные с $EMAIL$. Элементы хранилища организации включены не будут. Экспортируется только информация об элементах хранилища, не включая связанные вложения.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Уже зарегистрированы?"
   }
 }
diff --git a/apps/web/src/locales/si/messages.json b/apps/web/src/locales/si/messages.json
index e70b94f4d6e..545b6a65e8d 100644
--- a/apps/web/src/locales/si/messages.json
+++ b/apps/web/src/locales/si/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/sk/messages.json b/apps/web/src/locales/sk/messages.json
index 15ab9567eb9..40e924787c4 100644
--- a/apps/web/src/locales/sk/messages.json
+++ b/apps/web/src/locales/sk/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Obnoviť zvolené"
   },
-  "restoreItem": {
-    "message": "Obnoviť položku"
-  },
   "restoredItem": {
     "message": "Obnovená položka"
   },
   "restoredItems": {
     "message": "Obnovené položky"
   },
-  "restoreItemConfirmation": {
-    "message": "Naozaj chcete obnoviť tieto položky?"
-  },
-  "restoreItems": {
-    "message": "Obnoviť položky"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Vybrali ste $COUNT$ položiek na obnovenie. Ste si istý, že chcete obnoviť všetky tieto položky?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Položka $ID$ obnovená.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Zakázať export osobného trezora"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Zakazuje používateľom exportovať údaje zo súkromného trezora."
+  "disablePersonalVaultExportDescription": {
+    "message": "Zakázať používateľom exportovať údaje zo súkromného trezora."
   },
   "vaultExportDisabled": {
     "message": "Export trezoru je zakázaný"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exportovanie trezora organizácie"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Exportované budú iba položy osobného trezora spojené s $EMAIL$. Položky trezora organizácie nebudú zahrnuté.",
+  "exportingIndividualVaultDescription": {
+    "message": "Exportované budú iba položky súvisiace s $EMAIL$. Položky z trezora organizácie nebudú zahrnuté v exporte. Export bude obsahovať iba informácie z položiek v trezore, súvisiace prílohy nebudú súčasťou exportu.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Už máte účet?"
   }
 }
diff --git a/apps/web/src/locales/sl/messages.json b/apps/web/src/locales/sl/messages.json
index 2d12a70086f..4c8a6b2464b 100644
--- a/apps/web/src/locales/sl/messages.json
+++ b/apps/web/src/locales/sl/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/sr/messages.json b/apps/web/src/locales/sr/messages.json
index b7ecce559ab..87fedb2c144 100644
--- a/apps/web/src/locales/sr/messages.json
+++ b/apps/web/src/locales/sr/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Врати изабрано"
   },
-  "restoreItem": {
-    "message": "Врати ставку"
-  },
   "restoredItem": {
     "message": "Ставка враћена"
   },
   "restoredItems": {
     "message": "Ставке враћене"
   },
-  "restoreItemConfirmation": {
-    "message": "Да ли сте сигурни да желите да вратите ову ставку?"
-  },
-  "restoreItems": {
-    "message": "Врати ставке"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Одабрали сте $COUNT$ ставке за повраћај. Да ли сте сигурни да желите да повратите све ове ставке?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Ставка $ID$ повраћена.",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Онемогућите извоз личног сефа"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Забрањује корисницима да извозе своје приватне податке из сефа."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Извоз сефа онемогућен"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Извоз сефа организације"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Само предмети личног сефа повезани са $EMAIL$ биће извезени. Ставке организационог сефа неће бити укључене.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Бета"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/sr_CS/messages.json b/apps/web/src/locales/sr_CS/messages.json
index 5d393e10ef8..b0efa6f982e 100644
--- a/apps/web/src/locales/sr_CS/messages.json
+++ b/apps/web/src/locales/sr_CS/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/sv/messages.json b/apps/web/src/locales/sv/messages.json
index 65c4890363e..deb73b0ad96 100644
--- a/apps/web/src/locales/sv/messages.json
+++ b/apps/web/src/locales/sv/messages.json
@@ -2517,7 +2517,7 @@
     "message": "Är du säker på att du vill ta bort denna användare?"
   },
   "removeOrgUserConfirmation": {
-    "message": "When a member is removed, they no longer have access to organization data and this action is irreversible. To add the member back to the organization, they must be invited and onboarded again."
+    "message": "När en medlem tas bort har de inte längre tillgång till organisationsdata och denna åtgärd är oåterkallelig. För att lägga tillbaka medlemmen till organisationen måste de bjudas in och bekräftas igen."
   },
   "revokeUserConfirmation": {
     "message": "When a member is revoked, they no longer have access to organization data. To quickly restore member access, go to the Revoked tab."
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Återställ markerade"
   },
-  "restoreItem": {
-    "message": "Återställ objekt"
-  },
   "restoredItem": {
     "message": "Återställde objekt"
   },
   "restoredItems": {
     "message": "Återställde objekt"
   },
-  "restoreItemConfirmation": {
-    "message": "Är du säker på att du vill återställa detta objekt?"
-  },
-  "restoreItems": {
-    "message": "Återställ objekt"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Du har markerat $COUNT$ objekt att återställa. Är du säker på att du vill återställa alla dessa objekt?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Återställde objektet $ID$",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Tillåt inte medlemmar att exportera data från sina individuella valv."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Har du redan ett konto?"
   }
 }
diff --git a/apps/web/src/locales/te/messages.json b/apps/web/src/locales/te/messages.json
index cc3bc7427a2..e69d435ec4a 100644
--- a/apps/web/src/locales/te/messages.json
+++ b/apps/web/src/locales/te/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/th/messages.json b/apps/web/src/locales/th/messages.json
index 9d2df6b8709..a6d069ba395 100644
--- a/apps/web/src/locales/th/messages.json
+++ b/apps/web/src/locales/th/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Restore selected"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/tr/messages.json b/apps/web/src/locales/tr/messages.json
index be77f99ed4d..d04b009920f 100644
--- a/apps/web/src/locales/tr/messages.json
+++ b/apps/web/src/locales/tr/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Seçilenleri geri yükle"
   },
-  "restoreItem": {
-    "message": "Kaydı geri yükle"
-  },
   "restoredItem": {
     "message": "Kayıt geri yüklendi"
   },
   "restoredItems": {
     "message": "Kayıtlar geri yüklendi"
   },
-  "restoreItemConfirmation": {
-    "message": "Bu kayıtları geri yüklemek istediğinizden emin misiniz?"
-  },
-  "restoreItems": {
-    "message": "Kayıtları geri yükle"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Geri yüklenmesi için $COUNT$ kayıt seçtiniz. Bu kayıtları geri yüklemek istediğinizden emin misiniz?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "$ID$ kaydı geri yüklendi",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Kişisel kasayı dışa aktarmayı kaldır"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Kullanıcıların kişisel kasa verilerini dışa aktarmasına izin verme."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Kasayı dışa aktarma kaldırıldı"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Kuruluş Kasasını Dışa Aktarma"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Sadece $EMAIL$ ile ilişkili kişisel kasa ögeleri dışarı aktarılacak. Kuruluş kasasındaki ögeler dahil edilmeyecek.",
+  "exportingIndividualVaultDescription": {
+    "message": "Yalnızca $EMAIL$ ile ilişkili kasa öğeleri dışa aktarılacaktır. Kuruluş kasası öğeleri dahil edilmeyecektir. Yalnızca kasa öğesi bilgileri dışa aktarılacak ve ilişkili ekleri içermeyecektir.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Zaten hesabınız var mı?"
   }
 }
diff --git a/apps/web/src/locales/uk/messages.json b/apps/web/src/locales/uk/messages.json
index 36702e5bd24..1abf78a74f2 100644
--- a/apps/web/src/locales/uk/messages.json
+++ b/apps/web/src/locales/uk/messages.json
@@ -712,7 +712,7 @@
     "message": "Сталася неочікувана помилка."
   },
   "expirationDateError": {
-    "message": "Please select an expiration date that is in the future."
+    "message": "Вкажіть термін дії в майбутньому."
   },
   "emailAddress": {
     "message": "Адреса е-пошти"
@@ -955,7 +955,7 @@
     "message": "Копіювати код підтвердження"
   },
   "copyUuid": {
-    "message": "Copy UUID"
+    "message": "Копіювати UUID"
   },
   "warning": {
     "message": "Попередження"
@@ -1294,19 +1294,19 @@
     "message": "Помилка розшифрування експортованого файлу. Ваш ключ шифрування відрізняється від ключа, використаного для експортування даних."
   },
   "importDestination": {
-    "message": "Import destination"
+    "message": "Призначення імпорту"
   },
   "learnAboutImportOptions": {
-    "message": "Learn about your import options"
+    "message": "Дізнайтеся про параметри імпорту"
   },
   "selectImportFolder": {
-    "message": "Select a folder"
+    "message": "Вибрати теку"
   },
   "selectImportCollection": {
-    "message": "Select a collection"
+    "message": "Вибрати збірку"
   },
   "importTargetHint": {
-    "message": "Select this option if you want the imported file contents moved to a $DESTINATION$",
+    "message": "Оберіть цю опцію, якщо ви хочете, щоб вміст імпортованого файлу було збережено в $DESTINATION$",
     "description": "Located as a hint under the import target. Will be appended by either folder or collection, depending if the user is importing into an individual or an organizational vault.",
     "placeholders": {
       "destination": {
@@ -1316,7 +1316,7 @@
     }
   },
   "importUnassignedItemsError": {
-    "message": "File contains unassigned items."
+    "message": "Файл містить непризначені елементи."
   },
   "selectFormat": {
     "message": "Оберіть формат імпортованого файлу"
@@ -3625,7 +3625,7 @@
     "message": "Цей елемент має старі вкладені файли, які необхідно виправити."
   },
   "attachmentFixDescription": {
-    "message": "This attachment uses outdated encryption. Select 'Fix' to download, re-encrypt, and re-upload the attachment."
+    "message": "Це вкладення використовує застаріле шифрування. Виберіть \"Виправити\", щоб завантажити, повторно зашифрувати та вивантажити вкладення."
   },
   "fix": {
     "message": "Виправити",
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Відновити вибрані"
   },
-  "restoreItem": {
-    "message": "Відновити запис"
-  },
   "restoredItem": {
     "message": "Запис відновлено"
   },
   "restoredItems": {
     "message": "Записи відновлено"
   },
-  "restoreItemConfirmation": {
-    "message": "Ви дійсно хочете відновити цей запис?"
-  },
-  "restoreItems": {
-    "message": "Відновити записи"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "Вибрані записи ($COUNT$) для відновлення. Ви справді хочете відновити всі ці записи?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Запис $ID$ відновлено",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Вилучити експорт особистого сховища"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Заборонити учасникам експортувати дані їхнього особистого сховища."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Експорт сховища вилучено"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Експортування сховища організації"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Будуть експортовані лише записи особистого сховища, пов'язані з $EMAIL$. Записи сховища організації не буде включено. Експортуються лише дані записів сховища без історії та вкладень.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -5464,7 +5446,7 @@
     }
   },
   "exportingOrganizationVaultDesc": {
-    "message": "Only the organization vault associated with $ORGANIZATION$ will be exported. Items in individual vaults or other organizations will not be included.",
+    "message": "Буде експортовано лише сховище організації, пов'язане з $ORGANIZATION$. Елементи особистих сховищ або інших організацій не будуть включені.",
     "placeholders": {
       "organization": {
         "content": "$1",
@@ -6651,16 +6633,16 @@
     "message": "Продовжуючи, ви вийдете з усіх активних сеансів. Необхідно буде повторно виконати вхід і пройти двоетапну перевірку. Перед зміною налаштувань шифрування ми рекомендуємо експортувати ваше сховище, щоб запобігти можливій втраті даних."
   },
   "secretsManager": {
-    "message": "Керування секретами"
+    "message": "Менеджер секретів"
   },
   "secretsManagerBeta": {
-    "message": "Керування секретами (бета-версія)"
+    "message": "Менеджер секретів (бета-версія)"
   },
   "secretsManagerAccessDescription": {
-    "message": "Активувати доступ користувача до керування секретами."
+    "message": "Активувати доступ користувача до менеджера секретів."
   },
   "userAccessSecretsManagerGA": {
-    "message": "Цей користувач має доступ до керування секретами"
+    "message": "Цей користувач має доступ до менеджера секретів"
   },
   "important": {
     "message": "Важливо:"
@@ -6717,7 +6699,7 @@
     "description": "Link to a downloadable resource. This will be used as part of a larger phrase. Example: Download the Secrets Manager CLI"
   },
   "smCLI": {
-    "message": "Керування секретами CLI"
+    "message": "Менеджер секретів CLI"
   },
   "importSecrets": {
     "message": "Імпортувати секрети"
@@ -6760,10 +6742,10 @@
     "message": "Потрібен вибір."
   },
   "secretsManagerSubscriptionDesc": {
-    "message": "Увімкніть доступ організації до керування секретами безплатно упродовж періоду бета-тестування. Користувачам можна надати доступ в бета-версії в меню учасників."
+    "message": "Увімкніть доступ організації до менеджера секретів безплатно впродовж періоду бета-тестування. Користувачам можна надати доступ в бета-версії в меню учасників."
   },
   "secretsManagerEnable": {
-    "message": "Увімкнути керування секретами (бета-версія)"
+    "message": "Увімкнути менеджер секретів (бета-версія)"
   },
   "saPeopleWarningTitle": {
     "message": "Токени доступу все ще доступні"
@@ -6892,18 +6874,18 @@
     "message": "Користувач оновив пароль під час відновлення облікового запису."
   },
   "activatedAccessToSecretsManager": {
-    "message": "Активовано доступ до керування секретами",
+    "message": "Активовано доступ до менеджера секретів",
     "description": "Confirmation message that one or more users gained access to Secrets Manager"
   },
   "activateAccess": {
     "message": "Активувати доступ"
   },
   "bulkEnableSecretsManagerDescription": {
-    "message": "Надати зазначеним учасникам доступ до керування секретами. Роль, надана в менеджері паролів, буде застосована до керування секретами.",
+    "message": "Надати зазначеним учасникам доступ до менеджера секретів. Роль, надана в менеджері паролів, буде застосована до менеджера секретів.",
     "description": "This description is shown to an admin when they are attempting to add more users to Secrets Manager."
   },
   "activateSecretsManager": {
-    "message": "Активувати керування секретами"
+    "message": "Активувати менеджер секретів"
   },
   "yourOrganizationsFingerprint": {
     "message": "Фраза відбитка вашої організації",
@@ -7047,13 +7029,13 @@
     "message": "Додати менеджер секретів"
   },
   "addSecretsManagerUpgradeDesc": {
-    "message": "Додайте Менеджер секретів до свого оновленого плану, щоб підтримувати доступ до будь-яких секретів, створених у вашому минулому плані."
+    "message": "Додайте менеджер секретів до свого оновленого плану, щоб підтримувати доступ до будь-яких секретів, створених у вашому минулому плані."
   },
   "additionalServiceAccounts": {
     "message": "Додаткові службові облікові записи"
   },
   "includedServiceAccounts": {
-    "message": "Your plan comes with $COUNT$ service accounts.",
+    "message": "Ваш тарифний план включає $COUNT$ службових облікових записів.",
     "placeholders": {
       "count": {
         "content": "$1",
@@ -7062,7 +7044,7 @@
     }
   },
   "addAdditionalServiceAccounts": {
-    "message": "You can add additional service accounts for $COST$ per month.",
+    "message": "Ви можете додати більше службових облікових записів за $COST$/місяць.",
     "placeholders": {
       "cost": {
         "content": "$1",
@@ -7095,7 +7077,7 @@
     "message": "Потенційна максимальна вартість службового облікового запису"
   },
   "smBetaEndedDesc": {
-    "message": "The Secrets Manager Beta ended $BETA_ENDING_DATE$. You have $DAYS$ days left to add Secrets Manager to your paid subscription and maintain access to Secrets Manager data. Contact Customer Success to add Secrets Manager to your subscription.",
+    "message": "Бета-тестування менеджера секретів завершилося $BETA_ENDING_DATE$. У вас лишилося $DAYS$ днів, щоб додати менеджер секретів до свого тарифного плану та керувати доступом до даних. Зверніться до команди підтримки клієнтів, щоб додати менеджер секретів до своєї передплати.",
     "placeholders": {
       "beta_ending_date": {
         "content": "$1",
@@ -7108,9 +7090,12 @@
     }
   },
   "betaEnding": {
-    "message": "Beta Ending"
+    "message": "Бета-тестування завершилося"
   },
   "beta": {
-    "message": "Beta"
+    "message": "Бета"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/vi/messages.json b/apps/web/src/locales/vi/messages.json
index c4c78182bef..d4caccfe30c 100644
--- a/apps/web/src/locales/vi/messages.json
+++ b/apps/web/src/locales/vi/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "Khôi phục những mục đã chọn"
   },
-  "restoreItem": {
-    "message": "Restore item"
-  },
   "restoredItem": {
     "message": "Item restored"
   },
   "restoredItems": {
     "message": "Items restored"
   },
-  "restoreItemConfirmation": {
-    "message": "Are you sure you want to restore this item?"
-  },
-  "restoreItems": {
-    "message": "Restore items"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "You have selected $COUNT$ item(s) to restore. Are you sure you want to restore these items?",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "Item $ID$ restored",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "Remove individual vault export"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "Do not allow members to export their individual vault data."
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "Vault export removed"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "Exporting organization vault"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated password history or attachments.",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/src/locales/zh_CN/messages.json b/apps/web/src/locales/zh_CN/messages.json
index 76a0af2bc0c..f0f8c88b879 100644
--- a/apps/web/src/locales/zh_CN/messages.json
+++ b/apps/web/src/locales/zh_CN/messages.json
@@ -712,7 +712,7 @@
     "message": "发生意外错误。"
   },
   "expirationDateError": {
-    "message": "请选择一个过期日期（必须是将来的某个日期）。"
+    "message": "请选择一个将来的过期日期。"
   },
   "emailAddress": {
     "message": "电子邮件地址"
@@ -1018,7 +1018,7 @@
     "message": "导出类型"
   },
   "accountRestricted": {
-    "message": "账户受限"
+    "message": "账户限制"
   },
   "passwordProtected": {
     "message": "密码保护"
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "恢复所选"
   },
-  "restoreItem": {
-    "message": "恢复项目"
-  },
   "restoredItem": {
     "message": "项目已恢复"
   },
   "restoredItems": {
     "message": "项目已恢复"
   },
-  "restoreItemConfirmation": {
-    "message": "确定要恢复此项目吗？"
-  },
-  "restoreItems": {
-    "message": "恢复项目"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "您选择了要恢复 $COUNT$ 个项目。确定要恢复这些项目吗？",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "恢复了项目 $ID$",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "禁用个人密码库导出"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "不允许成员导出他们的个人密码库数据。"
+  "disablePersonalVaultExportDescription": {
+    "message": "不允许成员从个人密码库导出数据。"
   },
   "vaultExportDisabled": {
     "message": "密码库导出已禁用"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "正在导出组织密码库"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "仅会导出与 $EMAIL$ 关联的个人密码库项目，不包括组织密码库的项目。仅会导出密码库项目信息，不包括关联的密码历史记录和附件。",
+  "exportingIndividualVaultDescription": {
+    "message": "仅会导出与 $EMAIL$ 关联的个人密码库项目，不包括组织密码库项目。仅会导出密码库项目信息，不包括关联的附件。",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -6354,7 +6336,7 @@
     "message": "DNS TXT 记录"
   },
   "dnsTxtRecordInputHint": {
-    "message": "复制并粘贴 TXT 记录到您的 DNS 供应商。"
+    "message": "复制并粘贴 TXT 记录到您的 DNS 提供商。"
   },
   "domainNameInputHint": {
     "message": "例如：mydomain.com。子域需要单独的条目进行验证。"
@@ -6976,10 +6958,10 @@
     "message": "Next"
   },
   "usFlag": {
-    "message": "US flag"
+    "message": "US 标志"
   },
   "euFlag": {
-    "message": "EU flag"
+    "message": "EU 标志"
   },
   "selectedRegionFlag": {
     "message": "选定的区域标志"
@@ -7095,7 +7077,7 @@
     "message": "最大潜在服务账户费用"
   },
   "smBetaEndedDesc": {
-    "message": "机密管理器 Beta 版已于 $BETA_ENDING_DATE$ 结束。您还剩余 $DAYS$ 天时间将机密管理器添加到您的付费订阅中，以保持对其数据的访问权限。联系客户成功团队将机密管理器添加到您的订阅中。",
+    "message": "机密管理器 Beta 版将于 $BETA_ENDING_DATE$ 结束。您还剩余 $DAYS$ 天时间将机密管理器添加到您的付费订阅中，以保持对其数据的访问权限。联系客户成功团队将机密管理器添加到您的订阅中。",
     "placeholders": {
       "beta_ending_date": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "已经有一个账户？"
   }
 }
diff --git a/apps/web/src/locales/zh_TW/messages.json b/apps/web/src/locales/zh_TW/messages.json
index fff4ae12c6e..91a9e1e05c7 100644
--- a/apps/web/src/locales/zh_TW/messages.json
+++ b/apps/web/src/locales/zh_TW/messages.json
@@ -3842,30 +3842,12 @@
   "restoreSelected": {
     "message": "還原所選"
   },
-  "restoreItem": {
-    "message": "還原項目"
-  },
   "restoredItem": {
     "message": "項目已還原"
   },
   "restoredItems": {
     "message": "項目已還原"
   },
-  "restoreItemConfirmation": {
-    "message": "您確定要還原此項目嗎？"
-  },
-  "restoreItems": {
-    "message": "還原項目"
-  },
-  "restoreSelectedItemsDesc": {
-    "message": "您已經選取了 $COUNT$ 個項目要還原。確定要還原這些項目嗎？",
-    "placeholders": {
-      "count": {
-        "content": "$1",
-        "example": "150"
-      }
-    }
-  },
   "restoredItemId": {
     "message": "已還原項目 $ID$",
     "placeholders": {
@@ -4950,8 +4932,8 @@
   "disablePersonalVaultExport": {
     "message": "停用個人密碼庫匯出"
   },
-  "disablePersonalVaultExportDesc": {
-    "message": "禁止成員匯出個人密碼庫資料。"
+  "disablePersonalVaultExportDescription": {
+    "message": "Do not allow members to export data from their individual vault."
   },
   "vaultExportDisabled": {
     "message": "已停用密碼庫匯出"
@@ -5454,8 +5436,8 @@
   "exportingOrganizationVaultTitle": {
     "message": "正匯出組織密碼庫"
   },
-  "exportingPersonalVaultDescription": {
-    "message": "只會匯出與 $EMAIL$ 關聯的個人密碼庫。組織密碼庫的項目不包含在內。",
+  "exportingIndividualVaultDescription": {
+    "message": "Only the individual vault items associated with $EMAIL$ will be exported. Organization vault items will not be included. Only vault item information will be exported and will not include associated attachments.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -7112,5 +7094,8 @@
   },
   "beta": {
     "message": "Beta"
+  },
+  "alreadyHaveAccount": {
+    "message": "Already have an account?"
   }
 }
diff --git a/apps/web/tsconfig.json b/apps/web/tsconfig.json
index 9048efd39b7..67d24511584 100644
--- a/apps/web/tsconfig.json
+++ b/apps/web/tsconfig.json
@@ -11,6 +11,7 @@
       "@bitwarden/components": ["../../libs/components/src"],
       "@bitwarden/exporter/*": ["../../libs/exporter/src/*"],
       "@bitwarden/importer": ["../../libs/importer/src"],
+      "@bitwarden/vault": ["../../libs/vault/src"],
       "@bitwarden/web-vault/*": ["src/*"]
     }
   },
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/core/services/auth-requests/admin-auth-request-update.request.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/core/services/auth-requests/admin-auth-request-update.request.ts
index a190d5809ce..21f9c5c1ee5 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/core/services/auth-requests/admin-auth-request-update.request.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/core/services/auth-requests/admin-auth-request-update.request.ts
@@ -2,7 +2,7 @@ export class AdminAuthRequestUpdateRequest {
   /**
    *
    * @param requestApproved - Whether the request was approved/denied. If true, the key must be provided.
-   * @param encryptedUserKey The user's symmetric key that has been encrypted with a device public key if the request was approved.
+   * @param encryptedUserKey The user key that has been encrypted with a device public key if the request was approved.
    */
   constructor(public requestApproved: boolean, public encryptedUserKey?: string) {}
 }
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/device-approvals/device-approvals.component.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/device-approvals/device-approvals.component.ts
index b0f7b8bcad5..965132d6370 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/device-approvals/device-approvals.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/device-approvals/device-approvals.component.ts
@@ -65,16 +65,16 @@ export class DeviceApprovalsComponent implements OnInit, OnDestroy {
   }
 
   /**
-   * Creates a copy of the user's symmetric key that has been encrypted with the provided device's public key.
+   * Creates a copy of the user key that has been encrypted with the provided device's public key.
    * @param devicePublicKey
    * @param resetPasswordDetails
    * @private
    */
-  private async getEncryptedUserSymKey(
+  private async getEncryptedUserKey(
     devicePublicKey: string,
     resetPasswordDetails: OrganizationUserResetPasswordDetailsResponse
   ): Promise<EncString> {
-    const encryptedUserSymKey = resetPasswordDetails.resetPasswordKey;
+    const encryptedUserKey = resetPasswordDetails.resetPasswordKey;
     const encryptedOrgPrivateKey = resetPasswordDetails.encryptedPrivateKey;
     const devicePubKey = Utils.fromB64ToArray(devicePublicKey);
 
@@ -85,12 +85,12 @@ export class DeviceApprovalsComponent implements OnInit, OnDestroy {
       orgSymKey
     );
 
-    // Decrypt User's symmetric key with decrypted org private key
-    const decValue = await this.cryptoService.rsaDecrypt(encryptedUserSymKey, decOrgPrivateKey);
-    const userSymKey = new SymmetricCryptoKey(decValue);
+    // Decrypt user key with decrypted org private key
+    const decValue = await this.cryptoService.rsaDecrypt(encryptedUserKey, decOrgPrivateKey);
+    const userKey = new SymmetricCryptoKey(decValue);
 
-    // Re-encrypt User's Symmetric Key with the Device Public Key
-    return await this.cryptoService.rsaEncrypt(userSymKey.key, devicePubKey);
+    // Re-encrypt user Key with the Device Public Key
+    return await this.cryptoService.rsaEncrypt(userKey.key, devicePubKey);
   }
 
   async approveRequest(authRequest: PendingAuthRequestView) {
@@ -110,7 +110,7 @@ export class DeviceApprovalsComponent implements OnInit, OnDestroy {
         return;
       }
 
-      const encryptedKey = await this.getEncryptedUserSymKey(authRequest.publicKey, details);
+      const encryptedKey = await this.getEncryptedUserKey(authRequest.publicKey, details);
 
       await this.organizationAuthRequestService.approvePendingRequest(
         this.organizationId,
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-add-edit-dialog/domain-add-edit-dialog.component.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-add-edit-dialog/domain-add-edit-dialog.component.ts
index f858b8e0914..68df7e51835 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-add-edit-dialog/domain-add-edit-dialog.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-add-edit-dialog/domain-add-edit-dialog.component.ts
@@ -3,7 +3,6 @@ import { Component, Inject, OnDestroy, OnInit } from "@angular/core";
 import { FormBuilder, FormControl, FormGroup, ValidatorFn, Validators } from "@angular/forms";
 import { Subject, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { OrgDomainApiServiceAbstraction } from "@bitwarden/common/abstractions/organization-domain/org-domain-api.service.abstraction";
 import { OrgDomainServiceAbstraction } from "@bitwarden/common/abstractions/organization-domain/org-domain.service.abstraction";
 import { OrganizationDomainResponse } from "@bitwarden/common/abstractions/organization-domain/responses/organization-domain.response";
@@ -15,6 +14,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { OrganizationDomainRequest } from "@bitwarden/common/services/organization-domain/requests/organization-domain.request";
+import { DialogService } from "@bitwarden/components";
 
 import { domainNameValidator } from "./validators/domain-name.validator";
 import { uniqueInArrayValidator } from "./validators/unique-in-array.validator";
@@ -66,7 +66,7 @@ export class DomainAddEditDialogComponent implements OnInit, OnDestroy {
     private orgDomainApiService: OrgDomainApiServiceAbstraction,
     private orgDomainService: OrgDomainServiceAbstraction,
     private validationService: ValidationService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   // Angular Method Implementations
@@ -253,7 +253,7 @@ export class DomainAddEditDialogComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "removeDomain" },
       content: { key: "removeDomainWarning" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.ts
index ddeada522d5..aa7316f96b4 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.ts
@@ -2,7 +2,6 @@ import { Component, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute, Params } from "@angular/router";
 import { concatMap, Observable, Subject, take, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { OrgDomainApiServiceAbstraction } from "@bitwarden/common/abstractions/organization-domain/org-domain-api.service.abstraction";
 import { OrgDomainServiceAbstraction } from "@bitwarden/common/abstractions/organization-domain/org-domain.service.abstraction";
 import { OrganizationDomainResponse } from "@bitwarden/common/abstractions/organization-domain/responses/organization-domain.response";
@@ -11,6 +10,7 @@ import { ErrorResponse } from "@bitwarden/common/models/response/error.response"
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { DialogService } from "@bitwarden/components";
 
 import {
   DomainAddEditDialogComponent,
@@ -35,7 +35,7 @@ export class DomainVerificationComponent implements OnInit, OnDestroy {
     private i18nService: I18nService,
     private orgDomainApiService: OrgDomainApiServiceAbstraction,
     private orgDomainService: OrgDomainServiceAbstraction,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private validationService: ValidationService
   ) {}
 
@@ -157,7 +157,7 @@ export class DomainVerificationComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "removeDomain" },
       content: { key: "removeDomainWarning" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/scim.component.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/scim.component.ts
index 618c9bcd107..678c62e0702 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/scim.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/scim.component.ts
@@ -2,7 +2,6 @@ import { Component, OnInit } from "@angular/core";
 import { UntypedFormBuilder, FormControl } from "@angular/forms";
 import { ActivatedRoute } from "@angular/router";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import {
@@ -18,6 +17,7 @@ import { ApiKeyResponse } from "@bitwarden/common/auth/models/response/api-key.r
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-org-manage-scim",
@@ -47,7 +47,7 @@ export class ScimComponent implements OnInit {
     private i18nService: I18nService,
     private environmentService: EnvironmentService,
     private organizationApiService: OrganizationApiServiceAbstraction,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -90,7 +90,7 @@ export class ScimComponent implements OnInit {
       title: { key: "rotateScimKey" },
       content: { key: "rotateScimKeyWarning" },
       acceptButtonText: { key: "rotateKey" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts
index 00fd124ff67..5c6c10724ce 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts
@@ -1,7 +1,7 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
-import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
+import { AuthGuard } from "@bitwarden/angular/auth/guards";
 import { canAccessFeature } from "@bitwarden/angular/guard/feature-flag.guard";
 import { canAccessSettingsTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
diff --git a/bitwarden_license/bit-web/src/app/admin-console/policies/disable-personal-vault-export.component.ts b/bitwarden_license/bit-web/src/app/admin-console/policies/disable-personal-vault-export.component.ts
index 003a04f5b13..848b1d173a1 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/policies/disable-personal-vault-export.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/policies/disable-personal-vault-export.component.ts
@@ -8,7 +8,7 @@ import {
 
 export class DisablePersonalVaultExportPolicy extends BasePolicy {
   name = "disablePersonalVaultExport";
-  description = "disablePersonalVaultExportDesc";
+  description = "disablePersonalVaultExportDescription";
   type = PolicyType.DisablePersonalVaultExport;
   component = DisablePersonalVaultExportPolicyComponent;
 }
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/clients/add-organization.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/clients/add-organization.component.ts
index b0eb5e9e946..2f0d3076745 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/clients/add-organization.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/clients/add-organization.component.ts
@@ -1,12 +1,12 @@
 import { Component, EventEmitter, Input, OnInit, Output } from "@angular/core";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ProviderService } from "@bitwarden/common/admin-console/abstractions/provider.service";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { Provider } from "@bitwarden/common/models/domain/provider";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { DialogService } from "@bitwarden/components";
 
 import { WebProviderService } from "../services/web-provider.service";
 
@@ -29,7 +29,7 @@ export class AddOrganizationComponent implements OnInit {
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
     private validationService: ValidationService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -57,7 +57,7 @@ export class AddOrganizationComponent implements OnInit {
         key: "addOrganizationConfirmation",
         placeholders: [organization.name, this.provider.name],
       },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/clients/clients.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/clients/clients.component.ts
index f4fd2374995..329bf5189e7 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/clients/clients.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/clients/clients.component.ts
@@ -2,7 +2,6 @@ import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { first } from "rxjs/operators";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
@@ -17,6 +16,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { DialogService } from "@bitwarden/components";
 
 import { WebProviderService } from "../services/web-provider.service";
 
@@ -63,7 +63,7 @@ export class ClientsComponent implements OnInit {
     private modalService: ModalService,
     private organizationService: OrganizationService,
     private organizationApiService: OrganizationApiServiceAbstraction,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -158,7 +158,7 @@ export class ClientsComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: organization.organizationName,
       content: { key: "detachOrganizationConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/bulk/bulk-confirm.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/bulk/bulk-confirm.component.ts
index 6b3fdd75c43..e14983d4ec9 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/bulk/bulk-confirm.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/bulk/bulk-confirm.component.ts
@@ -3,6 +3,7 @@ import { Component, Input } from "@angular/core";
 import { ProviderUserStatusType } from "@bitwarden/common/admin-console/enums";
 import { ProviderUserBulkConfirmRequest } from "@bitwarden/common/admin-console/models/request/provider/provider-user-bulk-confirm.request";
 import { ProviderUserBulkRequest } from "@bitwarden/common/admin-console/models/request/provider/provider-user-bulk.request";
+import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { BulkConfirmComponent as OrganizationBulkConfirmComponent } from "@bitwarden/web-vault/app/admin-console/organizations/members/components/bulk/bulk-confirm.component";
 import { BulkUserDetails } from "@bitwarden/web-vault/app/admin-console/organizations/members/components/bulk/bulk-status.component";
 
@@ -13,20 +14,20 @@ import { BulkUserDetails } from "@bitwarden/web-vault/app/admin-console/organiza
 export class BulkConfirmComponent extends OrganizationBulkConfirmComponent {
   @Input() providerId: string;
 
-  protected isAccepted(user: BulkUserDetails) {
+  protected override isAccepted(user: BulkUserDetails) {
     return user.status === ProviderUserStatusType.Accepted;
   }
 
-  protected async getPublicKeys() {
+  protected override async getPublicKeys() {
     const request = new ProviderUserBulkRequest(this.filteredUsers.map((user) => user.id));
     return await this.apiService.postProviderUsersPublicKey(this.providerId, request);
   }
 
-  protected getCryptoKey() {
+  protected override getCryptoKey(): Promise<SymmetricCryptoKey> {
     return this.cryptoService.getProviderKey(this.providerId);
   }
 
-  protected async postConfirmRequest(userIdsWithKeys: any[]) {
+  protected override async postConfirmRequest(userIdsWithKeys: any[]) {
     const request = new ProviderUserBulkConfirmRequest(userIdsWithKeys);
     return await this.apiService.postProviderUserBulkConfirm(this.providerId, request);
   }
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.ts
index 48cad98f1d3..3f365271168 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.ts
@@ -4,7 +4,6 @@ import { first } from "rxjs/operators";
 
 import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe";
 import { UserNamePipe } from "@bitwarden/angular/pipes/user-name.pipe";
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
@@ -21,6 +20,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { DialogService } from "@bitwarden/components";
 import { openEntityEventsDialog } from "@bitwarden/web-vault/app/admin-console/organizations/manage/entity-events.component";
 import { BulkStatusComponent } from "@bitwarden/web-vault/app/admin-console/organizations/members/components/bulk/bulk-status.component";
 import { BasePeopleComponent } from "@bitwarden/web-vault/app/common/base.people.component";
@@ -68,7 +68,7 @@ export class PeopleComponent
     userNamePipe: UserNamePipe,
     stateService: StateService,
     private providerService: ProviderService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       apiService,
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/user-add-edit.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/user-add-edit.component.ts
index 8f13da92b6e..328ca9500e3 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/user-add-edit.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/user-add-edit.component.ts
@@ -1,6 +1,5 @@
 import { Component, EventEmitter, Input, OnInit, Output } from "@angular/core";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "@bitwarden/angular/services/dialog";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { ProviderUserType } from "@bitwarden/common/admin-console/enums";
 import { PermissionsApi } from "@bitwarden/common/admin-console/models/api/permissions.api";
@@ -9,6 +8,7 @@ import { ProviderUserUpdateRequest } from "@bitwarden/common/admin-console/model
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "provider-user-add-edit",
@@ -38,7 +38,7 @@ export class UserAddEditComponent implements OnInit {
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
     private logService: LogService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -96,7 +96,7 @@ export class UserAddEditComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: this.name,
       content: { key: "removeUserConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/providers-routing.module.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/providers-routing.module.ts
index 3be8ea67859..5bc2764038f 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/providers-routing.module.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/providers-routing.module.ts
@@ -1,7 +1,7 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
-import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
+import { AuthGuard } from "@bitwarden/angular/auth/guards";
 import { Provider } from "@bitwarden/common/models/domain/provider";
 import { ProvidersComponent } from "@bitwarden/web-vault/app/admin-console/providers/providers.component";
 import { FrontendLayoutComponent } from "@bitwarden/web-vault/app/layouts/frontend-layout.component";
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts
index c15f793aa3f..1bc2365b9c9 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts
@@ -8,6 +8,7 @@ import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.se
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { ProviderKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 
 @Component({
@@ -78,8 +79,8 @@ export class SetupComponent implements OnInit {
 
   async doSubmit() {
     try {
-      const shareKey = await this.cryptoService.makeShareKey();
-      const key = shareKey[0].encryptedString;
+      const providerKey = await this.cryptoService.makeOrgKey<ProviderKey>();
+      const key = providerKey[0].encryptedString;
 
       const request = new ProviderSetupRequest();
       request.name = this.name;
diff --git a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
index 4eedc89d6e8..fa589b2438a 100644
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
@@ -81,11 +81,15 @@
           {{ "trustedDevices" | i18n }}
         </bit-label>
         <bit-hint>
-          {{ "memberDecryptionTdeDescriptionPartOne" | i18n }}
-          <a routerLink="../policies">{{ "memberDecryptionTdeDescriptionLinkOne" | i18n }}</a>
-          {{ "memberDecryptionTdeDescriptionPartTwo" | i18n }}
-          <a routerLink="../policies">{{ "memberDecryptionTdeDescriptionLinkTwo" | i18n }}</a>
-          {{ "memberDecryptionTdeDescriptionPartThree" | i18n }}
+          {{ "memberDecryptionOptionTdeDescriptionPartOne" | i18n }}
+          <a routerLink="../policies">{{ "memberDecryptionOptionTdeDescriptionLinkOne" | i18n }}</a>
+          {{ "memberDecryptionOptionTdeDescriptionPartTwo" | i18n }}
+          <a routerLink="../policies">{{ "memberDecryptionOptionTdeDescriptionLinkTwo" | i18n }}</a>
+          {{ "memberDecryptionOptionTdeDescriptionPartThree" | i18n }}
+          <a routerLink="../policies">{{
+            "memberDecryptionOptionTdeDescriptionLinkThree" | i18n
+          }}</a>
+          {{ "memberDecryptionOptionTdeDescriptionPartFour" | i18n }}
         </bit-hint>
       </bit-radio-button>
     </bit-radio-group>
diff --git a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
index 1ea6c6dd798..e159d4744b4 100644
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
@@ -239,7 +239,7 @@ export class SsoComponent implements OnInit, OnDestroy {
       FeatureFlag.TrustedDeviceEncryption
     );
 
-    this.showTdeOptions = tdeFeatureFlag && !this.platformUtilsService.isSelfHost();
+    this.showTdeOptions = tdeFeatureFlag;
     // If the tde flag is not enabled, continue showing the key connector options to keep the UI the same
     // Once the flag is removed, we can rely on the platformUtilsService.isSelfHost() check alone
     this.showKeyConnectorOptions = !tdeFeatureFlag || this.platformUtilsService.isSelfHost();
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.component.html b/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.component.html
index 9cd74d5ef2d..462c15311a0 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.component.html
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.component.html
@@ -1,10 +1,4 @@
-<div class="tw-flex tw-w-full">
-  <nav
-    class="tw-fixed tw-max-h-screen tw-min-h-screen tw-w-60 tw-overflow-auto tw-bg-background-alt3"
-  >
-    <router-outlet name="sidebar"></router-outlet>
-  </nav>
-  <main class="tw-ml-60 tw-min-h-screen tw-min-w-0 tw-flex-1 tw-p-6">
-    <router-outlet></router-outlet>
-  </main>
-</div>
+<bit-layout>
+  <router-outlet slot="sidebar" name="sidebar"></router-outlet>
+  <router-outlet></router-outlet>
+</bit-layout>
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.module.ts b/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.module.ts
index fe4ff31b504..750c947d745 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.module.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.module.ts
@@ -1,6 +1,6 @@
 import { NgModule } from "@angular/core";
 
-import { NavigationModule } from "@bitwarden/components";
+import { LayoutComponent as BitLayoutComponent, NavigationModule } from "@bitwarden/components";
 import { SharedModule } from "@bitwarden/web-vault/app/shared/shared.module";
 
 import { LayoutComponent } from "./layout.component";
@@ -8,7 +8,7 @@ import { NavigationComponent } from "./navigation.component";
 import { OrgSwitcherComponent } from "./org-switcher.component";
 
 @NgModule({
-  imports: [SharedModule, NavigationModule],
+  imports: [SharedModule, NavigationModule, BitLayoutComponent],
   declarations: [LayoutComponent, NavigationComponent, OrgSwitcherComponent],
 })
 export class LayoutModule {}
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.stories.ts b/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.stories.ts
deleted file mode 100644
index 3eeac62b7fa..00000000000
--- a/bitwarden_license/bit-web/src/app/secrets-manager/layout/layout.stories.ts
+++ /dev/null
@@ -1,81 +0,0 @@
-import { Component, importProvidersFrom } from "@angular/core";
-import { RouterModule } from "@angular/router";
-import { Meta, Story, applicationConfig, moduleMetadata } from "@storybook/angular";
-import { BehaviorSubject } from "rxjs";
-
-import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
-import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
-import { IconModule } from "@bitwarden/components";
-import { PreloadedEnglishI18nModule } from "@bitwarden/web-vault/app/core/tests";
-
-import { LayoutComponent } from "./layout.component";
-import { LayoutModule } from "./layout.module";
-import { NavigationComponent } from "./navigation.component";
-
-class MockOrganizationService implements Partial<OrganizationService> {
-  private static _orgs = new BehaviorSubject<Organization[]>([]);
-  organizations$ = MockOrganizationService._orgs; // eslint-disable-line rxjs/no-exposed-subjects
-}
-
-@Component({
-  selector: "story-content",
-  template: ` <p class="tw-text-main">Content</p> `,
-})
-class StoryContentComponent {}
-
-export default {
-  title: "Web/Layout",
-  component: LayoutComponent,
-  decorators: [
-    moduleMetadata({
-      imports: [RouterModule, LayoutModule, IconModule],
-      declarations: [StoryContentComponent],
-      providers: [{ provide: OrganizationService, useClass: MockOrganizationService }],
-    }),
-    applicationConfig({
-      providers: [
-        importProvidersFrom(
-          RouterModule.forRoot(
-            [
-              {
-                path: "",
-                component: LayoutComponent,
-                children: [
-                  {
-                    path: "",
-                    redirectTo: "secrets",
-                    pathMatch: "full",
-                  },
-                  {
-                    path: "secrets",
-                    component: StoryContentComponent,
-                    data: {
-                      title: "secrets",
-                      searchTitle: "searchSecrets",
-                    },
-                  },
-                  {
-                    outlet: "sidebar",
-                    path: "",
-                    component: NavigationComponent,
-                  },
-                ],
-              },
-            ],
-            { useHash: true }
-          )
-        ),
-        importProvidersFrom(PreloadedEnglishI18nModule),
-      ],
-    }),
-  ],
-} as Meta;
-
-const Template: Story = (args) => ({
-  props: args,
-  template: `
-    <router-outlet></router-outlet>
-  `,
-});
-
-export const Default = Template.bind({});
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/layout/navigation.component.html b/bitwarden_license/bit-web/src/app/secrets-manager/layout/navigation.component.html
index 3b058077b2a..97e96bed37c 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/layout/navigation.component.html
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/layout/navigation.component.html
@@ -1,22 +1,24 @@
-<a routerLink="." class="tw-m-5 tw-mt-7 tw-block">
-  <bit-icon [icon]="logo"></bit-icon>
-</a>
+<nav>
+  <a routerLink="." class="tw-m-5 tw-mt-7 tw-block">
+    <bit-icon [icon]="logo"></bit-icon>
+  </a>
 
-<org-switcher [filter]="orgFilter" [hideNewButton]="true"></org-switcher>
-<bit-nav-item icon="bwi-collection" [text]="'projects' | i18n" route="projects"></bit-nav-item>
-<bit-nav-item icon="bwi-key" [text]="'secrets' | i18n" route="secrets"></bit-nav-item>
-<bit-nav-item
-  icon="bwi-wrench"
-  [text]="'serviceAccounts' | i18n"
-  route="service-accounts"
-></bit-nav-item>
-<bit-nav-item
-  icon="bwi-trash"
-  [text]="'trash' | i18n"
-  route="trash"
-  *ngIf="isAdmin$ | async"
-></bit-nav-item>
-<bit-nav-group icon="bwi-cog" [text]="'settings' | i18n" *ngIf="isAdmin$ | async">
-  <bit-nav-item [text]="'importData' | i18n" route="settings/import"></bit-nav-item>
-  <bit-nav-item [text]="'exportData' | i18n" route="settings/export"></bit-nav-item>
-</bit-nav-group>
+  <org-switcher [filter]="orgFilter" [hideNewButton]="true"></org-switcher>
+  <bit-nav-item icon="bwi-collection" [text]="'projects' | i18n" route="projects"></bit-nav-item>
+  <bit-nav-item icon="bwi-key" [text]="'secrets' | i18n" route="secrets"></bit-nav-item>
+  <bit-nav-item
+    icon="bwi-wrench"
+    [text]="'serviceAccounts' | i18n"
+    route="service-accounts"
+  ></bit-nav-item>
+  <bit-nav-item
+    icon="bwi-trash"
+    [text]="'trash' | i18n"
+    route="trash"
+    *ngIf="isAdmin$ | async"
+  ></bit-nav-item>
+  <bit-nav-group icon="bwi-cog" [text]="'settings' | i18n" *ngIf="isAdmin$ | async">
+    <bit-nav-item [text]="'importData' | i18n" route="settings/import"></bit-nav-item>
+    <bit-nav-item [text]="'exportData' | i18n" route="settings/export"></bit-nav-item>
+  </bit-nav-group>
+</nav>
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/overview/overview.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/overview/overview.component.ts
index 729ba694d96..86fab25608a 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/overview/overview.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/overview/overview.component.ts
@@ -13,11 +13,11 @@ import {
   share,
 } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { DialogService } from "@bitwarden/components";
 
 import { ProjectListView } from "../models/view/project-list.view";
 import { SecretListView } from "../models/view/secret-list.view";
@@ -84,7 +84,7 @@ export class OverviewComponent implements OnInit, OnDestroy {
     private projectService: ProjectService,
     private secretService: SecretService,
     private serviceAccountService: ServiceAccountService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private organizationService: OrganizationService,
     private stateService: StateService,
     private platformUtilsService: PlatformUtilsService,
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/projects/dialog/project-delete-dialog.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/projects/dialog/project-delete-dialog.component.ts
index 1375677d2d9..c37cf3d6642 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/projects/dialog/project-delete-dialog.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/projects/dialog/project-delete-dialog.component.ts
@@ -8,9 +8,9 @@ import {
   AbstractControl,
 } from "@angular/forms";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { ProjectListView } from "../../models/view/project-list.view";
 import {
@@ -38,7 +38,7 @@ export class ProjectDeleteDialogComponent implements OnInit {
     private projectService: ProjectService,
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   ngOnInit(): void {
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-people.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-people.component.ts
index eee12368800..03b2625f001 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-people.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-people.component.ts
@@ -2,9 +2,8 @@ import { Component, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { map, Observable, share, startWith, Subject, switchMap, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
-import { SelectItemView } from "@bitwarden/components";
+import { DialogService, SelectItemView } from "@bitwarden/components";
 
 import {
   GroupProjectAccessPolicyView,
@@ -144,7 +143,7 @@ export class ProjectPeopleComponent implements OnInit, OnDestroy {
 
   constructor(
     private route: ActivatedRoute,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private validationService: ValidationService,
     private accessPolicyService: AccessPolicyService
   ) {}
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-secrets.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-secrets.component.ts
index 759fb104b16..2d1690ef0ec 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-secrets.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project-secrets.component.ts
@@ -2,9 +2,9 @@ import { Component } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { combineLatest, combineLatestWith, filter, Observable, startWith, switchMap } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { ProjectView } from "../../models/view/project.view";
 import { SecretListView } from "../../models/view/secret-list.view";
@@ -36,7 +36,7 @@ export class ProjectSecretsComponent {
     private route: ActivatedRoute,
     private projectService: ProjectService,
     private secretService: SecretService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private platformUtilsService: PlatformUtilsService,
     private i18nService: I18nService
   ) {}
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project.component.ts
index d60b3209b1f..c87d238d6a8 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project/project.component.ts
@@ -12,9 +12,9 @@ import {
   takeUntil,
 } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { ProjectView } from "../../models/view/project.view";
 import {
@@ -40,7 +40,7 @@ export class ProjectComponent implements OnInit, OnDestroy {
     private route: ActivatedRoute,
     private projectService: ProjectService,
     private router: Router,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private platformUtilsService: PlatformUtilsService,
     private i18nService: I18nService
   ) {}
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/projects/projects/projects.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/projects/projects/projects.component.ts
index fe202b31229..7128e26a3d8 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/projects/projects/projects.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/projects/projects/projects.component.ts
@@ -2,7 +2,7 @@ import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { combineLatest, lastValueFrom, Observable, startWith, switchMap } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 import { ProjectListView } from "../../models/view/project-list.view";
 import { AccessPolicyService } from "../../shared/access-policies/access-policy.service";
@@ -37,7 +37,7 @@ export class ProjectsComponent implements OnInit {
     private route: ActivatedRoute,
     private projectService: ProjectService,
     private accessPolicyService: AccessPolicyService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   ngOnInit() {
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/dialog/secret-delete.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/dialog/secret-delete.component.ts
index 8ee0d192e4f..4158746131a 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/dialog/secret-delete.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/dialog/secret-delete.component.ts
@@ -1,9 +1,9 @@
 import { DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
 import { Component, Inject } from "@angular/core";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { SecretListView } from "../../models/view/secret-list.view";
 import {
@@ -27,7 +27,7 @@ export class SecretDeleteDialogComponent {
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
     @Inject(DIALOG_DATA) private data: SecretDeleteOperation,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   showSoftDeleteSecretWarning = this.data.secrets.length === 1;
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/dialog/secret-dialog.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/dialog/secret-dialog.component.ts
index 1c376739970..c6a807f7395 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/dialog/secret-dialog.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/dialog/secret-dialog.component.ts
@@ -3,12 +3,11 @@ import { Component, Inject, OnInit } from "@angular/core";
 import { FormControl, FormGroup, Validators } from "@angular/forms";
 import { lastValueFrom, Subject, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { BitValidators } from "@bitwarden/components";
+import { DialogService, BitValidators } from "@bitwarden/components";
 
 import { ProjectListView } from "../../models/view/project-list.view";
 import { ProjectView } from "../../models/view/project.view";
@@ -66,7 +65,7 @@ export class SecretDialogComponent implements OnInit {
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
     private projectService: ProjectService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private organizationService: OrganizationService
   ) {}
 
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secrets.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secrets.component.ts
index 02bd6d3cf1b..7c05f169a3d 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secrets.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secrets.component.ts
@@ -2,9 +2,9 @@ import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { combineLatestWith, Observable, startWith, switchMap } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { SecretListView } from "../models/view/secret-list.view";
 import { SecretsListComponent } from "../shared/secrets-list.component";
@@ -33,7 +33,7 @@ export class SecretsComponent implements OnInit {
   constructor(
     private route: ActivatedRoute,
     private secretService: SecretService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private platformUtilsService: PlatformUtilsService,
     private i18nService: I18nService
   ) {}
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access-tokens.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access-tokens.component.ts
index 2568a398362..24080d3e7da 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access-tokens.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access-tokens.component.ts
@@ -10,10 +10,10 @@ import {
   takeUntil,
 } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 import { openUserVerificationPrompt } from "@bitwarden/web-vault/app/auth/shared/components/user-verification";
 
 import { ServiceAccountView } from "../../models/view/service-account.view";
@@ -36,7 +36,7 @@ export class AccessTokenComponent implements OnInit, OnDestroy {
   constructor(
     private route: ActivatedRoute,
     private accessService: AccessService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private modalService: ModalService,
     private platformUtilsService: PlatformUtilsService,
     private i18nService: I18nService,
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/dialogs/access-token-create-dialog.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/dialogs/access-token-create-dialog.component.ts
index 8004166f625..4b9201e680c 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/dialogs/access-token-create-dialog.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/dialogs/access-token-create-dialog.component.ts
@@ -2,8 +2,7 @@ import { DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
 import { Component, Inject, OnInit } from "@angular/core";
 import { FormControl, FormGroup, Validators } from "@angular/forms";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
-import { BitValidators } from "@bitwarden/components";
+import { DialogService, BitValidators } from "@bitwarden/components";
 
 import { ServiceAccountView } from "../../../models/view/service-account.view";
 import { AccessTokenView } from "../../models/view/access-token.view";
@@ -33,7 +32,7 @@ export class AccessTokenCreateDialogComponent implements OnInit {
   constructor(
     public dialogRef: DialogRef,
     @Inject(DIALOG_DATA) public data: AccessTokenOperation,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private accessService: AccessService
   ) {}
 
@@ -83,7 +82,7 @@ export class AccessTokenCreateDialogComponent implements OnInit {
   }
 
   static openNewAccessTokenDialog(
-    dialogService: DialogServiceAbstraction,
+    dialogService: DialogService,
     serviceAccountView: ServiceAccountView
   ) {
     return dialogService.open<unknown, AccessTokenOperation>(AccessTokenCreateDialogComponent, {
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/dialog/service-account-delete-dialog.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/dialog/service-account-delete-dialog.component.ts
index 69ad03e9121..ccc99bd6b8a 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/dialog/service-account-delete-dialog.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/dialog/service-account-delete-dialog.component.ts
@@ -8,9 +8,9 @@ import {
   AbstractControl,
 } from "@angular/forms";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { ServiceAccountView } from "../../models/view/service-account.view";
 import {
@@ -38,7 +38,7 @@ export class ServiceAccountDeleteDialogComponent {
     private serviceAccountService: ServiceAccountService,
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   get title() {
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/people/service-account-people.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/people/service-account-people.component.ts
index ba4b59abcf9..296ef1c1325 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/people/service-account-people.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/people/service-account-people.component.ts
@@ -11,13 +11,9 @@ import {
   takeUntil,
 } from "rxjs";
 
-import {
-  SimpleDialogType,
-  DialogServiceAbstraction,
-  SimpleDialogOptions,
-} from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { DialogService, SimpleDialogOptions } from "@bitwarden/components";
 import { SelectItemView } from "@bitwarden/components/src/multi-select/models/select-item-view";
 
 import {
@@ -134,7 +130,7 @@ export class ServiceAccountPeopleComponent {
       const simpleDialogOpts: SimpleDialogOptions = {
         title: this.i18nService.t("saPeopleWarningTitle"),
         content: this.i18nService.t("saPeopleWarningMessage"),
-        type: SimpleDialogType.WARNING,
+        type: "warning",
         acceptButtonText: { key: "close" },
         cancelButtonText: null,
       };
@@ -146,7 +142,7 @@ export class ServiceAccountPeopleComponent {
 
   constructor(
     private route: ActivatedRoute,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private i18nService: I18nService,
     private validationService: ValidationService,
     private accessPolicyService: AccessPolicyService
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.component.ts
index 2e6084e06ea..06b91f71f75 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.component.ts
@@ -11,9 +11,9 @@ import {
   takeUntil,
 } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import { ServiceAccountView } from "../models/view/service-account.view";
 
@@ -57,7 +57,7 @@ export class ServiceAccountComponent implements OnInit, OnDestroy {
   constructor(
     private route: ActivatedRoute,
     private serviceAccountService: ServiceAccountService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private router: Router,
     private platformUtilsService: PlatformUtilsService,
     private i18nService: I18nService
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-accounts.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-accounts.component.ts
index 973447b4410..808073ba810 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-accounts.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-accounts.component.ts
@@ -2,7 +2,7 @@ import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { combineLatest, Observable, startWith, switchMap } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 import {
   ServiceAccountSecretsDetailsView,
@@ -33,7 +33,7 @@ export class ServiceAccountsComponent implements OnInit {
 
   constructor(
     private route: ActivatedRoute,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private accessPolicyService: AccessPolicyService,
     private serviceAccountService: ServiceAccountService
   ) {}
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/settings/porting/sm-export.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/settings/porting/sm-export.component.ts
index c3ba6bc2ef1..201abb84ab2 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/settings/porting/sm-export.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/settings/porting/sm-export.component.ts
@@ -3,12 +3,12 @@ import { FormControl, FormGroup, Validators } from "@angular/forms";
 import { ActivatedRoute } from "@angular/router";
 import { firstValueFrom, Subject, switchMap, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { FileDownloadService } from "@bitwarden/common/platform/abstractions/file-download/file-download.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 import { openUserVerificationPrompt } from "@bitwarden/web-vault/app/auth/shared/components/user-verification";
 
 import { SecretsManagerPortingApiService } from "../services/sm-porting-api.service";
@@ -42,7 +42,7 @@ export class SecretsManagerExportComponent implements OnInit, OnDestroy {
     private smPortingService: SecretsManagerPortingService,
     private fileDownloadService: FileDownloadService,
     private logService: LogService,
-    private dialogService: DialogServiceAbstraction,
+    private dialogService: DialogService,
     private secretsManagerApiService: SecretsManagerPortingApiService
   ) {}
 
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/settings/porting/sm-import.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/settings/porting/sm-import.component.ts
index ffa1024c8e6..3542ee7b8ee 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/settings/porting/sm-import.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/settings/porting/sm-import.component.ts
@@ -3,12 +3,12 @@ import { FormControl, FormGroup } from "@angular/forms";
 import { ActivatedRoute } from "@angular/router";
 import { Subject, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { FileDownloadService } from "@bitwarden/common/platform/abstractions/file-download/file-download.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 
 import {
   SecretsManagerImportErrorDialogComponent,
@@ -37,7 +37,7 @@ export class SecretsManagerImportComponent implements OnInit, OnDestroy {
     protected fileDownloadService: FileDownloadService,
     private logService: LogService,
     private secretsManagerPortingApiService: SecretsManagerPortingApiService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.component.html b/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.component.html
index 2951cec9bf7..263281ed77a 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.component.html
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.component.html
@@ -68,7 +68,7 @@
 
               <bit-menu-divider></bit-menu-divider>
 
-              <button bitMenuItem type="button" (click)="lock()">
+              <button *ngIf="canLock$ | async" bitMenuItem type="button" (click)="lock()">
                 <i class="bwi bwi-fw bwi-lock" aria-hidden="true"></i>
                 {{ "lockNow" | i18n }}
               </button>
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.component.ts
index 999a53081b7..0b7625a3902 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.component.ts
@@ -2,6 +2,8 @@ import { Component, Input } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { combineLatest, map, Observable } from "rxjs";
 
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { AccountProfile } from "@bitwarden/common/platform/models/domain/account";
@@ -23,10 +25,12 @@ export class HeaderComponent {
 
   protected routeData$: Observable<{ titleId: string }>;
   protected account$: Observable<AccountProfile>;
+  protected canLock$: Observable<boolean>;
 
   constructor(
     private route: ActivatedRoute,
     private stateService: StateService,
+    private vaultTimeoutSettingsService: VaultTimeoutSettingsService,
     private messagingService: MessagingService
   ) {
     this.routeData$ = this.route.data.pipe(
@@ -45,6 +49,9 @@ export class HeaderComponent {
         return accounts[activeAccount]?.profile;
       })
     );
+    this.canLock$ = this.vaultTimeoutSettingsService
+      .availableVaultTimeoutActions$()
+      .pipe(map((actions) => actions.includes(VaultTimeoutAction.Lock)));
   }
 
   protected lock() {
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.stories.ts b/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.stories.ts
index 9ade2c1bec3..8e480ae50a1 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.stories.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/shared/header.stories.ts
@@ -10,6 +10,8 @@ import {
 import { BehaviorSubject, combineLatest, map } from "rxjs";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import {
@@ -42,6 +44,12 @@ class MockMessagingService implements MessagingService {
   }
 }
 
+class MockVaultTimeoutService {
+  availableVaultTimeoutActions$() {
+    return new BehaviorSubject([VaultTimeoutAction.Lock]).asObservable();
+  }
+}
+
 @Component({
   selector: "product-switcher",
   template: `<button bitIconButton="bwi-filter"></button>`,
@@ -89,6 +97,7 @@ export default {
       declarations: [HeaderComponent, MockProductSwitcher, MockDynamicAvatar],
       providers: [
         { provide: StateService, useClass: MockStateService },
+        { provide: VaultTimeoutSettingsService, useClass: MockVaultTimeoutService },
         {
           provide: MessagingService,
           useFactory: () => {
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/shared/new-menu.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/shared/new-menu.component.ts
index ac0345c40e1..7ecc2f917a4 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/shared/new-menu.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/shared/new-menu.component.ts
@@ -2,7 +2,7 @@ import { Component, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { Subject, takeUntil } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 import {
   ProjectDialogComponent,
@@ -26,7 +26,7 @@ export class NewMenuComponent implements OnInit, OnDestroy {
   private organizationId: string;
   private destroy$: Subject<void> = new Subject<void>();
 
-  constructor(private route: ActivatedRoute, private dialogService: DialogServiceAbstraction) {}
+  constructor(private route: ActivatedRoute, private dialogService: DialogService) {}
 
   ngOnInit() {
     this.route.params.pipe(takeUntil(this.destroy$)).subscribe((params: any) => {
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/sm-routing.module.ts b/bitwarden_license/bit-web/src/app/secrets-manager/sm-routing.module.ts
index f279314b43e..5c18bab4e42 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/sm-routing.module.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/sm-routing.module.ts
@@ -1,7 +1,7 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
-import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
+import { AuthGuard } from "@bitwarden/angular/auth/guards";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { OrganizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard";
 import { buildFlaggedRoute } from "@bitwarden/web-vault/app/oss-routing.module";
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/sm.guard.ts b/bitwarden_license/bit-web/src/app/secrets-manager/sm.guard.ts
index 340f0484f7b..ee653b8f4ae 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/sm.guard.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/sm.guard.ts
@@ -6,7 +6,7 @@ import {
   RouterStateSnapshot,
 } from "@angular/router";
 
-import { AuthGuard } from "@bitwarden/angular/auth/guards/auth.guard";
+import { AuthGuard } from "@bitwarden/angular/auth/guards";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/trash/trash.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/trash/trash.component.ts
index 8835049f82d..83f510ed569 100644
--- a/bitwarden_license/bit-web/src/app/secrets-manager/trash/trash.component.ts
+++ b/bitwarden_license/bit-web/src/app/secrets-manager/trash/trash.component.ts
@@ -2,7 +2,7 @@ import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { combineLatestWith, Observable, startWith, switchMap } from "rxjs";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 import { SecretListView } from "../models/view/secret-list.view";
 import { SecretService } from "../secrets/secret.service";
@@ -28,7 +28,7 @@ export class TrashComponent implements OnInit {
   constructor(
     private route: ActivatedRoute,
     private secretService: SecretService,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   ngOnInit() {
diff --git a/bitwarden_license/bit-web/tsconfig.json b/bitwarden_license/bit-web/tsconfig.json
index a712fae9025..0612053e4e3 100644
--- a/bitwarden_license/bit-web/tsconfig.json
+++ b/bitwarden_license/bit-web/tsconfig.json
@@ -7,6 +7,7 @@
       "@bitwarden/common/*": ["../../libs/common/src/*"],
       "@bitwarden/components": ["../../libs/components/src"],
       "@bitwarden/exporter/*": ["../../libs/exporter/src/*"],
+      "@bitwarden/vault": ["../../libs/vault/src"],
       "@bitwarden/web-vault/*": ["../../apps/web/src/*"]
     }
   },
diff --git a/jest.config.js b/jest.config.js
index c4213fa143c..035d90bda62 100644
--- a/jest.config.js
+++ b/jest.config.js
@@ -27,6 +27,7 @@ module.exports = {
     "<rootDir>/libs/exporter/jest.config.js",
     "<rootDir>/libs/importer/jest.config.js",
     "<rootDir>/libs/node/jest.config.js",
+    "<rootDir>/libs/vault/jest.config.js",
   ],
 
   // Workaround for a memory leak that crashes tests in CI:
diff --git a/libs/angular/src/auth/components/base-login-decryption-options.component.ts b/libs/angular/src/auth/components/base-login-decryption-options.component.ts
new file mode 100644
index 00000000000..3350c3999c6
--- /dev/null
+++ b/libs/angular/src/auth/components/base-login-decryption-options.component.ts
@@ -0,0 +1,291 @@
+import { Directive, OnDestroy, OnInit } from "@angular/core";
+import { FormBuilder, FormControl } from "@angular/forms";
+import { ActivatedRoute, Router } from "@angular/router";
+import {
+  firstValueFrom,
+  switchMap,
+  Subject,
+  catchError,
+  from,
+  of,
+  finalize,
+  takeUntil,
+  defer,
+  throwError,
+} from "rxjs";
+
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { DevicesServiceAbstraction } from "@bitwarden/common/abstractions/devices/devices.service.abstraction";
+import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service";
+import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
+import { PasswordResetEnrollmentServiceAbstraction } from "@bitwarden/common/auth/abstractions/password-reset-enrollment.service.abstraction";
+import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
+import { KeysRequest } from "@bitwarden/common/models/request/keys.request";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
+
+enum State {
+  NewUser,
+  ExistingUserUntrustedDevice,
+}
+
+type NewUserData = {
+  readonly state: State.NewUser;
+  readonly organizationId: string;
+  readonly userEmail: string;
+};
+
+type ExistingUserUntrustedDeviceData = {
+  readonly state: State.ExistingUserUntrustedDevice;
+  readonly showApproveFromOtherDeviceBtn: boolean;
+  readonly showReqAdminApprovalBtn: boolean;
+  readonly showApproveWithMasterPasswordBtn: boolean;
+  readonly userEmail: string;
+};
+
+type Data = NewUserData | ExistingUserUntrustedDeviceData;
+
+@Directive()
+export class BaseLoginDecryptionOptionsComponent implements OnInit, OnDestroy {
+  private destroy$ = new Subject<void>();
+
+  protected State = State;
+
+  protected data?: Data;
+  protected loading = true;
+
+  // Remember device means for the user to trust the device
+  rememberDeviceForm = this.formBuilder.group({
+    rememberDevice: [true],
+  });
+
+  get rememberDevice(): FormControl<boolean> {
+    return this.rememberDeviceForm?.controls.rememberDevice;
+  }
+
+  constructor(
+    protected formBuilder: FormBuilder,
+    protected devicesService: DevicesServiceAbstraction,
+    protected stateService: StateService,
+    protected router: Router,
+    protected activatedRoute: ActivatedRoute,
+    protected messagingService: MessagingService,
+    protected tokenService: TokenService,
+    protected loginService: LoginService,
+    protected organizationApiService: OrganizationApiServiceAbstraction,
+    protected cryptoService: CryptoService,
+    protected organizationUserService: OrganizationUserService,
+    protected apiService: ApiService,
+    protected i18nService: I18nService,
+    protected validationService: ValidationService,
+    protected deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    protected platformUtilsService: PlatformUtilsService,
+    protected passwordResetEnrollmentService: PasswordResetEnrollmentServiceAbstraction
+  ) {}
+
+  async ngOnInit() {
+    this.loading = true;
+
+    this.setupRememberDeviceValueChanges();
+
+    // Persist user choice from state if it exists
+    await this.setRememberDeviceDefaultValue();
+
+    try {
+      const accountDecryptionOptions: AccountDecryptionOptions =
+        await this.stateService.getAccountDecryptionOptions();
+
+      // see sso-login.strategy - to determine if a user is new or not it just checks if there is a key on the token response..
+      // can we check if they have a user key or master key in crypto service? Would that be sufficient?
+      if (
+        !accountDecryptionOptions?.trustedDeviceOption?.hasAdminApproval &&
+        !accountDecryptionOptions?.hasMasterPassword
+      ) {
+        // We are dealing with a new account if:
+        //  - User does not have admin approval (i.e. has not enrolled into admin reset)
+        //  - AND does not have a master password
+
+        this.loadNewUserData();
+      } else {
+        this.loadUntrustedDeviceData(accountDecryptionOptions);
+      }
+
+      // Note: this is probably not a comprehensive write up of all scenarios:
+
+      // If the TDE feature flag is enabled and TDE is configured for the org that the user is a member of,
+      // then new and existing users can be redirected here after completing the SSO flow (and 2FA if enabled).
+
+      // First we must determine user type (new or existing):
+
+      // New User
+      // - present user with option to remember the device or not (trust the device)
+      // - present a continue button to proceed to the vault
+      //  - loadNewUserData() --> will need to load enrollment status and user email address.
+
+      // Existing User
+      // - Determine if user is an admin with access to account recovery in admin console
+      //  - Determine if user has a MP or not, if not, they must be redirected to set one (see PM-1035)
+      // - Determine if device is trusted or not via device crypto service (method not yet written)
+      //  - If not trusted, present user with login decryption options (approve from other device, approve with master password, request admin approval)
+      //    - loadUntrustedDeviceData()
+    } catch (err) {
+      this.validationService.showError(err);
+    }
+  }
+
+  private async setRememberDeviceDefaultValue() {
+    const rememberDeviceFromState = await this.deviceTrustCryptoService.getShouldTrustDevice();
+
+    const rememberDevice = rememberDeviceFromState ?? true;
+
+    this.rememberDevice.setValue(rememberDevice);
+  }
+
+  private setupRememberDeviceValueChanges() {
+    this.rememberDevice.valueChanges
+      .pipe(
+        switchMap((value) =>
+          defer(() => this.deviceTrustCryptoService.setShouldTrustDevice(value))
+        ),
+        takeUntil(this.destroy$)
+      )
+      .subscribe();
+  }
+
+  async loadNewUserData() {
+    const autoEnrollStatus$ = defer(() =>
+      this.stateService.getUserSsoOrganizationIdentifier()
+    ).pipe(
+      switchMap((organizationIdentifier) => {
+        if (organizationIdentifier == undefined) {
+          return throwError(() => new Error(this.i18nService.t("ssoIdentifierRequired")));
+        }
+
+        return from(this.organizationApiService.getAutoEnrollStatus(organizationIdentifier));
+      }),
+      catchError((err: unknown) => {
+        this.validationService.showError(err);
+        return of(undefined);
+      })
+    );
+
+    const email$ = from(this.stateService.getEmail()).pipe(
+      catchError((err: unknown) => {
+        this.validationService.showError(err);
+        return of(undefined);
+      }),
+      takeUntil(this.destroy$)
+    );
+
+    const autoEnrollStatus = await firstValueFrom(autoEnrollStatus$);
+    const email = await firstValueFrom(email$);
+
+    this.data = { state: State.NewUser, organizationId: autoEnrollStatus.id, userEmail: email };
+    this.loading = false;
+  }
+
+  loadUntrustedDeviceData(accountDecryptionOptions: AccountDecryptionOptions) {
+    this.loading = true;
+
+    const email$ = from(this.stateService.getEmail()).pipe(
+      catchError((err: unknown) => {
+        this.validationService.showError(err);
+        return of(undefined);
+      }),
+      takeUntil(this.destroy$)
+    );
+
+    email$
+      .pipe(
+        takeUntil(this.destroy$),
+        finalize(() => {
+          this.loading = false;
+        })
+      )
+      .subscribe((email) => {
+        const showApproveFromOtherDeviceBtn =
+          accountDecryptionOptions?.trustedDeviceOption?.hasLoginApprovingDevice || false;
+
+        const showReqAdminApprovalBtn =
+          !!accountDecryptionOptions?.trustedDeviceOption?.hasAdminApproval || false;
+
+        const showApproveWithMasterPasswordBtn =
+          accountDecryptionOptions?.hasMasterPassword || false;
+
+        const userEmail = email;
+
+        this.data = {
+          state: State.ExistingUserUntrustedDevice,
+          showApproveFromOtherDeviceBtn,
+          showReqAdminApprovalBtn,
+          showApproveWithMasterPasswordBtn,
+          userEmail,
+        };
+      });
+  }
+
+  async approveFromOtherDevice() {
+    if (this.data.state !== State.ExistingUserUntrustedDevice) {
+      return;
+    }
+
+    this.loginService.setEmail(this.data.userEmail);
+    this.router.navigate(["/login-with-device"]);
+  }
+
+  async requestAdminApproval() {
+    this.loginService.setEmail(this.data.userEmail);
+    this.router.navigate(["/admin-approval-requested"]);
+  }
+
+  async approveWithMasterPassword() {
+    this.router.navigate(["/lock"], { queryParams: { from: "login-initiated" } });
+  }
+
+  async createUser() {
+    if (this.data.state !== State.NewUser) {
+      return;
+    }
+
+    // this.loading to support clients without async-actions-support
+    this.loading = true;
+    try {
+      const { publicKey, privateKey } = await this.cryptoService.initAccount();
+      const keysRequest = new KeysRequest(publicKey, privateKey.encryptedString);
+      await this.apiService.postAccountKeys(keysRequest);
+
+      this.platformUtilsService.showToast(
+        "success",
+        null,
+        this.i18nService.t("accountSuccessfullyCreated")
+      );
+
+      await this.passwordResetEnrollmentService.enroll(this.data.organizationId);
+
+      if (this.rememberDeviceForm.value.rememberDevice) {
+        await this.deviceTrustCryptoService.trustDevice();
+      }
+    } catch (error) {
+      this.validationService.showError(error);
+    } finally {
+      this.loading = false;
+    }
+  }
+
+  logOut() {
+    this.loading = true; // to avoid an awkward delay in browser extension
+    this.messagingService.send("logout");
+  }
+
+  ngOnDestroy(): void {
+    this.destroy$.next();
+    this.destroy$.complete();
+  }
+}
diff --git a/libs/angular/src/auth/components/change-password.component.ts b/libs/angular/src/auth/components/change-password.component.ts
index 2e440b984d3..b9c2d1be4f5 100644
--- a/libs/angular/src/auth/components/change-password.component.ts
+++ b/libs/angular/src/auth/components/change-password.component.ts
@@ -12,10 +12,10 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { MasterKey, UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { DialogService } from "@bitwarden/components";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
 import { PasswordColorText } from "../../shared/components/password-strength/password-strength.component";
 
 @Directive()
@@ -44,7 +44,7 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
     protected platformUtilsService: PlatformUtilsService,
     protected policyService: PolicyService,
     protected stateService: StateService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -79,23 +79,28 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
     if (this.kdfConfig == null) {
       this.kdfConfig = await this.stateService.getKdfConfig();
     }
-    const key = await this.cryptoService.makeKey(
+
+    // Create new master key
+    const newMasterKey = await this.cryptoService.makeMasterKey(
       this.masterPassword,
       email.trim().toLowerCase(),
       this.kdf,
       this.kdfConfig
     );
-    const masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, key);
+    const newMasterKeyHash = await this.cryptoService.hashMasterKey(
+      this.masterPassword,
+      newMasterKey
+    );
 
-    let encKey: [SymmetricCryptoKey, EncString] = null;
-    const existingEncKey = await this.cryptoService.getEncKey();
-    if (existingEncKey == null) {
-      encKey = await this.cryptoService.makeEncKey(key);
+    let newProtectedUserKey: [UserKey, EncString] = null;
+    const userKey = await this.cryptoService.getUserKey();
+    if (userKey == null) {
+      newProtectedUserKey = await this.cryptoService.makeUserKey(newMasterKey);
     } else {
-      encKey = await this.cryptoService.remakeEncKey(key);
+      newProtectedUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(newMasterKey);
     }
 
-    await this.performSubmitActions(masterPasswordHash, key, encKey);
+    await this.performSubmitActions(newMasterKeyHash, newMasterKey, newProtectedUserKey);
   }
 
   async setupSubmitActions(): Promise<boolean> {
@@ -105,9 +110,9 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
   }
 
   async performSubmitActions(
-    masterPasswordHash: string,
-    key: SymmetricCryptoKey,
-    encKey: [SymmetricCryptoKey, EncString]
+    newMasterKeyHash: string,
+    newMasterKey: MasterKey,
+    newUserKey: [UserKey, EncString]
   ) {
     // Override in sub-class
   }
@@ -162,7 +167,7 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
       const result = await this.dialogService.openSimpleDialog({
         title: { key: "weakAndExposedMasterPassword" },
         content: { key: "weakAndBreachedMasterPasswordDesc" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!result) {
@@ -173,7 +178,7 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
         const result = await this.dialogService.openSimpleDialog({
           title: { key: "weakMasterPassword" },
           content: { key: "weakMasterPasswordDesc" },
-          type: SimpleDialogType.WARNING,
+          type: "warning",
         });
 
         if (!result) {
@@ -184,7 +189,7 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
         const result = await this.dialogService.openSimpleDialog({
           title: { key: "exposedMasterPassword" },
           content: { key: "exposedMasterPasswordDesc" },
-          type: SimpleDialogType.WARNING,
+          type: "warning",
         });
 
         if (!result) {
@@ -201,7 +206,7 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
       title: { key: "logOut" },
       content: { key: "logOutConfirmation" },
       acceptButtonText: { key: "logOut" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (confirmed) {
diff --git a/libs/angular/src/auth/components/lock.component.ts b/libs/angular/src/auth/components/lock.component.ts
index dad07b7729f..57f2a61b500 100644
--- a/libs/angular/src/auth/components/lock.component.ts
+++ b/libs/angular/src/auth/components/lock.component.ts
@@ -4,16 +4,18 @@ import { firstValueFrom, Subject } from "rxjs";
 import { concatMap, take, takeUntil } from "rxjs/operators";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options";
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { ForceResetPasswordReason } from "@bitwarden/common/auth/models/domain/force-reset-password-reason";
 import { SecretVerificationRequest } from "@bitwarden/common/auth/models/request/secret-verification.request";
 import { MasterPasswordPolicyResponse } from "@bitwarden/common/auth/models/response/master-password-policy.response";
 import { HashPurpose, KeySuffixOptions } from "@bitwarden/common/enums";
+import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -23,10 +25,10 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { PinLockType } from "@bitwarden/common/services/vault-timeout/vault-timeout-settings.service";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
-
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 @Directive()
 export class LockComponent implements OnInit, OnDestroy {
@@ -34,13 +36,13 @@ export class LockComponent implements OnInit, OnDestroy {
   pin = "";
   showPassword = false;
   email: string;
-  pinLock = false;
+  pinEnabled = false;
+  masterPasswordEnabled = false;
   webVaultHostname = "";
   formPromise: Promise<MasterPasswordPolicyResponse>;
   supportsBiometric: boolean;
   biometricLock: boolean;
   biometricText: string;
-  hideInput: boolean;
   redirectUrl: string;
 
   protected successRoute = "vault";
@@ -48,7 +50,7 @@ export class LockComponent implements OnInit, OnDestroy {
   protected onSuccessfulSubmit: () => Promise<void>;
 
   private invalidPinAttempts = 0;
-  private pinSet: [boolean, boolean];
+  private pinStatus: PinLockType;
 
   private enforcedMasterPasswordOptions: MasterPasswordPolicyOptions = undefined;
 
@@ -66,13 +68,14 @@ export class LockComponent implements OnInit, OnDestroy {
     protected stateService: StateService,
     protected apiService: ApiService,
     protected logService: LogService,
-    private keyConnectorService: KeyConnectorService,
     protected ngZone: NgZone,
     protected policyApiService: PolicyApiServiceAbstraction,
     protected policyService: InternalPolicyService,
     protected passwordStrengthService: PasswordStrengthServiceAbstraction,
     protected route: ActivatedRoute,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService,
+    protected deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    protected userVerificationService: UserVerificationService
   ) {}
 
   async ngOnInit() {
@@ -92,7 +95,7 @@ export class LockComponent implements OnInit, OnDestroy {
   }
 
   async submit() {
-    if (this.pinLock) {
+    if (this.pinEnabled) {
       return await this.handlePinRequiredUnlock();
     }
 
@@ -104,7 +107,7 @@ export class LockComponent implements OnInit, OnDestroy {
       title: { key: "logOut" },
       content: { key: "logOutConfirmation" },
       acceptButtonText: { key: "logOut" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (confirmed) {
@@ -117,18 +120,18 @@ export class LockComponent implements OnInit, OnDestroy {
       return;
     }
 
-    const success = (await this.cryptoService.getKey(KeySuffixOptions.Biometric)) != null;
+    const userKey = await this.cryptoService.getUserKeyFromStorage(KeySuffixOptions.Biometric);
 
-    if (success) {
-      await this.doContinue(false);
+    if (userKey) {
+      await this.setUserKeyAndContinue(userKey, false);
     }
 
-    return success;
+    return !!userKey;
   }
 
   togglePassword() {
     this.showPassword = !this.showPassword;
-    const input = document.getElementById(this.pinLock ? "pin" : "masterPassword");
+    const input = document.getElementById(this.pinEnabled ? "pin" : "masterPassword");
     if (this.ngZone.isStable) {
       input.focus();
     } else {
@@ -154,25 +157,58 @@ export class LockComponent implements OnInit, OnDestroy {
     try {
       const kdf = await this.stateService.getKdfType();
       const kdfConfig = await this.stateService.getKdfConfig();
-      if (this.pinSet[0]) {
-        const key = await this.cryptoService.makeKeyFromPin(
+      let userKeyPin: EncString;
+      let oldPinKey: EncString;
+      switch (this.pinStatus) {
+        case "PERSISTANT": {
+          userKeyPin = await this.stateService.getPinKeyEncryptedUserKey();
+          const oldEncryptedPinKey = await this.stateService.getEncryptedPinProtected();
+          oldPinKey = oldEncryptedPinKey ? new EncString(oldEncryptedPinKey) : undefined;
+          break;
+        }
+        case "TRANSIENT": {
+          userKeyPin = await this.stateService.getPinKeyEncryptedUserKeyEphemeral();
+          oldPinKey = await this.stateService.getDecryptedPinProtected();
+          break;
+        }
+        case "DISABLED": {
+          throw new Error("Pin is disabled");
+        }
+        default: {
+          const _exhaustiveCheck: never = this.pinStatus;
+          return _exhaustiveCheck;
+        }
+      }
+
+      let userKey: UserKey;
+      if (oldPinKey) {
+        userKey = await this.cryptoService.decryptAndMigrateOldPinKey(
+          this.pinStatus === "TRANSIENT",
           this.pin,
           this.email,
           kdf,
           kdfConfig,
-          await this.stateService.getDecryptedPinProtected()
+          oldPinKey
         );
-        const encKey = await this.cryptoService.getEncKey(key);
-        const protectedPin = await this.stateService.getProtectedPin();
-        const decPin = await this.cryptoService.decryptToUtf8(new EncString(protectedPin), encKey);
-        failed = decPin !== this.pin;
-        if (!failed) {
-          await this.setKeyAndContinue(key);
-        }
       } else {
-        const key = await this.cryptoService.makeKeyFromPin(this.pin, this.email, kdf, kdfConfig);
-        failed = false;
-        await this.setKeyAndContinue(key);
+        userKey = await this.cryptoService.decryptUserKeyWithPin(
+          this.pin,
+          this.email,
+          kdf,
+          kdfConfig,
+          userKeyPin
+        );
+      }
+
+      const protectedPin = await this.stateService.getProtectedPin();
+      const decryptedPin = await this.cryptoService.decryptToUtf8(
+        new EncString(protectedPin),
+        userKey
+      );
+      failed = decryptedPin !== this.pin;
+
+      if (!failed) {
+        await this.setUserKeyAndContinue(userKey);
       }
     } catch {
       failed = true;
@@ -208,18 +244,28 @@ export class LockComponent implements OnInit, OnDestroy {
     const kdf = await this.stateService.getKdfType();
     const kdfConfig = await this.stateService.getKdfConfig();
 
-    const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfConfig);
-    const storedKeyHash = await this.cryptoService.getKeyHash();
+    const masterKey = await this.cryptoService.makeMasterKey(
+      this.masterPassword,
+      this.email,
+      kdf,
+      kdfConfig
+    );
+    const storedPasswordHash = await this.cryptoService.getMasterKeyHash();
 
     let passwordValid = false;
 
-    if (storedKeyHash != null) {
-      passwordValid = await this.cryptoService.compareAndUpdateKeyHash(this.masterPassword, key);
-    } else {
-      const request = new SecretVerificationRequest();
-      const serverKeyHash = await this.cryptoService.hashPassword(
+    if (storedPasswordHash != null) {
+      // Offline unlock possible
+      passwordValid = await this.cryptoService.compareAndUpdateKeyHash(
         this.masterPassword,
-        key,
+        masterKey
+      );
+    } else {
+      // Online only
+      const request = new SecretVerificationRequest();
+      const serverKeyHash = await this.cryptoService.hashMasterKey(
+        this.masterPassword,
+        masterKey,
         HashPurpose.ServerAuthorization
       );
       request.masterPasswordHash = serverKeyHash;
@@ -228,14 +274,16 @@ export class LockComponent implements OnInit, OnDestroy {
         const response = await this.formPromise;
         this.enforcedMasterPasswordOptions = MasterPasswordPolicyOptions.fromResponse(response);
         passwordValid = true;
-        const localKeyHash = await this.cryptoService.hashPassword(
+        const localKeyHash = await this.cryptoService.hashMasterKey(
           this.masterPassword,
-          key,
+          masterKey,
           HashPurpose.LocalAuthorization
         );
-        await this.cryptoService.setKeyHash(localKeyHash);
+        await this.cryptoService.setMasterKeyHash(localKeyHash);
       } catch (e) {
         this.logService.error(e);
+      } finally {
+        this.formPromise = null;
       }
     }
 
@@ -248,19 +296,18 @@ export class LockComponent implements OnInit, OnDestroy {
       return;
     }
 
-    if (this.pinSet[0]) {
-      const protectedPin = await this.stateService.getProtectedPin();
-      const encKey = await this.cryptoService.getEncKey(key);
-      const decPin = await this.cryptoService.decryptToUtf8(new EncString(protectedPin), encKey);
-      const pinKey = await this.cryptoService.makePinKey(decPin, this.email, kdf, kdfConfig);
-      await this.stateService.setDecryptedPinProtected(
-        await this.cryptoService.encrypt(key.key, pinKey)
-      );
-    }
-    await this.setKeyAndContinue(key, true);
+    const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
+    await this.cryptoService.setMasterKey(masterKey);
+    await this.setUserKeyAndContinue(userKey, true);
   }
-  private async setKeyAndContinue(key: SymmetricCryptoKey, evaluatePasswordAfterUnlock = false) {
-    await this.cryptoService.setKey(key);
+
+  private async setUserKeyAndContinue(key: UserKey, evaluatePasswordAfterUnlock = false) {
+    await this.cryptoService.setUserKey(key);
+
+    // Now that we have a decrypted user key in memory, we can check if we
+    // need to establish trust on the current device
+    await this.deviceTrustCryptoService.trustDeviceIfRequired();
+
     await this.doContinue(evaluatePasswordAfterUnlock);
   }
 
@@ -305,24 +352,39 @@ export class LockComponent implements OnInit, OnDestroy {
   }
 
   private async load() {
-    this.pinSet = await this.vaultTimeoutSettingsService.isPinLockSet();
-    this.pinLock =
-      (this.pinSet[0] && (await this.stateService.getDecryptedPinProtected()) != null) ||
-      this.pinSet[1];
+    // TODO: Investigate PM-3515
+
+    // The loading of the lock component works as follows:
+    //   1. First, is locking a valid timeout action?  If not, we will log the user out.
+    //   2. If locking IS a valid timeout action, we proceed to show the user the lock screen.
+    //      The user will be able to unlock as follows:
+    //        - If they have a PIN set, they will be presented with the PIN input
+    //        - If they have a master password and no PIN, they will be presented with the master password input
+    //        - If they have biometrics enabled, they will be presented with the biometric prompt
+
+    const availableVaultTimeoutActions = await firstValueFrom(
+      this.vaultTimeoutSettingsService.availableVaultTimeoutActions$()
+    );
+    const supportsLock = availableVaultTimeoutActions.includes(VaultTimeoutAction.Lock);
+    if (!supportsLock) {
+      return await this.vaultTimeoutService.logOut();
+    }
+
+    this.pinStatus = await this.vaultTimeoutSettingsService.isPinLockSet();
+
+    let ephemeralPinSet = await this.stateService.getPinKeyEncryptedUserKeyEphemeral();
+    ephemeralPinSet ||= await this.stateService.getDecryptedPinProtected();
+    this.pinEnabled =
+      (this.pinStatus === "TRANSIENT" && !!ephemeralPinSet) || this.pinStatus === "PERSISTANT";
+    this.masterPasswordEnabled = await this.userVerificationService.hasMasterPassword();
+
     this.supportsBiometric = await this.platformUtilsService.supportsBiometric();
     this.biometricLock =
       (await this.vaultTimeoutSettingsService.isBiometricLockSet()) &&
-      ((await this.cryptoService.hasKeyStored(KeySuffixOptions.Biometric)) ||
+      ((await this.cryptoService.hasUserKeyStored(KeySuffixOptions.Biometric)) ||
         !this.platformUtilsService.supportsSecureStorage());
     this.biometricText = await this.stateService.getBiometricText();
     this.email = await this.stateService.getEmail();
-    const usesKeyConnector = await this.keyConnectorService.getUsesKeyConnector();
-    this.hideInput = usesKeyConnector && !this.pinLock;
-
-    // Users with key connector and without biometric or pin has no MP to unlock using
-    if (usesKeyConnector && !(this.biometricLock || this.pinLock)) {
-      await this.vaultTimeoutService.logOut();
-    }
 
     const webVaultUrl = this.environmentService.getWebVaultUrl();
     const vaultUrl =
diff --git a/libs/angular/src/auth/components/login-with-device.component.ts b/libs/angular/src/auth/components/login-with-device.component.ts
index a991f0a8b1c..84d904ec7b6 100644
--- a/libs/angular/src/auth/components/login-with-device.component.ts
+++ b/libs/angular/src/auth/components/login-with-device.component.ts
@@ -1,16 +1,22 @@
 import { Directive, OnDestroy, OnInit } from "@angular/core";
-import { Router } from "@angular/router";
+import { IsActiveMatchOptions, Router } from "@angular/router";
 import { Subject, takeUntil } from "rxjs";
 
 import { AnonymousHubService } from "@bitwarden/common/abstractions/anonymousHub.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AuthRequestCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-crypto.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AuthRequestType } from "@bitwarden/common/auth/enums/auth-request-type";
+import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { AdminAuthRequestStorable } from "@bitwarden/common/auth/models/domain/admin-auth-req-storable";
+import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceResetPasswordReason } from "@bitwarden/common/auth/models/domain/force-reset-password-reason";
 import { PasswordlessLogInCredentials } from "@bitwarden/common/auth/models/domain/log-in-credentials";
 import { PasswordlessCreateAuthRequest } from "@bitwarden/common/auth/models/request/passwordless-create-auth.request";
 import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response";
+import { HttpStatusCode } from "@bitwarden/common/enums/http-status-code.enum";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
@@ -22,17 +28,24 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 
 import { CaptchaProtectedComponent } from "./captcha-protected.component";
 
+// TODO: consider renaming this component something like LoginViaAuthReqComponent
+
+enum State {
+  StandardAuthRequest,
+  AdminAuthRequest,
+}
+
 @Directive()
 export class LoginWithDeviceComponent
   extends CaptchaProtectedComponent
   implements OnInit, OnDestroy
 {
   private destroy$ = new Subject<void>();
+  userAuthNStatus: AuthenticationStatus;
   email: string;
   showResendNotification = false;
   passwordlessRequest: PasswordlessCreateAuthRequest;
@@ -42,12 +55,19 @@ export class LoginWithDeviceComponent
   onSuccessfulLoginNavigate: () => Promise<any>;
   onSuccessfulLoginForceResetNavigate: () => Promise<any>;
 
+  protected adminApprovalRoute = "admin-approval-requested";
+
+  protected StateEnum = State;
+  protected state = State.StandardAuthRequest;
+
   protected twoFactorRoute = "2fa";
   protected successRoute = "vault";
   protected forcePasswordResetRoute = "update-temp-password";
   private resendTimeout = 12000;
-  private authRequestKeyPair: [publicKey: Uint8Array, privateKey: Uint8Array];
 
+  private authRequestKeyPair: { publicKey: Uint8Array; privateKey: Uint8Array };
+
+  // TODO: in future, go to child components and remove child constructors and let deps fall through to the super class
   constructor(
     protected router: Router,
     private cryptoService: CryptoService,
@@ -63,10 +83,14 @@ export class LoginWithDeviceComponent
     private anonymousHubService: AnonymousHubService,
     private validationService: ValidationService,
     private stateService: StateService,
-    private loginService: LoginService
+    private loginService: LoginService,
+    private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    private authReqCryptoService: AuthRequestCryptoServiceAbstraction
   ) {
     super(environmentService, i18nService, platformUtilsService);
 
+    // TODO: I don't know why this is necessary.
+    // Why would the existence of the email depend on the navigation?
     const navigation = this.router.getCurrentNavigation();
     if (navigation) {
       this.email = this.loginService.getEmail();
@@ -77,25 +101,167 @@ export class LoginWithDeviceComponent
       .getPushNotificationObs$()
       .pipe(takeUntil(this.destroy$))
       .subscribe((id) => {
-        this.confirmResponse(id);
+        // Only fires on approval currently
+        this.verifyAndHandleApprovedAuthReq(id);
       });
   }
 
   async ngOnInit() {
-    if (!this.email) {
-      this.router.navigate(["/login"]);
-      return;
+    this.userAuthNStatus = await this.authService.getAuthStatus();
+
+    const matchOptions: IsActiveMatchOptions = {
+      paths: "exact",
+      queryParams: "ignored",
+      fragment: "ignored",
+      matrixParams: "ignored",
+    };
+
+    if (this.router.isActive(this.adminApprovalRoute, matchOptions)) {
+      this.state = State.AdminAuthRequest;
     }
 
+    if (this.state === State.AdminAuthRequest) {
+      // Pull email from state for admin auth reqs b/c it is available
+      // This also prevents it from being lost on refresh as the
+      // login service email does not persist.
+      this.email = await this.stateService.getEmail();
+
+      if (!this.email) {
+        this.platformUtilsService.showToast("error", null, this.i18nService.t("userEmailMissing"));
+        this.router.navigate(["/login-initiated"]);
+        return;
+      }
+
+      // We only allow a single admin approval request to be active at a time
+      // so must check state to see if we have an existing one or not
+      const adminAuthReqStorable = await this.stateService.getAdminAuthRequest();
+
+      if (adminAuthReqStorable) {
+        await this.handleExistingAdminAuthRequest(adminAuthReqStorable);
+      } else {
+        // No existing admin auth request; so we need to create one
+        await this.startPasswordlessLogin();
+      }
+    } else {
+      // Standard auth request
+      // TODO: evaluate if we can remove the setting of this.email in the constructor
+      this.email = this.loginService.getEmail();
+
+      if (!this.email) {
+        this.platformUtilsService.showToast("error", null, this.i18nService.t("userEmailMissing"));
+        this.router.navigate(["/login"]);
+        return;
+      }
+
+      await this.startPasswordlessLogin();
+    }
+  }
+
+  ngOnDestroy(): void {
+    this.destroy$.next();
+    this.destroy$.complete();
+    this.anonymousHubService.stopHubConnection();
+  }
+
+  private async handleExistingAdminAuthRequest(adminAuthReqStorable: AdminAuthRequestStorable) {
+    // Note: on login, the SSOLoginStrategy will also call to see an existing admin auth req
+    // has been approved and handle it if so.
+
+    // Regardless, we always retrieve the auth request from the server verify and handle status changes here as well
+    let adminAuthReqResponse: AuthRequestResponse;
+    try {
+      adminAuthReqResponse = await this.apiService.getAuthRequest(adminAuthReqStorable.id);
+    } catch (error) {
+      if (error instanceof ErrorResponse && error.statusCode === HttpStatusCode.NotFound) {
+        return await this.handleExistingAdminAuthReqDeletedOrDenied();
+      }
+    }
+
+    // Request doesn't exist anymore
+    if (!adminAuthReqResponse) {
+      return await this.handleExistingAdminAuthReqDeletedOrDenied();
+    }
+
+    // Re-derive the user's fingerprint phrase
+    // It is important to not use the server's public key here as it could have been compromised via MITM
+    const derivedPublicKeyArrayBuffer = await this.cryptoFunctionService.rsaExtractPublicKey(
+      adminAuthReqStorable.privateKey
+    );
+    this.fingerprintPhrase = (
+      await this.cryptoService.getFingerprint(this.email, derivedPublicKeyArrayBuffer)
+    ).join("-");
+
+    // Request denied
+    if (adminAuthReqResponse.isAnswered && !adminAuthReqResponse.requestApproved) {
+      return await this.handleExistingAdminAuthReqDeletedOrDenied();
+    }
+
+    // Request approved
+    if (adminAuthReqResponse.requestApproved) {
+      return await this.handleApprovedAdminAuthRequest(
+        adminAuthReqResponse,
+        adminAuthReqStorable.privateKey
+      );
+    }
+
+    // Request still pending response from admin
+    // So, create hub connection so that any approvals will be received via push notification
+    this.anonymousHubService.createHubConnection(adminAuthReqStorable.id);
+  }
+
+  private async handleExistingAdminAuthReqDeletedOrDenied() {
+    // clear the admin auth request from state
+    await this.stateService.setAdminAuthRequest(null);
+
+    // start new auth request
     this.startPasswordlessLogin();
   }
 
+  private async buildAuthRequest(authRequestType: AuthRequestType) {
+    const authRequestKeyPairArray = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);
+
+    this.authRequestKeyPair = {
+      publicKey: authRequestKeyPairArray[0],
+      privateKey: authRequestKeyPairArray[1],
+    };
+
+    const deviceIdentifier = await this.appIdService.getAppId();
+    const publicKey = Utils.fromBufferToB64(this.authRequestKeyPair.publicKey);
+    const accessCode = await this.passwordGenerationService.generatePassword({ length: 25 });
+
+    this.fingerprintPhrase = (
+      await this.cryptoService.getFingerprint(this.email, this.authRequestKeyPair.publicKey)
+    ).join("-");
+
+    this.passwordlessRequest = new PasswordlessCreateAuthRequest(
+      this.email,
+      deviceIdentifier,
+      publicKey,
+      authRequestType,
+      accessCode
+    );
+  }
+
   async startPasswordlessLogin() {
     this.showResendNotification = false;
 
     try {
-      await this.buildAuthRequest();
-      const reqResponse = await this.apiService.postAuthRequest(this.passwordlessRequest);
+      let reqResponse: AuthRequestResponse;
+
+      if (this.state === State.AdminAuthRequest) {
+        await this.buildAuthRequest(AuthRequestType.AdminApproval);
+        reqResponse = await this.apiService.postAdminAuthRequest(this.passwordlessRequest);
+
+        const adminAuthReqStorable = new AdminAuthRequestStorable({
+          id: reqResponse.id,
+          privateKey: this.authRequestKeyPair.privateKey,
+        });
+
+        await this.stateService.setAdminAuthRequest(adminAuthReqStorable);
+      } else {
+        await this.buildAuthRequest(AuthRequestType.AuthenticateAndUnlock);
+        reqResponse = await this.apiService.postAuthRequest(this.passwordlessRequest);
+      }
 
       if (reqResponse.id) {
         this.anonymousHubService.createHubConnection(reqResponse.id);
@@ -109,52 +275,69 @@ export class LoginWithDeviceComponent
     }, this.resendTimeout);
   }
 
-  ngOnDestroy(): void {
-    this.destroy$.next();
-    this.destroy$.complete();
-    this.anonymousHubService.stopHubConnection();
-  }
-
-  private async confirmResponse(requestId: string) {
+  private async verifyAndHandleApprovedAuthReq(requestId: string) {
     try {
-      const response = await this.apiService.getAuthResponse(
-        requestId,
-        this.passwordlessRequest.accessCode
-      );
+      // Retrieve the auth request from server and verify it's approved
+      let authReqResponse: AuthRequestResponse;
 
-      if (!response.requestApproved) {
+      switch (this.state) {
+        case State.StandardAuthRequest:
+          // Unauthed - access code required for user verification
+          authReqResponse = await this.apiService.getAuthResponse(
+            requestId,
+            this.passwordlessRequest.accessCode
+          );
+          break;
+
+        case State.AdminAuthRequest:
+          // Authed - no access code required
+          authReqResponse = await this.apiService.getAuthRequest(requestId);
+          break;
+
+        default:
+          break;
+      }
+
+      if (!authReqResponse.requestApproved) {
         return;
       }
 
-      const credentials = await this.buildLoginCredentials(requestId, response);
-      const loginResponse = await this.authService.logIn(credentials);
+      // Approved so proceed:
 
-      if (loginResponse.requiresTwoFactor) {
-        if (this.onSuccessfulLoginTwoFactorNavigate != null) {
-          this.onSuccessfulLoginTwoFactorNavigate();
-        } else {
-          this.router.navigate([this.twoFactorRoute]);
-        }
-      } else if (loginResponse.forcePasswordReset != ForceResetPasswordReason.None) {
-        if (this.onSuccessfulLoginForceResetNavigate != null) {
-          this.onSuccessfulLoginForceResetNavigate();
-        } else {
-          this.router.navigate([this.forcePasswordResetRoute]);
-        }
-      } else {
-        await this.setRememberEmailValues();
-        if (this.onSuccessfulLogin != null) {
-          this.onSuccessfulLogin();
-        }
-        if (this.onSuccessfulLoginNavigate != null) {
-          this.onSuccessfulLoginNavigate();
-        } else {
-          this.router.navigate([this.successRoute]);
-        }
+      // 4 Scenarios to handle for approved auth requests:
+      // Existing flow 1:
+      //  - Anon Login with Device > User is not AuthN > receives approval from device with pubKey(masterKey)
+      //    > decrypt masterKey > must authenticate > gets masterKey(userKey) > decrypt userKey and proceed to vault
+
+      // 3 new flows from TDE:
+      // Flow 2:
+      //  - Post SSO > User is AuthN > SSO login strategy success sets masterKey(userKey) > receives approval from device with pubKey(masterKey)
+      //    > decrypt masterKey > decrypt userKey > establish trust if required > proceed to vault
+      // Flow 3:
+      //  - Post SSO > User is AuthN > Receives approval from device with pubKey(userKey) > decrypt userKey > establish trust if required > proceed to vault
+      // Flow 4:
+      //  - Anon Login with Device > User is not AuthN > receives approval from device with pubKey(userKey)
+      //    > decrypt userKey > must authenticate > set userKey > proceed to vault
+
+      // if user has authenticated via SSO
+      if (this.userAuthNStatus === AuthenticationStatus.Locked) {
+        return await this.handleApprovedAdminAuthRequest(
+          authReqResponse,
+          this.authRequestKeyPair.privateKey
+        );
       }
+
+      // Flow 1 and 4:
+      const loginAuthResult = await this.loginViaPasswordlessStrategy(requestId, authReqResponse);
+      await this.handlePostLoginNavigation(loginAuthResult);
     } catch (error) {
       if (error instanceof ErrorResponse) {
-        this.router.navigate(["/login"]);
+        let errorRoute = "/login";
+        if (this.state === State.AdminAuthRequest) {
+          errorRoute = "/login-initiated";
+        }
+
+        this.router.navigate([errorRoute]);
         this.validationService.showError(error);
         return;
       }
@@ -163,6 +346,112 @@ export class LoginWithDeviceComponent
     }
   }
 
+  async handleApprovedAdminAuthRequest(
+    adminAuthReqResponse: AuthRequestResponse,
+    privateKey: ArrayBuffer
+  ) {
+    // See verifyAndHandleApprovedAuthReq(...) for flow details
+    // it's flow 2 or 3 based on presence of masterPasswordHash
+    if (adminAuthReqResponse.masterPasswordHash) {
+      // Flow 2: masterPasswordHash is not null
+      // key is authRequestPublicKey(masterKey) + we have authRequestPublicKey(masterPasswordHash)
+      await this.authReqCryptoService.setKeysAfterDecryptingSharedMasterKeyAndHash(
+        adminAuthReqResponse,
+        privateKey
+      );
+    } else {
+      // Flow 3: masterPasswordHash is null
+      // we can assume key is authRequestPublicKey(userKey) and we can just decrypt with userKey and proceed to vault
+      await this.authReqCryptoService.setUserKeyAfterDecryptingSharedUserKey(
+        adminAuthReqResponse,
+        privateKey
+      );
+    }
+
+    // clear the admin auth request from state so it cannot be used again (it's a one time use)
+    // TODO: this should eventually be enforced via deleting this on the server once it is used
+    await this.stateService.setAdminAuthRequest(null);
+
+    this.platformUtilsService.showToast("success", null, this.i18nService.t("loginApproved"));
+
+    // Now that we have a decrypted user key in memory, we can check if we
+    // need to establish trust on the current device
+    await this.deviceTrustCryptoService.trustDeviceIfRequired();
+
+    // TODO: don't forget to use auto enrollment service everywhere we trust device
+
+    await this.handleSuccessfulLoginNavigation();
+  }
+
+  // Authentication helper
+  private async buildPasswordlessLoginCredentials(
+    requestId: string,
+    response: AuthRequestResponse
+  ): Promise<PasswordlessLogInCredentials> {
+    // if masterPasswordHash has a value, we will always receive key as authRequestPublicKey(masterKey) + authRequestPublicKey(masterPasswordHash)
+    // if masterPasswordHash is null, we will always receive key as authRequestPublicKey(userKey)
+    if (response.masterPasswordHash) {
+      const { masterKey, masterKeyHash } =
+        await this.authReqCryptoService.decryptPubKeyEncryptedMasterKeyAndHash(
+          response.key,
+          response.masterPasswordHash,
+          this.authRequestKeyPair.privateKey
+        );
+
+      return new PasswordlessLogInCredentials(
+        this.email,
+        this.passwordlessRequest.accessCode,
+        requestId,
+        null, // no userKey
+        masterKey,
+        masterKeyHash
+      );
+    } else {
+      const userKey = await this.authReqCryptoService.decryptPubKeyEncryptedUserKey(
+        response.key,
+        this.authRequestKeyPair.privateKey
+      );
+      return new PasswordlessLogInCredentials(
+        this.email,
+        this.passwordlessRequest.accessCode,
+        requestId,
+        userKey,
+        null, // no masterKey
+        null // no masterKeyHash
+      );
+    }
+  }
+
+  private async loginViaPasswordlessStrategy(
+    requestId: string,
+    authReqResponse: AuthRequestResponse
+  ): Promise<AuthResult> {
+    // Note: credentials change based on if the authReqResponse.key is a encryptedMasterKey or UserKey
+    const credentials = await this.buildPasswordlessLoginCredentials(requestId, authReqResponse);
+
+    // Note: keys are set by PasswordlessLogInStrategy success handling
+    return await this.authService.logIn(credentials);
+  }
+
+  // Routing logic
+  private async handlePostLoginNavigation(loginResponse: AuthResult) {
+    if (loginResponse.requiresTwoFactor) {
+      if (this.onSuccessfulLoginTwoFactorNavigate != null) {
+        this.onSuccessfulLoginTwoFactorNavigate();
+      } else {
+        this.router.navigate([this.twoFactorRoute]);
+      }
+    } else if (loginResponse.forcePasswordReset != ForceResetPasswordReason.None) {
+      if (this.onSuccessfulLoginForceResetNavigate != null) {
+        this.onSuccessfulLoginForceResetNavigate();
+      } else {
+        this.router.navigate([this.forcePasswordResetRoute]);
+      }
+    } else {
+      await this.handleSuccessfulLoginNavigation();
+    }
+  }
+
   async setRememberEmailValues() {
     const rememberEmail = this.loginService.getRememberEmail();
     const rememberedEmail = this.loginService.getEmail();
@@ -170,43 +459,19 @@ export class LoginWithDeviceComponent
     this.loginService.clearValues();
   }
 
-  private async buildAuthRequest() {
-    this.authRequestKeyPair = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);
-    const deviceIdentifier = await this.appIdService.getAppId();
-    const publicKey = Utils.fromBufferToB64(this.authRequestKeyPair[0]);
-    const accessCode = await this.passwordGenerationService.generatePassword({ length: 25 });
+  private async handleSuccessfulLoginNavigation() {
+    if (this.state === State.StandardAuthRequest) {
+      // Only need to set remembered email on standard login with auth req flow
+      await this.setRememberEmailValues();
+    }
 
-    this.fingerprintPhrase = (
-      await this.cryptoService.getFingerprint(this.email, this.authRequestKeyPair[0])
-    ).join("-");
-
-    this.passwordlessRequest = new PasswordlessCreateAuthRequest(
-      this.email,
-      deviceIdentifier,
-      publicKey,
-      AuthRequestType.AuthenticateAndUnlock,
-      accessCode
-    );
-  }
-
-  private async buildLoginCredentials(
-    requestId: string,
-    response: AuthRequestResponse
-  ): Promise<PasswordlessLogInCredentials> {
-    const decKey = await this.cryptoService.rsaDecrypt(response.key, this.authRequestKeyPair[1]);
-    const decMasterPasswordHash = await this.cryptoService.rsaDecrypt(
-      response.masterPasswordHash,
-      this.authRequestKeyPair[1]
-    );
-    const key = new SymmetricCryptoKey(decKey);
-    const localHashedPassword = Utils.fromBufferToUtf8(decMasterPasswordHash);
-
-    return new PasswordlessLogInCredentials(
-      this.email,
-      this.passwordlessRequest.accessCode,
-      requestId,
-      key,
-      localHashedPassword
-    );
+    if (this.onSuccessfulLogin != null) {
+      this.onSuccessfulLogin();
+    }
+    if (this.onSuccessfulLoginNavigate != null) {
+      this.onSuccessfulLoginNavigate();
+    } else {
+      this.router.navigate([this.successRoute]);
+    }
   }
 }
diff --git a/libs/angular/src/auth/components/login.component.ts b/libs/angular/src/auth/components/login.component.ts
index 815d794835f..c55d787f79a 100644
--- a/libs/angular/src/auth/components/login.component.ts
+++ b/libs/angular/src/auth/components/login.component.ts
@@ -4,8 +4,8 @@ import { ActivatedRoute, Router } from "@angular/router";
 import { Subject } from "rxjs";
 import { take, takeUntil } from "rxjs/operators";
 
-import { DevicesApiServiceAbstraction } from "@bitwarden/common/abstractions/devices/devices-api.service.abstraction";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceResetPasswordReason } from "@bitwarden/common/auth/models/domain/force-reset-password-reason";
diff --git a/libs/angular/src/auth/components/remove-password.component.ts b/libs/angular/src/auth/components/remove-password.component.ts
index 444973f2d53..8fc14eb373b 100644
--- a/libs/angular/src/auth/components/remove-password.component.ts
+++ b/libs/angular/src/auth/components/remove-password.component.ts
@@ -8,8 +8,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
-
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 @Directive()
 export class RemovePasswordComponent implements OnInit {
@@ -29,7 +28,7 @@ export class RemovePasswordComponent implements OnInit {
     private i18nService: I18nService,
     private keyConnectorService: KeyConnectorService,
     private organizationApiService: OrganizationApiServiceAbstraction,
-    private dialogService: DialogServiceAbstraction
+    private dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -61,7 +60,7 @@ export class RemovePasswordComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: this.organization.name,
       content: { key: "leaveOrganizationConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/libs/angular/src/auth/components/sso.component.spec.ts b/libs/angular/src/auth/components/sso.component.spec.ts
new file mode 100644
index 00000000000..68c41b66119
--- /dev/null
+++ b/libs/angular/src/auth/components/sso.component.spec.ts
@@ -0,0 +1,567 @@
+import { Component } from "@angular/core";
+import { ComponentFixture, TestBed } from "@angular/core/testing";
+import { ActivatedRoute, Router } from "@angular/router";
+import { MockProxy, mock } from "jest-mock-extended";
+import { Observable, of } from "rxjs";
+
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
+import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
+import { ForceResetPasswordReason } from "@bitwarden/common/auth/models/domain/force-reset-password-reason";
+import { KeyConnectorUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/key-connector-user-decryption-option";
+import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
+import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
+import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+
+import { SsoComponent } from "./sso.component";
+// test component that extends the SsoComponent
+@Component({})
+class TestSsoComponent extends SsoComponent {}
+
+interface SsoComponentProtected {
+  twoFactorRoute: string;
+  successRoute: string;
+  trustedDeviceEncRoute: string;
+  changePasswordRoute: string;
+  forcePasswordResetRoute: string;
+  logIn(code: string, codeVerifier: string, orgIdFromState: string): Promise<AuthResult>;
+  handleLoginError(e: any): Promise<void>;
+}
+
+// The ideal scenario would be to not have to test the protected / private methods of the SsoComponent
+// but that will require a refactor of the SsoComponent class which is out of scope for now.
+// This test suite allows us to be sure that the new Trusted Device encryption flows + mild refactors
+// of the SsoComponent don't break the existing post login flows.
+describe("SsoComponent", () => {
+  let component: TestSsoComponent;
+  let _component: SsoComponentProtected;
+  let fixture: ComponentFixture<TestSsoComponent>;
+
+  // Mock Services
+  let mockAuthService: MockProxy<AuthService>;
+  let mockRouter: MockProxy<Router>;
+  let mockI18nService: MockProxy<I18nService>;
+
+  let mockQueryParams: Observable<any>;
+  let mockActivatedRoute: ActivatedRoute;
+
+  let mockStateService: MockProxy<StateService>;
+  let mockPlatformUtilsService: MockProxy<PlatformUtilsService>;
+  let mockApiService: MockProxy<ApiService>;
+  let mockCryptoFunctionService: MockProxy<CryptoFunctionService>;
+  let mockEnvironmentService: MockProxy<EnvironmentService>;
+  let mockPasswordGenerationService: MockProxy<PasswordGenerationServiceAbstraction>;
+  let mockLogService: MockProxy<LogService>;
+  let mockConfigService: MockProxy<ConfigServiceAbstraction>;
+
+  // Mock authService.logIn params
+  let code: string;
+  let codeVerifier: string;
+  let orgIdFromState: string;
+
+  // Mock component callbacks
+  let mockOnSuccessfulLogin: jest.Mock;
+  let mockOnSuccessfulLoginNavigate: jest.Mock;
+  let mockOnSuccessfulLoginTwoFactorNavigate: jest.Mock;
+  let mockOnSuccessfulLoginChangePasswordNavigate: jest.Mock;
+  let mockOnSuccessfulLoginForceResetNavigate: jest.Mock;
+  let mockOnSuccessfulLoginTdeNavigate: jest.Mock;
+
+  let mockAcctDecryptionOpts: {
+    noMasterPassword: AccountDecryptionOptions;
+    withMasterPassword: AccountDecryptionOptions;
+    withMasterPasswordAndTrustedDevice: AccountDecryptionOptions;
+    withMasterPasswordAndTrustedDeviceWithManageResetPassword: AccountDecryptionOptions;
+    withMasterPasswordAndKeyConnector: AccountDecryptionOptions;
+    noMasterPasswordWithTrustedDevice: AccountDecryptionOptions;
+    noMasterPasswordWithTrustedDeviceWithManageResetPassword: AccountDecryptionOptions;
+    noMasterPasswordWithKeyConnector: AccountDecryptionOptions;
+  };
+
+  beforeEach(() => {
+    // Mock Services
+    mockAuthService = mock<AuthService>();
+    mockRouter = mock<Router>();
+    mockI18nService = mock<I18nService>();
+
+    // Default mockQueryParams
+    mockQueryParams = of({ code: "code", state: "state" });
+    // Create a custom mock for ActivatedRoute with mock queryParams
+    mockActivatedRoute = {
+      queryParams: mockQueryParams,
+    } as any as ActivatedRoute;
+
+    mockStateService = mock<StateService>();
+    mockPlatformUtilsService = mock<PlatformUtilsService>();
+    mockApiService = mock<ApiService>();
+    mockCryptoFunctionService = mock<CryptoFunctionService>();
+    mockEnvironmentService = mock<EnvironmentService>();
+    mockPasswordGenerationService = mock<PasswordGenerationServiceAbstraction>();
+    mockLogService = mock<LogService>();
+    mockConfigService = mock<ConfigServiceAbstraction>();
+
+    // Mock authService.logIn params
+    code = "code";
+    codeVerifier = "codeVerifier";
+    orgIdFromState = "orgIdFromState";
+
+    // Mock component callbacks
+    mockOnSuccessfulLogin = jest.fn();
+    mockOnSuccessfulLoginNavigate = jest.fn();
+    mockOnSuccessfulLoginTwoFactorNavigate = jest.fn();
+    mockOnSuccessfulLoginChangePasswordNavigate = jest.fn();
+    mockOnSuccessfulLoginForceResetNavigate = jest.fn();
+    mockOnSuccessfulLoginTdeNavigate = jest.fn();
+
+    mockAcctDecryptionOpts = {
+      noMasterPassword: new AccountDecryptionOptions({
+        hasMasterPassword: false,
+        trustedDeviceOption: undefined,
+        keyConnectorOption: undefined,
+      }),
+      withMasterPassword: new AccountDecryptionOptions({
+        hasMasterPassword: true,
+        trustedDeviceOption: undefined,
+        keyConnectorOption: undefined,
+      }),
+      withMasterPasswordAndTrustedDevice: new AccountDecryptionOptions({
+        hasMasterPassword: true,
+        trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, false),
+        keyConnectorOption: undefined,
+      }),
+      withMasterPasswordAndTrustedDeviceWithManageResetPassword: new AccountDecryptionOptions({
+        hasMasterPassword: true,
+        trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, true),
+        keyConnectorOption: undefined,
+      }),
+      withMasterPasswordAndKeyConnector: new AccountDecryptionOptions({
+        hasMasterPassword: true,
+        trustedDeviceOption: undefined,
+        keyConnectorOption: new KeyConnectorUserDecryptionOption("http://example.com"),
+      }),
+      noMasterPasswordWithTrustedDevice: new AccountDecryptionOptions({
+        hasMasterPassword: false,
+        trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, false),
+        keyConnectorOption: undefined,
+      }),
+      noMasterPasswordWithTrustedDeviceWithManageResetPassword: new AccountDecryptionOptions({
+        hasMasterPassword: false,
+        trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, true),
+        keyConnectorOption: undefined,
+      }),
+      noMasterPasswordWithKeyConnector: new AccountDecryptionOptions({
+        hasMasterPassword: false,
+        trustedDeviceOption: undefined,
+        keyConnectorOption: new KeyConnectorUserDecryptionOption("http://example.com"),
+      }),
+    };
+
+    TestBed.configureTestingModule({
+      declarations: [TestSsoComponent],
+      providers: [
+        { provide: AuthService, useValue: mockAuthService },
+        { provide: Router, useValue: mockRouter },
+        { provide: I18nService, useValue: mockI18nService },
+        { provide: ActivatedRoute, useValue: mockActivatedRoute },
+        { provide: StateService, useValue: mockStateService },
+        { provide: PlatformUtilsService, useValue: mockPlatformUtilsService },
+
+        { provide: ApiService, useValue: mockApiService },
+        { provide: CryptoFunctionService, useValue: mockCryptoFunctionService },
+        { provide: EnvironmentService, useValue: mockEnvironmentService },
+        { provide: PasswordGenerationServiceAbstraction, useValue: mockPasswordGenerationService },
+
+        { provide: LogService, useValue: mockLogService },
+        { provide: ConfigServiceAbstraction, useValue: mockConfigService },
+      ],
+    });
+
+    fixture = TestBed.createComponent(TestSsoComponent);
+    component = fixture.componentInstance;
+    _component = component as any;
+  });
+
+  afterEach(() => {
+    // Reset all mocks after each test
+    jest.resetAllMocks();
+  });
+
+  it("should create", () => {
+    expect(component).toBeTruthy();
+  });
+
+  describe("navigateViaCallbackOrRoute(...)", () => {
+    it("calls the provided callback when callback is defined", async () => {
+      const callback = jest.fn().mockResolvedValue(null);
+      const commands = ["some", "route"];
+
+      await (component as any).navigateViaCallbackOrRoute(callback, commands);
+
+      expect(callback).toHaveBeenCalledTimes(1);
+      expect(mockRouter.navigate).not.toHaveBeenCalled();
+    });
+
+    it("calls router.navigate when callback is not defined", async () => {
+      const commands = ["some", "route"];
+
+      await (component as any).navigateViaCallbackOrRoute(undefined, commands);
+
+      expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+      expect(mockRouter.navigate).toHaveBeenCalledWith(commands, undefined);
+    });
+  });
+
+  describe("logIn(...)", () => {
+    describe("2FA scenarios", () => {
+      beforeEach(() => {
+        const authResult = new AuthResult();
+        authResult.twoFactorProviders = new Map([[TwoFactorProviderType.Authenticator, {}]]);
+
+        // use standard user with MP because this test is not concerned with password reset.
+        mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+          mockAcctDecryptionOpts.withMasterPassword
+        );
+
+        mockAuthService.logIn.mockResolvedValue(authResult);
+      });
+
+      it("calls authService.logIn and navigates to the component's defined 2FA route when the auth result requires 2FA and onSuccessfulLoginTwoFactorNavigate is not defined", async () => {
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+        expect(mockAuthService.logIn).toHaveBeenCalledTimes(1);
+
+        expect(mockOnSuccessfulLoginTwoFactorNavigate).not.toHaveBeenCalled();
+
+        expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+        expect(mockRouter.navigate).toHaveBeenCalledWith([_component.twoFactorRoute], {
+          queryParams: {
+            identifier: orgIdFromState,
+            sso: "true",
+          },
+        });
+
+        expect(mockLogService.error).not.toHaveBeenCalled();
+      });
+
+      it("calls onSuccessfulLoginTwoFactorNavigate instead of router.navigate when response.requiresTwoFactor is true and the callback is defined", async () => {
+        mockOnSuccessfulLoginTwoFactorNavigate = jest.fn().mockResolvedValue(null);
+        component.onSuccessfulLoginTwoFactorNavigate = mockOnSuccessfulLoginTwoFactorNavigate;
+
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+
+        expect(mockAuthService.logIn).toHaveBeenCalledTimes(1);
+        expect(mockOnSuccessfulLoginTwoFactorNavigate).toHaveBeenCalledTimes(1);
+        expect(mockRouter.navigate).not.toHaveBeenCalled();
+        expect(mockLogService.error).not.toHaveBeenCalled();
+      });
+    });
+
+    // Shared test helpers
+    const testChangePasswordOnSuccessfulLogin = () => {
+      it("navigates to the component's defined change password route when onSuccessfulLoginChangePasswordNavigate callback is undefined", async () => {
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+        expect(mockAuthService.logIn).toHaveBeenCalledTimes(1);
+
+        expect(mockOnSuccessfulLoginChangePasswordNavigate).not.toHaveBeenCalled();
+
+        expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+        expect(mockRouter.navigate).toHaveBeenCalledWith([_component.changePasswordRoute], {
+          queryParams: {
+            identifier: orgIdFromState,
+          },
+        });
+
+        expect(mockLogService.error).not.toHaveBeenCalled();
+      });
+    };
+
+    const testOnSuccessfulLoginChangePasswordNavigate = () => {
+      it("calls onSuccessfulLoginChangePasswordNavigate instead of router.navigate when the callback is defined", async () => {
+        mockOnSuccessfulLoginChangePasswordNavigate = jest.fn().mockResolvedValue(null);
+        component.onSuccessfulLoginChangePasswordNavigate =
+          mockOnSuccessfulLoginChangePasswordNavigate;
+
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+
+        expect(mockAuthService.logIn).toHaveBeenCalledTimes(1);
+        expect(mockOnSuccessfulLoginChangePasswordNavigate).toHaveBeenCalledTimes(1);
+        expect(mockRouter.navigate).not.toHaveBeenCalled();
+        expect(mockLogService.error).not.toHaveBeenCalled();
+      });
+    };
+
+    const testForceResetOnSuccessfulLogin = (reasonString: string) => {
+      it(`navigates to the component's defined forcePasswordResetRoute when response.forcePasswordReset is ${reasonString}`, async () => {
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+
+        expect(mockAuthService.logIn).toHaveBeenCalledTimes(1);
+
+        expect(mockOnSuccessfulLoginForceResetNavigate).not.toHaveBeenCalled();
+
+        expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+        expect(mockRouter.navigate).toHaveBeenCalledWith([_component.forcePasswordResetRoute], {
+          queryParams: {
+            identifier: orgIdFromState,
+          },
+        });
+        expect(mockLogService.error).not.toHaveBeenCalled();
+      });
+    };
+
+    const testOnSuccessfulLoginForceResetNavigate = (reasonString: string) => {
+      it(`calls onSuccessfulLoginForceResetNavigate instead of router.navigate when response.forcePasswordReset is ${reasonString} and the callback is defined`, async () => {
+        mockOnSuccessfulLoginForceResetNavigate = jest.fn().mockResolvedValue(null);
+        component.onSuccessfulLoginForceResetNavigate = mockOnSuccessfulLoginForceResetNavigate;
+
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+
+        expect(mockAuthService.logIn).toHaveBeenCalledTimes(1);
+        expect(mockOnSuccessfulLoginForceResetNavigate).toHaveBeenCalledTimes(1);
+        expect(mockRouter.navigate).not.toHaveBeenCalled();
+        expect(mockLogService.error).not.toHaveBeenCalled();
+      });
+    };
+
+    describe("Trusted Device Encryption scenarios", () => {
+      beforeEach(() => {
+        mockConfigService.getFeatureFlagBool.mockResolvedValue(true); // TDE enabled
+      });
+
+      describe("Given Trusted Device Encryption is enabled and user needs to set a master password", () => {
+        let authResult;
+        beforeEach(() => {
+          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+            mockAcctDecryptionOpts.noMasterPasswordWithTrustedDeviceWithManageResetPassword
+          );
+
+          authResult = new AuthResult();
+          mockAuthService.logIn.mockResolvedValue(authResult);
+        });
+
+        testChangePasswordOnSuccessfulLogin();
+        testOnSuccessfulLoginChangePasswordNavigate();
+      });
+
+      describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is required", () => {
+        [
+          ForceResetPasswordReason.AdminForcePasswordReset,
+          ForceResetPasswordReason.WeakMasterPassword,
+        ].forEach((forceResetPasswordReason) => {
+          const reasonString = ForceResetPasswordReason[forceResetPasswordReason];
+          let authResult;
+          beforeEach(() => {
+            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+              mockAcctDecryptionOpts.withMasterPasswordAndTrustedDevice
+            );
+
+            authResult = new AuthResult();
+            authResult.forcePasswordReset = ForceResetPasswordReason.AdminForcePasswordReset;
+            mockAuthService.logIn.mockResolvedValue(authResult);
+          });
+
+          testForceResetOnSuccessfulLogin(reasonString);
+          testOnSuccessfulLoginForceResetNavigate(reasonString);
+        });
+      });
+
+      describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is not required", () => {
+        let authResult;
+        beforeEach(() => {
+          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+            mockAcctDecryptionOpts.withMasterPasswordAndTrustedDevice
+          );
+
+          authResult = new AuthResult();
+          authResult.forcePasswordReset = ForceResetPasswordReason.None;
+          mockAuthService.logIn.mockResolvedValue(authResult);
+        });
+
+        it("navigates to the component's defined trusted device encryption route when login is successful and no callback is defined", async () => {
+          await _component.logIn(code, codeVerifier, orgIdFromState);
+
+          expect(mockAuthService.logIn).toHaveBeenCalledTimes(1);
+          expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+          expect(mockRouter.navigate).toHaveBeenCalledWith(
+            [_component.trustedDeviceEncRoute],
+            undefined
+          );
+          expect(mockLogService.error).not.toHaveBeenCalled();
+        });
+
+        it("calls onSuccessfulLoginTdeNavigate instead of router.navigate when the callback is defined", async () => {
+          mockOnSuccessfulLoginTdeNavigate = jest.fn().mockResolvedValue(null);
+          component.onSuccessfulLoginTdeNavigate = mockOnSuccessfulLoginTdeNavigate;
+
+          await _component.logIn(code, codeVerifier, orgIdFromState);
+
+          expect(mockAuthService.logIn).toHaveBeenCalledTimes(1);
+
+          expect(mockOnSuccessfulLoginTdeNavigate).toHaveBeenCalledTimes(1);
+
+          expect(mockRouter.navigate).not.toHaveBeenCalled();
+          expect(mockLogService.error).not.toHaveBeenCalled();
+        });
+      });
+    });
+
+    describe("Set Master Password scenarios", () => {
+      beforeEach(() => {
+        const authResult = new AuthResult();
+        mockAuthService.logIn.mockResolvedValue(authResult);
+      });
+
+      describe("Given user needs to set a master password", () => {
+        beforeEach(() => {
+          // Only need to test the case where the user has no master password to test the primary change mp flow here
+          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+            mockAcctDecryptionOpts.noMasterPassword
+          );
+        });
+
+        testChangePasswordOnSuccessfulLogin();
+        testOnSuccessfulLoginChangePasswordNavigate();
+      });
+
+      it("does not navigate to the change password route when the user has key connector even if user has no master password", async () => {
+        mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+          mockAcctDecryptionOpts.noMasterPasswordWithKeyConnector
+        );
+
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+        expect(mockAuthService.logIn).toHaveBeenCalledTimes(1);
+
+        expect(mockOnSuccessfulLoginChangePasswordNavigate).not.toHaveBeenCalled();
+        expect(mockRouter.navigate).not.toHaveBeenCalledWith([_component.changePasswordRoute], {
+          queryParams: {
+            identifier: orgIdFromState,
+          },
+        });
+      });
+    });
+
+    describe("Force Master Password Reset scenarios", () => {
+      [
+        ForceResetPasswordReason.AdminForcePasswordReset,
+        ForceResetPasswordReason.WeakMasterPassword,
+      ].forEach((forceResetPasswordReason) => {
+        const reasonString = ForceResetPasswordReason[forceResetPasswordReason];
+
+        beforeEach(() => {
+          // use standard user with MP because this test is not concerned with password reset.
+          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+            mockAcctDecryptionOpts.withMasterPassword
+          );
+
+          const authResult = new AuthResult();
+          authResult.forcePasswordReset = forceResetPasswordReason;
+          mockAuthService.logIn.mockResolvedValue(authResult);
+        });
+
+        testForceResetOnSuccessfulLogin(reasonString);
+        testOnSuccessfulLoginForceResetNavigate(reasonString);
+      });
+    });
+
+    describe("Success scenarios", () => {
+      beforeEach(() => {
+        const authResult = new AuthResult();
+        authResult.twoFactorProviders = null;
+        // use standard user with MP because this test is not concerned with password reset.
+        mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+          mockAcctDecryptionOpts.withMasterPassword
+        );
+        authResult.forcePasswordReset = ForceResetPasswordReason.None;
+        mockAuthService.logIn.mockResolvedValue(authResult);
+      });
+
+      it("calls authService.logIn and navigates to the component's defined success route when the login is successful", async () => {
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+
+        expect(mockAuthService.logIn).toHaveBeenCalled();
+
+        expect(mockOnSuccessfulLoginNavigate).not.toHaveBeenCalled();
+        expect(mockOnSuccessfulLogin).not.toHaveBeenCalled();
+
+        expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+        expect(mockRouter.navigate).toHaveBeenCalledWith([_component.successRoute], undefined);
+        expect(mockLogService.error).not.toHaveBeenCalled();
+      });
+
+      it("calls onSuccessfulLogin if defined when login is successful", async () => {
+        mockOnSuccessfulLogin = jest.fn().mockResolvedValue(null);
+        component.onSuccessfulLogin = mockOnSuccessfulLogin;
+
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+
+        expect(mockAuthService.logIn).toHaveBeenCalled();
+        expect(mockOnSuccessfulLogin).toHaveBeenCalledTimes(1);
+
+        expect(mockOnSuccessfulLoginNavigate).not.toHaveBeenCalled();
+
+        expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+        expect(mockRouter.navigate).toHaveBeenCalledWith([_component.successRoute], undefined);
+
+        expect(mockLogService.error).not.toHaveBeenCalled();
+      });
+
+      it("calls onSuccessfulLoginNavigate instead of router.navigate when login is successful and the callback is defined", async () => {
+        mockOnSuccessfulLoginNavigate = jest.fn().mockResolvedValue(null);
+        component.onSuccessfulLoginNavigate = mockOnSuccessfulLoginNavigate;
+
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+
+        expect(mockAuthService.logIn).toHaveBeenCalled();
+
+        expect(mockOnSuccessfulLoginNavigate).toHaveBeenCalledTimes(1);
+
+        expect(mockRouter.navigate).not.toHaveBeenCalled();
+
+        expect(mockLogService.error).not.toHaveBeenCalled();
+      });
+    });
+
+    describe("Error scenarios", () => {
+      it("calls handleLoginError when an error is thrown during logIn", async () => {
+        const errorMessage = "Key Connector error";
+        const error = new Error(errorMessage);
+        mockAuthService.logIn.mockRejectedValue(error);
+
+        const handleLoginErrorSpy = jest.spyOn(_component, "handleLoginError");
+
+        await _component.logIn(code, codeVerifier, orgIdFromState);
+
+        expect(handleLoginErrorSpy).toHaveBeenCalledWith(error);
+      });
+    });
+  });
+
+  describe("handleLoginError(e)", () => {
+    it("logs the error and shows a toast when the error message is 'Key Connector error'", async () => {
+      const errorMessage = "Key Connector error";
+      const error = new Error(errorMessage);
+
+      mockI18nService.t.mockReturnValueOnce("ssoKeyConnectorError");
+
+      await _component.handleLoginError(error);
+
+      expect(mockLogService.error).toHaveBeenCalledTimes(1);
+      expect(mockLogService.error).toHaveBeenCalledWith(error);
+
+      expect(mockPlatformUtilsService.showToast).toHaveBeenCalledTimes(1);
+      expect(mockPlatformUtilsService.showToast).toHaveBeenCalledWith(
+        "error",
+        null,
+        "ssoKeyConnectorError"
+      );
+
+      expect(mockRouter.navigate).not.toHaveBeenCalled();
+    });
+  });
+});
diff --git a/libs/angular/src/auth/components/sso.component.ts b/libs/angular/src/auth/components/sso.component.ts
index 93f40d861d8..8030e880a54 100644
--- a/libs/angular/src/auth/components/sso.component.ts
+++ b/libs/angular/src/auth/components/sso.component.ts
@@ -1,5 +1,5 @@
 import { Directive } from "@angular/core";
-import { ActivatedRoute, Router } from "@angular/router";
+import { ActivatedRoute, NavigationExtras, Router } from "@angular/router";
 import { first } from "rxjs/operators";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
@@ -7,7 +7,10 @@ import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceResetPasswordReason } from "@bitwarden/common/auth/models/domain/force-reset-password-reason";
 import { SsoLogInCredentials } from "@bitwarden/common/auth/models/domain/log-in-credentials";
+import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
 import { SsoPreValidateResponse } from "@bitwarden/common/auth/models/response/sso-pre-validate.response";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -15,6 +18,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 
 @Directive()
@@ -24,14 +28,18 @@ export class SsoComponent {
 
   formPromise: Promise<AuthResult>;
   initiateSsoFormPromise: Promise<SsoPreValidateResponse>;
-  onSuccessfulLogin: () => Promise<any>;
-  onSuccessfulLoginNavigate: () => Promise<any>;
-  onSuccessfulLoginTwoFactorNavigate: () => Promise<any>;
-  onSuccessfulLoginChangePasswordNavigate: () => Promise<any>;
-  onSuccessfulLoginForceResetNavigate: () => Promise<any>;
+  onSuccessfulLogin: () => Promise<void>;
+  onSuccessfulLoginNavigate: () => Promise<void>;
+  onSuccessfulLoginTwoFactorNavigate: () => Promise<void>;
+  onSuccessfulLoginChangePasswordNavigate: () => Promise<void>;
+  onSuccessfulLoginForceResetNavigate: () => Promise<void>;
+
+  onSuccessfulLoginTde: () => Promise<void>;
+  onSuccessfulLoginTdeNavigate: () => Promise<void>;
 
   protected twoFactorRoute = "2fa";
   protected successRoute = "lock";
+  protected trustedDeviceEncRoute = "login-initiated";
   protected changePasswordRoute = "set-password";
   protected forcePasswordResetRoute = "update-temp-password";
   protected clientId: string;
@@ -50,7 +58,8 @@ export class SsoComponent {
     protected cryptoFunctionService: CryptoFunctionService,
     protected environmentService: EnvironmentService,
     protected passwordGenerationService: PasswordGenerationServiceAbstraction,
-    protected logService: LogService
+    protected logService: LogService,
+    protected configService: ConfigServiceAbstraction
   ) {}
 
   async ngOnInit() {
@@ -67,11 +76,12 @@ export class SsoComponent {
           state != null &&
           this.checkState(state, qParams.state)
         ) {
-          await this.logIn(
-            qParams.code,
-            codeVerifier,
-            this.getOrgIdentifierFromState(qParams.state)
-          );
+          // We are not using a query param to pass org identifier around specifically
+          // for the browser SSO case when it needs it on extension open after SSO success
+          // on the TDE login decryption options component
+          const ssoOrganizationIdentifier = this.getOrgIdentifierFromState(qParams.state);
+          await this.logIn(qParams.code, codeVerifier, ssoOrganizationIdentifier);
+          await this.stateService.setUserSsoOrganizationIdentifier(ssoOrganizationIdentifier);
         }
       } else if (
         qParams.clientId != null &&
@@ -173,67 +183,172 @@ export class SsoComponent {
     return authorizeUrl;
   }
 
-  private async logIn(code: string, codeVerifier: string, orgIdFromState: string) {
+  private async logIn(code: string, codeVerifier: string, orgIdentifier: string) {
     this.loggingIn = true;
     try {
       const credentials = new SsoLogInCredentials(
         code,
         codeVerifier,
         this.redirectUri,
-        orgIdFromState
+        orgIdentifier
       );
       this.formPromise = this.authService.logIn(credentials);
-      const response = await this.formPromise;
-      if (response.requiresTwoFactor) {
-        if (this.onSuccessfulLoginTwoFactorNavigate != null) {
-          await this.onSuccessfulLoginTwoFactorNavigate();
-        } else {
-          this.router.navigate([this.twoFactorRoute], {
-            queryParams: {
-              identifier: orgIdFromState,
-              sso: "true",
-            },
-          });
-        }
-      } else if (response.resetMasterPassword) {
-        if (this.onSuccessfulLoginChangePasswordNavigate != null) {
-          await this.onSuccessfulLoginChangePasswordNavigate();
-        } else {
-          this.router.navigate([this.changePasswordRoute], {
-            queryParams: {
-              identifier: orgIdFromState,
-            },
-          });
-        }
-      } else if (response.forcePasswordReset !== ForceResetPasswordReason.None) {
-        if (this.onSuccessfulLoginForceResetNavigate != null) {
-          await this.onSuccessfulLoginForceResetNavigate();
-        } else {
-          this.router.navigate([this.forcePasswordResetRoute]);
-        }
-      } else {
-        if (this.onSuccessfulLogin != null) {
-          await this.onSuccessfulLogin();
-        }
-        if (this.onSuccessfulLoginNavigate != null) {
-          await this.onSuccessfulLoginNavigate();
-        } else {
-          this.router.navigate([this.successRoute]);
-        }
-      }
-    } catch (e) {
-      this.logService.error(e);
+      const authResult = await this.formPromise;
 
-      // TODO: Key Connector Service should pass this error message to the logout callback instead of displaying here
-      if (e.message === "Key Connector error") {
-        this.platformUtilsService.showToast(
-          "error",
-          null,
-          this.i18nService.t("ssoKeyConnectorError")
+      const acctDecryptionOpts: AccountDecryptionOptions =
+        await this.stateService.getAccountDecryptionOptions();
+
+      if (authResult.requiresTwoFactor) {
+        return await this.handleTwoFactorRequired(orgIdentifier);
+      }
+
+      const tdeEnabled = await this.isTrustedDeviceEncEnabled(
+        acctDecryptionOpts.trustedDeviceOption
+      );
+
+      if (tdeEnabled) {
+        return await this.handleTrustedDeviceEncryptionEnabled(
+          authResult,
+          orgIdentifier,
+          acctDecryptionOpts
         );
       }
+
+      // In the standard, non TDE case, a user must set password if they don't
+      // have one and they aren't using key connector.
+      // Note: TDE & Key connector are mutually exclusive org config options.
+      const requireSetPassword =
+        !acctDecryptionOpts.hasMasterPassword &&
+        acctDecryptionOpts.keyConnectorOption === undefined;
+
+      if (requireSetPassword || authResult.resetMasterPassword) {
+        // Change implies going no password -> password in this case
+        return await this.handleChangePasswordRequired(orgIdentifier);
+      }
+
+      // Users can be forced to reset their password via an admin or org policy
+      // disallowing weak passwords
+      if (authResult.forcePasswordReset !== ForceResetPasswordReason.None) {
+        return await this.handleForcePasswordReset(orgIdentifier);
+      }
+
+      // Standard SSO login success case
+      return await this.handleSuccessfulLogin();
+    } catch (e) {
+      await this.handleLoginError(e);
+    }
+  }
+
+  private async isTrustedDeviceEncEnabled(
+    trustedDeviceOption: TrustedDeviceUserDecryptionOption
+  ): Promise<boolean> {
+    const trustedDeviceEncryptionFeatureActive = await this.configService.getFeatureFlagBool(
+      FeatureFlag.TrustedDeviceEncryption
+    );
+
+    return trustedDeviceEncryptionFeatureActive && trustedDeviceOption !== undefined;
+  }
+
+  private async handleTwoFactorRequired(orgIdentifier: string) {
+    await this.navigateViaCallbackOrRoute(
+      this.onSuccessfulLoginTwoFactorNavigate,
+      [this.twoFactorRoute],
+      {
+        queryParams: {
+          identifier: orgIdentifier,
+          sso: "true",
+        },
+      }
+    );
+  }
+
+  private async handleTrustedDeviceEncryptionEnabled(
+    authResult: AuthResult,
+    orgIdentifier: string,
+    acctDecryptionOpts: AccountDecryptionOptions
+  ): Promise<void> {
+    // If user doesn't have a MP, but has reset password permission, they must set a MP
+    if (
+      !acctDecryptionOpts.hasMasterPassword &&
+      acctDecryptionOpts.trustedDeviceOption.hasManageResetPasswordPermission
+    ) {
+      // Change implies going no password -> password in this case
+      return await this.handleChangePasswordRequired(orgIdentifier);
+    }
+
+    if (authResult.forcePasswordReset !== ForceResetPasswordReason.None) {
+      return await this.handleForcePasswordReset(orgIdentifier);
+    }
+
+    if (this.onSuccessfulLoginTde != null) {
+      // Don't await b/c causes hang on desktop & browser
+      this.onSuccessfulLoginTde();
+    }
+
+    this.navigateViaCallbackOrRoute(
+      this.onSuccessfulLoginTdeNavigate,
+      // Navigate to TDE page (if user was on trusted device and TDE has decrypted
+      //  their user key, the login-initiated guard will redirect them to the vault)
+      [this.trustedDeviceEncRoute]
+    );
+  }
+
+  private async handleChangePasswordRequired(orgIdentifier: string) {
+    await this.navigateViaCallbackOrRoute(
+      this.onSuccessfulLoginChangePasswordNavigate,
+      [this.changePasswordRoute],
+      {
+        queryParams: {
+          identifier: orgIdentifier,
+        },
+      }
+    );
+  }
+
+  private async handleForcePasswordReset(orgIdentifier: string) {
+    await this.navigateViaCallbackOrRoute(
+      this.onSuccessfulLoginForceResetNavigate,
+      [this.forcePasswordResetRoute],
+      {
+        queryParams: {
+          identifier: orgIdentifier,
+        },
+      }
+    );
+  }
+
+  private async handleSuccessfulLogin() {
+    if (this.onSuccessfulLogin != null) {
+      // Don't await b/c causes hang on desktop & browser
+      this.onSuccessfulLogin();
+    }
+
+    await this.navigateViaCallbackOrRoute(this.onSuccessfulLoginNavigate, [this.successRoute]);
+  }
+
+  private async handleLoginError(e: any) {
+    this.logService.error(e);
+
+    // TODO: Key Connector Service should pass this error message to the logout callback instead of displaying here
+    if (e.message === "Key Connector error") {
+      this.platformUtilsService.showToast(
+        "error",
+        null,
+        this.i18nService.t("ssoKeyConnectorError")
+      );
+    }
+  }
+
+  private async navigateViaCallbackOrRoute(
+    callback: () => Promise<unknown>,
+    commands: unknown[],
+    extras?: NavigationExtras
+  ): Promise<void> {
+    if (callback) {
+      await callback();
+    } else {
+      await this.router.navigate(commands, extras);
     }
-    this.loggingIn = false;
   }
 
   private getOrgIdentifierFromState(state: string): string {
diff --git a/libs/angular/src/auth/components/two-factor-options.component.ts b/libs/angular/src/auth/components/two-factor-options.component.ts
index a7d8a3235e3..786a9d7bb54 100644
--- a/libs/angular/src/auth/components/two-factor-options.component.ts
+++ b/libs/angular/src/auth/components/two-factor-options.component.ts
@@ -30,7 +30,7 @@ export class TwoFactorOptionsComponent implements OnInit {
   }
 
   recover() {
-    this.platformUtilsService.launchUri("https://bitwarden.com/help/lost-two-step-device/");
+    this.platformUtilsService.launchUri("https://vault.bitwarden.com/#/recover-2fa");
     this.onRecoverSelected.emit();
   }
 }
diff --git a/libs/angular/src/auth/components/two-factor.component.spec.ts b/libs/angular/src/auth/components/two-factor.component.spec.ts
new file mode 100644
index 00000000000..470c9d4eb7c
--- /dev/null
+++ b/libs/angular/src/auth/components/two-factor.component.spec.ts
@@ -0,0 +1,451 @@
+import { Component } from "@angular/core";
+import { ComponentFixture, TestBed } from "@angular/core/testing";
+import { ActivatedRoute, Router, convertToParamMap } from "@angular/router";
+import { MockProxy, mock } from "jest-mock-extended";
+
+// eslint-disable-next-line no-restricted-imports
+import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
+import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
+import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
+import { ForceResetPasswordReason } from "@bitwarden/common/auth/models/domain/force-reset-password-reason";
+import { KeyConnectorUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/key-connector-user-decryption-option";
+import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
+import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/identity-token/token-two-factor.request";
+import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
+import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
+
+import { TwoFactorComponent } from "./two-factor.component";
+
+// test component that extends the TwoFactorComponent
+@Component({})
+class TestTwoFactorComponent extends TwoFactorComponent {}
+
+interface TwoFactorComponentProtected {
+  trustedDeviceEncRoute: string;
+  changePasswordRoute: string;
+  forcePasswordResetRoute: string;
+  successRoute: string;
+}
+
+describe("TwoFactorComponent", () => {
+  let component: TestTwoFactorComponent;
+  let _component: TwoFactorComponentProtected;
+
+  let fixture: ComponentFixture<TestTwoFactorComponent>;
+
+  // Mock Services
+  let mockAuthService: MockProxy<AuthService>;
+  let mockRouter: MockProxy<Router>;
+  let mockI18nService: MockProxy<I18nService>;
+  let mockApiService: MockProxy<ApiService>;
+  let mockPlatformUtilsService: MockProxy<PlatformUtilsService>;
+  let mockWin: MockProxy<Window>;
+  let mockEnvironmentService: MockProxy<EnvironmentService>;
+  let mockStateService: MockProxy<StateService>;
+  let mockLogService: MockProxy<LogService>;
+  let mockTwoFactorService: MockProxy<TwoFactorService>;
+  let mockAppIdService: MockProxy<AppIdService>;
+  let mockLoginService: MockProxy<LoginService>;
+  let mockConfigService: MockProxy<ConfigServiceAbstraction>;
+
+  let mockAcctDecryptionOpts: {
+    noMasterPassword: AccountDecryptionOptions;
+    withMasterPassword: AccountDecryptionOptions;
+    withMasterPasswordAndTrustedDevice: AccountDecryptionOptions;
+    withMasterPasswordAndTrustedDeviceWithManageResetPassword: AccountDecryptionOptions;
+    withMasterPasswordAndKeyConnector: AccountDecryptionOptions;
+    noMasterPasswordWithTrustedDevice: AccountDecryptionOptions;
+    noMasterPasswordWithTrustedDeviceWithManageResetPassword: AccountDecryptionOptions;
+    noMasterPasswordWithKeyConnector: AccountDecryptionOptions;
+  };
+
+  beforeEach(() => {
+    mockAuthService = mock<AuthService>();
+    mockRouter = mock<Router>();
+    mockI18nService = mock<I18nService>();
+    mockApiService = mock<ApiService>();
+    mockPlatformUtilsService = mock<PlatformUtilsService>();
+    mockWin = mock<Window>();
+    mockEnvironmentService = mock<EnvironmentService>();
+    mockStateService = mock<StateService>();
+    mockLogService = mock<LogService>();
+    mockTwoFactorService = mock<TwoFactorService>();
+    mockAppIdService = mock<AppIdService>();
+    mockLoginService = mock<LoginService>();
+    mockConfigService = mock<ConfigServiceAbstraction>();
+
+    mockAcctDecryptionOpts = {
+      noMasterPassword: new AccountDecryptionOptions({
+        hasMasterPassword: false,
+        trustedDeviceOption: undefined,
+        keyConnectorOption: undefined,
+      }),
+      withMasterPassword: new AccountDecryptionOptions({
+        hasMasterPassword: true,
+        trustedDeviceOption: undefined,
+        keyConnectorOption: undefined,
+      }),
+      withMasterPasswordAndTrustedDevice: new AccountDecryptionOptions({
+        hasMasterPassword: true,
+        trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, false),
+        keyConnectorOption: undefined,
+      }),
+      withMasterPasswordAndTrustedDeviceWithManageResetPassword: new AccountDecryptionOptions({
+        hasMasterPassword: true,
+        trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, true),
+        keyConnectorOption: undefined,
+      }),
+      withMasterPasswordAndKeyConnector: new AccountDecryptionOptions({
+        hasMasterPassword: true,
+        trustedDeviceOption: undefined,
+        keyConnectorOption: new KeyConnectorUserDecryptionOption("http://example.com"),
+      }),
+      noMasterPasswordWithTrustedDevice: new AccountDecryptionOptions({
+        hasMasterPassword: false,
+        trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, false),
+        keyConnectorOption: undefined,
+      }),
+      noMasterPasswordWithTrustedDeviceWithManageResetPassword: new AccountDecryptionOptions({
+        hasMasterPassword: false,
+        trustedDeviceOption: new TrustedDeviceUserDecryptionOption(true, false, true),
+        keyConnectorOption: undefined,
+      }),
+      noMasterPasswordWithKeyConnector: new AccountDecryptionOptions({
+        hasMasterPassword: false,
+        trustedDeviceOption: undefined,
+        keyConnectorOption: new KeyConnectorUserDecryptionOption("http://example.com"),
+      }),
+    };
+
+    TestBed.configureTestingModule({
+      declarations: [TestTwoFactorComponent],
+      providers: [
+        { provide: AuthService, useValue: mockAuthService },
+        { provide: Router, useValue: mockRouter },
+        { provide: I18nService, useValue: mockI18nService },
+        { provide: ApiService, useValue: mockApiService },
+        { provide: PlatformUtilsService, useValue: mockPlatformUtilsService },
+        { provide: WINDOW, useValue: mockWin },
+        { provide: EnvironmentService, useValue: mockEnvironmentService },
+        { provide: StateService, useValue: mockStateService },
+        {
+          provide: ActivatedRoute,
+          useValue: {
+            snapshot: {
+              // Default to standard 2FA flow - not SSO + 2FA
+              queryParamMap: convertToParamMap({ sso: "false" }),
+            },
+          },
+        },
+        { provide: LogService, useValue: mockLogService },
+        { provide: TwoFactorService, useValue: mockTwoFactorService },
+        { provide: AppIdService, useValue: mockAppIdService },
+        { provide: LoginService, useValue: mockLoginService },
+        { provide: ConfigServiceAbstraction, useValue: mockConfigService },
+      ],
+    });
+
+    fixture = TestBed.createComponent(TestTwoFactorComponent);
+    component = fixture.componentInstance;
+    _component = component as any;
+  });
+
+  afterEach(() => {
+    // Reset all mocks after each test
+    jest.resetAllMocks();
+  });
+
+  it("should create", () => {
+    expect(component).toBeTruthy();
+  });
+
+  // Shared tests
+  const testChangePasswordOnSuccessfulLogin = () => {
+    it("navigates to the component's defined change password route when user doesn't have a MP and key connector isn't enabled", async () => {
+      // Act
+      await component.doSubmit();
+
+      // Assert
+      expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+      expect(mockRouter.navigate).toHaveBeenCalledWith([_component.changePasswordRoute], {
+        queryParams: {
+          identifier: component.orgIdentifier,
+        },
+      });
+    });
+  };
+
+  const testForceResetOnSuccessfulLogin = (reasonString: string) => {
+    it(`navigates to the component's defined forcePasswordResetRoute route when response.forcePasswordReset is ${reasonString}`, async () => {
+      // Act
+      await component.doSubmit();
+
+      // expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+      expect(mockRouter.navigate).toHaveBeenCalledWith([_component.forcePasswordResetRoute], {
+        queryParams: {
+          identifier: component.orgIdentifier,
+        },
+      });
+    });
+  };
+
+  describe("Standard 2FA scenarios", () => {
+    describe("doSubmit", () => {
+      const token = "testToken";
+      const remember = false;
+      const captchaToken = "testCaptchaToken";
+
+      beforeEach(() => {
+        component.token = token;
+        component.remember = remember;
+        component.captchaToken = captchaToken;
+
+        mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+          mockAcctDecryptionOpts.withMasterPassword
+        );
+      });
+
+      it("calls authService.logInTwoFactor with correct parameters when form is submitted", async () => {
+        // Arrange
+        mockAuthService.logInTwoFactor.mockResolvedValue(new AuthResult());
+
+        // Act
+        await component.doSubmit();
+
+        // Assert
+        expect(mockAuthService.logInTwoFactor).toHaveBeenCalledWith(
+          new TokenTwoFactorRequest(component.selectedProviderType, token, remember),
+          captchaToken
+        );
+      });
+
+      it("should return when handleCaptchaRequired returns true", async () => {
+        // Arrange
+        const captchaSiteKey = "testCaptchaSiteKey";
+        const authResult = new AuthResult();
+        authResult.captchaSiteKey = captchaSiteKey;
+
+        mockAuthService.logInTwoFactor.mockResolvedValue(authResult);
+
+        // Note: the any casts are required b/c typescript cant recognize that
+        // handleCaptureRequired is a method on TwoFactorComponent b/c it is inherited
+        // from the CaptchaProtectedComponent
+        const handleCaptchaRequiredSpy = jest
+          .spyOn<any, any>(component, "handleCaptchaRequired")
+          .mockReturnValue(true);
+
+        // Act
+        const result = await component.doSubmit();
+
+        // Assert
+        expect(handleCaptchaRequiredSpy).toHaveBeenCalled();
+        expect(result).toBeUndefined();
+      });
+
+      it("calls onSuccessfulLogin when defined", async () => {
+        // Arrange
+        component.onSuccessfulLogin = jest.fn().mockResolvedValue(undefined);
+        mockAuthService.logInTwoFactor.mockResolvedValue(new AuthResult());
+
+        // Act
+        await component.doSubmit();
+
+        // Assert
+        expect(component.onSuccessfulLogin).toHaveBeenCalled();
+      });
+
+      it("calls loginService.clearValues() when login is successful", async () => {
+        // Arrange
+        mockAuthService.logInTwoFactor.mockResolvedValue(new AuthResult());
+        // spy on loginService.clearValues
+        const clearValuesSpy = jest.spyOn(mockLoginService, "clearValues");
+
+        // Act
+        await component.doSubmit();
+
+        // Assert
+        expect(clearValuesSpy).toHaveBeenCalled();
+      });
+
+      describe("Set Master Password scenarios", () => {
+        beforeEach(() => {
+          const authResult = new AuthResult();
+          mockAuthService.logInTwoFactor.mockResolvedValue(authResult);
+        });
+
+        describe("Given user needs to set a master password", () => {
+          beforeEach(() => {
+            // Only need to test the case where the user has no master password to test the primary change mp flow here
+            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+              mockAcctDecryptionOpts.noMasterPassword
+            );
+          });
+
+          testChangePasswordOnSuccessfulLogin();
+        });
+
+        it("does not navigate to the change password route when the user has key connector even if user has no master password", async () => {
+          mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+            mockAcctDecryptionOpts.noMasterPasswordWithKeyConnector
+          );
+
+          await component.doSubmit();
+
+          expect(mockRouter.navigate).not.toHaveBeenCalledWith([_component.changePasswordRoute], {
+            queryParams: {
+              identifier: component.orgIdentifier,
+            },
+          });
+        });
+      });
+
+      describe("Force Master Password Reset scenarios", () => {
+        [
+          ForceResetPasswordReason.AdminForcePasswordReset,
+          ForceResetPasswordReason.WeakMasterPassword,
+        ].forEach((forceResetPasswordReason) => {
+          const reasonString = ForceResetPasswordReason[forceResetPasswordReason];
+
+          beforeEach(() => {
+            // use standard user with MP because this test is not concerned with password reset.
+            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+              mockAcctDecryptionOpts.withMasterPassword
+            );
+
+            const authResult = new AuthResult();
+            authResult.forcePasswordReset = forceResetPasswordReason;
+            mockAuthService.logInTwoFactor.mockResolvedValue(authResult);
+          });
+
+          testForceResetOnSuccessfulLogin(reasonString);
+        });
+      });
+
+      it("calls onSuccessfulLoginNavigate when the callback is defined", async () => {
+        // Arrange
+        component.onSuccessfulLoginNavigate = jest.fn().mockResolvedValue(undefined);
+        mockAuthService.logInTwoFactor.mockResolvedValue(new AuthResult());
+
+        // Act
+        await component.doSubmit();
+
+        // Assert
+        expect(component.onSuccessfulLoginNavigate).toHaveBeenCalled();
+      });
+
+      it("navigates to the component's defined success route when the login is successful and onSuccessfulLoginNavigate is undefined", async () => {
+        mockAuthService.logInTwoFactor.mockResolvedValue(new AuthResult());
+
+        // Act
+        await component.doSubmit();
+
+        // Assert
+        expect(component.onSuccessfulLoginNavigate).not.toBeDefined();
+
+        expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+        expect(mockRouter.navigate).toHaveBeenCalledWith([_component.successRoute], undefined);
+      });
+    });
+  });
+
+  describe("SSO > 2FA scenarios", () => {
+    beforeEach(() => {
+      const mockActivatedRoute = TestBed.inject(ActivatedRoute);
+      mockActivatedRoute.snapshot.queryParamMap.get = jest.fn().mockReturnValue("true");
+    });
+
+    describe("doSubmit", () => {
+      const token = "testToken";
+      const remember = false;
+      const captchaToken = "testCaptchaToken";
+
+      beforeEach(() => {
+        component.token = token;
+        component.remember = remember;
+        component.captchaToken = captchaToken;
+      });
+
+      describe("Trusted Device Encryption scenarios", () => {
+        beforeEach(() => {
+          mockConfigService.getFeatureFlagBool.mockResolvedValue(true);
+        });
+
+        describe("Given Trusted Device Encryption is enabled and user needs to set a master password", () => {
+          beforeEach(() => {
+            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+              mockAcctDecryptionOpts.noMasterPasswordWithTrustedDeviceWithManageResetPassword
+            );
+
+            const authResult = new AuthResult();
+            mockAuthService.logInTwoFactor.mockResolvedValue(authResult);
+          });
+
+          testChangePasswordOnSuccessfulLogin();
+        });
+
+        describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is required", () => {
+          [
+            ForceResetPasswordReason.AdminForcePasswordReset,
+            ForceResetPasswordReason.WeakMasterPassword,
+          ].forEach((forceResetPasswordReason) => {
+            const reasonString = ForceResetPasswordReason[forceResetPasswordReason];
+
+            beforeEach(() => {
+              // use standard user with MP because this test is not concerned with password reset.
+              mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+                mockAcctDecryptionOpts.withMasterPasswordAndTrustedDevice
+              );
+
+              const authResult = new AuthResult();
+              authResult.forcePasswordReset = forceResetPasswordReason;
+              mockAuthService.logInTwoFactor.mockResolvedValue(authResult);
+            });
+
+            testForceResetOnSuccessfulLogin(reasonString);
+          });
+        });
+
+        describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is not required", () => {
+          let authResult;
+          beforeEach(() => {
+            mockStateService.getAccountDecryptionOptions.mockResolvedValue(
+              mockAcctDecryptionOpts.withMasterPasswordAndTrustedDevice
+            );
+
+            authResult = new AuthResult();
+            authResult.forcePasswordReset = ForceResetPasswordReason.None;
+            mockAuthService.logInTwoFactor.mockResolvedValue(authResult);
+          });
+
+          it("navigates to the component's defined trusted device encryption route when login is successful and onSuccessfulLoginTdeNavigate is undefined", async () => {
+            await component.doSubmit();
+
+            expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
+            expect(mockRouter.navigate).toHaveBeenCalledWith(
+              [_component.trustedDeviceEncRoute],
+              undefined
+            );
+          });
+
+          it("calls onSuccessfulLoginTdeNavigate instead of router.navigate when the callback is defined", async () => {
+            component.onSuccessfulLoginTdeNavigate = jest.fn().mockResolvedValue(undefined);
+
+            await component.doSubmit();
+
+            expect(mockRouter.navigate).not.toHaveBeenCalled();
+            expect(component.onSuccessfulLoginTdeNavigate).toHaveBeenCalled();
+          });
+        });
+      });
+    });
+  });
+});
diff --git a/libs/angular/src/auth/components/two-factor.component.ts b/libs/angular/src/auth/components/two-factor.component.ts
index d3bad339f48..0f4e6e2421e 100644
--- a/libs/angular/src/auth/components/two-factor.component.ts
+++ b/libs/angular/src/auth/components/two-factor.component.ts
@@ -1,8 +1,10 @@
-import { Directive, OnDestroy, OnInit } from "@angular/core";
-import { ActivatedRoute, Router } from "@angular/router";
+import { Directive, Inject, OnDestroy, OnInit } from "@angular/core";
+import { ActivatedRoute, NavigationExtras, Router } from "@angular/router";
 import * as DuoWebSDK from "duo_web_sdk";
 import { first } from "rxjs/operators";
 
+// eslint-disable-next-line no-restricted-imports
+import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { LoginService } from "@bitwarden/common/auth/abstractions/login.service";
@@ -10,16 +12,20 @@ import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceResetPasswordReason } from "@bitwarden/common/auth/models/domain/force-reset-password-reason";
+import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
 import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/identity-token/token-two-factor.request";
 import { TwoFactorEmailRequest } from "@bitwarden/common/auth/models/request/two-factor-email.request";
 import { TwoFactorProviders } from "@bitwarden/common/auth/services/two-factor.service";
 import { WebAuthnIFrame } from "@bitwarden/common/auth/webauthn-iframe";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { AccountDecryptionOptions } from "@bitwarden/common/platform/models/domain/account";
 
 import { CaptchaProtectedComponent } from "./captcha-protected.component";
 
@@ -38,12 +44,19 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
   twoFactorEmail: string = null;
   formPromise: Promise<any>;
   emailPromise: Promise<any>;
-  identifier: string = null;
+  orgIdentifier: string = null;
   redirectUrl: string;
-  onSuccessfulLogin: () => Promise<any>;
-  onSuccessfulLoginNavigate: () => Promise<any>;
+  onSuccessfulLogin: () => Promise<void>;
+  onSuccessfulLoginNavigate: () => Promise<void>;
+
+  onSuccessfulLoginTde: () => Promise<void>;
+  onSuccessfulLoginTdeNavigate: () => Promise<void>;
 
   protected loginRoute = "login";
+
+  protected trustedDeviceEncRoute = "login-initiated";
+  protected changePasswordRoute = "set-password";
+  protected forcePasswordResetRoute = "update-temp-password";
   protected successRoute = "vault";
 
   constructor(
@@ -52,14 +65,15 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     protected i18nService: I18nService,
     protected apiService: ApiService,
     protected platformUtilsService: PlatformUtilsService,
-    protected win: Window,
+    @Inject(WINDOW) protected win: Window,
     protected environmentService: EnvironmentService,
     protected stateService: StateService,
     protected route: ActivatedRoute,
     protected logService: LogService,
     protected twoFactorService: TwoFactorService,
     protected appIdService: AppIdService,
-    protected loginService: LoginService
+    protected loginService: LoginService,
+    protected configService: ConfigServiceAbstraction
   ) {
     super(environmentService, i18nService, platformUtilsService);
     this.webAuthnSupported = this.platformUtilsService.supportsWebAuthn(win);
@@ -73,7 +87,7 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
 
     this.route.queryParams.pipe(first()).subscribe((qParams) => {
       if (qParams.identifier != null) {
-        this.identifier = qParams.identifier;
+        this.orgIdentifier = qParams.identifier;
       }
     });
 
@@ -204,28 +218,132 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
       new TokenTwoFactorRequest(this.selectedProviderType, this.token, this.remember),
       this.captchaToken
     );
-    const response: AuthResult = await this.formPromise;
-    if (this.handleCaptchaRequired(response)) {
+    const authResult: AuthResult = await this.formPromise;
+
+    await this.handleLoginResponse(authResult);
+  }
+
+  private async handleLoginResponse(authResult: AuthResult) {
+    if (this.handleCaptchaRequired(authResult)) {
       return;
     }
-    if (this.onSuccessfulLogin != null) {
-      this.loginService.clearValues();
+
+    this.loginService.clearValues();
+
+    const acctDecryptionOpts: AccountDecryptionOptions =
+      await this.stateService.getAccountDecryptionOptions();
+
+    const tdeEnabled = await this.isTrustedDeviceEncEnabled(acctDecryptionOpts.trustedDeviceOption);
+
+    if (tdeEnabled) {
+      return await this.handleTrustedDeviceEncryptionEnabled(
+        authResult,
+        this.orgIdentifier,
+        acctDecryptionOpts
+      );
+    }
+
+    // User must set password if they don't have one and they aren't using either TDE or key connector.
+    const requireSetPassword =
+      !acctDecryptionOpts.hasMasterPassword && acctDecryptionOpts.keyConnectorOption === undefined;
+
+    if (requireSetPassword || authResult.resetMasterPassword) {
+      // Change implies going no password -> password in this case
+      return await this.handleChangePasswordRequired(this.orgIdentifier);
+    }
+
+    // Users can be forced to reset their password via an admin or org policy
+    // disallowing weak passwords
+    if (authResult.forcePasswordReset !== ForceResetPasswordReason.None) {
+      return await this.handleForcePasswordReset(this.orgIdentifier);
+    }
+
+    return await this.handleSuccessfulLogin();
+  }
+
+  private async isTrustedDeviceEncEnabled(
+    trustedDeviceOption: TrustedDeviceUserDecryptionOption
+  ): Promise<boolean> {
+    const ssoTo2faFlowActive = this.route.snapshot.queryParamMap.get("sso") === "true";
+    const trustedDeviceEncryptionFeatureActive = await this.configService.getFeatureFlagBool(
+      FeatureFlag.TrustedDeviceEncryption
+    );
+
+    return (
+      ssoTo2faFlowActive &&
+      trustedDeviceEncryptionFeatureActive &&
+      trustedDeviceOption !== undefined
+    );
+  }
+
+  private async handleTrustedDeviceEncryptionEnabled(
+    authResult: AuthResult,
+    orgIdentifier: string,
+    acctDecryptionOpts: AccountDecryptionOptions
+  ): Promise<void> {
+    // If user doesn't have a MP, but has reset password permission, they must set a MP
+    if (
+      !acctDecryptionOpts.hasMasterPassword &&
+      acctDecryptionOpts.trustedDeviceOption.hasManageResetPasswordPermission
+    ) {
+      // Change implies going no password -> password in this case
+      return await this.handleChangePasswordRequired(orgIdentifier);
+    }
+
+    // Users can be forced to reset their password via an admin or org policy
+    // disallowing weak passwords
+    if (authResult.forcePasswordReset !== ForceResetPasswordReason.None) {
+      return await this.handleForcePasswordReset(orgIdentifier);
+    }
+
+    if (this.onSuccessfulLoginTde != null) {
       // Note: awaiting this will currently cause a hang on desktop & browser as they will wait for a full sync to complete
-      // before nagivating to the success route.
+      // before navigating to the success route.
+      this.onSuccessfulLoginTde();
+    }
+
+    this.navigateViaCallbackOrRoute(
+      this.onSuccessfulLoginTdeNavigate,
+      // Navigate to TDE page (if user was on trusted device and TDE has decrypted
+      //  their user key, the login-initiated guard will redirect them to the vault)
+      [this.trustedDeviceEncRoute]
+    );
+  }
+
+  private async handleChangePasswordRequired(orgIdentifier: string) {
+    await this.router.navigate([this.changePasswordRoute], {
+      queryParams: {
+        identifier: orgIdentifier,
+      },
+    });
+  }
+
+  private async handleForcePasswordReset(orgIdentifier: string) {
+    this.router.navigate([this.forcePasswordResetRoute], {
+      queryParams: {
+        identifier: orgIdentifier,
+      },
+    });
+  }
+
+  private async handleSuccessfulLogin() {
+    if (this.onSuccessfulLogin != null) {
+      // Note: awaiting this will currently cause a hang on desktop & browser as they will wait for a full sync to complete
+      // before navigating to the success route.
       this.onSuccessfulLogin();
     }
-    if (response.resetMasterPassword) {
-      this.successRoute = "set-password";
-    }
-    if (response.forcePasswordReset !== ForceResetPasswordReason.None) {
-      this.successRoute = "update-temp-password";
-    }
-    if (this.onSuccessfulLoginNavigate != null) {
-      this.loginService.clearValues();
-      await this.onSuccessfulLoginNavigate();
+    await this.navigateViaCallbackOrRoute(this.onSuccessfulLoginNavigate, [this.successRoute]);
+  }
+
+  private async navigateViaCallbackOrRoute(
+    callback: () => Promise<unknown>,
+    commands: unknown[],
+    extras?: NavigationExtras
+  ): Promise<void> {
+    if (callback) {
+      await callback();
     } else {
-      this.loginService.clearValues();
-      this.router.navigateByUrl(this.successRoute);
+      await this.router.navigate(commands, extras);
     }
   }
 
diff --git a/libs/angular/src/auth/components/update-password.component.ts b/libs/angular/src/auth/components/update-password.component.ts
index c9d3c3a8eca..81bdbb31cb9 100644
--- a/libs/angular/src/auth/components/update-password.component.ts
+++ b/libs/angular/src/auth/components/update-password.component.ts
@@ -14,11 +14,10 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { MasterKey, UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { Verification } from "@bitwarden/common/types/verification";
-
-import { DialogServiceAbstraction } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 import { ChangePasswordComponent as BaseChangePasswordComponent } from "./change-password.component";
 
@@ -44,7 +43,7 @@ export class UpdatePasswordComponent extends BaseChangePasswordComponent {
     stateService: StateService,
     private userVerificationService: UserVerificationService,
     private logService: LogService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
@@ -95,19 +94,19 @@ export class UpdatePasswordComponent extends BaseChangePasswordComponent {
   }
 
   async performSubmitActions(
-    masterPasswordHash: string,
-    key: SymmetricCryptoKey,
-    encKey: [SymmetricCryptoKey, EncString]
+    newMasterKeyHash: string,
+    newMasterKey: MasterKey,
+    newUserKey: [UserKey, EncString]
   ) {
     try {
       // Create Request
       const request = new PasswordRequest();
-      request.masterPasswordHash = await this.cryptoService.hashPassword(
+      request.masterPasswordHash = await this.cryptoService.hashMasterKey(
         this.currentMasterPassword,
-        null
+        await this.cryptoService.getOrDeriveMasterKey(this.currentMasterPassword)
       );
-      request.newMasterPasswordHash = masterPasswordHash;
-      request.key = encKey[1].encryptedString;
+      request.newMasterPasswordHash = newMasterKeyHash;
+      request.key = newUserKey[1].encryptedString;
 
       // Update user's password
       this.apiService.postPassword(request);
diff --git a/libs/angular/src/auth/components/update-temp-password.component.ts b/libs/angular/src/auth/components/update-temp-password.component.ts
index 01128c4ba6e..7bb65ab68db 100644
--- a/libs/angular/src/auth/components/update-temp-password.component.ts
+++ b/libs/angular/src/auth/components/update-temp-password.component.ts
@@ -16,12 +16,11 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { MasterKey, UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { Verification } from "@bitwarden/common/types/verification";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
-
-import { DialogServiceAbstraction } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 import { ChangePasswordComponent as BaseChangePasswordComponent } from "./change-password.component";
 
@@ -56,7 +55,7 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
     private logService: LogService,
     private userVerificationService: UserVerificationService,
     private router: Router,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
@@ -114,21 +113,27 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
 
     try {
       // Create new key and hash new password
-      const newKey = await this.cryptoService.makeKey(
+      const newMasterKey = await this.cryptoService.makeMasterKey(
         this.masterPassword,
         this.email.trim().toLowerCase(),
         this.kdf,
         this.kdfConfig
       );
-      const newPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, newKey);
+      const newPasswordHash = await this.cryptoService.hashMasterKey(
+        this.masterPassword,
+        newMasterKey
+      );
 
-      // Grab user's current enc key
-      const userEncKey = await this.cryptoService.getEncKey();
+      // Grab user key
+      const userKey = await this.cryptoService.getUserKey();
 
-      // Create new encKey for the User
-      const newEncKey = await this.cryptoService.remakeEncKey(newKey, userEncKey);
+      // Encrypt user key with new master key
+      const newProtectedUserKey = await this.cryptoService.encryptUserKeyWithMasterKey(
+        newMasterKey,
+        userKey
+      );
 
-      await this.performSubmitActions(newPasswordHash, newKey, newEncKey);
+      await this.performSubmitActions(newPasswordHash, newMasterKey, newProtectedUserKey);
     } catch (e) {
       this.logService.error(e);
     }
@@ -136,16 +141,16 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
 
   async performSubmitActions(
     masterPasswordHash: string,
-    key: SymmetricCryptoKey,
-    encKey: [SymmetricCryptoKey, EncString]
+    masterKey: MasterKey,
+    userKey: [UserKey, EncString]
   ) {
     try {
       switch (this.reason) {
         case ForceResetPasswordReason.AdminForcePasswordReset:
-          this.formPromise = this.updateTempPassword(masterPasswordHash, encKey);
+          this.formPromise = this.updateTempPassword(masterPasswordHash, userKey);
           break;
         case ForceResetPasswordReason.WeakMasterPassword:
-          this.formPromise = this.updatePassword(masterPasswordHash, encKey);
+          this.formPromise = this.updatePassword(masterPasswordHash, userKey);
           break;
       }
 
@@ -167,29 +172,23 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
       this.logService.error(e);
     }
   }
-  private async updateTempPassword(
-    masterPasswordHash: string,
-    encKey: [SymmetricCryptoKey, EncString]
-  ) {
+  private async updateTempPassword(masterPasswordHash: string, userKey: [UserKey, EncString]) {
     const request = new UpdateTempPasswordRequest();
-    request.key = encKey[1].encryptedString;
+    request.key = userKey[1].encryptedString;
     request.newMasterPasswordHash = masterPasswordHash;
     request.masterPasswordHint = this.hint;
 
     return this.apiService.putUpdateTempPassword(request);
   }
 
-  private async updatePassword(
-    newMasterPasswordHash: string,
-    encKey: [SymmetricCryptoKey, EncString]
-  ) {
+  private async updatePassword(newMasterPasswordHash: string, userKey: [UserKey, EncString]) {
     const request = await this.userVerificationService.buildRequest(
       this.verification,
       PasswordRequest
     );
     request.masterPasswordHint = this.hint;
     request.newMasterPasswordHash = newMasterPasswordHash;
-    request.key = encKey[1].encryptedString;
+    request.key = userKey[1].encryptedString;
 
     return this.apiService.postPassword(request);
   }
diff --git a/libs/angular/src/auth/components/user-verification.component.ts b/libs/angular/src/auth/components/user-verification.component.ts
index 9dfed5b924b..b2d4d8a4c31 100644
--- a/libs/angular/src/auth/components/user-verification.component.ts
+++ b/libs/angular/src/auth/components/user-verification.component.ts
@@ -2,16 +2,16 @@ import { Directive, EventEmitter, Input, OnDestroy, OnInit, Output } from "@angu
 import { ControlValueAccessor, FormControl, Validators } from "@angular/forms";
 import { Subject, takeUntil } from "rxjs";
 
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { VerificationType } from "@bitwarden/common/auth/enums/verification-type";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { Verification } from "@bitwarden/common/types/verification";
 
 /**
  * Used for general-purpose user verification throughout the app.
- * Collects the user's master password, or if they are using Key Connector, prompts for an OTP via email.
+ * Collects the user's master password, or if they are not using a password, prompts for an OTP via email.
  * This is exposed to the parent component via the ControlValueAccessor interface (e.g. bind it to a FormControl).
  * Use UserVerificationService to verify the user's input.
  */
@@ -40,7 +40,7 @@ export class UserVerificationComponent implements ControlValueAccessor, OnInit,
   }
   @Output() invalidSecretChange = new EventEmitter<boolean>();
 
-  usesKeyConnector = true;
+  hasMasterPassword = true;
   disableRequestOTP = false;
   sentCode = false;
 
@@ -50,7 +50,7 @@ export class UserVerificationComponent implements ControlValueAccessor, OnInit,
       if (this.invalidSecret) {
         return {
           invalidSecret: {
-            message: this.usesKeyConnector
+            message: this.hasMasterPassword
               ? this.i18nService.t("incorrectCode")
               : this.i18nService.t("incorrectPassword"),
           },
@@ -63,13 +63,13 @@ export class UserVerificationComponent implements ControlValueAccessor, OnInit,
   private destroy$ = new Subject<void>();
 
   constructor(
-    private keyConnectorService: KeyConnectorService,
+    private cryptoService: CryptoService,
     private userVerificationService: UserVerificationService,
     private i18nService: I18nService
   ) {}
 
   async ngOnInit() {
-    this.usesKeyConnector = await this.keyConnectorService.getUsesKeyConnector();
+    this.hasMasterPassword = await this.userVerificationService.hasMasterPasswordAndMasterKeyHash();
     this.processChanges(this.secret.value);
 
     this.secret.valueChanges
@@ -78,7 +78,7 @@ export class UserVerificationComponent implements ControlValueAccessor, OnInit,
   }
 
   requestOTP = async () => {
-    if (this.usesKeyConnector) {
+    if (!this.hasMasterPassword) {
       this.disableRequestOTP = true;
       try {
         await this.userVerificationService.requestOTP();
@@ -123,7 +123,7 @@ export class UserVerificationComponent implements ControlValueAccessor, OnInit,
     }
 
     this.onChange({
-      type: this.usesKeyConnector ? VerificationType.OTP : VerificationType.MasterPassword,
+      type: this.hasMasterPassword ? VerificationType.MasterPassword : VerificationType.OTP,
       secret: Utils.isNullOrWhitespace(secret) ? null : secret,
     });
   }
diff --git a/libs/angular/src/auth/guards/index.ts b/libs/angular/src/auth/guards/index.ts
new file mode 100644
index 00000000000..1760a870b3a
--- /dev/null
+++ b/libs/angular/src/auth/guards/index.ts
@@ -0,0 +1,5 @@
+export * from "./auth.guard";
+export * from "./lock.guard";
+export * from "./redirect.guard";
+export * from "./tde-decryption-required.guard";
+export * from "./unauth.guard";
diff --git a/libs/angular/src/auth/guards/lock.guard.ts b/libs/angular/src/auth/guards/lock.guard.ts
index b4cc01dc169..ea0f38d7742 100644
--- a/libs/angular/src/auth/guards/lock.guard.ts
+++ b/libs/angular/src/auth/guards/lock.guard.ts
@@ -1,25 +1,59 @@
-import { Injectable } from "@angular/core";
-import { CanActivate, Router } from "@angular/router";
+import { inject } from "@angular/core";
+import {
+  ActivatedRouteSnapshot,
+  CanActivateFn,
+  Router,
+  RouterStateSnapshot,
+} from "@angular/router";
 
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 
-@Injectable()
-export class LockGuard implements CanActivate {
-  protected homepage = "vault";
-  protected loginpage = "login";
-  constructor(private authService: AuthService, private router: Router) {}
+/**
+ * Only allow access to this route if the vault is locked.
+ * If TDE is enabled then the user must also have had a user key at some point.
+ * Otherwise redirect to root.
+ */
+export function lockGuard(): CanActivateFn {
+  return async (
+    activatedRouteSnapshot: ActivatedRouteSnapshot,
+    routerStateSnapshot: RouterStateSnapshot
+  ) => {
+    const authService = inject(AuthService);
+    const cryptoService = inject(CryptoService);
+    const deviceTrustCryptoService = inject(DeviceTrustCryptoServiceAbstraction);
+    const router = inject(Router);
+    const userVerificationService = inject(UserVerificationService);
 
-  async canActivate() {
-    const authStatus = await this.authService.getAuthStatus();
+    const authStatus = await authService.getAuthStatus();
+    if (authStatus !== AuthenticationStatus.Locked) {
+      return router.createUrlTree(["/"]);
+    }
 
-    if (authStatus === AuthenticationStatus.Locked) {
+    // User is authN and in locked state.
+
+    const tdeEnabled = await deviceTrustCryptoService.supportsDeviceTrust();
+
+    // Create special exception which allows users to go from the login-initiated page to the lock page for the approve w/ MP flow
+    // The MP check is necessary to prevent direct manual navigation from other locked state pages for users who don't have a MP
+    if (
+      activatedRouteSnapshot.queryParams["from"] === "login-initiated" &&
+      tdeEnabled &&
+      (await userVerificationService.hasMasterPassword())
+    ) {
       return true;
     }
 
-    const redirectUrl =
-      authStatus === AuthenticationStatus.LoggedOut ? this.loginpage : this.homepage;
+    // If authN user with TDE directly navigates to lock, kick them upwards so redirect guard can
+    // properly route them to the login decryption options component.
+    const everHadUserKey = await cryptoService.getEverHadUserKey();
+    if (tdeEnabled && !everHadUserKey) {
+      return router.createUrlTree(["/"]);
+    }
 
-    return this.router.createUrlTree([redirectUrl]);
-  }
+    return true;
+  };
 }
diff --git a/libs/angular/src/auth/guards/redirect.guard.ts b/libs/angular/src/auth/guards/redirect.guard.ts
new file mode 100644
index 00000000000..4853b26e712
--- /dev/null
+++ b/libs/angular/src/auth/guards/redirect.guard.ts
@@ -0,0 +1,58 @@
+import { inject } from "@angular/core";
+import { CanActivateFn, Router } from "@angular/router";
+
+import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+
+export interface RedirectRoutes {
+  loggedIn: string;
+  loggedOut: string;
+  locked: string;
+  notDecrypted: string;
+}
+
+const defaultRoutes: RedirectRoutes = {
+  loggedIn: "/vault",
+  loggedOut: "/login",
+  locked: "/lock",
+  notDecrypted: "/login-initiated",
+};
+
+/**
+ * Guard that consolidates all redirection logic, should be applied to root route.
+ */
+export function redirectGuard(overrides: Partial<RedirectRoutes> = {}): CanActivateFn {
+  const routes = { ...defaultRoutes, ...overrides };
+  return async (route) => {
+    const authService = inject(AuthService);
+    const cryptoService = inject(CryptoService);
+    const deviceTrustCryptoService = inject(DeviceTrustCryptoServiceAbstraction);
+    const router = inject(Router);
+
+    const authStatus = await authService.getAuthStatus();
+
+    if (authStatus === AuthenticationStatus.LoggedOut) {
+      return router.createUrlTree([routes.loggedOut], { queryParams: route.queryParams });
+    }
+
+    if (authStatus === AuthenticationStatus.Unlocked) {
+      return router.createUrlTree([routes.loggedIn], { queryParams: route.queryParams });
+    }
+
+    // If locked, TDE is enabled, and the user hasn't decrypted yet, then redirect to the
+    // login decryption options component.
+    const tdeEnabled = await deviceTrustCryptoService.supportsDeviceTrust();
+    const everHadUserKey = await cryptoService.getEverHadUserKey();
+    if (authStatus === AuthenticationStatus.Locked && tdeEnabled && !everHadUserKey) {
+      return router.createUrlTree([routes.notDecrypted], { queryParams: route.queryParams });
+    }
+
+    if (authStatus === AuthenticationStatus.Locked) {
+      return router.createUrlTree([routes.locked], { queryParams: route.queryParams });
+    }
+
+    return router.createUrlTree(["/"]);
+  };
+}
diff --git a/libs/angular/src/auth/guards/tde-decryption-required.guard.ts b/libs/angular/src/auth/guards/tde-decryption-required.guard.ts
new file mode 100644
index 00000000000..84a4fef5761
--- /dev/null
+++ b/libs/angular/src/auth/guards/tde-decryption-required.guard.ts
@@ -0,0 +1,34 @@
+import { inject } from "@angular/core";
+import {
+  ActivatedRouteSnapshot,
+  Router,
+  RouterStateSnapshot,
+  CanActivateFn,
+} from "@angular/router";
+
+import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+
+/**
+ * Only allow access to this route if the vault is locked and has never been decrypted.
+ * Otherwise redirect to root.
+ */
+export function tdeDecryptionRequiredGuard(): CanActivateFn {
+  return async (_: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
+    const authService = inject(AuthService);
+    const cryptoService = inject(CryptoService);
+    const deviceTrustCryptoService = inject(DeviceTrustCryptoServiceAbstraction);
+    const router = inject(Router);
+
+    const authStatus = await authService.getAuthStatus();
+    const tdeEnabled = await deviceTrustCryptoService.supportsDeviceTrust();
+    const everHadUserKey = await cryptoService.getEverHadUserKey();
+    if (authStatus !== AuthenticationStatus.Locked || !tdeEnabled || everHadUserKey) {
+      return router.createUrlTree(["/"]);
+    }
+
+    return true;
+  };
+}
diff --git a/libs/angular/src/components/register.component.ts b/libs/angular/src/components/register.component.ts
index 510da6160a6..5363be39419 100644
--- a/libs/angular/src/components/register.component.ts
+++ b/libs/angular/src/components/register.component.ts
@@ -19,13 +19,13 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { DialogService } from "@bitwarden/components";
 
 import { CaptchaProtectedComponent } from "../auth/components/captcha-protected.component";
 import {
   AllValidationErrors,
   FormValidationErrorsService,
 } from "../platform/abstractions/form-validation-errors.service";
-import { DialogServiceAbstraction, SimpleDialogType } from "../services/dialog";
 import { PasswordColorText } from "../shared/components/password-strength/password-strength.component";
 import { InputsFieldMatch } from "../validators/inputsFieldMatch.validator";
 
@@ -92,7 +92,7 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
     environmentService: EnvironmentService,
     protected logService: LogService,
     protected auditService: AuditService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {
     super(environmentService, i18nService, platformUtilsService);
     this.showTerms = !platformUtilsService.isSelfHost();
@@ -232,7 +232,7 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
       const result = await this.dialogService.openSimpleDialog({
         title: { key: "weakAndExposedMasterPassword" },
         content: { key: "weakAndBreachedMasterPasswordDesc" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!result) {
@@ -242,7 +242,7 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
       const result = await this.dialogService.openSimpleDialog({
         title: { key: "weakMasterPassword" },
         content: { key: "weakMasterPasswordDesc" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!result) {
@@ -252,7 +252,7 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
       const result = await this.dialogService.openSimpleDialog({
         title: { key: "exposedMasterPassword" },
         content: { key: "exposedMasterPasswordDesc" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!result) {
@@ -271,16 +271,16 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
     const hint = this.formGroup.value.hint;
     const kdf = DEFAULT_KDF_TYPE;
     const kdfConfig = DEFAULT_KDF_CONFIG;
-    const key = await this.cryptoService.makeKey(masterPassword, email, kdf, kdfConfig);
-    const encKey = await this.cryptoService.makeEncKey(key);
-    const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
-    const keys = await this.cryptoService.makeKeyPair(encKey[0]);
+    const key = await this.cryptoService.makeMasterKey(masterPassword, email, kdf, kdfConfig);
+    const newUserKey = await this.cryptoService.makeUserKey(key);
+    const masterKeyHash = await this.cryptoService.hashMasterKey(masterPassword, key);
+    const keys = await this.cryptoService.makeKeyPair(newUserKey[0]);
     const request = new RegisterRequest(
       email,
       name,
-      hashedPassword,
+      masterKeyHash,
       hint,
-      encKey[1].encryptedString,
+      newUserKey[1].encryptedString,
       this.referenceData,
       this.captchaToken,
       kdf,
diff --git a/libs/angular/src/components/set-password.component.ts b/libs/angular/src/components/set-password.component.ts
index 3f0d6eab5ec..60230e7f313 100644
--- a/libs/angular/src/components/set-password.component.ts
+++ b/libs/angular/src/components/set-password.component.ts
@@ -18,12 +18,12 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { MasterKey, UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { DialogService } from "@bitwarden/components";
 
 import { ChangePasswordComponent as BaseChangePasswordComponent } from "../auth/components/change-password.component";
-import { DialogServiceAbstraction } from "../services/dialog";
 
 @Directive()
 export class SetPasswordComponent extends BaseChangePasswordComponent {
@@ -52,7 +52,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
     stateService: StateService,
     private organizationApiService: OrganizationApiServiceAbstraction,
     private organizationUserService: OrganizationUserService,
-    dialogService: DialogServiceAbstraction
+    dialogService: DialogService
   ) {
     super(
       i18nService,
@@ -101,16 +101,16 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
 
   async performSubmitActions(
     masterPasswordHash: string,
-    key: SymmetricCryptoKey,
-    encKey: [SymmetricCryptoKey, EncString]
+    masterKey: MasterKey,
+    userKey: [UserKey, EncString]
   ) {
-    const keys = await this.cryptoService.makeKeyPair(encKey[0]);
+    const newKeyPair = await this.cryptoService.makeKeyPair(userKey[0]);
     const request = new SetPasswordRequest(
       masterPasswordHash,
-      encKey[1].encryptedString,
+      userKey[1].encryptedString,
       this.hint,
       this.identifier,
-      new KeysRequest(keys[0], keys[1].encryptedString),
+      new KeysRequest(newKeyPair[0], newKeyPair[1].encryptedString),
       this.kdf,
       this.kdfConfig.iterations,
       this.kdfConfig.memory,
@@ -121,7 +121,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
         this.formPromise = this.apiService
           .setPassword(request)
           .then(async () => {
-            await this.onSetPasswordSuccess(key, encKey, keys);
+            await this.onSetPasswordSuccess(masterKey, userKey, newKeyPair);
             return this.organizationApiService.getKeys(this.orgId);
           })
           .then(async (response) => {
@@ -131,13 +131,13 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
             const userId = await this.stateService.getUserId();
             const publicKey = Utils.fromB64ToArray(response.publicKey);
 
-            // RSA Encrypt user's encKey.key with organization public key
-            const userEncKey = await this.cryptoService.getEncKey();
-            const encryptedKey = await this.cryptoService.rsaEncrypt(userEncKey.key, publicKey);
+            // RSA Encrypt user key with organization public key
+            const userKey = await this.cryptoService.getUserKey();
+            const encryptedUserKey = await this.cryptoService.rsaEncrypt(userKey.key, publicKey);
 
             const resetRequest = new OrganizationUserResetPasswordEnrollmentRequest();
             resetRequest.masterPasswordHash = masterPasswordHash;
-            resetRequest.resetPasswordKey = encryptedKey.encryptedString;
+            resetRequest.resetPasswordKey = encryptedUserKey.encryptedString;
 
             return this.organizationUserService.putOrganizationUserResetPasswordEnrollment(
               this.orgId,
@@ -147,7 +147,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
           });
       } else {
         this.formPromise = this.apiService.setPassword(request).then(async () => {
-          await this.onSetPasswordSuccess(key, encKey, keys);
+          await this.onSetPasswordSuccess(masterKey, userKey, newKeyPair);
         });
       }
 
@@ -169,21 +169,21 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
   }
 
   private async onSetPasswordSuccess(
-    key: SymmetricCryptoKey,
-    encKey: [SymmetricCryptoKey, EncString],
-    keys: [string, EncString]
+    masterKey: MasterKey,
+    userKey: [UserKey, EncString],
+    keyPair: [string, EncString]
   ) {
     await this.stateService.setKdfType(this.kdf);
     await this.stateService.setKdfConfig(this.kdfConfig);
-    await this.cryptoService.setKey(key);
-    await this.cryptoService.setEncKey(encKey[1].encryptedString);
-    await this.cryptoService.setEncPrivateKey(keys[1].encryptedString);
+    await this.cryptoService.setMasterKey(masterKey);
+    await this.cryptoService.setUserKey(userKey[0]);
+    await this.cryptoService.setPrivateKey(keyPair[1].encryptedString);
 
-    const localKeyHash = await this.cryptoService.hashPassword(
+    const localMasterKeyHash = await this.cryptoService.hashMasterKey(
       this.masterPassword,
-      key,
+      masterKey,
       HashPurpose.LocalAuthorization
     );
-    await this.cryptoService.setKeyHash(localKeyHash);
+    await this.cryptoService.setMasterKeyHash(localMasterKeyHash);
   }
 }
diff --git a/libs/angular/src/components/set-pin.component.ts b/libs/angular/src/components/set-pin.component.ts
index af00980f156..bf92417ae68 100644
--- a/libs/angular/src/components/set-pin.component.ts
+++ b/libs/angular/src/components/set-pin.component.ts
@@ -1,6 +1,7 @@
 import { Directive, OnInit } from "@angular/core";
 
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
+import { KeySuffixOptions } from "@bitwarden/common/enums/key-suffix-options.enum";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
@@ -17,13 +18,13 @@ export class SetPinComponent implements OnInit {
   constructor(
     private modalRef: ModalRef,
     private cryptoService: CryptoService,
-    private keyConnectorService: KeyConnectorService,
+    private userVerificationService: UserVerificationService,
     private stateService: StateService
   ) {}
 
   async ngOnInit() {
     this.showMasterPassOnRestart = this.masterPassOnRestart =
-      !(await this.keyConnectorService.getUsesKeyConnector());
+      await this.userVerificationService.hasMasterPassword();
   }
 
   toggleVisibility() {
@@ -35,19 +36,22 @@ export class SetPinComponent implements OnInit {
       this.modalRef.close(false);
     }
 
-    const kdf = await this.stateService.getKdfType();
-    const kdfConfig = await this.stateService.getKdfConfig();
-    const email = await this.stateService.getEmail();
-    const pinKey = await this.cryptoService.makePinKey(this.pin, email, kdf, kdfConfig);
-    const key = await this.cryptoService.getKey();
-    const pinProtectedKey = await this.cryptoService.encrypt(key.key, pinKey);
+    const pinKey = await this.cryptoService.makePinKey(
+      this.pin,
+      await this.stateService.getEmail(),
+      await this.stateService.getKdfType(),
+      await this.stateService.getKdfConfig()
+    );
+    const userKey = await this.cryptoService.getUserKey();
+    const pinProtectedKey = await this.cryptoService.encrypt(userKey.key, pinKey);
+    const encPin = await this.cryptoService.encrypt(this.pin, userKey);
+    await this.stateService.setProtectedPin(encPin.encryptedString);
     if (this.masterPassOnRestart) {
-      const encPin = await this.cryptoService.encrypt(this.pin);
-      await this.stateService.setProtectedPin(encPin.encryptedString);
-      await this.stateService.setDecryptedPinProtected(pinProtectedKey);
+      await this.stateService.setPinKeyEncryptedUserKeyEphemeral(pinProtectedKey);
     } else {
-      await this.stateService.setEncryptedPinProtected(pinProtectedKey.encryptedString);
+      await this.stateService.setPinKeyEncryptedUserKey(pinProtectedKey);
     }
+    await this.cryptoService.clearDeprecatedKeys(KeySuffixOptions.Pin);
 
     this.modalRef.close(true);
   }
diff --git a/libs/angular/src/components/settings/vault-timeout-input.component.ts b/libs/angular/src/components/settings/vault-timeout-input.component.ts
index 1bec3e1e396..b0dec5affb7 100644
--- a/libs/angular/src/components/settings/vault-timeout-input.component.ts
+++ b/libs/angular/src/components/settings/vault-timeout-input.component.ts
@@ -6,11 +6,13 @@ import {
   ValidationErrors,
   Validator,
 } from "@angular/forms";
-import { filter, Subject, takeUntil } from "rxjs";
+import { filter, map, Observable, Subject, takeUntil } from "rxjs";
 
+import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
+import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 
 @Directive()
@@ -43,6 +45,8 @@ export class VaultTimeoutInputComponent
   vaultTimeoutPolicyHours: number;
   vaultTimeoutPolicyMinutes: number;
 
+  protected canLockVault$: Observable<boolean>;
+
   private onChange: (vaultTimeout: number) => void;
   private validatorChange: () => void;
   private destroy$ = new Subject<void>();
@@ -50,6 +54,7 @@ export class VaultTimeoutInputComponent
   constructor(
     private formBuilder: FormBuilder,
     private policyService: PolicyService,
+    private vaultTimeoutSettingsService: VaultTimeoutSettingsService,
     private i18nService: I18nService
   ) {}
 
@@ -86,6 +91,10 @@ export class VaultTimeoutInputComponent
           },
         });
       });
+
+    this.canLockVault$ = this.vaultTimeoutSettingsService
+      .availableVaultTimeoutActions$()
+      .pipe(map((actions) => actions.includes(VaultTimeoutAction.Lock)));
   }
 
   ngOnDestroy() {
diff --git a/libs/angular/src/services/dialog/dialog.service.abstraction.ts b/libs/angular/src/services/dialog/dialog.service.abstraction.ts
deleted file mode 100644
index f940dd1fa50..00000000000
--- a/libs/angular/src/services/dialog/dialog.service.abstraction.ts
+++ /dev/null
@@ -1,26 +0,0 @@
-import { Dialog, DialogRef } from "@angular/cdk/dialog";
-
-import { SimpleDialogOptions } from "./simple-dialog-options";
-
-export abstract class DialogServiceAbstraction extends Dialog {
-  /**
-   * Opens a simple dialog, returns true if the user accepted the dialog.
-   *
-   * @param {SimpleDialogOptions} simpleDialogOptions - An object containing options for the dialog.
-   * @returns `boolean` - True if the user accepted the dialog, false otherwise.
-   */
-  openSimpleDialog: (simpleDialogOptions: SimpleDialogOptions) => Promise<boolean>;
-
-  /**
-   * Opens a simple dialog.
-   *
-   * @deprecated Use `openSimpleDialogAcceptedPromise` instead. If you find a use case for the `dialogRef`
-   * please let #wg-component-library know and we can un-deprecate this method.
-   *
-   * @param {SimpleDialogOptions} simpleDialogOptions - An object containing options for the dialog.
-   * @returns `DialogRef` - The reference to the opened dialog.
-   * Contains a closed observable which can be subscribed to for determining which button
-   * a user pressed (see `SimpleDialogCloseType`)
-   */
-  openSimpleDialogRef: (simpleDialogOptions: SimpleDialogOptions) => DialogRef;
-}
diff --git a/libs/angular/src/services/dialog/dialog.service.ts b/libs/angular/src/services/dialog/dialog.service.ts
deleted file mode 100644
index ffd7a09b2c6..00000000000
--- a/libs/angular/src/services/dialog/dialog.service.ts
+++ /dev/null
@@ -1,65 +0,0 @@
-import {
-  DialogRef,
-  DialogConfig,
-  Dialog,
-  DEFAULT_DIALOG_CONFIG,
-  DIALOG_SCROLL_STRATEGY,
-} from "@angular/cdk/dialog";
-import { Overlay, OverlayContainer } from "@angular/cdk/overlay";
-import { ComponentType } from "@angular/cdk/portal";
-import { Inject, Injectable, Injector, Optional, SkipSelf, TemplateRef } from "@angular/core";
-
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-
-import { DialogServiceAbstraction } from "./dialog.service.abstraction";
-import { SimpleDialogOptions } from "./simple-dialog-options";
-import { Translation } from "./translation";
-
-// This is a temporary base class for Dialogs. It is intended to be removed once the Component Library is adopted by each app.
-@Injectable()
-export abstract class DialogService extends Dialog implements DialogServiceAbstraction {
-  constructor(
-    /** Parent class constructor */
-    _overlay: Overlay,
-    _injector: Injector,
-    @Optional() @Inject(DEFAULT_DIALOG_CONFIG) _defaultOptions: DialogConfig,
-    @Optional() @SkipSelf() _parentDialog: Dialog,
-    _overlayContainer: OverlayContainer,
-    @Inject(DIALOG_SCROLL_STRATEGY) scrollStrategy: any,
-    protected i18nService: I18nService
-  ) {
-    super(_overlay, _injector, _defaultOptions, _parentDialog, _overlayContainer, scrollStrategy);
-  }
-
-  async openSimpleDialog(options: SimpleDialogOptions): Promise<boolean> {
-    throw new Error("Method not implemented.");
-  }
-
-  openSimpleDialogRef(simpleDialogOptions: SimpleDialogOptions): DialogRef {
-    throw new Error("Method not implemented.");
-  }
-
-  override open<R = unknown, D = unknown, C = unknown>(
-    componentOrTemplateRef: ComponentType<C> | TemplateRef<C>,
-    config?: DialogConfig<D, DialogRef<R, C>>
-  ): DialogRef<R, C> {
-    throw new Error("Method not implemented.");
-  }
-
-  protected translate(translation: string | Translation, defaultKey?: string): string {
-    if (translation == null && defaultKey == null) {
-      return null;
-    }
-
-    if (translation == null) {
-      return this.i18nService.t(defaultKey);
-    }
-
-    // Translation interface use implies we must localize.
-    if (typeof translation === "object") {
-      return this.i18nService.t(translation.key, ...(translation.placeholders ?? []));
-    }
-
-    return translation;
-  }
-}
diff --git a/libs/angular/src/services/dialog/index.ts b/libs/angular/src/services/dialog/index.ts
deleted file mode 100644
index b664d179e08..00000000000
--- a/libs/angular/src/services/dialog/index.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-export * from "./dialog.service.abstraction";
-export * from "./simple-dialog-options";
-export * from "./simple-dialog-type.enum";
-export * from "./simple-dialog-close-type.enum";
-export * from "./dialog.service";
-export * from "./translation";
diff --git a/libs/angular/src/services/dialog/simple-dialog-close-type.enum.ts b/libs/angular/src/services/dialog/simple-dialog-close-type.enum.ts
deleted file mode 100644
index d6eff80cdd0..00000000000
--- a/libs/angular/src/services/dialog/simple-dialog-close-type.enum.ts
+++ /dev/null
@@ -1,4 +0,0 @@
-export enum SimpleDialogCloseType {
-  ACCEPT = "accept",
-  CANCEL = "cancel",
-}
diff --git a/libs/angular/src/services/dialog/simple-dialog-type.enum.ts b/libs/angular/src/services/dialog/simple-dialog-type.enum.ts
deleted file mode 100644
index e7fa460aac2..00000000000
--- a/libs/angular/src/services/dialog/simple-dialog-type.enum.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-export enum SimpleDialogType {
-  PRIMARY = "primary",
-  SUCCESS = "success",
-  INFO = "info",
-  WARNING = "warning",
-  DANGER = "danger",
-}
diff --git a/libs/angular/src/services/dialog/translation.ts b/libs/angular/src/services/dialog/translation.ts
deleted file mode 100644
index d8dca21b3f1..00000000000
--- a/libs/angular/src/services/dialog/translation.ts
+++ /dev/null
@@ -1,4 +0,0 @@
-export interface Translation {
-  key: string;
-  placeholders?: Array<string | number>;
-}
diff --git a/libs/angular/src/services/injection-tokens.ts b/libs/angular/src/services/injection-tokens.ts
index 270a5dfdf0c..b87b239e162 100644
--- a/libs/angular/src/services/injection-tokens.ts
+++ b/libs/angular/src/services/injection-tokens.ts
@@ -11,10 +11,12 @@ export const MEMORY_STORAGE = new InjectionToken<AbstractMemoryStorageService>("
 export const SECURE_STORAGE = new InjectionToken<AbstractStorageService>("SECURE_STORAGE");
 export const STATE_FACTORY = new InjectionToken<StateFactory>("STATE_FACTORY");
 export const STATE_SERVICE_USE_CACHE = new InjectionToken<boolean>("STATE_SERVICE_USE_CACHE");
-export const LOGOUT_CALLBACK = new InjectionToken<(expired: boolean, userId?: string) => void>(
-  "LOGOUT_CALLBACK"
+export const LOGOUT_CALLBACK = new InjectionToken<
+  (expired: boolean, userId?: string) => Promise<void>
+>("LOGOUT_CALLBACK");
+export const LOCKED_CALLBACK = new InjectionToken<(userId?: string) => Promise<void>>(
+  "LOCKED_CALLBACK"
 );
-export const LOCKED_CALLBACK = new InjectionToken<() => void>("LOCKED_CALLBACK");
 export const CLIENT_TYPE = new InjectionToken<boolean>("CLIENT_TYPE");
 export const LOCALES_DIRECTORY = new InjectionToken<string>("LOCALES_DIRECTORY");
 export const SYSTEM_LANGUAGE = new InjectionToken<string>("SYSTEM_LANGUAGE");
diff --git a/libs/angular/src/services/jslib-services.module.ts b/libs/angular/src/services/jslib-services.module.ts
index 6198437c02e..dcc8b5e3bc3 100644
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -4,8 +4,7 @@ import { AvatarUpdateService as AccountUpdateServiceAbstraction } from "@bitward
 import { AnonymousHubService as AnonymousHubServiceAbstraction } from "@bitwarden/common/abstractions/anonymousHub.service";
 import { ApiService as ApiServiceAbstraction } from "@bitwarden/common/abstractions/api.service";
 import { AuditService as AuditServiceAbstraction } from "@bitwarden/common/abstractions/audit.service";
-import { DeviceCryptoServiceAbstraction } from "@bitwarden/common/abstractions/device-crypto.service.abstraction";
-import { DevicesApiServiceAbstraction } from "@bitwarden/common/abstractions/devices/devices-api.service.abstraction";
+import { DevicesServiceAbstraction } from "@bitwarden/common/abstractions/devices/devices.service.abstraction";
 import { EventCollectionService as EventCollectionServiceAbstraction } from "@bitwarden/common/abstractions/event/event-collection.service";
 import { EventUploadService as EventUploadServiceAbstraction } from "@bitwarden/common/abstractions/event/event-upload.service";
 import { NotificationsService as NotificationsServiceAbstraction } from "@bitwarden/common/abstractions/notifications.service";
@@ -18,8 +17,8 @@ import { OrganizationUserService } from "@bitwarden/common/abstractions/organiza
 import { SearchService as SearchServiceAbstraction } from "@bitwarden/common/abstractions/search.service";
 import { SettingsService as SettingsServiceAbstraction } from "@bitwarden/common/abstractions/settings.service";
 import { TotpService as TotpServiceAbstraction } from "@bitwarden/common/abstractions/totp.service";
-import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService as VaultTimeoutSettingsServiceAbstraction } from "@bitwarden/common/abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService as VaultTimeoutSettingsServiceAbstraction } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import {
   InternalOrganizationServiceAbstraction,
@@ -41,18 +40,26 @@ import {
   AccountService as AccountServiceAbstraction,
   InternalAccountService,
 } from "@bitwarden/common/auth/abstractions/account.service";
+import { AuthRequestCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-crypto.service.abstraction";
 import { AuthService as AuthServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { KeyConnectorService as KeyConnectorServiceAbstraction } from "@bitwarden/common/auth/abstractions/key-connector.service";
 import { LoginService as LoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/login.service";
+import { PasswordResetEnrollmentServiceAbstraction } from "@bitwarden/common/auth/abstractions/password-reset-enrollment.service.abstraction";
 import { TokenService as TokenServiceAbstraction } from "@bitwarden/common/auth/abstractions/token.service";
 import { TwoFactorService as TwoFactorServiceAbstraction } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { UserVerificationApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/user-verification/user-verification-api.service.abstraction";
 import { UserVerificationService as UserVerificationServiceAbstraction } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AccountApiServiceImplementation } from "@bitwarden/common/auth/services/account-api.service";
 import { AccountServiceImplementation } from "@bitwarden/common/auth/services/account.service";
+import { AuthRequestCryptoServiceImplementation } from "@bitwarden/common/auth/services/auth-request-crypto.service.implementation";
 import { AuthService } from "@bitwarden/common/auth/services/auth.service";
+import { DeviceTrustCryptoService } from "@bitwarden/common/auth/services/device-trust-crypto.service.implementation";
+import { DevicesApiServiceImplementation } from "@bitwarden/common/auth/services/devices-api.service.implementation";
 import { KeyConnectorService } from "@bitwarden/common/auth/services/key-connector.service";
 import { LoginService } from "@bitwarden/common/auth/services/login.service";
+import { PasswordResetEnrollmentServiceImplementation } from "@bitwarden/common/auth/services/password-reset-enrollment.service.implementation";
 import { TokenService } from "@bitwarden/common/auth/services/token.service";
 import { TwoFactorService } from "@bitwarden/common/auth/services/two-factor.service";
 import { UserVerificationApiService } from "@bitwarden/common/auth/services/user-verification/user-verification-api.service";
@@ -95,8 +102,7 @@ import { AvatarUpdateService } from "@bitwarden/common/services/account/avatar-u
 import { AnonymousHubService } from "@bitwarden/common/services/anonymousHub.service";
 import { ApiService } from "@bitwarden/common/services/api.service";
 import { AuditService } from "@bitwarden/common/services/audit.service";
-import { DeviceCryptoService } from "@bitwarden/common/services/device-crypto.service.implementation";
-import { DevicesApiServiceImplementation } from "@bitwarden/common/services/devices/devices-api.service.implementation";
+import { DevicesServiceImplementation } from "@bitwarden/common/services/devices/devices.service.implementation";
 import { EventCollectionService } from "@bitwarden/common/services/event/event-collection.service";
 import { EventUploadService } from "@bitwarden/common/services/event/event-upload.service";
 import { NotificationsService } from "@bitwarden/common/services/notifications.service";
@@ -106,8 +112,8 @@ import { OrganizationUserServiceImplementation } from "@bitwarden/common/service
 import { SearchService } from "@bitwarden/common/services/search.service";
 import { SettingsService } from "@bitwarden/common/services/settings.service";
 import { TotpService } from "@bitwarden/common/services/totp.service";
-import { VaultTimeoutService } from "@bitwarden/common/services/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/services/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "@bitwarden/common/services/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService } from "@bitwarden/common/services/vault-timeout/vault-timeout.service";
 import {
   PasswordGenerationService,
   PasswordGenerationServiceAbstraction,
@@ -148,7 +154,6 @@ import {
 } from "@bitwarden/exporter/vault-export";
 
 import { AuthGuard } from "../auth/guards/auth.guard";
-import { LockGuard } from "../auth/guards/lock.guard";
 import { UnauthGuard } from "../auth/guards/unauth.guard";
 import { FormValidationErrorsService as FormValidationErrorsServiceAbstraction } from "../platform/abstractions/form-validation-errors.service";
 import { BroadcasterService } from "../platform/services/broadcaster.service";
@@ -176,7 +181,6 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction";
   providers: [
     AuthGuard,
     UnauthGuard,
-    LockGuard,
     ModalService,
     { provide: WINDOW, useValue: window },
     {
@@ -245,6 +249,8 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction";
         EncryptService,
         PasswordStrengthServiceAbstraction,
         PolicyServiceAbstraction,
+        DeviceTrustCryptoServiceAbstraction,
+        AuthRequestCryptoServiceAbstraction,
       ],
     },
     {
@@ -441,10 +447,11 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction";
         TokenServiceAbstraction,
         PolicyServiceAbstraction,
         StateServiceAbstraction,
+        UserVerificationServiceAbstraction,
       ],
     },
     {
-      provide: VaultTimeoutServiceAbstraction,
+      provide: VaultTimeoutService,
       useClass: VaultTimeoutService,
       deps: [
         CipherServiceAbstraction,
@@ -454,7 +461,6 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction";
         PlatformUtilsServiceAbstraction,
         MessagingServiceAbstraction,
         SearchServiceAbstraction,
-        KeyConnectorServiceAbstraction,
         StateServiceAbstraction,
         AuthServiceAbstraction,
         VaultTimeoutSettingsServiceAbstraction,
@@ -462,6 +468,10 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction";
         LOGOUT_CALLBACK,
       ],
     },
+    {
+      provide: VaultTimeoutServiceAbstraction,
+      useExisting: VaultTimeoutService,
+    },
     {
       provide: StateServiceAbstraction,
       useClass: StateService,
@@ -571,6 +581,7 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction";
       provide: UserVerificationServiceAbstraction,
       useClass: UserVerificationService,
       deps: [
+        StateServiceAbstraction,
         CryptoServiceAbstraction,
         I18nServiceAbstraction,
         UserVerificationApiServiceAbstraction,
@@ -591,6 +602,17 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction";
       useClass: OrganizationUserServiceImplementation,
       deps: [ApiServiceAbstraction],
     },
+    {
+      provide: PasswordResetEnrollmentServiceAbstraction,
+      useClass: PasswordResetEnrollmentServiceImplementation,
+      deps: [
+        OrganizationApiServiceAbstraction,
+        StateServiceAbstraction,
+        CryptoServiceAbstraction,
+        OrganizationUserService,
+        I18nServiceAbstraction,
+      ],
+    },
     {
       provide: ProviderServiceAbstraction,
       useClass: ProviderService,
@@ -677,8 +699,13 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction";
       deps: [ApiServiceAbstraction],
     },
     {
-      provide: DeviceCryptoServiceAbstraction,
-      useClass: DeviceCryptoService,
+      provide: DevicesServiceAbstraction,
+      useClass: DevicesServiceImplementation,
+      deps: [DevicesApiServiceAbstraction],
+    },
+    {
+      provide: DeviceTrustCryptoServiceAbstraction,
+      useClass: DeviceTrustCryptoService,
       deps: [
         CryptoFunctionServiceAbstraction,
         CryptoServiceAbstraction,
@@ -686,8 +713,15 @@ import { AbstractThemingService } from "./theming/theming.service.abstraction";
         StateServiceAbstraction,
         AppIdServiceAbstraction,
         DevicesApiServiceAbstraction,
+        I18nServiceAbstraction,
+        PlatformUtilsServiceAbstraction,
       ],
     },
+    {
+      provide: AuthRequestCryptoServiceAbstraction,
+      useClass: AuthRequestCryptoServiceImplementation,
+      deps: [CryptoServiceAbstraction],
+    },
   ],
 })
 export class JslibServicesModule {}
diff --git a/libs/angular/src/services/modal.service.ts b/libs/angular/src/services/modal.service.ts
index 18afcbbea84..ba461764ba8 100644
--- a/libs/angular/src/services/modal.service.ts
+++ b/libs/angular/src/services/modal.service.ts
@@ -21,6 +21,9 @@ export class ModalConfig<D = any> {
   replaceTopModal?: boolean;
 }
 
+/**
+ * @deprecated Use the Component Library's `DialogService` instead.
+ */
 @Injectable()
 export class ModalService {
   protected modalList: ComponentRef<DynamicModalComponent>[] = [];
@@ -50,7 +53,7 @@ export class ModalService {
   }
 
   /**
-   * @deprecated Use `dialogService.open` (in web) or `modalService.open` (in desktop/browser) instead.
+   * @deprecated Use `dialogService.open` instead.
    * If replacing an existing call to this method, also remove any `@ViewChild` and `<ng-template>` associated with the
    * existing usage.
    */
diff --git a/libs/angular/src/tools/export/components/export.component.ts b/libs/angular/src/tools/export/components/export.component.ts
index 595a6ebdfdd..9d782d2822d 100644
--- a/libs/angular/src/tools/export/components/export.component.ts
+++ b/libs/angular/src/tools/export/components/export.component.ts
@@ -12,10 +12,9 @@ import { FileDownloadService } from "@bitwarden/common/platform/abstractions/fil
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { DialogService } from "@bitwarden/components";
 import { VaultExportServiceAbstraction } from "@bitwarden/exporter/vault-export";
 
-import { DialogServiceAbstraction, SimpleDialogType } from "../../../services/dialog";
-
 @Directive()
 export class ExportComponent implements OnInit, OnDestroy {
   @Output() onSaved = new EventEmitter();
@@ -55,7 +54,7 @@ export class ExportComponent implements OnInit, OnDestroy {
     private userVerificationService: UserVerificationService,
     private formBuilder: UntypedFormBuilder,
     protected fileDownloadService: FileDownloadService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -135,14 +134,14 @@ export class ExportComponent implements OnInit, OnDestroy {
           " " +
           this.i18nService.t("encExportAccountWarningDesc"),
         acceptButtonText: { key: "exportVault" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
     } else {
       return await this.dialogService.openSimpleDialog({
         title: { key: "confirmVaultExport" },
         content: { key: "exportWarningDesc" },
         acceptButtonText: { key: "exportVault" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
     }
   }
diff --git a/libs/angular/src/tools/send/add-edit.component.ts b/libs/angular/src/tools/send/add-edit.component.ts
index 8551a2067c6..bcb73185670 100644
--- a/libs/angular/src/tools/send/add-edit.component.ts
+++ b/libs/angular/src/tools/send/add-edit.component.ts
@@ -18,8 +18,7 @@ import { SendTextView } from "@bitwarden/common/tools/send/models/view/send-text
 import { SendView } from "@bitwarden/common/tools/send/models/view/send.view";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
-
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 @Directive()
 export class AddEditComponent implements OnInit, OnDestroy {
@@ -63,7 +62,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     private logService: LogService,
     protected stateService: StateService,
     protected sendApiService: SendApiService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {
     this.typeOptions = [
       { name: i18nService.t("sendTypeFile"), value: SendType.File },
@@ -236,7 +235,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "deleteSend" },
       content: { key: "deleteSendConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -314,7 +313,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
         content: { key: this.editMode ? "editedSend" : "createdSend" },
         acceptButtonText: { key: "ok" },
         cancelButtonText: null,
-        type: SimpleDialogType.SUCCESS,
+        type: "success",
       });
 
       await this.copyLinkToClipboard(this.link);
diff --git a/libs/angular/src/tools/send/send.component.ts b/libs/angular/src/tools/send/send.component.ts
index 6064c09ad29..4669f5ccf4d 100644
--- a/libs/angular/src/tools/send/send.component.ts
+++ b/libs/angular/src/tools/send/send.component.ts
@@ -12,8 +12,7 @@ import { SendType } from "@bitwarden/common/tools/send/enums/send-type";
 import { SendView } from "@bitwarden/common/tools/send/models/view/send.view";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
-
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 @Directive()
 export class SendComponent implements OnInit, OnDestroy {
@@ -59,7 +58,7 @@ export class SendComponent implements OnInit, OnDestroy {
     protected policyService: PolicyService,
     private logService: LogService,
     protected sendApiService: SendApiService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -139,7 +138,7 @@ export class SendComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "removePassword" },
       content: { key: "removePasswordConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -170,7 +169,7 @@ export class SendComponent implements OnInit, OnDestroy {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "deleteSend" },
       content: { key: "deleteSendConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts
index df4963c7722..cab452ff77e 100644
--- a/libs/angular/src/vault/components/add-edit.component.ts
+++ b/libs/angular/src/vault/components/add-edit.component.ts
@@ -33,8 +33,7 @@ import { IdentityView } from "@bitwarden/common/vault/models/view/identity.view"
 import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view";
 import { LoginView } from "@bitwarden/common/vault/models/view/login.view";
 import { SecureNoteView } from "@bitwarden/common/vault/models/view/secure-note.view";
-
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 @Directive()
 export class AddEditComponent implements OnInit, OnDestroy {
@@ -101,7 +100,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
     protected passwordRepromptService: PasswordRepromptService,
     private organizationService: OrganizationService,
     protected sendApiService: SendApiService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {
     this.typeOptions = [
       { name: i18nService.t("typeLogin"), value: CipherType.Login },
@@ -406,7 +405,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
       content: {
         key: this.cipher.isDeleted ? "permanentlyDeleteItemConfirmation" : "deleteItemConfirmation",
       },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -437,16 +436,6 @@ export class AddEditComponent implements OnInit, OnDestroy {
       return false;
     }
 
-    const confirmed = await this.dialogService.openSimpleDialog({
-      title: { key: "restoreItem" },
-      content: { key: "restoreItemConfirmation" },
-      type: SimpleDialogType.WARNING,
-    });
-
-    if (!confirmed) {
-      return false;
-    }
-
     try {
       this.restorePromise = this.restoreCipher();
       await this.restorePromise;
@@ -465,7 +454,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
       const confirmed = await this.dialogService.openSimpleDialog({
         title: { key: "overwriteUsername" },
         content: { key: "overwriteUsernameConfirmation" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!confirmed) {
@@ -482,7 +471,7 @@ export class AddEditComponent implements OnInit, OnDestroy {
       const confirmed = await this.dialogService.openSimpleDialog({
         title: { key: "overwritePassword" },
         content: { key: "overwritePasswordConfirmation" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (!confirmed) {
diff --git a/libs/angular/src/vault/components/attachments.component.ts b/libs/angular/src/vault/components/attachments.component.ts
index e4daf6e37f3..164735e6f3f 100644
--- a/libs/angular/src/vault/components/attachments.component.ts
+++ b/libs/angular/src/vault/components/attachments.component.ts
@@ -13,8 +13,7 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
 import { AttachmentView } from "@bitwarden/common/vault/models/view/attachment.view";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
-
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 @Directive()
 export class AttachmentsComponent implements OnInit {
@@ -43,7 +42,7 @@ export class AttachmentsComponent implements OnInit {
     protected logService: LogService,
     protected stateService: StateService,
     protected fileDownloadService: FileDownloadService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {}
 
   async ngOnInit() {
@@ -106,7 +105,7 @@ export class AttachmentsComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "deleteAttachment" },
       content: { key: "deleteAttachmentConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -192,7 +191,7 @@ export class AttachmentsComponent implements OnInit {
     this.cipherDomain = await this.loadCipher();
     this.cipher = await this.cipherDomain.decrypt();
 
-    this.hasUpdatedKey = await this.cryptoService.hasEncKey();
+    this.hasUpdatedKey = await this.cryptoService.hasUserKey();
     const canAccessPremium = await this.stateService.getCanAccessPremium();
     this.canAccessAttachments = canAccessPremium || this.cipher.organizationId != null;
 
@@ -201,7 +200,7 @@ export class AttachmentsComponent implements OnInit {
         title: { key: "premiumRequired" },
         content: { key: "premiumRequiredDesc" },
         acceptButtonText: { key: "learnMore" },
-        type: SimpleDialogType.SUCCESS,
+        type: "success",
       });
 
       if (confirmed) {
@@ -212,7 +211,7 @@ export class AttachmentsComponent implements OnInit {
         title: { key: "featureUnavailable" },
         content: { key: "updateKey" },
         acceptButtonText: { key: "learnMore" },
-        type: SimpleDialogType.WARNING,
+        type: "warning",
       });
 
       if (confirmed) {
diff --git a/libs/angular/src/vault/components/folder-add-edit.component.ts b/libs/angular/src/vault/components/folder-add-edit.component.ts
index 5e2f956d767..194d927ad1c 100644
--- a/libs/angular/src/vault/components/folder-add-edit.component.ts
+++ b/libs/angular/src/vault/components/folder-add-edit.component.ts
@@ -7,8 +7,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { FolderApiServiceAbstraction } from "@bitwarden/common/vault/abstractions/folder/folder-api.service.abstraction";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
-
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 @Directive()
 export class FolderAddEditComponent implements OnInit {
@@ -33,7 +32,7 @@ export class FolderAddEditComponent implements OnInit {
     protected i18nService: I18nService,
     protected platformUtilsService: PlatformUtilsService,
     protected logService: LogService,
-    protected dialogService: DialogServiceAbstraction,
+    protected dialogService: DialogService,
     protected formBuilder: FormBuilder
   ) {}
 
@@ -74,7 +73,7 @@ export class FolderAddEditComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "deleteFolder" },
       content: { key: "deleteFolderConfirmation" },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
diff --git a/libs/angular/src/vault/components/icon.component.ts b/libs/angular/src/vault/components/icon.component.ts
index a0c0ae8eee1..57ce74a94ae 100644
--- a/libs/angular/src/vault/components/icon.component.ts
+++ b/libs/angular/src/vault/components/icon.component.ts
@@ -97,7 +97,7 @@ export class IconComponent implements OnInit {
                   fallbackImage =
                     cipher.type === CipherType.Login
                       ? "images/bwi-globe.png"
-                      : "images/bwi-passkey";
+                      : "images/bwi-passkey.png";
                 } catch (e) {
                   // Ignore error since the fallback icon will be shown if image is null.
                 }
diff --git a/libs/angular/src/vault/components/premium.component.ts b/libs/angular/src/vault/components/premium.component.ts
index b13cfa428d3..7e5deaf2cf6 100644
--- a/libs/angular/src/vault/components/premium.component.ts
+++ b/libs/angular/src/vault/components/premium.component.ts
@@ -6,8 +6,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 @Directive()
 export class PremiumComponent implements OnInit {
@@ -22,7 +21,7 @@ export class PremiumComponent implements OnInit {
     protected apiService: ApiService,
     private logService: LogService,
     protected stateService: StateService,
-    protected dialogService: DialogServiceAbstraction,
+    protected dialogService: DialogService,
     private environmentService: EnvironmentService
   ) {
     this.cloudWebVaultUrl = this.environmentService.getCloudWebVaultUrl();
@@ -47,7 +46,7 @@ export class PremiumComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "premiumPurchase" },
       content: { key: "premiumPurchaseAlert" },
-      type: SimpleDialogType.INFO,
+      type: "info",
     });
 
     if (confirmed) {
@@ -59,7 +58,7 @@ export class PremiumComponent implements OnInit {
     const confirmed = await this.dialogService.openSimpleDialog({
       title: { key: "premiumManage" },
       content: { key: "premiumManageAlert" },
-      type: SimpleDialogType.INFO,
+      type: "info",
     });
 
     if (confirmed) {
diff --git a/libs/angular/src/vault/components/view.component.ts b/libs/angular/src/vault/components/view.component.ts
index 5e0a656d435..53e3e840afc 100644
--- a/libs/angular/src/vault/components/view.component.ts
+++ b/libs/angular/src/vault/components/view.component.ts
@@ -34,8 +34,7 @@ import { Launchable } from "@bitwarden/common/vault/interfaces/launchable";
 import { AttachmentView } from "@bitwarden/common/vault/models/view/attachment.view";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
-
-import { DialogServiceAbstraction, SimpleDialogType } from "../../services/dialog";
+import { DialogService } from "@bitwarden/components";
 
 const BroadcasterSubscriptionId = "ViewComponent";
 
@@ -88,7 +87,7 @@ export class ViewComponent implements OnDestroy, OnInit {
     private logService: LogService,
     protected stateService: StateService,
     protected fileDownloadService: FileDownloadService,
-    protected dialogService: DialogServiceAbstraction
+    protected dialogService: DialogService
   ) {}
 
   ngOnInit() {
@@ -160,7 +159,7 @@ export class ViewComponent implements OnDestroy, OnInit {
       const confirmed = await this.dialogService.openSimpleDialog({
         title: { key: "passkeyNotCopied" },
         content: { key: "passkeyNotCopiedAlert" },
-        type: SimpleDialogType.INFO,
+        type: "info",
       });
 
       if (!confirmed) {
@@ -195,7 +194,7 @@ export class ViewComponent implements OnDestroy, OnInit {
       content: {
         key: this.cipher.isDeleted ? "permanentlyDeleteItemConfirmation" : "deleteItemConfirmation",
       },
-      type: SimpleDialogType.WARNING,
+      type: "warning",
     });
 
     if (!confirmed) {
@@ -222,16 +221,6 @@ export class ViewComponent implements OnDestroy, OnInit {
       return false;
     }
 
-    const confirmed = await this.dialogService.openSimpleDialog({
-      title: { key: "restoreItem" },
-      content: { key: "restoreItemConfirmation" },
-      type: SimpleDialogType.WARNING,
-    });
-
-    if (!confirmed) {
-      return false;
-    }
-
     try {
       await this.restoreCipher();
       this.platformUtilsService.showToast("success", null, this.i18nService.t("restoredItem"));
diff --git a/libs/angular/src/vault/services/password-reprompt.service.spec.ts b/libs/angular/src/vault/services/password-reprompt.service.spec.ts
new file mode 100644
index 00000000000..f2fb64bac3a
--- /dev/null
+++ b/libs/angular/src/vault/services/password-reprompt.service.spec.ts
@@ -0,0 +1,34 @@
+import { MockProxy, mock } from "jest-mock-extended";
+
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
+
+import { ModalService } from "../../services/modal.service";
+
+import { PasswordRepromptService } from "./password-reprompt.service";
+
+describe("PasswordRepromptService", () => {
+  let passwordRepromptService: PasswordRepromptService;
+
+  let userVerificationService: MockProxy<UserVerificationService>;
+  let modalService: MockProxy<ModalService>;
+
+  beforeEach(() => {
+    modalService = mock<ModalService>();
+    userVerificationService = mock<UserVerificationService>();
+
+    passwordRepromptService = new PasswordRepromptService(modalService, userVerificationService);
+  });
+
+  describe("enabled()", () => {
+    it("returns false if a user does not have a master password", async () => {
+      userVerificationService.hasMasterPasswordAndMasterKeyHash.mockResolvedValue(false);
+
+      expect(await passwordRepromptService.enabled()).toBe(false);
+    });
+    it("returns true if the user has a master password", async () => {
+      userVerificationService.hasMasterPasswordAndMasterKeyHash.mockResolvedValue(true);
+
+      expect(await passwordRepromptService.enabled()).toBe(true);
+    });
+  });
+});
diff --git a/libs/angular/src/vault/services/password-reprompt.service.ts b/libs/angular/src/vault/services/password-reprompt.service.ts
index 0bd945001c1..7a06771a456 100644
--- a/libs/angular/src/vault/services/password-reprompt.service.ts
+++ b/libs/angular/src/vault/services/password-reprompt.service.ts
@@ -1,6 +1,6 @@
 import { Injectable } from "@angular/core";
 
-import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { PasswordRepromptService as PasswordRepromptServiceAbstraction } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
 
 import { ModalService } from "../../services/modal.service";
@@ -16,7 +16,7 @@ export class PasswordRepromptService implements PasswordRepromptServiceAbstracti
 
   constructor(
     private modalService: ModalService,
-    private keyConnectorService: KeyConnectorService
+    private userVerificationService: UserVerificationService
   ) {}
 
   protectedFields() {
@@ -39,6 +39,6 @@ export class PasswordRepromptService implements PasswordRepromptServiceAbstracti
   }
 
   async enabled() {
-    return !(await this.keyConnectorService.getUsesKeyConnector());
+    return await this.userVerificationService.hasMasterPasswordAndMasterKeyHash();
   }
 }
diff --git a/libs/common/src/abstractions/api.service.ts b/libs/common/src/abstractions/api.service.ts
index 51027b34053..c51ffd3d3cb 100644
--- a/libs/common/src/abstractions/api.service.ts
+++ b/libs/common/src/abstractions/api.service.ts
@@ -200,6 +200,7 @@ export abstract class ApiService {
   postConvertToKeyConnector: () => Promise<void>;
   //passwordless
   postAuthRequest: (request: PasswordlessCreateAuthRequest) => Promise<AuthRequestResponse>;
+  postAdminAuthRequest: (request: PasswordlessCreateAuthRequest) => Promise<AuthRequestResponse>;
   getAuthResponse: (id: string, accessCode: string) => Promise<AuthRequestResponse>;
   getAuthRequest: (id: string) => Promise<AuthRequestResponse>;
   putAuthRequest: (id: string, request: PasswordlessAuthRequest) => Promise<AuthRequestResponse>;
@@ -523,7 +524,7 @@ export abstract class ApiService {
   ) => Promise<void>;
   postResendSponsorshipOffer: (sponsoringOrgId: string) => Promise<void>;
 
-  getUserKeyFromKeyConnector: (keyConnectorUrl: string) => Promise<KeyConnectorUserKeyResponse>;
+  getMasterKeyFromKeyConnector: (keyConnectorUrl: string) => Promise<KeyConnectorUserKeyResponse>;
   postUserKeyToKeyConnector: (
     keyConnectorUrl: string,
     request: KeyConnectorUserKeyRequest
diff --git a/libs/common/src/abstractions/device-crypto.service.abstraction.ts b/libs/common/src/abstractions/device-crypto.service.abstraction.ts
deleted file mode 100644
index f720ade9a2d..00000000000
--- a/libs/common/src/abstractions/device-crypto.service.abstraction.ts
+++ /dev/null
@@ -1,8 +0,0 @@
-import { DeviceKey } from "../platform/models/domain/symmetric-crypto-key";
-
-import { DeviceResponse } from "./devices/responses/device.response";
-
-export abstract class DeviceCryptoServiceAbstraction {
-  trustDevice: () => Promise<DeviceResponse>;
-  getDeviceKey: () => Promise<DeviceKey>;
-}
diff --git a/libs/common/src/abstractions/devices/devices-api.service.abstraction.ts b/libs/common/src/abstractions/devices/devices-api.service.abstraction.ts
deleted file mode 100644
index 345b728977e..00000000000
--- a/libs/common/src/abstractions/devices/devices-api.service.abstraction.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import { DeviceResponse } from "./responses/device.response";
-
-export abstract class DevicesApiServiceAbstraction {
-  getKnownDevice: (email: string, deviceIdentifier: string) => Promise<boolean>;
-
-  getDeviceByIdentifier: (deviceIdentifier: string) => Promise<DeviceResponse>;
-
-  updateTrustedDeviceKeys: (
-    deviceIdentifier: string,
-    devicePublicKeyEncryptedUserSymKey: string,
-    userSymKeyEncryptedDevicePublicKey: string,
-    deviceKeyEncryptedDevicePrivateKey: string
-  ) => Promise<DeviceResponse>;
-}
diff --git a/libs/common/src/abstractions/devices/devices.service.abstraction.ts b/libs/common/src/abstractions/devices/devices.service.abstraction.ts
new file mode 100644
index 00000000000..ca803f92422
--- /dev/null
+++ b/libs/common/src/abstractions/devices/devices.service.abstraction.ts
@@ -0,0 +1,15 @@
+import { Observable } from "rxjs";
+
+import { DeviceView } from "./views/device.view";
+
+export abstract class DevicesServiceAbstraction {
+  getDevices$: () => Observable<Array<DeviceView>>;
+  getDeviceByIdentifier$: (deviceIdentifier: string) => Observable<DeviceView>;
+  isDeviceKnownForUser$: (email: string, deviceIdentifier: string) => Observable<boolean>;
+  updateTrustedDeviceKeys$: (
+    deviceIdentifier: string,
+    devicePublicKeyEncryptedUserKey: string,
+    userKeyEncryptedDevicePublicKey: string,
+    deviceKeyEncryptedDevicePrivateKey: string
+  ) => Observable<DeviceView>;
+}
diff --git a/libs/common/src/abstractions/devices/responses/device.response.ts b/libs/common/src/abstractions/devices/responses/device.response.ts
index 331df2e16cd..46874027cda 100644
--- a/libs/common/src/abstractions/devices/responses/device.response.ts
+++ b/libs/common/src/abstractions/devices/responses/device.response.ts
@@ -3,23 +3,20 @@ import { BaseResponse } from "../../../models/response/base.response";
 
 export class DeviceResponse extends BaseResponse {
   id: string;
-  name: number;
+  userId: string;
+  name: string;
   identifier: string;
   type: DeviceType;
   creationDate: string;
-  encryptedUserKey: string;
-  encryptedPublicKey: string;
-  encryptedPrivateKey: string;
-
+  revisionDate: string;
   constructor(response: any) {
     super(response);
     this.id = this.getResponseProperty("Id");
+    this.userId = this.getResponseProperty("UserId");
     this.name = this.getResponseProperty("Name");
     this.identifier = this.getResponseProperty("Identifier");
     this.type = this.getResponseProperty("Type");
     this.creationDate = this.getResponseProperty("CreationDate");
-    this.encryptedUserKey = this.getResponseProperty("EncryptedUserKey");
-    this.encryptedPublicKey = this.getResponseProperty("EncryptedPublicKey");
-    this.encryptedPrivateKey = this.getResponseProperty("EncryptedPrivateKey");
+    this.revisionDate = this.getResponseProperty("RevisionDate");
   }
 }
diff --git a/libs/common/src/abstractions/devices/views/device.view.ts b/libs/common/src/abstractions/devices/views/device.view.ts
new file mode 100644
index 00000000000..5438aa4de1b
--- /dev/null
+++ b/libs/common/src/abstractions/devices/views/device.view.ts
@@ -0,0 +1,17 @@
+import { DeviceType } from "../../../enums";
+import { View } from "../../../models/view/view";
+import { DeviceResponse } from "../responses/device.response";
+
+export class DeviceView implements View {
+  id: string;
+  userId: string;
+  name: string;
+  identifier: string;
+  type: DeviceType;
+  creationDate: string;
+  revisionDate: string;
+
+  constructor(deviceResponse: DeviceResponse) {
+    Object.assign(this, deviceResponse);
+  }
+}
diff --git a/libs/common/src/abstractions/vault-timeout/vault-timeout-settings.service.ts b/libs/common/src/abstractions/vault-timeout/vault-timeout-settings.service.ts
new file mode 100644
index 00000000000..3f0e7ae98a4
--- /dev/null
+++ b/libs/common/src/abstractions/vault-timeout/vault-timeout-settings.service.ts
@@ -0,0 +1,56 @@
+import { Observable } from "rxjs";
+
+import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum";
+import { PinLockType } from "../../services/vault-timeout/vault-timeout-settings.service";
+
+export abstract class VaultTimeoutSettingsService {
+  /**
+   * Set the vault timeout options for the user
+   * @param vaultTimeout The vault timeout in minutes
+   * @param vaultTimeoutAction The vault timeout action
+   * @param userId The user id to set. If not provided, the current user is used
+   */
+  setVaultTimeoutOptions: (
+    vaultTimeout: number,
+    vaultTimeoutAction: VaultTimeoutAction
+  ) => Promise<void>;
+
+  /**
+   * Get the available vault timeout actions for the current user
+   *
+   * **NOTE:** This observable is not yet connected to the state service, so it will not update when the state changes
+   * @param userId The user id to check. If not provided, the current user is used
+   */
+  availableVaultTimeoutActions$: (userId?: string) => Observable<VaultTimeoutAction[]>;
+
+  /**
+   * Get the current vault timeout action for the user. This is not the same as the current state, it is
+   * calculated based on the current state, the user's policy, and the user's available unlock methods.
+   */
+  getVaultTimeout: (userId?: string) => Promise<number>;
+
+  /**
+   * Observe the vault timeout action for the user. This is calculated based on users preferred lock action saved in the state,
+   * the user's policy, and the user's available unlock methods.
+   *
+   * **NOTE:** This observable is not yet connected to the state service, so it will not update when the state changes
+   * @param userId The user id to check. If not provided, the current user is used
+   */
+  vaultTimeoutAction$: (userId?: string) => Observable<VaultTimeoutAction>;
+
+  /**
+   * Has the user enabled unlock with Pin.
+   * @param userId The user id to check. If not provided, the current user is used
+   * @returns PinLockType
+   */
+  isPinLockSet: (userId?: string) => Promise<PinLockType>;
+
+  /**
+   * Has the user enabled unlock with Biometric.
+   * @param userId The user id to check. If not provided, the current user is used
+   * @returns boolean true if biometric lock is set
+   */
+  isBiometricLockSet: (userId?: string) => Promise<boolean>;
+
+  clear: (userId?: string) => Promise<void>;
+}
diff --git a/libs/common/src/abstractions/vaultTimeout/vaultTimeout.service.ts b/libs/common/src/abstractions/vault-timeout/vault-timeout.service.ts
similarity index 100%
rename from libs/common/src/abstractions/vaultTimeout/vaultTimeout.service.ts
rename to libs/common/src/abstractions/vault-timeout/vault-timeout.service.ts
diff --git a/libs/common/src/abstractions/vaultTimeout/vaultTimeoutSettings.service.ts b/libs/common/src/abstractions/vaultTimeout/vaultTimeoutSettings.service.ts
deleted file mode 100644
index 03f89b0476f..00000000000
--- a/libs/common/src/abstractions/vaultTimeout/vaultTimeoutSettings.service.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum";
-
-export abstract class VaultTimeoutSettingsService {
-  setVaultTimeoutOptions: (
-    vaultTimeout: number,
-    vaultTimeoutAction: VaultTimeoutAction
-  ) => Promise<void>;
-  getVaultTimeout: (userId?: string) => Promise<number>;
-  getVaultTimeoutAction: (userId?: string) => Promise<VaultTimeoutAction>;
-  isPinLockSet: () => Promise<[boolean, boolean]>;
-  isBiometricLockSet: () => Promise<boolean>;
-  clear: (userId?: string) => Promise<void>;
-}
diff --git a/libs/common/src/auth/abstractions/auth-request-crypto.service.abstraction.ts b/libs/common/src/auth/abstractions/auth-request-crypto.service.abstraction.ts
new file mode 100644
index 00000000000..f18c8d45ba6
--- /dev/null
+++ b/libs/common/src/auth/abstractions/auth-request-crypto.service.abstraction.ts
@@ -0,0 +1,24 @@
+import { UserKey, MasterKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { AuthRequestResponse } from "../models/response/auth-request.response";
+
+export abstract class AuthRequestCryptoServiceAbstraction {
+  setUserKeyAfterDecryptingSharedUserKey: (
+    authReqResponse: AuthRequestResponse,
+    authReqPrivateKey: ArrayBuffer
+  ) => Promise<void>;
+  setKeysAfterDecryptingSharedMasterKeyAndHash: (
+    authReqResponse: AuthRequestResponse,
+    authReqPrivateKey: ArrayBuffer
+  ) => Promise<void>;
+
+  decryptPubKeyEncryptedUserKey: (
+    pubKeyEncryptedUserKey: string,
+    privateKey: ArrayBuffer
+  ) => Promise<UserKey>;
+
+  decryptPubKeyEncryptedMasterKeyAndHash: (
+    pubKeyEncryptedMasterKey: string,
+    pubKeyEncryptedMasterKeyHash: string,
+    privateKey: ArrayBuffer
+  ) => Promise<{ masterKey: MasterKey; masterKeyHash: string }>;
+}
diff --git a/libs/common/src/auth/abstractions/auth.service.ts b/libs/common/src/auth/abstractions/auth.service.ts
index 231521382fe..b6978c54c5b 100644
--- a/libs/common/src/auth/abstractions/auth.service.ts
+++ b/libs/common/src/auth/abstractions/auth.service.ts
@@ -1,7 +1,7 @@
 import { Observable } from "rxjs";
 
 import { AuthRequestPushNotification } from "../../models/response/notification.response";
-import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { MasterKey } from "../../platform/models/domain/symmetric-crypto-key";
 import { AuthenticationStatus } from "../enums/authentication-status";
 import { AuthResult } from "../models/domain/auth-result";
 import {
@@ -32,7 +32,7 @@ export abstract class AuthService {
     captchaResponse: string
   ) => Promise<AuthResult>;
   logOut: (callback: () => void) => void;
-  makePreloginKey: (masterPassword: string, email: string) => Promise<SymmetricCryptoKey>;
+  makePreloginKey: (masterPassword: string, email: string) => Promise<MasterKey>;
   authingWithUserApiKey: () => boolean;
   authingWithSso: () => boolean;
   authingWithPassword: () => boolean;
diff --git a/libs/common/src/auth/abstractions/device-trust-crypto.service.abstraction.ts b/libs/common/src/auth/abstractions/device-trust-crypto.service.abstraction.ts
new file mode 100644
index 00000000000..c30a567681b
--- /dev/null
+++ b/libs/common/src/auth/abstractions/device-trust-crypto.service.abstraction.ts
@@ -0,0 +1,25 @@
+import { DeviceResponse } from "../../abstractions/devices/responses/device.response";
+import { EncString } from "../../platform/models/domain/enc-string";
+import { DeviceKey, UserKey } from "../../platform/models/domain/symmetric-crypto-key";
+
+export abstract class DeviceTrustCryptoServiceAbstraction {
+  /**
+   * @description Retrieves the users choice to trust the device which can only happen after decryption
+   * Note: this value should only be used once and then reset
+   */
+  getShouldTrustDevice: () => Promise<boolean | null>;
+  setShouldTrustDevice: (value: boolean) => Promise<void>;
+
+  trustDeviceIfRequired: () => Promise<void>;
+
+  trustDevice: () => Promise<DeviceResponse>;
+  getDeviceKey: () => Promise<DeviceKey>;
+  decryptUserKeyWithDeviceKey: (
+    encryptedDevicePrivateKey: EncString,
+    encryptedUserKey: EncString,
+    deviceKey?: DeviceKey
+  ) => Promise<UserKey | null>;
+  rotateDevicesTrust: (newUserKey: UserKey, masterPasswordHash: string) => Promise<void>;
+
+  supportsDeviceTrust: () => Promise<boolean>;
+}
diff --git a/libs/common/src/auth/abstractions/devices-api.service.abstraction.ts b/libs/common/src/auth/abstractions/devices-api.service.abstraction.ts
new file mode 100644
index 00000000000..1bf0385ba1d
--- /dev/null
+++ b/libs/common/src/auth/abstractions/devices-api.service.abstraction.ts
@@ -0,0 +1,27 @@
+import { DeviceResponse } from "../../abstractions/devices/responses/device.response";
+import { ListResponse } from "../../models/response/list.response";
+import { SecretVerificationRequest } from "../models/request/secret-verification.request";
+import { UpdateDevicesTrustRequest } from "../models/request/update-devices-trust.request";
+import { ProtectedDeviceResponse } from "../models/response/protected-device.response";
+
+export abstract class DevicesApiServiceAbstraction {
+  getKnownDevice: (email: string, deviceIdentifier: string) => Promise<boolean>;
+
+  getDeviceByIdentifier: (deviceIdentifier: string) => Promise<DeviceResponse>;
+
+  getDevices: () => Promise<ListResponse<DeviceResponse>>;
+
+  updateTrustedDeviceKeys: (
+    deviceIdentifier: string,
+    devicePublicKeyEncryptedUserKey: string,
+    userKeyEncryptedDevicePublicKey: string,
+    deviceKeyEncryptedDevicePrivateKey: string
+  ) => Promise<DeviceResponse>;
+
+  updateTrust: (updateDevicesTrustRequestModel: UpdateDevicesTrustRequest) => Promise<void>;
+
+  getDeviceKeys: (
+    deviceIdentifier: string,
+    secretVerificationRequest: SecretVerificationRequest
+  ) => Promise<ProtectedDeviceResponse>;
+}
diff --git a/libs/common/src/auth/abstractions/key-connector.service.ts b/libs/common/src/auth/abstractions/key-connector.service.ts
index 0c4426a6838..0722c89db95 100644
--- a/libs/common/src/auth/abstractions/key-connector.service.ts
+++ b/libs/common/src/auth/abstractions/key-connector.service.ts
@@ -2,7 +2,7 @@ import { Organization } from "../../admin-console/models/domain/organization";
 import { IdentityTokenResponse } from "../models/response/identity-token.response";
 
 export abstract class KeyConnectorService {
-  getAndSetKey: (url?: string) => Promise<void>;
+  setMasterKeyFromUrl: (url?: string) => Promise<void>;
   getManagingOrganization: () => Promise<Organization>;
   getUsesKeyConnector: () => Promise<boolean>;
   migrateUser: () => Promise<void>;
diff --git a/libs/common/src/auth/abstractions/password-reset-enrollment.service.abstraction.ts b/libs/common/src/auth/abstractions/password-reset-enrollment.service.abstraction.ts
new file mode 100644
index 00000000000..ccfe0d645c7
--- /dev/null
+++ b/libs/common/src/auth/abstractions/password-reset-enrollment.service.abstraction.ts
@@ -0,0 +1,26 @@
+import { UserKey } from "../../platform/models/domain/symmetric-crypto-key";
+
+export abstract class PasswordResetEnrollmentServiceAbstraction {
+  /*
+   * Checks the user's enrollment status and enrolls them if required
+   */
+  abstract enrollIfRequired(organizationSsoIdentifier: string): Promise<void>;
+
+  /**
+   * Enroll current user in password reset
+   * @param organizationId - Organization in which to enroll the user
+   * @returns Promise that resolves when the user is enrolled
+   * @throws Error if the action fails
+   */
+  abstract enroll(organizationId: string): Promise<void>;
+
+  /**
+   * Enroll user in password reset
+   * @param organizationId - Organization in which to enroll the user
+   * @param userId - User to enroll
+   * @param userKey - User's symmetric key
+   * @returns Promise that resolves when the user is enrolled
+   * @throws Error if the action fails
+   */
+  abstract enroll(organizationId: string, userId: string, userKey: UserKey): Promise<void>;
+}
diff --git a/libs/common/src/auth/abstractions/user-verification/user-verification.service.abstraction.ts b/libs/common/src/auth/abstractions/user-verification/user-verification.service.abstraction.ts
index 09e40634344..46b8d753c97 100644
--- a/libs/common/src/auth/abstractions/user-verification/user-verification.service.abstraction.ts
+++ b/libs/common/src/auth/abstractions/user-verification/user-verification.service.abstraction.ts
@@ -9,4 +9,16 @@ export abstract class UserVerificationService {
   ) => Promise<T>;
   verifyUser: (verification: Verification) => Promise<boolean>;
   requestOTP: () => Promise<void>;
+  /**
+   * Check if user has master password or only uses passwordless technologies to log in
+   * @param userId The user id to check. If not provided, the current user is used
+   * @returns True if the user has a master password
+   */
+  hasMasterPassword: (userId?: string) => Promise<boolean>;
+  /**
+   * Check if the user has a master password and has used it during their current session
+   * @param userId The user id to check. If not provided, the current user id used
+   * @returns True if the user has a master password and has used it in the current session
+   */
+  hasMasterPasswordAndMasterKeyHash: (userId?: string) => Promise<boolean>;
 }
diff --git a/libs/common/src/auth/enums/auth-request-type.ts b/libs/common/src/auth/enums/auth-request-type.ts
index 4edfa5b8889..31db2467861 100644
--- a/libs/common/src/auth/enums/auth-request-type.ts
+++ b/libs/common/src/auth/enums/auth-request-type.ts
@@ -1,4 +1,5 @@
 export enum AuthRequestType {
   AuthenticateAndUnlock = 0,
   Unlock = 1,
+  AdminApproval = 2,
 }
diff --git a/libs/common/src/auth/login-strategies/login.strategy.spec.ts b/libs/common/src/auth/login-strategies/login.strategy.spec.ts
index ed958af6c7d..f7128b35dfb 100644
--- a/libs/common/src/auth/login-strategies/login.strategy.spec.ts
+++ b/libs/common/src/auth/login-strategies/login.strategy.spec.ts
@@ -9,12 +9,25 @@ import { MessagingService } from "../../platform/abstractions/messaging.service"
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
 import { StateService } from "../../platform/abstractions/state.service";
 import { Utils } from "../../platform/misc/utils";
-import { Account, AccountProfile, AccountTokens } from "../../platform/models/domain/account";
+import {
+  Account,
+  AccountDecryptionOptions,
+  AccountKeys,
+  AccountProfile,
+  AccountTokens,
+} from "../../platform/models/domain/account";
 import { EncString } from "../../platform/models/domain/enc-string";
+import {
+  DeviceKey,
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
 import {
   PasswordStrengthService,
   PasswordStrengthServiceAbstraction,
 } from "../../tools/password-strength";
+import { CsprngArray } from "../../types/csprng";
 import { AuthService } from "../abstractions/auth.service";
 import { TokenService } from "../abstractions/token.service";
 import { TwoFactorService } from "../abstractions/two-factor.service";
@@ -28,6 +41,10 @@ import { IdentityCaptchaResponse } from "../models/response/identity-captcha.res
 import { IdentityTokenResponse } from "../models/response/identity-token.response";
 import { IdentityTwoFactorResponse } from "../models/response/identity-two-factor.response";
 import { MasterPasswordPolicyResponse } from "../models/response/master-password-policy.response";
+import {
+  IUserDecryptionOptionsServerResponse,
+  UserDecryptionOptionsResponse,
+} from "../models/response/user-decryption-options/user-decryption-options.response";
 
 import { PasswordLogInStrategy } from "./password-login.strategy";
 
@@ -37,7 +54,7 @@ const masterPassword = "password";
 const deviceId = Utils.newGuid();
 const accessToken = "ACCESS_TOKEN";
 const refreshToken = "REFRESH_TOKEN";
-const encKey = "ENC_KEY";
+const userKey = "USER_KEY";
 const privateKey = "PRIVATE_KEY";
 const captchaSiteKey = "CAPTCHA_SITE_KEY";
 const kdf = 0;
@@ -45,6 +62,13 @@ const kdfIterations = 10000;
 const userId = Utils.newGuid();
 const masterPasswordHash = "MASTER_PASSWORD_HASH";
 const name = "NAME";
+const defaultUserDecryptionOptionsServerResponse: IUserDecryptionOptionsServerResponse = {
+  HasMasterPassword: true,
+};
+const userDecryptionOptions = new UserDecryptionOptionsResponse(
+  defaultUserDecryptionOptionsServerResponse
+);
+const acctDecryptionOptions = AccountDecryptionOptions.fromResponse(userDecryptionOptions);
 
 const decodedToken = {
   sub: userId,
@@ -58,13 +82,14 @@ const twoFactorToken = "TWO_FACTOR_TOKEN";
 const twoFactorRemember = true;
 
 export function identityTokenResponseFactory(
-  masterPasswordPolicyResponse: MasterPasswordPolicyResponse = null
+  masterPasswordPolicyResponse: MasterPasswordPolicyResponse = null,
+  userDecryptionOptions: IUserDecryptionOptionsServerResponse = null
 ) {
   return new IdentityTokenResponse({
     ForcePasswordReset: false,
     Kdf: kdf,
     KdfIterations: kdfIterations,
-    Key: encKey,
+    Key: userKey,
     PrivateKey: privateKey,
     ResetMasterPassword: false,
     access_token: accessToken,
@@ -73,9 +98,11 @@ export function identityTokenResponseFactory(
     scope: "api offline_access",
     token_type: "Bearer",
     MasterPasswordPolicy: masterPasswordPolicyResponse,
+    UserDecryptionOptions: userDecryptionOptions || defaultUserDecryptionOptionsServerResponse,
   });
 }
 
+// TODO: add tests for latest changes to base class for TDE
 describe("LogInStrategy", () => {
   let cryptoService: MockProxy<CryptoService>;
   let apiService: MockProxy<ApiService>;
@@ -129,8 +156,23 @@ describe("LogInStrategy", () => {
   });
 
   describe("base class", () => {
-    it("sets the local environment after a successful login", async () => {
-      apiService.postIdentityToken.mockResolvedValue(identityTokenResponseFactory());
+    const userKeyBytesLength = 64;
+    const masterKeyBytesLength = 64;
+    let userKey: UserKey;
+    let masterKey: MasterKey;
+
+    beforeEach(() => {
+      userKey = new SymmetricCryptoKey(
+        new Uint8Array(userKeyBytesLength).buffer as CsprngArray
+      ) as UserKey;
+      masterKey = new SymmetricCryptoKey(
+        new Uint8Array(masterKeyBytesLength).buffer as CsprngArray
+      ) as MasterKey;
+    });
+
+    it("sets the local environment after a successful login with master password", async () => {
+      const idTokenResponse = identityTokenResponseFactory();
+      apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
 
       await passwordLogInStrategy.logIn(credentials);
 
@@ -154,13 +196,36 @@ describe("LogInStrategy", () => {
               refreshToken: refreshToken,
             },
           },
+          keys: new AccountKeys(),
+          decryptionOptions: acctDecryptionOptions,
         })
       );
-      expect(cryptoService.setEncKey).toHaveBeenCalledWith(encKey);
-      expect(cryptoService.setEncPrivateKey).toHaveBeenCalledWith(privateKey);
       expect(messagingService.send).toHaveBeenCalledWith("loggedIn");
     });
 
+    it("persists a device key for trusted device encryption when it exists on login", async () => {
+      // Arrange
+      const idTokenResponse = identityTokenResponseFactory();
+      apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
+
+      const deviceKey = new SymmetricCryptoKey(
+        new Uint8Array(userKeyBytesLength).buffer as CsprngArray
+      ) as DeviceKey;
+
+      stateService.getDeviceKey.mockResolvedValue(deviceKey);
+
+      const accountKeys = new AccountKeys();
+      accountKeys.deviceKey = deviceKey;
+
+      // Act
+      await passwordLogInStrategy.logIn(credentials);
+
+      // Assert
+      expect(stateService.addAccount).toHaveBeenCalledWith(
+        expect.objectContaining({ keys: accountKeys })
+      );
+    });
+
     it("builds AuthResult", async () => {
       const tokenResponse = identityTokenResponseFactory();
       tokenResponse.forcePasswordReset = true;
@@ -187,6 +252,8 @@ describe("LogInStrategy", () => {
       });
 
       apiService.postIdentityToken.mockResolvedValue(tokenResponse);
+      cryptoService.getMasterKey.mockResolvedValue(masterKey);
+      cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
       const result = await passwordLogInStrategy.logIn(credentials);
 
@@ -204,13 +271,15 @@ describe("LogInStrategy", () => {
       cryptoService.makeKeyPair.mockResolvedValue(["PUBLIC_KEY", new EncString("PRIVATE_KEY")]);
 
       apiService.postIdentityToken.mockResolvedValue(tokenResponse);
+      cryptoService.getMasterKey.mockResolvedValue(masterKey);
+      cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
       await passwordLogInStrategy.logIn(credentials);
 
-      // User key must be set before the new RSA keypair is generated, otherwise we can't decrypt the EncKey
-      expect(cryptoService.setKey).toHaveBeenCalled();
+      // User symmetric key must be set before the new RSA keypair is generated
+      expect(cryptoService.setUserKey).toHaveBeenCalled();
       expect(cryptoService.makeKeyPair).toHaveBeenCalled();
-      expect(cryptoService.setKey.mock.invocationCallOrder[0]).toBeLessThan(
+      expect(cryptoService.setUserKey.mock.invocationCallOrder[0]).toBeLessThan(
         cryptoService.makeKeyPair.mock.invocationCallOrder[0]
       );
 
diff --git a/libs/common/src/auth/login-strategies/login.strategy.ts b/libs/common/src/auth/login-strategies/login.strategy.ts
index fbfa912f438..7bc83580164 100644
--- a/libs/common/src/auth/login-strategies/login.strategy.ts
+++ b/libs/common/src/auth/login-strategies/login.strategy.ts
@@ -6,7 +6,13 @@ import { LogService } from "../../platform/abstractions/log.service";
 import { MessagingService } from "../../platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
 import { StateService } from "../../platform/abstractions/state.service";
-import { Account, AccountProfile, AccountTokens } from "../../platform/models/domain/account";
+import {
+  Account,
+  AccountDecryptionOptions,
+  AccountKeys,
+  AccountProfile,
+  AccountTokens,
+} from "../../platform/models/domain/account";
 import { TokenService } from "../abstractions/token.service";
 import { TwoFactorService } from "../abstractions/two-factor.service";
 import { TwoFactorProviderType } from "../enums/two-factor-provider-type";
@@ -53,9 +59,6 @@ export abstract class LogInStrategy {
       | PasswordlessLogInCredentials
   ): Promise<AuthResult>;
 
-  // The user key comes from different sources depending on the login strategy
-  protected abstract setUserKey(response: IdentityTokenResponse): Promise<void>;
-
   async logInTwoFactor(
     twoFactor: TokenTwoFactorRequest,
     captchaResponse: string = null
@@ -101,12 +104,28 @@ export abstract class LogInStrategy {
 
   protected async saveAccountInformation(tokenResponse: IdentityTokenResponse) {
     const accountInformation = await this.tokenService.decodeToken(tokenResponse.accessToken);
+
+    // Must persist existing device key if it exists for trusted device decryption to work
+    // However, we must provide a user id so that the device key can be retrieved
+    // as the state service won't have an active account at this point in time
+    // even though the data exists in local storage.
+    const userId = accountInformation.sub;
+
+    const deviceKey = await this.stateService.getDeviceKey({ userId });
+    const accountKeys = new AccountKeys();
+    if (deviceKey) {
+      accountKeys.deviceKey = deviceKey;
+    }
+
+    // If you don't persist existing admin auth requests on login, they will get deleted.
+    const adminAuthRequest = await this.stateService.getAdminAuthRequest({ userId });
+
     await this.stateService.addAccount(
       new Account({
         profile: {
           ...new AccountProfile(),
           ...{
-            userId: accountInformation.sub,
+            userId,
             name: accountInformation.name,
             email: accountInformation.email,
             hasPremiumPersonally: accountInformation.premium,
@@ -123,6 +142,11 @@ export abstract class LogInStrategy {
             refreshToken: tokenResponse.refreshToken,
           },
         },
+        keys: accountKeys,
+        decryptionOptions: AccountDecryptionOptions.fromResponse(
+          tokenResponse.userDecryptionOptions
+        ),
+        adminAuthRequest: adminAuthRequest?.toJSON(),
       })
     );
   }
@@ -135,28 +159,41 @@ export abstract class LogInStrategy {
       result.forcePasswordReset = ForceResetPasswordReason.AdminForcePasswordReset;
     }
 
+    // Must come before setting keys, user key needs email to update additional keys
     await this.saveAccountInformation(response);
 
     if (response.twoFactorToken != null) {
       await this.tokenService.setTwoFactorToken(response);
     }
 
+    await this.setMasterKey(response);
+
     await this.setUserKey(response);
 
-    // Must come after the user Key is set, otherwise createKeyPairForOldAccount will fail
-    const newSsoUser = response.key == null;
-    if (!newSsoUser) {
-      await this.cryptoService.setEncKey(response.key);
-      await this.cryptoService.setEncPrivateKey(
-        response.privateKey ?? (await this.createKeyPairForOldAccount())
-      );
-    }
+    await this.setPrivateKey(response);
 
     this.messagingService.send("loggedIn");
 
     return result;
   }
 
+  // The keys comes from different sources depending on the login strategy
+  protected abstract setMasterKey(response: IdentityTokenResponse): Promise<void>;
+
+  protected abstract setUserKey(response: IdentityTokenResponse): Promise<void>;
+
+  protected abstract setPrivateKey(response: IdentityTokenResponse): Promise<void>;
+
+  protected async createKeyPairForOldAccount() {
+    try {
+      const [publicKey, privateKey] = await this.cryptoService.makeKeyPair();
+      await this.apiService.postAccountKeys(new KeysRequest(publicKey, privateKey.encryptedString));
+      return privateKey.encryptedString;
+    } catch (e) {
+      this.logService.error(e);
+    }
+  }
+
   private async processTwoFactorResponse(response: IdentityTwoFactorResponse): Promise<AuthResult> {
     const result = new AuthResult();
     result.twoFactorProviders = response.twoFactorProviders2;
@@ -173,14 +210,4 @@ export abstract class LogInStrategy {
     result.captchaSiteKey = response.siteKey;
     return result;
   }
-
-  private async createKeyPairForOldAccount() {
-    try {
-      const [publicKey, privateKey] = await this.cryptoService.makeKeyPair();
-      await this.apiService.postAccountKeys(new KeysRequest(publicKey, privateKey.encryptedString));
-      return privateKey.encryptedString;
-    } catch (e) {
-      this.logService.error(e);
-    }
-  }
 }
diff --git a/libs/common/src/auth/login-strategies/password-login.strategy.spec.ts b/libs/common/src/auth/login-strategies/password-login.strategy.spec.ts
index 9e3ff7da686..64cbc23d6ae 100644
--- a/libs/common/src/auth/login-strategies/password-login.strategy.spec.ts
+++ b/libs/common/src/auth/login-strategies/password-login.strategy.spec.ts
@@ -10,17 +10,23 @@ import { MessagingService } from "../../platform/abstractions/messaging.service"
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
 import { StateService } from "../../platform/abstractions/state.service";
 import { Utils } from "../../platform/misc/utils";
-import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import {
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
 import {
   PasswordStrengthService,
   PasswordStrengthServiceAbstraction,
 } from "../../tools/password-strength";
+import { CsprngArray } from "../../types/csprng";
 import { AuthService } from "../abstractions/auth.service";
 import { TokenService } from "../abstractions/token.service";
 import { TwoFactorService } from "../abstractions/two-factor.service";
 import { TwoFactorProviderType } from "../enums/two-factor-provider-type";
 import { ForceResetPasswordReason } from "../models/domain/force-reset-password-reason";
 import { PasswordLogInCredentials } from "../models/domain/log-in-credentials";
+import { IdentityTokenResponse } from "../models/response/identity-token.response";
 import { IdentityTwoFactorResponse } from "../models/response/identity-two-factor.response";
 import { MasterPasswordPolicyResponse } from "../models/response/master-password-policy.response";
 
@@ -31,11 +37,11 @@ const email = "hello@world.com";
 const masterPassword = "password";
 const hashedPassword = "HASHED_PASSWORD";
 const localHashedPassword = "LOCAL_HASHED_PASSWORD";
-const preloginKey = new SymmetricCryptoKey(
+const masterKey = new SymmetricCryptoKey(
   Utils.fromB64ToArray(
     "N2KWjlLpfi5uHjv+YcfUKIpZ1l+W+6HRensmIqD+BFYBf6N/dvFpJfWwYnVBdgFCK2tJTAIMLhqzIQQEUmGFgg=="
   )
-);
+) as MasterKey;
 const deviceId = Utils.newGuid();
 const masterPasswordPolicy = new MasterPasswordPolicyResponse({
   EnforceOnLogin: true,
@@ -58,6 +64,7 @@ describe("PasswordLogInStrategy", () => {
 
   let passwordLogInStrategy: PasswordLogInStrategy;
   let credentials: PasswordLogInCredentials;
+  let tokenResponse: IdentityTokenResponse;
 
   beforeEach(async () => {
     cryptoService = mock<CryptoService>();
@@ -76,12 +83,12 @@ describe("PasswordLogInStrategy", () => {
     appIdService.getAppId.mockResolvedValue(deviceId);
     tokenService.decodeToken.mockResolvedValue({});
 
-    authService.makePreloginKey.mockResolvedValue(preloginKey);
+    authService.makePreloginKey.mockResolvedValue(masterKey);
 
-    cryptoService.hashPassword
+    cryptoService.hashMasterKey
       .calledWith(masterPassword, expect.anything(), undefined)
       .mockResolvedValue(hashedPassword);
-    cryptoService.hashPassword
+    cryptoService.hashMasterKey
       .calledWith(masterPassword, expect.anything(), HashPurpose.LocalAuthorization)
       .mockResolvedValue(localHashedPassword);
 
@@ -102,10 +109,9 @@ describe("PasswordLogInStrategy", () => {
       authService
     );
     credentials = new PasswordLogInCredentials(email, masterPassword);
+    tokenResponse = identityTokenResponseFactory(masterPasswordPolicy);
 
-    apiService.postIdentityToken.mockResolvedValue(
-      identityTokenResponseFactory(masterPasswordPolicy)
-    );
+    apiService.postIdentityToken.mockResolvedValue(tokenResponse);
   });
 
   it("sends master password credentials to the server", async () => {
@@ -127,15 +133,23 @@ describe("PasswordLogInStrategy", () => {
     );
   });
 
-  it("sets the local environment after a successful login", async () => {
+  it("sets keys after a successful authentication", async () => {
+    const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
+
+    cryptoService.getMasterKey.mockResolvedValue(masterKey);
+    cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
+
     await passwordLogInStrategy.logIn(credentials);
 
-    expect(cryptoService.setKey).toHaveBeenCalledWith(preloginKey);
-    expect(cryptoService.setKeyHash).toHaveBeenCalledWith(localHashedPassword);
+    expect(cryptoService.setMasterKey).toHaveBeenCalledWith(masterKey);
+    expect(cryptoService.setMasterKeyHash).toHaveBeenCalledWith(localHashedPassword);
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key);
+    expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey);
+    expect(cryptoService.setPrivateKey).toHaveBeenCalledWith(tokenResponse.privateKey);
   });
 
   it("does not force the user to update their master password when there are no requirements", async () => {
-    apiService.postIdentityToken.mockResolvedValueOnce(identityTokenResponseFactory(null));
+    apiService.postIdentityToken.mockResolvedValueOnce(identityTokenResponseFactory());
 
     const result = await passwordLogInStrategy.logIn(credentials);
 
diff --git a/libs/common/src/auth/login-strategies/password-login.strategy.ts b/libs/common/src/auth/login-strategies/password-login.strategy.ts
index 41f7c30ec7e..7f7ec585699 100644
--- a/libs/common/src/auth/login-strategies/password-login.strategy.ts
+++ b/libs/common/src/auth/login-strategies/password-login.strategy.ts
@@ -8,7 +8,7 @@ import { LogService } from "../../platform/abstractions/log.service";
 import { MessagingService } from "../../platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
 import { StateService } from "../../platform/abstractions/state.service";
-import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { MasterKey } from "../../platform/models/domain/symmetric-crypto-key";
 import { PasswordStrengthServiceAbstraction } from "../../tools/password-strength";
 import { AuthService } from "../abstractions/auth.service";
 import { TokenService } from "../abstractions/token.service";
@@ -35,8 +35,8 @@ export class PasswordLogInStrategy extends LogInStrategy {
 
   tokenRequest: PasswordTokenRequest;
 
-  private localHashedPassword: string;
-  private key: SymmetricCryptoKey;
+  private localMasterKeyHash: string;
+  private masterKey: MasterKey;
 
   /**
    * Options to track if the user needs to update their password due to a password that does not meet an organization's
@@ -71,12 +71,7 @@ export class PasswordLogInStrategy extends LogInStrategy {
     );
   }
 
-  async setUserKey() {
-    await this.cryptoService.setKey(this.key);
-    await this.cryptoService.setKeyHash(this.localHashedPassword);
-  }
-
-  async logInTwoFactor(
+  override async logInTwoFactor(
     twoFactor: TokenTwoFactorRequest,
     captchaResponse: string
   ): Promise<AuthResult> {
@@ -96,28 +91,29 @@ export class PasswordLogInStrategy extends LogInStrategy {
     return result;
   }
 
-  async logIn(credentials: PasswordLogInCredentials) {
+  override async logIn(credentials: PasswordLogInCredentials) {
     const { email, masterPassword, captchaToken, twoFactor } = credentials;
 
-    this.key = await this.authService.makePreloginKey(masterPassword, email);
+    this.masterKey = await this.authService.makePreloginKey(masterPassword, email);
 
     // Hash the password early (before authentication) so we don't persist it in memory in plaintext
-    this.localHashedPassword = await this.cryptoService.hashPassword(
+    this.localMasterKeyHash = await this.cryptoService.hashMasterKey(
       masterPassword,
-      this.key,
+      this.masterKey,
       HashPurpose.LocalAuthorization
     );
-    const hashedPassword = await this.cryptoService.hashPassword(masterPassword, this.key);
+    const masterKeyHash = await this.cryptoService.hashMasterKey(masterPassword, this.masterKey);
 
     this.tokenRequest = new PasswordTokenRequest(
       email,
-      hashedPassword,
+      masterKeyHash,
       captchaToken,
       await this.buildTwoFactor(twoFactor),
       await this.buildDeviceRequest()
     );
 
     const [authResult, identityResponse] = await this.startLogIn();
+
     const masterPasswordPolicyOptions =
       this.getMasterPasswordPolicyOptionsFromResponse(identityResponse);
 
@@ -145,6 +141,27 @@ export class PasswordLogInStrategy extends LogInStrategy {
     return authResult;
   }
 
+  protected override async setMasterKey(response: IdentityTokenResponse) {
+    await this.cryptoService.setMasterKey(this.masterKey);
+    await this.cryptoService.setMasterKeyHash(this.localMasterKeyHash);
+  }
+
+  protected override async setUserKey(response: IdentityTokenResponse): Promise<void> {
+    await this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
+
+    const masterKey = await this.cryptoService.getMasterKey();
+    if (masterKey) {
+      const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
+      await this.cryptoService.setUserKey(userKey);
+    }
+  }
+
+  protected override async setPrivateKey(response: IdentityTokenResponse): Promise<void> {
+    await this.cryptoService.setPrivateKey(
+      response.privateKey ?? (await this.createKeyPairForOldAccount())
+    );
+  }
+
   private getMasterPasswordPolicyOptionsFromResponse(
     response: IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse
   ): MasterPasswordPolicyOptions {
diff --git a/libs/common/src/auth/login-strategies/passwordless-login.strategy.spec.ts b/libs/common/src/auth/login-strategies/passwordless-login.strategy.spec.ts
new file mode 100644
index 00000000000..8bbd36436ca
--- /dev/null
+++ b/libs/common/src/auth/login-strategies/passwordless-login.strategy.spec.ts
@@ -0,0 +1,138 @@
+import { mock, MockProxy } from "jest-mock-extended";
+
+import { ApiService } from "../../abstractions/api.service";
+import { AppIdService } from "../../platform/abstractions/app-id.service";
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { LogService } from "../../platform/abstractions/log.service";
+import { MessagingService } from "../../platform/abstractions/messaging.service";
+import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
+import { StateService } from "../../platform/abstractions/state.service";
+import { Utils } from "../../platform/misc/utils";
+import {
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
+import { CsprngArray } from "../../types/csprng";
+import { DeviceTrustCryptoServiceAbstraction } from "../abstractions/device-trust-crypto.service.abstraction";
+import { TokenService } from "../abstractions/token.service";
+import { TwoFactorService } from "../abstractions/two-factor.service";
+import { PasswordlessLogInCredentials } from "../models/domain/log-in-credentials";
+import { IdentityTokenResponse } from "../models/response/identity-token.response";
+
+import { identityTokenResponseFactory } from "./login.strategy.spec";
+import { PasswordlessLogInStrategy } from "./passwordless-login.strategy";
+
+describe("PasswordlessLogInStrategy", () => {
+  let cryptoService: MockProxy<CryptoService>;
+  let apiService: MockProxy<ApiService>;
+  let tokenService: MockProxy<TokenService>;
+  let appIdService: MockProxy<AppIdService>;
+  let platformUtilsService: MockProxy<PlatformUtilsService>;
+  let messagingService: MockProxy<MessagingService>;
+  let logService: MockProxy<LogService>;
+  let stateService: MockProxy<StateService>;
+  let twoFactorService: MockProxy<TwoFactorService>;
+  let deviceTrustCryptoService: MockProxy<DeviceTrustCryptoServiceAbstraction>;
+
+  let passwordlessLoginStrategy: PasswordlessLogInStrategy;
+  let credentials: PasswordlessLogInCredentials;
+  let tokenResponse: IdentityTokenResponse;
+
+  const deviceId = Utils.newGuid();
+
+  const email = "EMAIL";
+  const accessCode = "ACCESS_CODE";
+  const authRequestId = "AUTH_REQUEST_ID";
+  const decMasterKey = new SymmetricCryptoKey(
+    new Uint8Array(64).buffer as CsprngArray
+  ) as MasterKey;
+  const decUserKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
+  const decMasterKeyHash = "LOCAL_PASSWORD_HASH";
+
+  beforeEach(async () => {
+    cryptoService = mock<CryptoService>();
+    apiService = mock<ApiService>();
+    tokenService = mock<TokenService>();
+    appIdService = mock<AppIdService>();
+    platformUtilsService = mock<PlatformUtilsService>();
+    messagingService = mock<MessagingService>();
+    logService = mock<LogService>();
+    stateService = mock<StateService>();
+    twoFactorService = mock<TwoFactorService>();
+    deviceTrustCryptoService = mock<DeviceTrustCryptoServiceAbstraction>();
+
+    tokenService.getTwoFactorToken.mockResolvedValue(null);
+    appIdService.getAppId.mockResolvedValue(deviceId);
+    tokenService.decodeToken.mockResolvedValue({});
+
+    passwordlessLoginStrategy = new PasswordlessLogInStrategy(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+      deviceTrustCryptoService
+    );
+
+    tokenResponse = identityTokenResponseFactory();
+    apiService.postIdentityToken.mockResolvedValue(tokenResponse);
+  });
+
+  it("sets keys after a successful authentication when masterKey and masterKeyHash provided in login credentials", async () => {
+    credentials = new PasswordlessLogInCredentials(
+      email,
+      accessCode,
+      authRequestId,
+      null,
+      decMasterKey,
+      decMasterKeyHash
+    );
+
+    const masterKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as MasterKey;
+    const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
+
+    cryptoService.getMasterKey.mockResolvedValue(masterKey);
+    cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
+
+    await passwordlessLoginStrategy.logIn(credentials);
+
+    expect(cryptoService.setMasterKey).toHaveBeenCalledWith(masterKey);
+    expect(cryptoService.setMasterKeyHash).toHaveBeenCalledWith(decMasterKeyHash);
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key);
+    expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey);
+    expect(deviceTrustCryptoService.trustDeviceIfRequired).toHaveBeenCalled();
+    expect(cryptoService.setPrivateKey).toHaveBeenCalledWith(tokenResponse.privateKey);
+  });
+
+  it("sets keys after a successful authentication when only userKey provided in login credentials", async () => {
+    // Initialize credentials with only userKey
+    credentials = new PasswordlessLogInCredentials(
+      email,
+      accessCode,
+      authRequestId,
+      decUserKey, // Pass userKey
+      null, // No masterKey
+      null // No masterKeyHash
+    );
+
+    // Call logIn
+    await passwordlessLoginStrategy.logIn(credentials);
+
+    // setMasterKey and setMasterKeyHash should not be called
+    expect(cryptoService.setMasterKey).not.toHaveBeenCalled();
+    expect(cryptoService.setMasterKeyHash).not.toHaveBeenCalled();
+
+    // setMasterKeyEncryptedUserKey, setUserKey, and setPrivateKey should still be called
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key);
+    expect(cryptoService.setUserKey).toHaveBeenCalledWith(decUserKey);
+    expect(cryptoService.setPrivateKey).toHaveBeenCalledWith(tokenResponse.privateKey);
+
+    // trustDeviceIfRequired should be called
+    expect(deviceTrustCryptoService.trustDeviceIfRequired).not.toHaveBeenCalled();
+  });
+});
diff --git a/libs/common/src/auth/login-strategies/passwordless-login.strategy.ts b/libs/common/src/auth/login-strategies/passwordless-login.strategy.ts
index 382c55f06eb..bcaacb69f18 100644
--- a/libs/common/src/auth/login-strategies/passwordless-login.strategy.ts
+++ b/libs/common/src/auth/login-strategies/passwordless-login.strategy.ts
@@ -5,13 +5,14 @@ import { LogService } from "../../platform/abstractions/log.service";
 import { MessagingService } from "../../platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
 import { StateService } from "../../platform/abstractions/state.service";
-import { AuthService } from "../abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "../abstractions/device-trust-crypto.service.abstraction";
 import { TokenService } from "../abstractions/token.service";
 import { TwoFactorService } from "../abstractions/two-factor.service";
 import { AuthResult } from "../models/domain/auth-result";
 import { PasswordlessLogInCredentials } from "../models/domain/log-in-credentials";
 import { PasswordTokenRequest } from "../models/request/identity-token/password-token.request";
 import { TokenTwoFactorRequest } from "../models/request/identity-token/token-two-factor.request";
+import { IdentityTokenResponse } from "../models/response/identity-token.response";
 
 import { LogInStrategy } from "./login.strategy";
 
@@ -41,7 +42,7 @@ export class PasswordlessLogInStrategy extends LogInStrategy {
     logService: LogService,
     stateService: StateService,
     twoFactorService: TwoFactorService,
-    private authService: AuthService
+    private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction
   ) {
     super(
       cryptoService,
@@ -56,20 +57,7 @@ export class PasswordlessLogInStrategy extends LogInStrategy {
     );
   }
 
-  async setUserKey() {
-    await this.cryptoService.setKey(this.passwordlessCredentials.decKey);
-    await this.cryptoService.setKeyHash(this.passwordlessCredentials.localPasswordHash);
-  }
-
-  async logInTwoFactor(
-    twoFactor: TokenTwoFactorRequest,
-    captchaResponse: string
-  ): Promise<AuthResult> {
-    this.tokenRequest.captchaResponse = captchaResponse ?? this.captchaBypassToken;
-    return super.logInTwoFactor(twoFactor);
-  }
-
-  async logIn(credentials: PasswordlessLogInCredentials) {
+  override async logIn(credentials: PasswordlessLogInCredentials) {
     this.passwordlessCredentials = credentials;
 
     this.tokenRequest = new PasswordTokenRequest(
@@ -84,4 +72,52 @@ export class PasswordlessLogInStrategy extends LogInStrategy {
     const [authResult] = await this.startLogIn();
     return authResult;
   }
+
+  override async logInTwoFactor(
+    twoFactor: TokenTwoFactorRequest,
+    captchaResponse: string
+  ): Promise<AuthResult> {
+    this.tokenRequest.captchaResponse = captchaResponse ?? this.captchaBypassToken;
+    return super.logInTwoFactor(twoFactor);
+  }
+
+  protected override async setMasterKey(response: IdentityTokenResponse) {
+    if (
+      this.passwordlessCredentials.decryptedMasterKey &&
+      this.passwordlessCredentials.decryptedMasterKeyHash
+    ) {
+      await this.cryptoService.setMasterKey(this.passwordlessCredentials.decryptedMasterKey);
+      await this.cryptoService.setMasterKeyHash(
+        this.passwordlessCredentials.decryptedMasterKeyHash
+      );
+    }
+  }
+
+  protected override async setUserKey(response: IdentityTokenResponse): Promise<void> {
+    // User now may or may not have a master password
+    // but set the master key encrypted user key if it exists regardless
+    await this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
+
+    if (this.passwordlessCredentials.decryptedUserKey) {
+      await this.cryptoService.setUserKey(this.passwordlessCredentials.decryptedUserKey);
+    } else {
+      await this.trySetUserKeyWithMasterKey();
+      // Establish trust if required after setting user key
+      await this.deviceTrustCryptoService.trustDeviceIfRequired();
+    }
+  }
+
+  private async trySetUserKeyWithMasterKey(): Promise<void> {
+    const masterKey = await this.cryptoService.getMasterKey();
+    if (masterKey) {
+      const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
+      await this.cryptoService.setUserKey(userKey);
+    }
+  }
+
+  protected override async setPrivateKey(response: IdentityTokenResponse): Promise<void> {
+    await this.cryptoService.setPrivateKey(
+      response.privateKey ?? (await this.createKeyPairForOldAccount())
+    );
+  }
 }
diff --git a/libs/common/src/auth/login-strategies/sso-login.strategy.spec.ts b/libs/common/src/auth/login-strategies/sso-login.strategy.spec.ts
index e0225fcacc5..78d0a491c31 100644
--- a/libs/common/src/auth/login-strategies/sso-login.strategy.spec.ts
+++ b/libs/common/src/auth/login-strategies/sso-login.strategy.spec.ts
@@ -3,19 +3,34 @@ import { mock, MockProxy } from "jest-mock-extended";
 import { ApiService } from "../../abstractions/api.service";
 import { AppIdService } from "../../platform/abstractions/app-id.service";
 import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { I18nService } from "../../platform/abstractions/i18n.service";
 import { LogService } from "../../platform/abstractions/log.service";
 import { MessagingService } from "../../platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
 import { StateService } from "../../platform/abstractions/state.service";
 import { Utils } from "../../platform/misc/utils";
+import {
+  DeviceKey,
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
+import { CsprngArray } from "../../types/csprng";
+import { AuthRequestCryptoServiceAbstraction } from "../abstractions/auth-request-crypto.service.abstraction";
+import { DeviceTrustCryptoServiceAbstraction } from "../abstractions/device-trust-crypto.service.abstraction";
 import { KeyConnectorService } from "../abstractions/key-connector.service";
 import { TokenService } from "../abstractions/token.service";
 import { TwoFactorService } from "../abstractions/two-factor.service";
 import { SsoLogInCredentials } from "../models/domain/log-in-credentials";
+import { IdentityTokenResponse } from "../models/response/identity-token.response";
+import { IUserDecryptionOptionsServerResponse } from "../models/response/user-decryption-options/user-decryption-options.response";
 
 import { identityTokenResponseFactory } from "./login.strategy.spec";
 import { SsoLogInStrategy } from "./sso-login.strategy";
 
+// TODO: Add tests for new trySetUserKeyWithApprovedAdminRequestIfExists logic
+// https://bitwarden.atlassian.net/browse/PM-3339
+
 describe("SsoLogInStrategy", () => {
   let cryptoService: MockProxy<CryptoService>;
   let apiService: MockProxy<ApiService>;
@@ -27,6 +42,9 @@ describe("SsoLogInStrategy", () => {
   let stateService: MockProxy<StateService>;
   let twoFactorService: MockProxy<TwoFactorService>;
   let keyConnectorService: MockProxy<KeyConnectorService>;
+  let deviceTrustCryptoService: MockProxy<DeviceTrustCryptoServiceAbstraction>;
+  let authRequestCryptoService: MockProxy<AuthRequestCryptoServiceAbstraction>;
+  let i18nService: MockProxy<I18nService>;
 
   let ssoLogInStrategy: SsoLogInStrategy;
   let credentials: SsoLogInCredentials;
@@ -50,6 +68,9 @@ describe("SsoLogInStrategy", () => {
     stateService = mock<StateService>();
     twoFactorService = mock<TwoFactorService>();
     keyConnectorService = mock<KeyConnectorService>();
+    deviceTrustCryptoService = mock<DeviceTrustCryptoServiceAbstraction>();
+    authRequestCryptoService = mock<AuthRequestCryptoServiceAbstraction>();
+    i18nService = mock<I18nService>();
 
     tokenService.getTwoFactorToken.mockResolvedValue(null);
     appIdService.getAppId.mockResolvedValue(deviceId);
@@ -65,7 +86,10 @@ describe("SsoLogInStrategy", () => {
       logService,
       stateService,
       twoFactorService,
-      keyConnectorService
+      keyConnectorService,
+      deviceTrustCryptoService,
+      authRequestCryptoService,
+      i18nService
     );
     credentials = new SsoLogInCredentials(ssoCode, ssoCodeVerifier, ssoRedirectUrl, ssoOrgId);
   });
@@ -98,33 +122,194 @@ describe("SsoLogInStrategy", () => {
 
     await ssoLogInStrategy.logIn(credentials);
 
-    expect(cryptoService.setEncPrivateKey).not.toHaveBeenCalled();
-    expect(cryptoService.setEncKey).not.toHaveBeenCalled();
+    expect(cryptoService.setMasterKey).not.toHaveBeenCalled();
+    expect(cryptoService.setUserKey).not.toHaveBeenCalled();
+    expect(cryptoService.setPrivateKey).not.toHaveBeenCalled();
   });
 
-  it("gets and sets KeyConnector key for enrolled user", async () => {
+  it("sets master key encrypted user key for existing SSO users", async () => {
+    // Arrange
     const tokenResponse = identityTokenResponseFactory();
-    tokenResponse.keyConnectorUrl = keyConnectorUrl;
-
     apiService.postIdentityToken.mockResolvedValue(tokenResponse);
 
+    // Act
     await ssoLogInStrategy.logIn(credentials);
 
-    expect(keyConnectorService.getAndSetKey).toHaveBeenCalledWith(keyConnectorUrl);
+    // Assert
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledTimes(1);
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key);
   });
 
-  it("converts new SSO user to Key Connector on first login", async () => {
-    const tokenResponse = identityTokenResponseFactory();
-    tokenResponse.keyConnectorUrl = keyConnectorUrl;
-    tokenResponse.key = null;
+  describe("Trusted Device Decryption", () => {
+    const deviceKeyBytesLength = 64;
+    const mockDeviceKeyRandomBytes = new Uint8Array(deviceKeyBytesLength).buffer as CsprngArray;
+    const mockDeviceKey: DeviceKey = new SymmetricCryptoKey(mockDeviceKeyRandomBytes) as DeviceKey;
 
-    apiService.postIdentityToken.mockResolvedValue(tokenResponse);
+    const userKeyBytesLength = 64;
+    const mockUserKeyRandomBytes = new Uint8Array(userKeyBytesLength).buffer as CsprngArray;
+    const mockUserKey: UserKey = new SymmetricCryptoKey(mockUserKeyRandomBytes) as UserKey;
 
-    await ssoLogInStrategy.logIn(credentials);
+    const mockEncDevicePrivateKey =
+      "2.eh465OrUcluL9UpnCOUTAg==|2HXNXwrLwAjUfZ/U75c92rZEltt1eHxjMkp/ADAmx346oT1+GaQvaL1QIV/9Om0T72m8AnlO92iUfWdhbA/ifHZ+lhFoUVeyw1M88CMzktbVcq42rFoK7SGHSAGdTL3ccUWKI8yCCQJhpt2X6a/5+T7ey5k2CqvylKyOtkiCnVeLmYqETn5BM9Rl3tEgJW1yDLuSJ+L+Qh9xnk/Z3zJUV5HAs+YwjKwuSNrd00SXjDyx8rBEstD9MKI+lrk7to/q90vqKqCucAj/dzUpVtHe88al2AAlBVwQ13HUPdNFOyti6niUgCAWx+DzRqlhkFvl/z/rtxtQsyqq/3Eh/EL54ylxKzAya0ev9EaIOm/dD1aBmI58p4Bs0eMOCIKJjtw+Cmdql+RhCtKtumgFShqyXv+LfD/FgUsdTVNExk3YNhgwPR4jOaMa/j9LCrBMCLKxdAhQyBe7T3qoX1fBBirvY6t77ifMu1YEQ6DfmFphVSwDH5C9xGeTSh5IELSf0tGVtlWUe9RffDDzccD0L1lR8U+dqzoSTYCuXvhEhQptdIW6fpH/47u0M5MiI97/d35A7Et2I1gjHp7WF3qsY20ellBueu7ZL5P1BmqPXl58yaBBXJaCutYHDfIucspqdZmfBGEbdRT4wmuZRON0J8zLmUejM0VR/2MOmpfyYQXnJhTfrvnZ1bOg1aMhUxJ2vhDNPXUFm5b+vwsho4GEvcLAKq9WwbvOJ/sK7sEVfTfEO2IG+0X6wkWm7RpR6Wq9FGKSrv2PSjMAYnb+z3ETeWiaaiD+tVFxa2AaqsbOuX092/86GySpHES7cFWhQ/YMOgj6egUi8mEC0CqMXYsx0TTJDsn16oP+XB3a2WoRqzE0YBozp2aMXxhVf/jMZ03BmEmRQu5B+Sq1gMEZwtIfJ+srkZLMYlLjvVw92FRoFy+N6ytPiyf6RMHMUnJ3vEZSBogaElYoQAtFJ5kK811CUzb78zEHH8xWtPrCZn9zZfvf/zaWxo7fpV8VwAwUeHXHcQMraZum5QeO+5tLRUYrLm85JNelGfmUA3BjfNyFbfb32PhkWWd0CbDaPME48uIriVK32pNEtvtR/+I/f3YgA/jP9kSlDvbzG/OAg/AFBIpNwKUzsu4+va8mI+O5FDufw5D74WwdGJ9DeyEb2CHtWMR1VwtFKL0ZZsqltNf8EkBeJ5RtTNtAMM8ie4dDZaKC96ymQHKrdB4hjkAr0F1XFsU4XdOa9Nbkdcm/7KoNc6bE6oJtG9lqE8h+1CysfcbfJ7am+hvDFzT0IPmp3GDSMAk+e6xySgFQw0C/SZ7LQsxPa1s6hc+BOtTn0oClZnU7Mowxv+z+xURJj4Yp3Cy6tAoia1jEQSs6lSMNKPf9bi3xFKtPl4143hwhpvTAzJUcski9OVGd7Du+VyxwIrvLqp5Ct/oNrESVJpf1EDCs9xT1EW+PiSkRmHXoZ1t5MOLFEiMAZL2+bNe3A2661oJeMtps8zrfCVc251OUE1WvqWePlTOs5TDVqdwDH88J6rHLsbaf33Mxh5DP8gMfZQxE44Nsp6H0/Szfkss5UmFwBEpHjl1GJMWDnB3u2d+l1CSkLoB6C+diAUlY6wL/VwJBeMPHZTf6amQIS2B/lo/CnvV/E3k=|uuoY4b7xwMYBNIZi85KBsaHmNqtJl5FrKxZI9ugeNwc=";
 
-    expect(keyConnectorService.convertNewSsoUserToKeyConnector).toHaveBeenCalledWith(
-      tokenResponse,
-      ssoOrgId
-    );
+    const mockEncUserKey =
+      "4.Xht6K9GA9jKcSNy4TaIvdj7f9+WsgQycs/HdkrJi33aC//roKkjf3UTGpdzFLxVP3WhyOVGyo9f2Jymf1MFPdpg7AuMnpGJlcrWLDbnPjOJo4x5gUwwBUmy3nFw6+wamyS1LRmrBPcv56yKpf80k5Q3hUrum8q9YS9m2I10vklX/TaB1YML0yo+K1feWUxg8vIx+vloxhUdkkysvcV5xU3R+AgYLrwvJS8TLL7Ug/P5HxinCaIroRrNe8xcv84vyVnzPFdXe0cfZ0cpcrm586LwfEXP2seeldO/bC51Uk/mudeSALJURPC64f5ch2cOvk48GOTapGnssCqr6ky5yFw==";
+
+    const userDecryptionOptsServerResponseWithTdeOption: IUserDecryptionOptionsServerResponse = {
+      HasMasterPassword: true,
+      TrustedDeviceOption: {
+        HasAdminApproval: true,
+        HasLoginApprovingDevice: true,
+        HasManageResetPasswordPermission: false,
+        EncryptedPrivateKey: mockEncDevicePrivateKey,
+        EncryptedUserKey: mockEncUserKey,
+      },
+    };
+
+    const mockIdTokenResponseWithModifiedTrustedDeviceOption = (key: string, value: any) => {
+      const userDecryptionOpts: IUserDecryptionOptionsServerResponse = {
+        ...userDecryptionOptsServerResponseWithTdeOption,
+        TrustedDeviceOption: {
+          ...userDecryptionOptsServerResponseWithTdeOption.TrustedDeviceOption,
+          [key]: value,
+        },
+      };
+      return identityTokenResponseFactory(null, userDecryptionOpts);
+    };
+
+    beforeEach(() => {
+      jest.clearAllMocks();
+    });
+
+    it("decrypts and sets user key when trusted device decryption option exists with valid device key and enc key data", async () => {
+      // Arrange
+      const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
+        null,
+        userDecryptionOptsServerResponseWithTdeOption
+      );
+
+      apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
+      deviceTrustCryptoService.getDeviceKey.mockResolvedValue(mockDeviceKey);
+      deviceTrustCryptoService.decryptUserKeyWithDeviceKey.mockResolvedValue(mockUserKey);
+
+      const cryptoSvcSetUserKeySpy = jest.spyOn(cryptoService, "setUserKey");
+
+      // Act
+      await ssoLogInStrategy.logIn(credentials);
+
+      // Assert
+      expect(deviceTrustCryptoService.getDeviceKey).toHaveBeenCalledTimes(1);
+      expect(deviceTrustCryptoService.decryptUserKeyWithDeviceKey).toHaveBeenCalledTimes(1);
+      expect(cryptoSvcSetUserKeySpy).toHaveBeenCalledTimes(1);
+      expect(cryptoSvcSetUserKeySpy).toHaveBeenCalledWith(mockUserKey);
+    });
+
+    it("does not set the user key when deviceKey is missing", async () => {
+      // Arrange
+      const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
+        null,
+        userDecryptionOptsServerResponseWithTdeOption
+      );
+      apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
+      // Set deviceKey to be null
+      deviceTrustCryptoService.getDeviceKey.mockResolvedValue(null);
+      deviceTrustCryptoService.decryptUserKeyWithDeviceKey.mockResolvedValue(mockUserKey);
+
+      // Act
+      await ssoLogInStrategy.logIn(credentials);
+
+      // Assert
+      expect(cryptoService.setUserKey).not.toHaveBeenCalled();
+    });
+
+    describe.each([
+      {
+        valueName: "encDevicePrivateKey",
+      },
+      {
+        valueName: "encUserKey",
+      },
+    ])("given trusted device decryption option has missing encrypted key data", ({ valueName }) => {
+      it(`does not set the user key when ${valueName} is missing`, async () => {
+        // Arrange
+        const idTokenResponse = mockIdTokenResponseWithModifiedTrustedDeviceOption(valueName, null);
+        apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
+        deviceTrustCryptoService.getDeviceKey.mockResolvedValue(mockDeviceKey);
+
+        // Act
+        await ssoLogInStrategy.logIn(credentials);
+
+        // Assert
+        expect(cryptoService.setUserKey).not.toHaveBeenCalled();
+      });
+    });
+
+    it("does not set user key when decrypted user key is null", async () => {
+      // Arrange
+      const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
+        null,
+        userDecryptionOptsServerResponseWithTdeOption
+      );
+      apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
+      deviceTrustCryptoService.getDeviceKey.mockResolvedValue(mockDeviceKey);
+      // Set userKey to be null
+      deviceTrustCryptoService.decryptUserKeyWithDeviceKey.mockResolvedValue(null);
+
+      // Act
+      await ssoLogInStrategy.logIn(credentials);
+
+      // Assert
+      expect(cryptoService.setUserKey).not.toHaveBeenCalled();
+    });
+  });
+
+  describe("Key Connector", () => {
+    let tokenResponse: IdentityTokenResponse;
+    beforeEach(() => {
+      tokenResponse = identityTokenResponseFactory();
+      tokenResponse.keyConnectorUrl = keyConnectorUrl;
+    });
+
+    it("gets and sets the master key if Key Connector is enabled", async () => {
+      const masterKey = new SymmetricCryptoKey(
+        new Uint8Array(64).buffer as CsprngArray
+      ) as MasterKey;
+
+      apiService.postIdentityToken.mockResolvedValue(tokenResponse);
+      cryptoService.getMasterKey.mockResolvedValue(masterKey);
+
+      await ssoLogInStrategy.logIn(credentials);
+
+      expect(keyConnectorService.setMasterKeyFromUrl).toHaveBeenCalledWith(keyConnectorUrl);
+    });
+
+    it("converts new SSO user to Key Connector on first login", async () => {
+      tokenResponse.key = null;
+
+      apiService.postIdentityToken.mockResolvedValue(tokenResponse);
+
+      await ssoLogInStrategy.logIn(credentials);
+
+      expect(keyConnectorService.convertNewSsoUserToKeyConnector).toHaveBeenCalledWith(
+        tokenResponse,
+        ssoOrgId
+      );
+    });
+
+    it("decrypts and sets the user key if Key Connector is enabled", async () => {
+      const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
+      const masterKey = new SymmetricCryptoKey(
+        new Uint8Array(64).buffer as CsprngArray
+      ) as MasterKey;
+
+      apiService.postIdentityToken.mockResolvedValue(tokenResponse);
+      cryptoService.getMasterKey.mockResolvedValue(masterKey);
+      cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
+
+      await ssoLogInStrategy.logIn(credentials);
+
+      expect(cryptoService.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(masterKey);
+      expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey);
+    });
   });
 });
diff --git a/libs/common/src/auth/login-strategies/sso-login.strategy.ts b/libs/common/src/auth/login-strategies/sso-login.strategy.ts
index c77aa168419..3bfa5ce01ff 100644
--- a/libs/common/src/auth/login-strategies/sso-login.strategy.ts
+++ b/libs/common/src/auth/login-strategies/sso-login.strategy.ts
@@ -1,10 +1,16 @@
 import { ApiService } from "../../abstractions/api.service";
+import { AuthRequestResponse } from "../../auth/models/response/auth-request.response";
+import { HttpStatusCode } from "../../enums";
+import { ErrorResponse } from "../../models/response/error.response";
 import { AppIdService } from "../../platform/abstractions/app-id.service";
 import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { I18nService } from "../../platform/abstractions/i18n.service";
 import { LogService } from "../../platform/abstractions/log.service";
 import { MessagingService } from "../../platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
 import { StateService } from "../../platform/abstractions/state.service";
+import { AuthRequestCryptoServiceAbstraction } from "../abstractions/auth-request-crypto.service.abstraction";
+import { DeviceTrustCryptoServiceAbstraction } from "../abstractions/device-trust-crypto.service.abstraction";
 import { KeyConnectorService } from "../abstractions/key-connector.service";
 import { TokenService } from "../abstractions/token.service";
 import { TwoFactorService } from "../abstractions/two-factor.service";
@@ -34,7 +40,10 @@ export class SsoLogInStrategy extends LogInStrategy {
     logService: LogService,
     stateService: StateService,
     twoFactorService: TwoFactorService,
-    private keyConnectorService: KeyConnectorService
+    private keyConnectorService: KeyConnectorService,
+    private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    private authReqCryptoService: AuthRequestCryptoServiceAbstraction,
+    private i18nService: I18nService
   ) {
     super(
       cryptoService,
@@ -49,18 +58,6 @@ export class SsoLogInStrategy extends LogInStrategy {
     );
   }
 
-  async setUserKey(tokenResponse: IdentityTokenResponse) {
-    const newSsoUser = tokenResponse.key == null;
-
-    if (tokenResponse.keyConnectorUrl != null) {
-      if (!newSsoUser) {
-        await this.keyConnectorService.getAndSetKey(tokenResponse.keyConnectorUrl);
-      } else {
-        await this.keyConnectorService.convertNewSsoUserToKeyConnector(tokenResponse, this.orgId);
-      }
-    }
-  }
-
   async logIn(credentials: SsoLogInCredentials) {
     this.orgId = credentials.orgId;
     this.tokenRequest = new SsoTokenRequest(
@@ -78,4 +75,155 @@ export class SsoLogInStrategy extends LogInStrategy {
 
     return ssoAuthResult;
   }
+
+  protected override async setMasterKey(tokenResponse: IdentityTokenResponse) {
+    // TODO: discuss how this is no longer true with TDE
+    // eventually we’ll need to support migration of existing TDE users to Key Connector
+    const newSsoUser = tokenResponse.key == null;
+
+    if (tokenResponse.keyConnectorUrl != null) {
+      if (!newSsoUser) {
+        await this.keyConnectorService.setMasterKeyFromUrl(tokenResponse.keyConnectorUrl);
+      } else {
+        await this.keyConnectorService.convertNewSsoUserToKeyConnector(tokenResponse, this.orgId);
+      }
+    }
+  }
+
+  // TODO: future passkey login strategy will need to support setting user key (decrypting via TDE or admin approval request)
+  // so might be worth moving this logic to a common place (base login strategy or a separate service?)
+  protected override async setUserKey(tokenResponse: IdentityTokenResponse): Promise<void> {
+    const masterKeyEncryptedUserKey = tokenResponse.key;
+
+    // Note: masterKeyEncryptedUserKey is undefined for SSO JIT provisioned users
+    // on account creation and subsequent logins (confirmed or unconfirmed)
+    // but that is fine for TDE so we cannot return if it is undefined
+
+    if (masterKeyEncryptedUserKey) {
+      // set the master key encrypted user key if it exists
+      await this.cryptoService.setMasterKeyEncryptedUserKey(masterKeyEncryptedUserKey);
+    }
+
+    const userDecryptionOptions = tokenResponse?.userDecryptionOptions;
+
+    // Note: TDE and key connector are mutually exclusive
+    if (userDecryptionOptions?.trustedDeviceOption) {
+      await this.trySetUserKeyWithApprovedAdminRequestIfExists();
+
+      const hasUserKey = await this.cryptoService.hasUserKey();
+
+      // Only try to set user key with device key if admin approval request was not successful
+      if (!hasUserKey) {
+        await this.trySetUserKeyWithDeviceKey(tokenResponse);
+      }
+    } else if (
+      // TODO: remove tokenResponse.keyConnectorUrl when it's deprecated
+      masterKeyEncryptedUserKey != null &&
+      (tokenResponse.keyConnectorUrl || userDecryptionOptions?.keyConnectorOption?.keyConnectorUrl)
+    ) {
+      // Key connector enabled for user
+      await this.trySetUserKeyWithMasterKey();
+    }
+
+    // Note: In the traditional SSO flow with MP without key connector, the lock component
+    // is responsible for deriving master key from MP entry and then decrypting the user key
+  }
+
+  private async trySetUserKeyWithApprovedAdminRequestIfExists(): Promise<void> {
+    // At this point a user could have an admin auth request that has been approved
+    const adminAuthReqStorable = await this.stateService.getAdminAuthRequest();
+
+    if (!adminAuthReqStorable) {
+      return;
+    }
+
+    // Call server to see if admin auth request has been approved
+    let adminAuthReqResponse: AuthRequestResponse;
+
+    try {
+      adminAuthReqResponse = await this.apiService.getAuthRequest(adminAuthReqStorable.id);
+    } catch (error) {
+      if (error instanceof ErrorResponse && error.statusCode === HttpStatusCode.NotFound) {
+        // if we get a 404, it means the auth request has been deleted so clear it from storage
+        await this.stateService.setAdminAuthRequest(null);
+      }
+
+      // Always return on an error here as we don't want to block the user from logging in
+      return;
+    }
+
+    if (adminAuthReqResponse?.requestApproved) {
+      // if masterPasswordHash has a value, we will always receive authReqResponse.key
+      // as authRequestPublicKey(masterKey) + authRequestPublicKey(masterPasswordHash)
+      if (adminAuthReqResponse.masterPasswordHash) {
+        await this.authReqCryptoService.setKeysAfterDecryptingSharedMasterKeyAndHash(
+          adminAuthReqResponse,
+          adminAuthReqStorable.privateKey
+        );
+      } else {
+        // if masterPasswordHash is null, we will always receive authReqResponse.key
+        // as authRequestPublicKey(userKey)
+        await this.authReqCryptoService.setUserKeyAfterDecryptingSharedUserKey(
+          adminAuthReqResponse,
+          adminAuthReqStorable.privateKey
+        );
+      }
+
+      if (await this.cryptoService.hasUserKey()) {
+        // Now that we have a decrypted user key in memory, we can check if we
+        // need to establish trust on the current device
+        await this.deviceTrustCryptoService.trustDeviceIfRequired();
+
+        // if we successfully decrypted the user key, we can delete the admin auth request out of state
+        // TODO: eventually we post and clean up DB as well once consumed on client
+        await this.stateService.setAdminAuthRequest(null);
+
+        this.platformUtilsService.showToast("success", null, this.i18nService.t("loginApproved"));
+      }
+    }
+  }
+
+  private async trySetUserKeyWithDeviceKey(tokenResponse: IdentityTokenResponse): Promise<void> {
+    const trustedDeviceOption = tokenResponse.userDecryptionOptions?.trustedDeviceOption;
+
+    const deviceKey = await this.deviceTrustCryptoService.getDeviceKey();
+    const encDevicePrivateKey = trustedDeviceOption?.encryptedPrivateKey;
+    const encUserKey = trustedDeviceOption?.encryptedUserKey;
+
+    if (!deviceKey || !encDevicePrivateKey || !encUserKey) {
+      return;
+    }
+
+    const userKey = await this.deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+      encDevicePrivateKey,
+      encUserKey,
+      deviceKey
+    );
+
+    if (userKey) {
+      await this.cryptoService.setUserKey(userKey);
+    }
+  }
+
+  private async trySetUserKeyWithMasterKey(): Promise<void> {
+    const masterKey = await this.cryptoService.getMasterKey();
+
+    if (!masterKey) {
+      throw new Error("Master key not found");
+    }
+
+    const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
+
+    await this.cryptoService.setUserKey(userKey);
+  }
+
+  protected override async setPrivateKey(tokenResponse: IdentityTokenResponse): Promise<void> {
+    const newSsoUser = tokenResponse.key == null;
+
+    if (!newSsoUser) {
+      await this.cryptoService.setPrivateKey(
+        tokenResponse.privateKey ?? (await this.createKeyPairForOldAccount())
+      );
+    }
+  }
 }
diff --git a/libs/common/src/auth/login-strategies/user-api-login.strategy.spec.ts b/libs/common/src/auth/login-strategies/user-api-login.strategy.spec.ts
index 92cae9d98ce..044b594b89d 100644
--- a/libs/common/src/auth/login-strategies/user-api-login.strategy.spec.ts
+++ b/libs/common/src/auth/login-strategies/user-api-login.strategy.spec.ts
@@ -9,6 +9,12 @@ import { MessagingService } from "../../platform/abstractions/messaging.service"
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
 import { StateService } from "../../platform/abstractions/state.service";
 import { Utils } from "../../platform/misc/utils";
+import {
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
+import { CsprngArray } from "../../types/csprng";
 import { KeyConnectorService } from "../abstractions/key-connector.service";
 import { TokenService } from "../abstractions/token.service";
 import { TwoFactorService } from "../abstractions/two-factor.service";
@@ -101,7 +107,18 @@ describe("UserApiLogInStrategy", () => {
     expect(stateService.addAccount).toHaveBeenCalled();
   });
 
-  it("gets and sets the Key Connector key from environmentUrl", async () => {
+  it("sets the encrypted user key and private key from the identity token response", async () => {
+    const tokenResponse = identityTokenResponseFactory();
+
+    apiService.postIdentityToken.mockResolvedValue(tokenResponse);
+
+    await apiLogInStrategy.logIn(credentials);
+
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key);
+    expect(cryptoService.setPrivateKey).toHaveBeenCalledWith(tokenResponse.privateKey);
+  });
+
+  it("gets and sets the master key if Key Connector is enabled", async () => {
     const tokenResponse = identityTokenResponseFactory();
     tokenResponse.apiUseKeyConnector = true;
 
@@ -110,6 +127,24 @@ describe("UserApiLogInStrategy", () => {
 
     await apiLogInStrategy.logIn(credentials);
 
-    expect(keyConnectorService.getAndSetKey).toHaveBeenCalledWith(keyConnectorUrl);
+    expect(keyConnectorService.setMasterKeyFromUrl).toHaveBeenCalledWith(keyConnectorUrl);
+  });
+
+  it("decrypts and sets the user key if Key Connector is enabled", async () => {
+    const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
+    const masterKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as MasterKey;
+
+    const tokenResponse = identityTokenResponseFactory();
+    tokenResponse.apiUseKeyConnector = true;
+
+    apiService.postIdentityToken.mockResolvedValue(tokenResponse);
+    environmentService.getKeyConnectorUrl.mockReturnValue(keyConnectorUrl);
+    cryptoService.getMasterKey.mockResolvedValue(masterKey);
+    cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
+
+    await apiLogInStrategy.logIn(credentials);
+
+    expect(cryptoService.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(masterKey);
+    expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey);
   });
 });
diff --git a/libs/common/src/auth/login-strategies/user-api-login.strategy.ts b/libs/common/src/auth/login-strategies/user-api-login.strategy.ts
index 967856ddd35..80aed0d1538 100644
--- a/libs/common/src/auth/login-strategies/user-api-login.strategy.ts
+++ b/libs/common/src/auth/login-strategies/user-api-login.strategy.ts
@@ -44,14 +44,7 @@ export class UserApiLogInStrategy extends LogInStrategy {
     );
   }
 
-  async setUserKey(tokenResponse: IdentityTokenResponse) {
-    if (tokenResponse.apiUseKeyConnector) {
-      const keyConnectorUrl = this.environmentService.getKeyConnectorUrl();
-      await this.keyConnectorService.getAndSetKey(keyConnectorUrl);
-    }
-  }
-
-  async logIn(credentials: UserApiLogInCredentials) {
+  override async logIn(credentials: UserApiLogInCredentials) {
     this.tokenRequest = new UserApiTokenRequest(
       credentials.clientId,
       credentials.clientSecret,
@@ -63,6 +56,31 @@ export class UserApiLogInStrategy extends LogInStrategy {
     return authResult;
   }
 
+  protected override async setMasterKey(response: IdentityTokenResponse) {
+    if (response.apiUseKeyConnector) {
+      const keyConnectorUrl = this.environmentService.getKeyConnectorUrl();
+      await this.keyConnectorService.setMasterKeyFromUrl(keyConnectorUrl);
+    }
+  }
+
+  protected override async setUserKey(response: IdentityTokenResponse): Promise<void> {
+    await this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
+
+    if (response.apiUseKeyConnector) {
+      const masterKey = await this.cryptoService.getMasterKey();
+      if (masterKey) {
+        const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
+        await this.cryptoService.setUserKey(userKey);
+      }
+    }
+  }
+
+  protected override async setPrivateKey(response: IdentityTokenResponse): Promise<void> {
+    await this.cryptoService.setPrivateKey(
+      response.privateKey ?? (await this.createKeyPairForOldAccount())
+    );
+  }
+
   protected async saveAccountInformation(tokenResponse: IdentityTokenResponse) {
     await super.saveAccountInformation(tokenResponse);
     await this.stateService.setApiKeyClientId(this.tokenRequest.clientId);
diff --git a/libs/common/src/auth/models/domain/admin-auth-req-storable.ts b/libs/common/src/auth/models/domain/admin-auth-req-storable.ts
new file mode 100644
index 00000000000..1eae7eeab1a
--- /dev/null
+++ b/libs/common/src/auth/models/domain/admin-auth-req-storable.ts
@@ -0,0 +1,41 @@
+import { Utils } from "../../../platform/misc/utils";
+
+// TODO: Tech Debt: potentially create a type Storage shape vs using a class here in the future
+// type StorageShape {
+//   id: string;
+//   privateKey: string;
+// }
+// so we can get rid of the any type passed into fromJSON and coming out of ToJSON
+export class AdminAuthRequestStorable {
+  id: string;
+  privateKey: Uint8Array;
+
+  constructor(init?: Partial<AdminAuthRequestStorable>) {
+    if (init) {
+      Object.assign(this, init);
+    }
+  }
+
+  toJSON() {
+    return {
+      id: this.id,
+      privateKey: Utils.fromBufferToByteString(this.privateKey),
+    };
+  }
+
+  static fromJSON(obj: any): AdminAuthRequestStorable {
+    if (obj == null) {
+      return null;
+    }
+
+    let privateKeyBuffer = null;
+    if (obj.privateKey) {
+      privateKeyBuffer = Utils.fromByteStringToArray(obj.privateKey);
+    }
+
+    return new AdminAuthRequestStorable({
+      id: obj.id,
+      privateKey: privateKeyBuffer,
+    });
+  }
+}
diff --git a/libs/common/src/auth/models/domain/auth-result.ts b/libs/common/src/auth/models/domain/auth-result.ts
index 7a88d490f00..c0a6f034aef 100644
--- a/libs/common/src/auth/models/domain/auth-result.ts
+++ b/libs/common/src/auth/models/domain/auth-result.ts
@@ -5,7 +5,14 @@ import { ForceResetPasswordReason } from "./force-reset-password-reason";
 
 export class AuthResult {
   captchaSiteKey = "";
+  // TODO: PM-3287 - Remove this after 3 releases of backwards compatibility. - Target release 2023.12 for removal
+  /**
+   * @deprecated
+   * Replace with using AccountDecryptionOptions to determine if the user does
+   * not have a master password and is not using Key Connector.
+   * */
   resetMasterPassword = false;
+
   forcePasswordReset: ForceResetPasswordReason = ForceResetPasswordReason.None;
   twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string }> = null;
   ssoEmail2FaSessionToken?: string;
diff --git a/libs/common/src/auth/models/domain/log-in-credentials.ts b/libs/common/src/auth/models/domain/log-in-credentials.ts
index 5312b137511..7022bb66ded 100644
--- a/libs/common/src/auth/models/domain/log-in-credentials.ts
+++ b/libs/common/src/auth/models/domain/log-in-credentials.ts
@@ -1,4 +1,4 @@
-import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
+import { MasterKey, UserKey } from "../../../platform/models/domain/symmetric-crypto-key";
 import { AuthenticationType } from "../../enums/authentication-type";
 import { TokenTwoFactorRequest } from "../request/identity-token/token-two-factor.request";
 
@@ -38,8 +38,9 @@ export class PasswordlessLogInCredentials {
     public email: string,
     public accessCode: string,
     public authRequestId: string,
-    public decKey: SymmetricCryptoKey,
-    public localPasswordHash: string,
+    public decryptedUserKey: UserKey,
+    public decryptedMasterKey: MasterKey,
+    public decryptedMasterKeyHash: string,
     public twoFactor?: TokenTwoFactorRequest
   ) {}
 }
diff --git a/libs/common/src/auth/models/domain/user-decryption-options/key-connector-user-decryption-option.ts b/libs/common/src/auth/models/domain/user-decryption-options/key-connector-user-decryption-option.ts
new file mode 100644
index 00000000000..3422c078e46
--- /dev/null
+++ b/libs/common/src/auth/models/domain/user-decryption-options/key-connector-user-decryption-option.ts
@@ -0,0 +1,3 @@
+export class KeyConnectorUserDecryptionOption {
+  constructor(public keyConnectorUrl: string) {}
+}
diff --git a/libs/common/src/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option.ts b/libs/common/src/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option.ts
new file mode 100644
index 00000000000..7d7211061f2
--- /dev/null
+++ b/libs/common/src/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option.ts
@@ -0,0 +1,7 @@
+export class TrustedDeviceUserDecryptionOption {
+  constructor(
+    public hasAdminApproval: boolean,
+    public hasLoginApprovingDevice: boolean,
+    public hasManageResetPasswordPermission: boolean
+  ) {}
+}
diff --git a/libs/common/src/auth/models/request/update-devices-trust.request.ts b/libs/common/src/auth/models/request/update-devices-trust.request.ts
new file mode 100644
index 00000000000..000e9f139da
--- /dev/null
+++ b/libs/common/src/auth/models/request/update-devices-trust.request.ts
@@ -0,0 +1,15 @@
+import { SecretVerificationRequest } from "./secret-verification.request";
+
+export class UpdateDevicesTrustRequest extends SecretVerificationRequest {
+  currentDevice: DeviceKeysUpdateRequest;
+  otherDevices: OtherDeviceKeysUpdateRequest[];
+}
+
+export class DeviceKeysUpdateRequest {
+  encryptedPublicKey: string;
+  encryptedUserKey: string;
+}
+
+export class OtherDeviceKeysUpdateRequest extends DeviceKeysUpdateRequest {
+  id: string;
+}
diff --git a/libs/common/src/auth/models/response/identity-token.response.ts b/libs/common/src/auth/models/response/identity-token.response.ts
index 76f34617f86..d080341ed41 100644
--- a/libs/common/src/auth/models/response/identity-token.response.ts
+++ b/libs/common/src/auth/models/response/identity-token.response.ts
@@ -2,6 +2,7 @@ import { KdfType } from "../../../enums";
 import { BaseResponse } from "../../../models/response/base.response";
 
 import { MasterPasswordPolicyResponse } from "./master-password-policy.response";
+import { UserDecryptionOptionsResponse } from "./user-decryption-options/user-decryption-options.response";
 
 export class IdentityTokenResponse extends BaseResponse {
   accessToken: string;
@@ -22,6 +23,8 @@ export class IdentityTokenResponse extends BaseResponse {
   apiUseKeyConnector: boolean;
   keyConnectorUrl: string;
 
+  userDecryptionOptions: UserDecryptionOptionsResponse;
+
   constructor(response: any) {
     super(response);
     this.accessToken = response.access_token;
@@ -43,5 +46,11 @@ export class IdentityTokenResponse extends BaseResponse {
     this.masterPasswordPolicy = new MasterPasswordPolicyResponse(
       this.getResponseProperty("MasterPasswordPolicy")
     );
+
+    if (response.UserDecryptionOptions) {
+      this.userDecryptionOptions = new UserDecryptionOptionsResponse(
+        this.getResponseProperty("UserDecryptionOptions")
+      );
+    }
   }
 }
diff --git a/libs/common/src/auth/models/response/protected-device.response.ts b/libs/common/src/auth/models/response/protected-device.response.ts
new file mode 100644
index 00000000000..6d279f70c73
--- /dev/null
+++ b/libs/common/src/auth/models/response/protected-device.response.ts
@@ -0,0 +1,39 @@
+import { Jsonify } from "type-fest";
+
+import { DeviceType } from "../../../enums";
+import { BaseResponse } from "../../../models/response/base.response";
+import { EncString } from "../../../platform/models/domain/enc-string";
+
+export class ProtectedDeviceResponse extends BaseResponse {
+  constructor(response: Jsonify<ProtectedDeviceResponse>) {
+    super(response);
+    this.id = this.getResponseProperty("id");
+    this.name = this.getResponseProperty("name");
+    this.identifier = this.getResponseProperty("identifier");
+    this.type = this.getResponseProperty("type");
+    this.creationDate = new Date(this.getResponseProperty("creationDate"));
+    if (response.encryptedUserKey) {
+      this.encryptedUserKey = new EncString(this.getResponseProperty("encryptedUserKey"));
+    }
+    if (response.encryptedPublicKey) {
+      this.encryptedPublicKey = new EncString(this.getResponseProperty("encryptedPublicKey"));
+    }
+  }
+
+  id: string;
+  name: string;
+  type: DeviceType;
+  identifier: string;
+  creationDate: Date;
+  /**
+   * Intended to be the users symmetric key that is encrypted in some form, the current way to encrypt this is with
+   * the devices public key.
+   */
+  encryptedUserKey: EncString;
+  /**
+   * Intended to be the public key that was generated for a device upon trust and encrypted. Currenly encrypted using
+   * a users symmetric key so that when trusted and unlocked a user can decrypt the public key for all their devices.
+   * This enabled a user to rotate the keys for all of their devices.
+   */
+  encryptedPublicKey: EncString;
+}
diff --git a/libs/common/src/auth/models/response/user-decryption-options/key-connector-user-decryption-option.response.ts b/libs/common/src/auth/models/response/user-decryption-options/key-connector-user-decryption-option.response.ts
new file mode 100644
index 00000000000..6448a9547e7
--- /dev/null
+++ b/libs/common/src/auth/models/response/user-decryption-options/key-connector-user-decryption-option.response.ts
@@ -0,0 +1,14 @@
+import { BaseResponse } from "../../../../models/response/base.response";
+
+export interface IKeyConnectorUserDecryptionOptionServerResponse {
+  KeyConnectorUrl: string;
+}
+
+export class KeyConnectorUserDecryptionOptionResponse extends BaseResponse {
+  keyConnectorUrl: string;
+
+  constructor(response: IKeyConnectorUserDecryptionOptionServerResponse) {
+    super(response);
+    this.keyConnectorUrl = this.getResponseProperty("KeyConnectorUrl");
+  }
+}
diff --git a/libs/common/src/auth/models/response/user-decryption-options/trusted-device-user-decryption-option.response.ts b/libs/common/src/auth/models/response/user-decryption-options/trusted-device-user-decryption-option.response.ts
new file mode 100644
index 00000000000..903022b0749
--- /dev/null
+++ b/libs/common/src/auth/models/response/user-decryption-options/trusted-device-user-decryption-option.response.ts
@@ -0,0 +1,35 @@
+import { BaseResponse } from "../../../../models/response/base.response";
+import { EncString } from "../../../../platform/models/domain/enc-string";
+
+export interface ITrustedDeviceUserDecryptionOptionServerResponse {
+  HasAdminApproval: boolean;
+  HasLoginApprovingDevice: boolean;
+  HasManageResetPasswordPermission: boolean;
+  EncryptedPrivateKey?: string;
+  EncryptedUserKey?: string;
+}
+
+export class TrustedDeviceUserDecryptionOptionResponse extends BaseResponse {
+  hasAdminApproval: boolean;
+  hasLoginApprovingDevice: boolean;
+  hasManageResetPasswordPermission: boolean;
+  encryptedPrivateKey: EncString;
+  encryptedUserKey: EncString;
+
+  constructor(response: any) {
+    super(response);
+    this.hasAdminApproval = this.getResponseProperty("HasAdminApproval");
+
+    this.hasLoginApprovingDevice = this.getResponseProperty("HasLoginApprovingDevice");
+    this.hasManageResetPasswordPermission = this.getResponseProperty(
+      "HasManageResetPasswordPermission"
+    );
+
+    if (response.EncryptedPrivateKey) {
+      this.encryptedPrivateKey = new EncString(this.getResponseProperty("EncryptedPrivateKey"));
+    }
+    if (response.EncryptedUserKey) {
+      this.encryptedUserKey = new EncString(this.getResponseProperty("EncryptedUserKey"));
+    }
+  }
+}
diff --git a/libs/common/src/auth/models/response/user-decryption-options/user-decryption-options.response.ts b/libs/common/src/auth/models/response/user-decryption-options/user-decryption-options.response.ts
new file mode 100644
index 00000000000..fcf1f49ace6
--- /dev/null
+++ b/libs/common/src/auth/models/response/user-decryption-options/user-decryption-options.response.ts
@@ -0,0 +1,39 @@
+import { BaseResponse } from "../../../../models/response/base.response";
+
+import {
+  IKeyConnectorUserDecryptionOptionServerResponse,
+  KeyConnectorUserDecryptionOptionResponse,
+} from "./key-connector-user-decryption-option.response";
+import {
+  ITrustedDeviceUserDecryptionOptionServerResponse,
+  TrustedDeviceUserDecryptionOptionResponse,
+} from "./trusted-device-user-decryption-option.response";
+
+export interface IUserDecryptionOptionsServerResponse {
+  HasMasterPassword: boolean;
+  TrustedDeviceOption?: ITrustedDeviceUserDecryptionOptionServerResponse;
+  KeyConnectorOption?: IKeyConnectorUserDecryptionOptionServerResponse;
+}
+
+export class UserDecryptionOptionsResponse extends BaseResponse {
+  hasMasterPassword: boolean;
+  trustedDeviceOption?: TrustedDeviceUserDecryptionOptionResponse;
+  keyConnectorOption?: KeyConnectorUserDecryptionOptionResponse;
+
+  constructor(response: IUserDecryptionOptionsServerResponse) {
+    super(response);
+
+    this.hasMasterPassword = this.getResponseProperty("HasMasterPassword");
+
+    if (response.TrustedDeviceOption) {
+      this.trustedDeviceOption = new TrustedDeviceUserDecryptionOptionResponse(
+        this.getResponseProperty("TrustedDeviceOption")
+      );
+    }
+    if (response.KeyConnectorOption) {
+      this.keyConnectorOption = new KeyConnectorUserDecryptionOptionResponse(
+        this.getResponseProperty("KeyConnectorOption")
+      );
+    }
+  }
+}
diff --git a/libs/common/src/auth/services/auth-request-crypto.service.implementation.ts b/libs/common/src/auth/services/auth-request-crypto.service.implementation.ts
new file mode 100644
index 00000000000..004957e1011
--- /dev/null
+++ b/libs/common/src/auth/services/auth-request-crypto.service.implementation.ts
@@ -0,0 +1,81 @@
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { Utils } from "../../platform/misc/utils";
+import {
+  UserKey,
+  SymmetricCryptoKey,
+  MasterKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
+import { AuthRequestCryptoServiceAbstraction } from "../abstractions/auth-request-crypto.service.abstraction";
+import { AuthRequestResponse } from "../models/response/auth-request.response";
+
+export class AuthRequestCryptoServiceImplementation implements AuthRequestCryptoServiceAbstraction {
+  constructor(private cryptoService: CryptoService) {}
+
+  async setUserKeyAfterDecryptingSharedUserKey(
+    authReqResponse: AuthRequestResponse,
+    authReqPrivateKey: Uint8Array
+  ) {
+    const userKey = await this.decryptPubKeyEncryptedUserKey(
+      authReqResponse.key,
+      authReqPrivateKey
+    );
+    await this.cryptoService.setUserKey(userKey);
+  }
+
+  async setKeysAfterDecryptingSharedMasterKeyAndHash(
+    authReqResponse: AuthRequestResponse,
+    authReqPrivateKey: Uint8Array
+  ) {
+    const { masterKey, masterKeyHash } = await this.decryptPubKeyEncryptedMasterKeyAndHash(
+      authReqResponse.key,
+      authReqResponse.masterPasswordHash,
+      authReqPrivateKey
+    );
+
+    // Decrypt and set user key in state
+    const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
+
+    // Set masterKey + masterKeyHash in state after decryption (in case decryption fails)
+    await this.cryptoService.setMasterKey(masterKey);
+    await this.cryptoService.setMasterKeyHash(masterKeyHash);
+
+    await this.cryptoService.setUserKey(userKey);
+  }
+
+  // Decryption helpers
+  async decryptPubKeyEncryptedUserKey(
+    pubKeyEncryptedUserKey: string,
+    privateKey: Uint8Array
+  ): Promise<UserKey> {
+    const decryptedUserKeyBytes = await this.cryptoService.rsaDecrypt(
+      pubKeyEncryptedUserKey,
+      privateKey
+    );
+
+    return new SymmetricCryptoKey(decryptedUserKeyBytes) as UserKey;
+  }
+
+  async decryptPubKeyEncryptedMasterKeyAndHash(
+    pubKeyEncryptedMasterKey: string,
+    pubKeyEncryptedMasterKeyHash: string,
+    privateKey: Uint8Array
+  ): Promise<{ masterKey: MasterKey; masterKeyHash: string }> {
+    const decryptedMasterKeyArrayBuffer = await this.cryptoService.rsaDecrypt(
+      pubKeyEncryptedMasterKey,
+      privateKey
+    );
+
+    const decryptedMasterKeyHashArrayBuffer = await this.cryptoService.rsaDecrypt(
+      pubKeyEncryptedMasterKeyHash,
+      privateKey
+    );
+
+    const masterKey = new SymmetricCryptoKey(decryptedMasterKeyArrayBuffer) as MasterKey;
+    const masterKeyHash = Utils.fromBufferToUtf8(decryptedMasterKeyHashArrayBuffer);
+
+    return {
+      masterKey,
+      masterKeyHash,
+    };
+  }
+}
diff --git a/libs/common/src/auth/services/auth-request-crypto.service.spec.ts b/libs/common/src/auth/services/auth-request-crypto.service.spec.ts
new file mode 100644
index 00000000000..cab1cba0e70
--- /dev/null
+++ b/libs/common/src/auth/services/auth-request-crypto.service.spec.ts
@@ -0,0 +1,165 @@
+import { mock } from "jest-mock-extended";
+
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { Utils } from "../../platform/misc/utils";
+import {
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
+import { AuthRequestCryptoServiceAbstraction } from "../abstractions/auth-request-crypto.service.abstraction";
+import { AuthRequestResponse } from "../models/response/auth-request.response";
+
+import { AuthRequestCryptoServiceImplementation } from "./auth-request-crypto.service.implementation";
+
+describe("AuthRequestCryptoService", () => {
+  let authReqCryptoService: AuthRequestCryptoServiceAbstraction;
+  const cryptoService = mock<CryptoService>();
+  let mockPrivateKey: Uint8Array;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+    jest.resetAllMocks();
+
+    authReqCryptoService = new AuthRequestCryptoServiceImplementation(cryptoService);
+
+    mockPrivateKey = new Uint8Array(64);
+  });
+
+  it("instantiates", () => {
+    expect(authReqCryptoService).not.toBeFalsy();
+  });
+
+  describe("setUserKeyAfterDecryptingSharedUserKey", () => {
+    it("decrypts and sets user key when given valid auth request response and private key", async () => {
+      // Arrange
+      const mockAuthReqResponse = {
+        key: "authReqPublicKeyEncryptedUserKey",
+      } as AuthRequestResponse;
+
+      const mockDecryptedUserKey = {} as UserKey;
+      jest
+        .spyOn(authReqCryptoService, "decryptPubKeyEncryptedUserKey")
+        .mockResolvedValueOnce(mockDecryptedUserKey);
+
+      cryptoService.setUserKey.mockResolvedValueOnce(undefined);
+
+      // Act
+      await authReqCryptoService.setUserKeyAfterDecryptingSharedUserKey(
+        mockAuthReqResponse,
+        mockPrivateKey
+      );
+
+      // Assert
+      expect(authReqCryptoService.decryptPubKeyEncryptedUserKey).toBeCalledWith(
+        mockAuthReqResponse.key,
+        mockPrivateKey
+      );
+      expect(cryptoService.setUserKey).toBeCalledWith(mockDecryptedUserKey);
+    });
+  });
+
+  describe("setKeysAfterDecryptingSharedMasterKeyAndHash", () => {
+    it("decrypts and sets master key and hash and user key when given valid auth request response and private key", async () => {
+      // Arrange
+      const mockAuthReqResponse = {
+        key: "authReqPublicKeyEncryptedMasterKey",
+        masterPasswordHash: "authReqPublicKeyEncryptedMasterKeyHash",
+      } as AuthRequestResponse;
+
+      const mockDecryptedMasterKey = {} as MasterKey;
+      const mockDecryptedMasterKeyHash = "mockDecryptedMasterKeyHash";
+      const mockDecryptedUserKey = {} as UserKey;
+
+      jest
+        .spyOn(authReqCryptoService, "decryptPubKeyEncryptedMasterKeyAndHash")
+        .mockResolvedValueOnce({
+          masterKey: mockDecryptedMasterKey,
+          masterKeyHash: mockDecryptedMasterKeyHash,
+        });
+
+      cryptoService.setMasterKey.mockResolvedValueOnce(undefined);
+      cryptoService.setMasterKeyHash.mockResolvedValueOnce(undefined);
+      cryptoService.decryptUserKeyWithMasterKey.mockResolvedValueOnce(mockDecryptedUserKey);
+      cryptoService.setUserKey.mockResolvedValueOnce(undefined);
+
+      // Act
+      await authReqCryptoService.setKeysAfterDecryptingSharedMasterKeyAndHash(
+        mockAuthReqResponse,
+        mockPrivateKey
+      );
+
+      // Assert
+      expect(authReqCryptoService.decryptPubKeyEncryptedMasterKeyAndHash).toBeCalledWith(
+        mockAuthReqResponse.key,
+        mockAuthReqResponse.masterPasswordHash,
+        mockPrivateKey
+      );
+      expect(cryptoService.setMasterKey).toBeCalledWith(mockDecryptedMasterKey);
+      expect(cryptoService.setMasterKeyHash).toBeCalledWith(mockDecryptedMasterKeyHash);
+      expect(cryptoService.decryptUserKeyWithMasterKey).toBeCalledWith(mockDecryptedMasterKey);
+      expect(cryptoService.setUserKey).toBeCalledWith(mockDecryptedUserKey);
+    });
+  });
+
+  describe("decryptAuthReqPubKeyEncryptedUserKey", () => {
+    it("returns a decrypted user key when given valid public key encrypted user key and an auth req private key", async () => {
+      // Arrange
+      const mockPubKeyEncryptedUserKey = "pubKeyEncryptedUserKey";
+      const mockDecryptedUserKeyBytes = new Uint8Array(64);
+      const mockDecryptedUserKey = new SymmetricCryptoKey(mockDecryptedUserKeyBytes) as UserKey;
+
+      cryptoService.rsaDecrypt.mockResolvedValueOnce(mockDecryptedUserKeyBytes);
+
+      // Act
+      const result = await authReqCryptoService.decryptPubKeyEncryptedUserKey(
+        mockPubKeyEncryptedUserKey,
+        mockPrivateKey
+      );
+
+      // Assert
+      expect(cryptoService.rsaDecrypt).toBeCalledWith(mockPubKeyEncryptedUserKey, mockPrivateKey);
+      expect(result).toEqual(mockDecryptedUserKey);
+    });
+  });
+
+  describe("decryptAuthReqPubKeyEncryptedMasterKeyAndHash", () => {
+    it("returns a decrypted master key and hash when given a valid public key encrypted master key, public key encrypted master key hash, and an auth req private key", async () => {
+      // Arrange
+      const mockPubKeyEncryptedMasterKey = "pubKeyEncryptedMasterKey";
+      const mockPubKeyEncryptedMasterKeyHash = "pubKeyEncryptedMasterKeyHash";
+
+      const mockDecryptedMasterKeyBytes = new Uint8Array(64);
+      const mockDecryptedMasterKey = new SymmetricCryptoKey(
+        mockDecryptedMasterKeyBytes
+      ) as MasterKey;
+      const mockDecryptedMasterKeyHashBytes = new Uint8Array(64);
+      const mockDecryptedMasterKeyHash = Utils.fromBufferToUtf8(mockDecryptedMasterKeyHashBytes);
+
+      cryptoService.rsaDecrypt
+        .mockResolvedValueOnce(mockDecryptedMasterKeyBytes)
+        .mockResolvedValueOnce(mockDecryptedMasterKeyHashBytes);
+
+      // Act
+      const result = await authReqCryptoService.decryptPubKeyEncryptedMasterKeyAndHash(
+        mockPubKeyEncryptedMasterKey,
+        mockPubKeyEncryptedMasterKeyHash,
+        mockPrivateKey
+      );
+
+      // Assert
+      expect(cryptoService.rsaDecrypt).toHaveBeenNthCalledWith(
+        1,
+        mockPubKeyEncryptedMasterKey,
+        mockPrivateKey
+      );
+      expect(cryptoService.rsaDecrypt).toHaveBeenNthCalledWith(
+        2,
+        mockPubKeyEncryptedMasterKeyHash,
+        mockPrivateKey
+      );
+      expect(result.masterKey).toEqual(mockDecryptedMasterKey);
+      expect(result.masterKeyHash).toEqual(mockDecryptedMasterKeyHash);
+    });
+  });
+});
diff --git a/libs/common/src/auth/services/auth.service.ts b/libs/common/src/auth/services/auth.service.ts
index 53d1b799229..815e7b2a5ea 100644
--- a/libs/common/src/auth/services/auth.service.ts
+++ b/libs/common/src/auth/services/auth.service.ts
@@ -16,9 +16,11 @@ import { MessagingService } from "../../platform/abstractions/messaging.service"
 import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
 import { StateService } from "../../platform/abstractions/state.service";
 import { Utils } from "../../platform/misc/utils";
-import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { MasterKey } from "../../platform/models/domain/symmetric-crypto-key";
 import { PasswordStrengthServiceAbstraction } from "../../tools/password-strength";
+import { AuthRequestCryptoServiceAbstraction } from "../abstractions/auth-request-crypto.service.abstraction";
 import { AuthService as AuthServiceAbstraction } from "../abstractions/auth.service";
+import { DeviceTrustCryptoServiceAbstraction } from "../abstractions/device-trust-crypto.service.abstraction";
 import { KeyConnectorService } from "../abstractions/key-connector.service";
 import { TokenService } from "../abstractions/token.service";
 import { TwoFactorService } from "../abstractions/two-factor.service";
@@ -103,7 +105,9 @@ export class AuthService implements AuthServiceAbstraction {
     protected i18nService: I18nService,
     protected encryptService: EncryptService,
     protected passwordStrengthService: PasswordStrengthServiceAbstraction,
-    protected policyService: PolicyService
+    protected policyService: PolicyService,
+    protected deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
+    protected authReqCryptoService: AuthRequestCryptoServiceAbstraction
   ) {}
 
   async logIn(
@@ -149,7 +153,10 @@ export class AuthService implements AuthServiceAbstraction {
           this.logService,
           this.stateService,
           this.twoFactorService,
-          this.keyConnectorService
+          this.keyConnectorService,
+          this.deviceTrustCryptoService,
+          this.authReqCryptoService,
+          this.i18nService
         );
         break;
       case AuthenticationType.UserApi:
@@ -178,7 +185,7 @@ export class AuthService implements AuthServiceAbstraction {
           this.logService,
           this.stateService,
           this.twoFactorService,
-          this
+          this.deviceTrustCryptoService
         );
         break;
     }
@@ -238,23 +245,32 @@ export class AuthService implements AuthServiceAbstraction {
   }
 
   async getAuthStatus(userId?: string): Promise<AuthenticationStatus> {
+    // If we don't have an access token or userId, we're logged out
     const isAuthenticated = await this.stateService.getIsAuthenticated({ userId: userId });
     if (!isAuthenticated) {
       return AuthenticationStatus.LoggedOut;
     }
 
-    // Keys aren't stored for a device that is locked or logged out
-    // Make sure we're logged in before checking this, otherwise we could mix up those states
-    const neverLock =
-      (await this.cryptoService.hasKeyStored(KeySuffixOptions.Auto, userId)) &&
-      !(await this.stateService.getEverBeenUnlocked({ userId: userId }));
-    if (neverLock) {
-      // TODO: This also _sets_ the key so when we check memory in the next line it finds a key.
-      // We should refactor here.
-      await this.cryptoService.getKey(KeySuffixOptions.Auto, userId);
+    // If we don't have a user key in memory, we're locked
+    if (!(await this.cryptoService.hasUserKeyInMemory(userId))) {
+      // Check if the user has vault timeout set to never and verify that
+      // they've never unlocked their vault
+      const neverLock =
+        (await this.cryptoService.hasUserKeyStored(KeySuffixOptions.Auto, userId)) &&
+        !(await this.stateService.getEverBeenUnlocked({ userId: userId }));
+
+      if (neverLock) {
+        // Attempt to get the key from storage and set it in memory
+        const userKey = await this.cryptoService.getUserKeyFromStorage(
+          KeySuffixOptions.Auto,
+          userId
+        );
+        await this.cryptoService.setUserKey(userKey, userId);
+      }
     }
 
-    const hasKeyInMemory = await this.cryptoService.hasKeyInMemory(userId);
+    // We do another check here in case setting the auto key failed
+    const hasKeyInMemory = await this.cryptoService.hasUserKeyInMemory(userId);
     if (!hasKeyInMemory) {
       return AuthenticationStatus.Locked;
     }
@@ -262,7 +278,7 @@ export class AuthService implements AuthServiceAbstraction {
     return AuthenticationStatus.Unlocked;
   }
 
-  async makePreloginKey(masterPassword: string, email: string): Promise<SymmetricCryptoKey> {
+  async makePreloginKey(masterPassword: string, email: string): Promise<MasterKey> {
     email = email.trim().toLowerCase();
     let kdf: KdfType = null;
     let kdfConfig: KdfConfig = null;
@@ -281,7 +297,7 @@ export class AuthService implements AuthServiceAbstraction {
         throw e;
       }
     }
-    return this.cryptoService.makeKey(masterPassword, email, kdf, kdfConfig);
+    return await this.cryptoService.makeMasterKey(masterPassword, email, kdf, kdfConfig);
   }
 
   async authResponsePushNotification(notification: AuthRequestPushNotification): Promise<any> {
@@ -298,22 +314,33 @@ export class AuthService implements AuthServiceAbstraction {
     requestApproved: boolean
   ): Promise<AuthRequestResponse> {
     const pubKey = Utils.fromB64ToArray(key);
-    const encryptedKey = await this.cryptoService.rsaEncrypt(
-      (
-        await this.cryptoService.getKey()
-      ).encKey,
-      pubKey
-    );
-    let encryptedMasterPassword = null;
-    if ((await this.stateService.getKeyHash()) != null) {
-      encryptedMasterPassword = await this.cryptoService.rsaEncrypt(
-        Utils.fromUtf8ToArray(await this.stateService.getKeyHash()),
-        pubKey
-      );
+
+    const masterKey = await this.cryptoService.getMasterKey();
+    let keyToEncrypt;
+    let encryptedMasterKeyHash = null;
+
+    if (masterKey) {
+      keyToEncrypt = masterKey.encKey;
+
+      // Only encrypt the master password hash if masterKey exists as
+      // we won't have a masterKeyHash without a masterKey
+      const masterKeyHash = await this.stateService.getKeyHash();
+      if (masterKeyHash != null) {
+        encryptedMasterKeyHash = await this.cryptoService.rsaEncrypt(
+          Utils.fromUtf8ToArray(masterKeyHash),
+          pubKey
+        );
+      }
+    } else {
+      const userKey = await this.cryptoService.getUserKey();
+      keyToEncrypt = userKey.key;
     }
+
+    const encryptedKey = await this.cryptoService.rsaEncrypt(keyToEncrypt, pubKey);
+
     const request = new PasswordlessAuthRequest(
       encryptedKey.encryptedString,
-      encryptedMasterPassword?.encryptedString,
+      encryptedMasterKeyHash?.encryptedString,
       await this.appIdService.getAppId(),
       requestApproved
     );
diff --git a/libs/common/src/auth/services/device-trust-crypto.service.implementation.ts b/libs/common/src/auth/services/device-trust-crypto.service.implementation.ts
new file mode 100644
index 00000000000..e7e1349eae5
--- /dev/null
+++ b/libs/common/src/auth/services/device-trust-crypto.service.implementation.ts
@@ -0,0 +1,215 @@
+import { DeviceResponse } from "../../abstractions/devices/responses/device.response";
+import { AppIdService } from "../../platform/abstractions/app-id.service";
+import { CryptoFunctionService } from "../../platform/abstractions/crypto-function.service";
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { EncryptService } from "../../platform/abstractions/encrypt.service";
+import { I18nService } from "../../platform/abstractions/i18n.service";
+import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
+import { StateService } from "../../platform/abstractions/state.service";
+import { EncString } from "../../platform/models/domain/enc-string";
+import {
+  SymmetricCryptoKey,
+  DeviceKey,
+  UserKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
+import { CsprngArray } from "../../types/csprng";
+import { DeviceTrustCryptoServiceAbstraction } from "../abstractions/device-trust-crypto.service.abstraction";
+import { DevicesApiServiceAbstraction } from "../abstractions/devices-api.service.abstraction";
+import { SecretVerificationRequest } from "../models/request/secret-verification.request";
+import {
+  DeviceKeysUpdateRequest,
+  UpdateDevicesTrustRequest,
+} from "../models/request/update-devices-trust.request";
+
+export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstraction {
+  constructor(
+    private cryptoFunctionService: CryptoFunctionService,
+    private cryptoService: CryptoService,
+    private encryptService: EncryptService,
+    private stateService: StateService,
+    private appIdService: AppIdService,
+    private devicesApiService: DevicesApiServiceAbstraction,
+    private i18nService: I18nService,
+    private platformUtilsService: PlatformUtilsService
+  ) {}
+
+  /**
+   * @description Retrieves the users choice to trust the device which can only happen after decryption
+   * Note: this value should only be used once and then reset
+   */
+  async getShouldTrustDevice(): Promise<boolean> {
+    return await this.stateService.getShouldTrustDevice();
+  }
+
+  async setShouldTrustDevice(value: boolean): Promise<void> {
+    await this.stateService.setShouldTrustDevice(value);
+  }
+
+  async trustDeviceIfRequired(): Promise<void> {
+    const shouldTrustDevice = await this.getShouldTrustDevice();
+    if (shouldTrustDevice) {
+      await this.trustDevice();
+      // reset the trust choice
+      await this.setShouldTrustDevice(false);
+    }
+  }
+
+  async trustDevice(): Promise<DeviceResponse> {
+    // Attempt to get user key
+    const userKey: UserKey = await this.cryptoService.getUserKey();
+
+    // If user key is not found, throw error
+    if (!userKey) {
+      throw new Error("User symmetric key not found");
+    }
+
+    // Generate deviceKey
+    const deviceKey = await this.makeDeviceKey();
+
+    // Generate asymmetric RSA key pair: devicePrivateKey, devicePublicKey
+    const [devicePublicKey, devicePrivateKey] = await this.cryptoFunctionService.rsaGenerateKeyPair(
+      2048
+    );
+
+    const [
+      devicePublicKeyEncryptedUserKey,
+      userKeyEncryptedDevicePublicKey,
+      deviceKeyEncryptedDevicePrivateKey,
+    ] = await Promise.all([
+      // Encrypt user key with the DevicePublicKey
+      this.cryptoService.rsaEncrypt(userKey.key, devicePublicKey),
+
+      // Encrypt devicePublicKey with user key
+      this.encryptService.encrypt(devicePublicKey, userKey),
+
+      // Encrypt devicePrivateKey with deviceKey
+      this.encryptService.encrypt(devicePrivateKey, deviceKey),
+    ]);
+
+    // Send encrypted keys to server
+    const deviceIdentifier = await this.appIdService.getAppId();
+    const deviceResponse = await this.devicesApiService.updateTrustedDeviceKeys(
+      deviceIdentifier,
+      devicePublicKeyEncryptedUserKey.encryptedString,
+      userKeyEncryptedDevicePublicKey.encryptedString,
+      deviceKeyEncryptedDevicePrivateKey.encryptedString
+    );
+
+    // store device key in local/secure storage if enc keys posted to server successfully
+    await this.setDeviceKey(deviceKey);
+
+    this.platformUtilsService.showToast("success", null, this.i18nService.t("deviceTrusted"));
+
+    return deviceResponse;
+  }
+
+  async rotateDevicesTrust(newUserKey: UserKey, masterPasswordHash: string): Promise<void> {
+    const currentDeviceKey = await this.getDeviceKey();
+    if (currentDeviceKey == null) {
+      // If the current device doesn't have a device key available to it, then we can't
+      // rotate any trust at all, so early return.
+      return;
+    }
+
+    // At this point of rotating their keys, they should still have their old user key in state
+    const oldUserKey = await this.stateService.getUserKey();
+
+    const deviceIdentifier = await this.appIdService.getAppId();
+    const secretVerificationRequest = new SecretVerificationRequest();
+    secretVerificationRequest.masterPasswordHash = masterPasswordHash;
+
+    // Get the keys that are used in rotating a devices keys from the server
+    const currentDeviceKeys = await this.devicesApiService.getDeviceKeys(
+      deviceIdentifier,
+      secretVerificationRequest
+    );
+
+    // Decrypt the existing device public key with the old user key
+    const decryptedDevicePublicKey = await this.encryptService.decryptToBytes(
+      currentDeviceKeys.encryptedPublicKey,
+      oldUserKey
+    );
+
+    // Encrypt the brand new user key with the now-decrypted public key for the device
+    const encryptedNewUserKey = await this.cryptoService.rsaEncrypt(
+      newUserKey.key,
+      decryptedDevicePublicKey
+    );
+
+    // Re-encrypt the device public key with the new user key
+    const encryptedDevicePublicKey = await this.encryptService.encrypt(
+      decryptedDevicePublicKey,
+      newUserKey
+    );
+
+    const currentDeviceUpdateRequest = new DeviceKeysUpdateRequest();
+    currentDeviceUpdateRequest.encryptedUserKey = encryptedNewUserKey.encryptedString;
+    currentDeviceUpdateRequest.encryptedPublicKey = encryptedDevicePublicKey.encryptedString;
+
+    // TODO: For device management, allow this method to take an array of device ids that can be looped over and individually rotated
+    // then it can be added to trustRequest.otherDevices.
+
+    const trustRequest = new UpdateDevicesTrustRequest();
+    trustRequest.masterPasswordHash = masterPasswordHash;
+    trustRequest.currentDevice = currentDeviceUpdateRequest;
+    trustRequest.otherDevices = [];
+
+    await this.devicesApiService.updateTrust(trustRequest);
+  }
+
+  async getDeviceKey(): Promise<DeviceKey> {
+    return await this.stateService.getDeviceKey();
+  }
+
+  private async setDeviceKey(deviceKey: DeviceKey | null): Promise<void> {
+    await this.stateService.setDeviceKey(deviceKey);
+  }
+
+  private async makeDeviceKey(): Promise<DeviceKey> {
+    // Create 512-bit device key
+    const randomBytes: CsprngArray = await this.cryptoFunctionService.randomBytes(64);
+    const deviceKey = new SymmetricCryptoKey(randomBytes) as DeviceKey;
+
+    return deviceKey;
+  }
+
+  async decryptUserKeyWithDeviceKey(
+    encryptedDevicePrivateKey: EncString,
+    encryptedUserKey: EncString,
+    deviceKey?: DeviceKey
+  ): Promise<UserKey | null> {
+    // If device key provided use it, otherwise try to retrieve from storage
+    deviceKey ||= await this.getDeviceKey();
+
+    if (!deviceKey) {
+      // User doesn't have a device key anymore so device is untrusted
+      return null;
+    }
+
+    try {
+      // attempt to decrypt encryptedDevicePrivateKey with device key
+      const devicePrivateKey = await this.encryptService.decryptToBytes(
+        encryptedDevicePrivateKey,
+        deviceKey
+      );
+
+      // Attempt to decrypt encryptedUserDataKey with devicePrivateKey
+      const userKey = await this.cryptoService.rsaDecrypt(
+        encryptedUserKey.encryptedString,
+        devicePrivateKey
+      );
+
+      return new SymmetricCryptoKey(userKey) as UserKey;
+    } catch (e) {
+      // If either decryption effort fails, we want to remove the device key
+      await this.setDeviceKey(null);
+
+      return null;
+    }
+  }
+
+  async supportsDeviceTrust(): Promise<boolean> {
+    const decryptionOptions = await this.stateService.getAccountDecryptionOptions();
+    return decryptionOptions?.trustedDeviceOption != null;
+  }
+}
diff --git a/libs/common/src/auth/services/device-trust-crypto.service.spec.ts b/libs/common/src/auth/services/device-trust-crypto.service.spec.ts
new file mode 100644
index 00000000000..1ba20008925
--- /dev/null
+++ b/libs/common/src/auth/services/device-trust-crypto.service.spec.ts
@@ -0,0 +1,598 @@
+import { matches, mock } from "jest-mock-extended";
+
+import { DeviceResponse } from "../../abstractions/devices/responses/device.response";
+import { DeviceType } from "../../enums";
+import { EncryptionType } from "../../enums/encryption-type.enum";
+import { AppIdService } from "../../platform/abstractions/app-id.service";
+import { CryptoFunctionService } from "../../platform/abstractions/crypto-function.service";
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { EncryptService } from "../../platform/abstractions/encrypt.service";
+import { I18nService } from "../../platform/abstractions/i18n.service";
+import { PlatformUtilsService } from "../../platform/abstractions/platform-utils.service";
+import { StateService } from "../../platform/abstractions/state.service";
+import { EncString } from "../../platform/models/domain/enc-string";
+import {
+  SymmetricCryptoKey,
+  DeviceKey,
+  UserKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
+import { CsprngArray } from "../../types/csprng";
+import { DevicesApiServiceAbstraction } from "../abstractions/devices-api.service.abstraction";
+import { UpdateDevicesTrustRequest } from "../models/request/update-devices-trust.request";
+import { ProtectedDeviceResponse } from "../models/response/protected-device.response";
+
+import { DeviceTrustCryptoService } from "./device-trust-crypto.service.implementation";
+describe("deviceTrustCryptoService", () => {
+  let deviceTrustCryptoService: DeviceTrustCryptoService;
+
+  const cryptoFunctionService = mock<CryptoFunctionService>();
+  const cryptoService = mock<CryptoService>();
+  const encryptService = mock<EncryptService>();
+  const stateService = mock<StateService>();
+  const appIdService = mock<AppIdService>();
+  const devicesApiService = mock<DevicesApiServiceAbstraction>();
+  const i18nService = mock<I18nService>();
+  const platformUtilsService = mock<PlatformUtilsService>();
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    deviceTrustCryptoService = new DeviceTrustCryptoService(
+      cryptoFunctionService,
+      cryptoService,
+      encryptService,
+      stateService,
+      appIdService,
+      devicesApiService,
+      i18nService,
+      platformUtilsService
+    );
+  });
+
+  it("instantiates", () => {
+    expect(deviceTrustCryptoService).not.toBeFalsy();
+  });
+
+  describe("User Trust Device Choice For Decryption", () => {
+    describe("getShouldTrustDevice", () => {
+      it("gets the user trust device choice for decryption from the state service", async () => {
+        const stateSvcGetShouldTrustDeviceSpy = jest.spyOn(stateService, "getShouldTrustDevice");
+
+        const expectedValue = true;
+        stateSvcGetShouldTrustDeviceSpy.mockResolvedValue(expectedValue);
+        const result = await deviceTrustCryptoService.getShouldTrustDevice();
+
+        expect(stateSvcGetShouldTrustDeviceSpy).toHaveBeenCalledTimes(1);
+        expect(result).toEqual(expectedValue);
+      });
+    });
+
+    describe("setShouldTrustDevice", () => {
+      it("sets the user trust device choice for decryption in the state service", async () => {
+        const stateSvcSetShouldTrustDeviceSpy = jest.spyOn(stateService, "setShouldTrustDevice");
+
+        const newValue = true;
+        await deviceTrustCryptoService.setShouldTrustDevice(newValue);
+
+        expect(stateSvcSetShouldTrustDeviceSpy).toHaveBeenCalledTimes(1);
+        expect(stateSvcSetShouldTrustDeviceSpy).toHaveBeenCalledWith(newValue);
+      });
+    });
+  });
+
+  describe("trustDeviceIfRequired", () => {
+    it("should trust device and reset when getShouldTrustDevice returns true", async () => {
+      jest.spyOn(deviceTrustCryptoService, "getShouldTrustDevice").mockResolvedValue(true);
+      jest.spyOn(deviceTrustCryptoService, "trustDevice").mockResolvedValue({} as DeviceResponse);
+      jest.spyOn(deviceTrustCryptoService, "setShouldTrustDevice").mockResolvedValue();
+
+      await deviceTrustCryptoService.trustDeviceIfRequired();
+
+      expect(deviceTrustCryptoService.getShouldTrustDevice).toHaveBeenCalledTimes(1);
+      expect(deviceTrustCryptoService.trustDevice).toHaveBeenCalledTimes(1);
+      expect(deviceTrustCryptoService.setShouldTrustDevice).toHaveBeenCalledWith(false);
+    });
+
+    it("should not trust device nor reset when getShouldTrustDevice returns false", async () => {
+      const getShouldTrustDeviceSpy = jest
+        .spyOn(deviceTrustCryptoService, "getShouldTrustDevice")
+        .mockResolvedValue(false);
+      const trustDeviceSpy = jest.spyOn(deviceTrustCryptoService, "trustDevice");
+      const setShouldTrustDeviceSpy = jest.spyOn(deviceTrustCryptoService, "setShouldTrustDevice");
+
+      await deviceTrustCryptoService.trustDeviceIfRequired();
+
+      expect(getShouldTrustDeviceSpy).toHaveBeenCalledTimes(1);
+      expect(trustDeviceSpy).not.toHaveBeenCalled();
+      expect(setShouldTrustDeviceSpy).not.toHaveBeenCalled();
+    });
+  });
+
+  describe("Trusted Device Encryption core logic tests", () => {
+    const deviceKeyBytesLength = 64;
+    const userKeyBytesLength = 64;
+
+    describe("getDeviceKey", () => {
+      let existingDeviceKey: DeviceKey;
+      let stateSvcGetDeviceKeySpy: jest.SpyInstance;
+
+      beforeEach(() => {
+        existingDeviceKey = new SymmetricCryptoKey(
+          new Uint8Array(deviceKeyBytesLength) as CsprngArray
+        ) as DeviceKey;
+
+        stateSvcGetDeviceKeySpy = jest.spyOn(stateService, "getDeviceKey");
+      });
+
+      it("returns null when there is not an existing device key", async () => {
+        stateSvcGetDeviceKeySpy.mockResolvedValue(null);
+
+        const deviceKey = await deviceTrustCryptoService.getDeviceKey();
+
+        expect(stateSvcGetDeviceKeySpy).toHaveBeenCalledTimes(1);
+
+        expect(deviceKey).toBeNull();
+      });
+
+      it("returns the device key when there is an existing device key", async () => {
+        stateSvcGetDeviceKeySpy.mockResolvedValue(existingDeviceKey);
+
+        const deviceKey = await deviceTrustCryptoService.getDeviceKey();
+
+        expect(stateSvcGetDeviceKeySpy).toHaveBeenCalledTimes(1);
+
+        expect(deviceKey).not.toBeNull();
+        expect(deviceKey).toBeInstanceOf(SymmetricCryptoKey);
+        expect(deviceKey).toEqual(existingDeviceKey);
+      });
+    });
+
+    describe("setDeviceKey", () => {
+      it("sets the device key in the state service", async () => {
+        const stateSvcSetDeviceKeySpy = jest.spyOn(stateService, "setDeviceKey");
+
+        const deviceKey = new SymmetricCryptoKey(
+          new Uint8Array(deviceKeyBytesLength) as CsprngArray
+        ) as DeviceKey;
+
+        // TypeScript will allow calling private methods if the object is of type 'any'
+        // This is a hacky workaround, but it allows for cleaner tests
+        await (deviceTrustCryptoService as any).setDeviceKey(deviceKey);
+
+        expect(stateSvcSetDeviceKeySpy).toHaveBeenCalledTimes(1);
+        expect(stateSvcSetDeviceKeySpy).toHaveBeenCalledWith(deviceKey);
+      });
+    });
+
+    describe("makeDeviceKey", () => {
+      it("creates a new non-null 64 byte device key, securely stores it, and returns it", async () => {
+        const mockRandomBytes = new Uint8Array(deviceKeyBytesLength) as CsprngArray;
+
+        const cryptoFuncSvcRandomBytesSpy = jest
+          .spyOn(cryptoFunctionService, "randomBytes")
+          .mockResolvedValue(mockRandomBytes);
+
+        // TypeScript will allow calling private methods if the object is of type 'any'
+        // This is a hacky workaround, but it allows for cleaner tests
+        const deviceKey = await (deviceTrustCryptoService as any).makeDeviceKey();
+
+        expect(cryptoFuncSvcRandomBytesSpy).toHaveBeenCalledTimes(1);
+        expect(cryptoFuncSvcRandomBytesSpy).toHaveBeenCalledWith(deviceKeyBytesLength);
+
+        expect(deviceKey).not.toBeNull();
+        expect(deviceKey).toBeInstanceOf(SymmetricCryptoKey);
+      });
+    });
+
+    describe("trustDevice", () => {
+      let mockDeviceKeyRandomBytes: CsprngArray;
+      let mockDeviceKey: DeviceKey;
+
+      let mockUserKeyRandomBytes: CsprngArray;
+      let mockUserKey: UserKey;
+
+      const deviceRsaKeyLength = 2048;
+      let mockDeviceRsaKeyPair: [Uint8Array, Uint8Array];
+      let mockDevicePrivateKey: Uint8Array;
+      let mockDevicePublicKey: Uint8Array;
+      let mockDevicePublicKeyEncryptedUserKey: EncString;
+      let mockUserKeyEncryptedDevicePublicKey: EncString;
+      let mockDeviceKeyEncryptedDevicePrivateKey: EncString;
+
+      const mockDeviceResponse: DeviceResponse = new DeviceResponse({
+        Id: "mockId",
+        Name: "mockName",
+        Identifier: "mockIdentifier",
+        Type: "mockType",
+        CreationDate: "mockCreationDate",
+      });
+
+      const mockDeviceId = "mockDeviceId";
+
+      let makeDeviceKeySpy: jest.SpyInstance;
+      let rsaGenerateKeyPairSpy: jest.SpyInstance;
+      let cryptoSvcGetUserKeySpy: jest.SpyInstance;
+      let cryptoSvcRsaEncryptSpy: jest.SpyInstance;
+      let encryptServiceEncryptSpy: jest.SpyInstance;
+      let appIdServiceGetAppIdSpy: jest.SpyInstance;
+      let devicesApiServiceUpdateTrustedDeviceKeysSpy: jest.SpyInstance;
+
+      beforeEach(() => {
+        // Setup all spies and default return values for the happy path
+
+        mockDeviceKeyRandomBytes = new Uint8Array(deviceKeyBytesLength) as CsprngArray;
+        mockDeviceKey = new SymmetricCryptoKey(mockDeviceKeyRandomBytes) as DeviceKey;
+
+        mockUserKeyRandomBytes = new Uint8Array(userKeyBytesLength) as CsprngArray;
+        mockUserKey = new SymmetricCryptoKey(mockUserKeyRandomBytes) as UserKey;
+
+        mockDeviceRsaKeyPair = [
+          new Uint8Array(deviceRsaKeyLength),
+          new Uint8Array(deviceRsaKeyLength),
+        ];
+
+        mockDevicePublicKey = mockDeviceRsaKeyPair[0];
+        mockDevicePrivateKey = mockDeviceRsaKeyPair[1];
+
+        mockDevicePublicKeyEncryptedUserKey = new EncString(
+          EncryptionType.Rsa2048_OaepSha1_B64,
+          "mockDevicePublicKeyEncryptedUserKey"
+        );
+
+        mockUserKeyEncryptedDevicePublicKey = new EncString(
+          EncryptionType.AesCbc256_HmacSha256_B64,
+          "mockUserKeyEncryptedDevicePublicKey"
+        );
+
+        mockDeviceKeyEncryptedDevicePrivateKey = new EncString(
+          EncryptionType.AesCbc256_HmacSha256_B64,
+          "mockDeviceKeyEncryptedDevicePrivateKey"
+        );
+
+        // TypeScript will allow calling private methods if the object is of type 'any'
+        makeDeviceKeySpy = jest
+          .spyOn(deviceTrustCryptoService as any, "makeDeviceKey")
+          .mockResolvedValue(mockDeviceKey);
+
+        rsaGenerateKeyPairSpy = jest
+          .spyOn(cryptoFunctionService, "rsaGenerateKeyPair")
+          .mockResolvedValue(mockDeviceRsaKeyPair);
+
+        cryptoSvcGetUserKeySpy = jest
+          .spyOn(cryptoService, "getUserKey")
+          .mockResolvedValue(mockUserKey);
+
+        cryptoSvcRsaEncryptSpy = jest
+          .spyOn(cryptoService, "rsaEncrypt")
+          .mockResolvedValue(mockDevicePublicKeyEncryptedUserKey);
+
+        encryptServiceEncryptSpy = jest
+          .spyOn(encryptService, "encrypt")
+          .mockImplementation((plainValue, key) => {
+            if (plainValue === mockDevicePublicKey && key === mockUserKey) {
+              return Promise.resolve(mockUserKeyEncryptedDevicePublicKey);
+            }
+            if (plainValue === mockDevicePrivateKey && key === mockDeviceKey) {
+              return Promise.resolve(mockDeviceKeyEncryptedDevicePrivateKey);
+            }
+          });
+
+        appIdServiceGetAppIdSpy = jest
+          .spyOn(appIdService, "getAppId")
+          .mockResolvedValue(mockDeviceId);
+
+        devicesApiServiceUpdateTrustedDeviceKeysSpy = jest
+          .spyOn(devicesApiService, "updateTrustedDeviceKeys")
+          .mockResolvedValue(mockDeviceResponse);
+      });
+
+      it("calls the required methods with the correct arguments and returns a DeviceResponse", async () => {
+        const response = await deviceTrustCryptoService.trustDevice();
+
+        expect(makeDeviceKeySpy).toHaveBeenCalledTimes(1);
+        expect(rsaGenerateKeyPairSpy).toHaveBeenCalledTimes(1);
+        expect(cryptoSvcGetUserKeySpy).toHaveBeenCalledTimes(1);
+
+        expect(cryptoSvcRsaEncryptSpy).toHaveBeenCalledTimes(1);
+
+        // RsaEncrypt must be called w/ a user key array buffer of 64 bytes
+        const userKeyKey: Uint8Array = cryptoSvcRsaEncryptSpy.mock.calls[0][0];
+        expect(userKeyKey.byteLength).toBe(64);
+
+        expect(encryptServiceEncryptSpy).toHaveBeenCalledTimes(2);
+
+        expect(appIdServiceGetAppIdSpy).toHaveBeenCalledTimes(1);
+        expect(devicesApiServiceUpdateTrustedDeviceKeysSpy).toHaveBeenCalledTimes(1);
+        expect(devicesApiServiceUpdateTrustedDeviceKeysSpy).toHaveBeenCalledWith(
+          mockDeviceId,
+          mockDevicePublicKeyEncryptedUserKey.encryptedString,
+          mockUserKeyEncryptedDevicePublicKey.encryptedString,
+          mockDeviceKeyEncryptedDevicePrivateKey.encryptedString
+        );
+
+        expect(response).toBeInstanceOf(DeviceResponse);
+        expect(response).toEqual(mockDeviceResponse);
+      });
+
+      it("throws specific error if user key is not found", async () => {
+        // setup the spy to return null
+        cryptoSvcGetUserKeySpy.mockResolvedValue(null);
+        // check if the expected error is thrown
+        await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow(
+          "User symmetric key not found"
+        );
+
+        // reset the spy
+        cryptoSvcGetUserKeySpy.mockReset();
+
+        // setup the spy to return undefined
+        cryptoSvcGetUserKeySpy.mockResolvedValue(undefined);
+        // check if the expected error is thrown
+        await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow(
+          "User symmetric key not found"
+        );
+      });
+
+      const methodsToTestForErrorsOrInvalidReturns: any = [
+        {
+          method: "makeDeviceKey",
+          spy: () => makeDeviceKeySpy,
+          errorText: "makeDeviceKey error",
+        },
+        {
+          method: "rsaGenerateKeyPair",
+          spy: () => rsaGenerateKeyPairSpy,
+          errorText: "rsaGenerateKeyPair error",
+        },
+        {
+          method: "getUserKey",
+          spy: () => cryptoSvcGetUserKeySpy,
+          errorText: "getUserKey error",
+        },
+        {
+          method: "rsaEncrypt",
+          spy: () => cryptoSvcRsaEncryptSpy,
+          errorText: "rsaEncrypt error",
+        },
+        {
+          method: "encryptService.encrypt",
+          spy: () => encryptServiceEncryptSpy,
+          errorText: "encryptService.encrypt error",
+        },
+      ];
+
+      describe.each(methodsToTestForErrorsOrInvalidReturns)(
+        "trustDevice error handling and invalid return testing",
+        ({ method, spy, errorText }) => {
+          // ensures that error propagation works correctly
+          it(`throws an error if ${method} fails`, async () => {
+            const methodSpy = spy();
+            methodSpy.mockRejectedValue(new Error(errorText));
+            await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow(errorText);
+          });
+
+          test.each([null, undefined])(
+            `throws an error if ${method} returns %s`,
+            async (invalidValue) => {
+              const methodSpy = spy();
+              methodSpy.mockResolvedValue(invalidValue);
+              await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow();
+            }
+          );
+        }
+      );
+    });
+
+    describe("decryptUserKeyWithDeviceKey", () => {
+      let mockDeviceKey: DeviceKey;
+      let mockEncryptedDevicePrivateKey: EncString;
+      let mockEncryptedUserKey: EncString;
+      let mockUserKey: UserKey;
+
+      beforeEach(() => {
+        const mockDeviceKeyRandomBytes = new Uint8Array(deviceKeyBytesLength) as CsprngArray;
+        mockDeviceKey = new SymmetricCryptoKey(mockDeviceKeyRandomBytes) as DeviceKey;
+
+        const mockUserKeyRandomBytes = new Uint8Array(userKeyBytesLength) as CsprngArray;
+        mockUserKey = new SymmetricCryptoKey(mockUserKeyRandomBytes) as UserKey;
+
+        mockEncryptedDevicePrivateKey = new EncString(
+          EncryptionType.AesCbc256_HmacSha256_B64,
+          "mockEncryptedDevicePrivateKey"
+        );
+
+        mockEncryptedUserKey = new EncString(
+          EncryptionType.AesCbc256_HmacSha256_B64,
+          "mockEncryptedUserKey"
+        );
+
+        jest.clearAllMocks();
+      });
+
+      it("returns null when device key isn't provided and isn't in state", async () => {
+        const getDeviceKeySpy = jest
+          .spyOn(deviceTrustCryptoService, "getDeviceKey")
+          .mockResolvedValue(null);
+
+        const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+          mockEncryptedDevicePrivateKey,
+          mockEncryptedUserKey
+        );
+
+        expect(result).toBeNull();
+
+        expect(getDeviceKeySpy).toHaveBeenCalledTimes(1);
+      });
+
+      it("successfully returns the user key when provided keys (including device key) can decrypt it", async () => {
+        const decryptToBytesSpy = jest
+          .spyOn(encryptService, "decryptToBytes")
+          .mockResolvedValue(new Uint8Array(userKeyBytesLength));
+        const rsaDecryptSpy = jest
+          .spyOn(cryptoService, "rsaDecrypt")
+          .mockResolvedValue(new Uint8Array(userKeyBytesLength));
+
+        const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+          mockEncryptedDevicePrivateKey,
+          mockEncryptedUserKey,
+          mockDeviceKey
+        );
+
+        expect(result).toEqual(mockUserKey);
+        expect(decryptToBytesSpy).toHaveBeenCalledTimes(1);
+        expect(rsaDecryptSpy).toHaveBeenCalledTimes(1);
+      });
+
+      it("successfully returns the user key when a device key is not provided (retrieves device key from state)", async () => {
+        const getDeviceKeySpy = jest
+          .spyOn(deviceTrustCryptoService, "getDeviceKey")
+          .mockResolvedValue(mockDeviceKey);
+
+        const decryptToBytesSpy = jest
+          .spyOn(encryptService, "decryptToBytes")
+          .mockResolvedValue(new Uint8Array(userKeyBytesLength));
+        const rsaDecryptSpy = jest
+          .spyOn(cryptoService, "rsaDecrypt")
+          .mockResolvedValue(new Uint8Array(userKeyBytesLength));
+
+        // Call without providing a device key
+        const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+          mockEncryptedDevicePrivateKey,
+          mockEncryptedUserKey
+        );
+
+        expect(getDeviceKeySpy).toHaveBeenCalledTimes(1);
+
+        expect(result).toEqual(mockUserKey);
+        expect(decryptToBytesSpy).toHaveBeenCalledTimes(1);
+        expect(rsaDecryptSpy).toHaveBeenCalledTimes(1);
+      });
+
+      it("returns null and removes device key when the decryption fails", async () => {
+        const decryptToBytesSpy = jest
+          .spyOn(encryptService, "decryptToBytes")
+          .mockRejectedValue(new Error("Decryption error"));
+        const setDeviceKeySpy = jest.spyOn(deviceTrustCryptoService as any, "setDeviceKey");
+
+        const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
+          mockEncryptedDevicePrivateKey,
+          mockEncryptedUserKey,
+          mockDeviceKey
+        );
+
+        expect(result).toBeNull();
+        expect(decryptToBytesSpy).toHaveBeenCalledTimes(1);
+        expect(setDeviceKeySpy).toHaveBeenCalledTimes(1);
+        expect(setDeviceKeySpy).toHaveBeenCalledWith(null);
+      });
+    });
+
+    describe("rotateDevicesTrust", () => {
+      let fakeNewUserKey: UserKey = null;
+
+      const FakeNewUserKeyMarker = 1;
+      const FakeOldUserKeyMarker = 5;
+      const FakeDecryptedPublicKeyMarker = 17;
+
+      beforeEach(() => {
+        const fakeNewUserKeyData = new Uint8Array(64);
+        fakeNewUserKeyData.fill(FakeNewUserKeyMarker, 0, 1);
+        fakeNewUserKey = new SymmetricCryptoKey(fakeNewUserKeyData) as UserKey;
+      });
+
+      it("does an early exit when the current device is not a trusted device", async () => {
+        stateService.getDeviceKey.mockResolvedValue(null);
+
+        await deviceTrustCryptoService.rotateDevicesTrust(fakeNewUserKey, "");
+
+        expect(devicesApiService.updateTrust).not.toBeCalled();
+      });
+
+      describe("is on a trusted device", () => {
+        beforeEach(() => {
+          stateService.getDeviceKey.mockResolvedValue(
+            new SymmetricCryptoKey(new Uint8Array(deviceKeyBytesLength)) as DeviceKey
+          );
+        });
+
+        it("rotates current device keys and calls api service when the current device is trusted", async () => {
+          const currentEncryptedPublicKey = new EncString("2.cHVibGlj|cHVibGlj|cHVibGlj");
+          const currentEncryptedUserKey = new EncString("4.dXNlcg==");
+
+          const fakeOldUserKeyData = new Uint8Array(new Uint8Array(64));
+          // Fill the first byte with something identifiable
+          fakeOldUserKeyData.fill(FakeOldUserKeyMarker, 0, 1);
+
+          // Mock the retrieval of a user key that differs from the new one passed into the method
+          stateService.getUserKey.mockResolvedValue(
+            new SymmetricCryptoKey(fakeOldUserKeyData) as UserKey
+          );
+
+          appIdService.getAppId.mockResolvedValue("test_device_identifier");
+
+          devicesApiService.getDeviceKeys.mockImplementation((deviceIdentifier, secretRequest) => {
+            if (
+              deviceIdentifier !== "test_device_identifier" ||
+              secretRequest.masterPasswordHash !== "my_password_hash"
+            ) {
+              return Promise.resolve(null);
+            }
+
+            return Promise.resolve(
+              new ProtectedDeviceResponse({
+                id: "",
+                creationDate: "",
+                identifier: "test_device_identifier",
+                name: "Firefox",
+                type: DeviceType.FirefoxBrowser,
+                encryptedPublicKey: currentEncryptedPublicKey.encryptedString,
+                encryptedUserKey: currentEncryptedUserKey.encryptedString,
+              })
+            );
+          });
+
+          // Mock the decryption of the public key with the old user key
+          encryptService.decryptToBytes.mockImplementationOnce((_encValue, privateKeyValue) => {
+            expect(privateKeyValue.key.byteLength).toBe(64);
+            expect(new Uint8Array(privateKeyValue.key)[0]).toBe(FakeOldUserKeyMarker);
+            const data = new Uint8Array(250);
+            data.fill(FakeDecryptedPublicKeyMarker, 0, 1);
+            return Promise.resolve(data);
+          });
+
+          // Mock the encryption of the new user key with the decrypted public key
+          cryptoService.rsaEncrypt.mockImplementationOnce((data, publicKey) => {
+            expect(data.byteLength).toBe(64); // New key should also be 64 bytes
+            expect(new Uint8Array(data)[0]).toBe(FakeNewUserKeyMarker); // New key should have the first byte be '1';
+
+            expect(new Uint8Array(publicKey)[0]).toBe(FakeDecryptedPublicKeyMarker);
+            return Promise.resolve(new EncString("4.ZW5jcnlwdGVkdXNlcg=="));
+          });
+
+          // Mock the reencryption of the device public key with the new user key
+          encryptService.encrypt.mockImplementationOnce((plainValue, key) => {
+            expect(plainValue).toBeInstanceOf(Uint8Array);
+            expect(new Uint8Array(plainValue as Uint8Array)[0]).toBe(FakeDecryptedPublicKeyMarker);
+
+            expect(new Uint8Array(key.key)[0]).toBe(FakeNewUserKeyMarker);
+            return Promise.resolve(
+              new EncString("2.ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj")
+            );
+          });
+
+          await deviceTrustCryptoService.rotateDevicesTrust(fakeNewUserKey, "my_password_hash");
+
+          expect(devicesApiService.updateTrust).toBeCalledWith(
+            matches((updateTrustModel: UpdateDevicesTrustRequest) => {
+              return (
+                updateTrustModel.currentDevice.encryptedPublicKey ===
+                  "2.ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj" &&
+                updateTrustModel.currentDevice.encryptedUserKey === "4.ZW5jcnlwdGVkdXNlcg=="
+              );
+            })
+          );
+        });
+      });
+    });
+  });
+});
diff --git a/libs/common/src/auth/services/devices-api.service.implementation.ts b/libs/common/src/auth/services/devices-api.service.implementation.ts
new file mode 100644
index 00000000000..e149a79ea2f
--- /dev/null
+++ b/libs/common/src/auth/services/devices-api.service.implementation.ts
@@ -0,0 +1,96 @@
+import { ApiService } from "../../abstractions/api.service";
+import { DeviceResponse } from "../../abstractions/devices/responses/device.response";
+import { ListResponse } from "../../models/response/list.response";
+import { Utils } from "../../platform/misc/utils";
+import { TrustedDeviceKeysRequest } from "../../services/devices/requests/trusted-device-keys.request";
+import { DevicesApiServiceAbstraction } from "../abstractions/devices-api.service.abstraction";
+import { SecretVerificationRequest } from "../models/request/secret-verification.request";
+import { UpdateDevicesTrustRequest } from "../models/request/update-devices-trust.request";
+import { ProtectedDeviceResponse } from "../models/response/protected-device.response";
+
+export class DevicesApiServiceImplementation implements DevicesApiServiceAbstraction {
+  constructor(private apiService: ApiService) {}
+
+  async getKnownDevice(email: string, deviceIdentifier: string): Promise<boolean> {
+    const r = await this.apiService.send(
+      "GET",
+      "/devices/knowndevice",
+      null,
+      false,
+      true,
+      null,
+      (headers) => {
+        headers.set("X-Device-Identifier", deviceIdentifier);
+        headers.set("X-Request-Email", Utils.fromUtf8ToUrlB64(email));
+      }
+    );
+    return r as boolean;
+  }
+
+  /**
+   * Get device by identifier
+   * @param deviceIdentifier - client generated id (not device id in DB)
+   */
+  async getDeviceByIdentifier(deviceIdentifier: string): Promise<DeviceResponse> {
+    const r = await this.apiService.send(
+      "GET",
+      `/devices/identifier/${deviceIdentifier}`,
+      null,
+      true,
+      true
+    );
+    return new DeviceResponse(r);
+  }
+
+  async getDevices(): Promise<ListResponse<DeviceResponse>> {
+    const r = await this.apiService.send("GET", "/devices", null, true, true, null);
+    return new ListResponse(r, DeviceResponse);
+  }
+
+  async updateTrustedDeviceKeys(
+    deviceIdentifier: string,
+    devicePublicKeyEncryptedUserKey: string,
+    userKeyEncryptedDevicePublicKey: string,
+    deviceKeyEncryptedDevicePrivateKey: string
+  ): Promise<DeviceResponse> {
+    const request = new TrustedDeviceKeysRequest(
+      devicePublicKeyEncryptedUserKey,
+      userKeyEncryptedDevicePublicKey,
+      deviceKeyEncryptedDevicePrivateKey
+    );
+
+    const result = await this.apiService.send(
+      "PUT",
+      `/devices/${deviceIdentifier}/keys`,
+      request,
+      true,
+      true
+    );
+
+    return new DeviceResponse(result);
+  }
+
+  async updateTrust(updateDevicesTrustRequestModel: UpdateDevicesTrustRequest): Promise<void> {
+    await this.apiService.send(
+      "POST",
+      "/devices/update-trust",
+      updateDevicesTrustRequestModel,
+      true,
+      false
+    );
+  }
+
+  async getDeviceKeys(
+    deviceIdentifier: string,
+    secretVerificationRequest: SecretVerificationRequest
+  ): Promise<ProtectedDeviceResponse> {
+    const result = await this.apiService.send(
+      "POST",
+      `/devices/${deviceIdentifier}/retrieve-keys`,
+      secretVerificationRequest,
+      true,
+      true
+    );
+    return new ProtectedDeviceResponse(result);
+  }
+}
diff --git a/libs/common/src/auth/services/key-connector.service.ts b/libs/common/src/auth/services/key-connector.service.ts
index 17a891c40ad..24bf76f76b8 100644
--- a/libs/common/src/auth/services/key-connector.service.ts
+++ b/libs/common/src/auth/services/key-connector.service.ts
@@ -7,7 +7,7 @@ import { CryptoService } from "../../platform/abstractions/crypto.service";
 import { LogService } from "../../platform/abstractions/log.service";
 import { StateService } from "../../platform/abstractions/state.service";
 import { Utils } from "../../platform/misc/utils";
-import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { MasterKey, SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
 import { KeyConnectorService as KeyConnectorServiceAbstraction } from "../abstractions/key-connector.service";
 import { TokenService } from "../abstractions/token.service";
 import { KdfConfig } from "../models/domain/kdf-config";
@@ -45,8 +45,8 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
 
   async migrateUser() {
     const organization = await this.getManagingOrganization();
-    const key = await this.cryptoService.getKey();
-    const keyConnectorRequest = new KeyConnectorUserKeyRequest(key.encKeyB64);
+    const masterKey = await this.cryptoService.getMasterKey();
+    const keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.encKeyB64);
 
     try {
       await this.apiService.postUserKeyToKeyConnector(
@@ -60,12 +60,13 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
     await this.apiService.postConvertToKeyConnector();
   }
 
-  async getAndSetKey(url: string) {
+  // TODO: UserKey should be renamed to MasterKey and typed accordingly
+  async setMasterKeyFromUrl(url: string) {
     try {
-      const userKeyResponse = await this.apiService.getUserKeyFromKeyConnector(url);
-      const keyArr = Utils.fromB64ToArray(userKeyResponse.key);
-      const k = new SymmetricCryptoKey(keyArr);
-      await this.cryptoService.setKey(k);
+      const masterKeyResponse = await this.apiService.getMasterKeyFromKeyConnector(url);
+      const keyArr = Utils.fromB64ToArray(masterKeyResponse.key);
+      const masterKey = new SymmetricCryptoKey(keyArr) as MasterKey;
+      await this.cryptoService.setMasterKey(masterKey);
     } catch (e) {
       this.handleKeyConnectorError(e);
     }
@@ -87,17 +88,18 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
     const password = await this.cryptoFunctionService.randomBytes(64);
     const kdfConfig = new KdfConfig(kdfIterations, kdfMemory, kdfParallelism);
 
-    const k = await this.cryptoService.makeKey(
+    const masterKey = await this.cryptoService.makeMasterKey(
       Utils.fromBufferToB64(password),
       await this.tokenService.getEmail(),
       kdf,
       kdfConfig
     );
-    const keyConnectorRequest = new KeyConnectorUserKeyRequest(k.encKeyB64);
-    await this.cryptoService.setKey(k);
+    const keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.encKeyB64);
+    await this.cryptoService.setMasterKey(masterKey);
 
-    const encKey = await this.cryptoService.makeEncKey(k);
-    await this.cryptoService.setEncKey(encKey[1].encryptedString);
+    const userKey = await this.cryptoService.makeUserKey(masterKey);
+    await this.cryptoService.setUserKey(userKey[0]);
+    await this.cryptoService.setMasterKeyEncryptedUserKey(userKey[1].encryptedString);
 
     const [pubKey, privKey] = await this.cryptoService.makeKeyPair();
 
@@ -109,7 +111,7 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
 
     const keys = new KeysRequest(pubKey, privKey.encryptedString);
     const setPasswordRequest = new SetKeyConnectorKeyRequest(
-      encKey[1].encryptedString,
+      userKey[1].encryptedString,
       kdf,
       kdfConfig,
       orgId,
diff --git a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts
new file mode 100644
index 00000000000..7d1ade83321
--- /dev/null
+++ b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts
@@ -0,0 +1,123 @@
+import { mock, MockProxy } from "jest-mock-extended";
+
+import { OrganizationUserService } from "../../abstractions/organization-user/organization-user.service";
+import { OrganizationApiServiceAbstraction } from "../../admin-console/abstractions/organization/organization-api.service.abstraction";
+import { OrganizationAutoEnrollStatusResponse } from "../../admin-console/models/response/organization-auto-enroll-status.response";
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { I18nService } from "../../platform/abstractions/i18n.service";
+import { StateService } from "../../platform/abstractions/state.service";
+
+import { PasswordResetEnrollmentServiceImplementation } from "./password-reset-enrollment.service.implementation";
+
+describe("PasswordResetEnrollmentServiceImplementation", () => {
+  let organizationApiService: MockProxy<OrganizationApiServiceAbstraction>;
+  let stateService: MockProxy<StateService>;
+  let cryptoService: MockProxy<CryptoService>;
+  let organizationUserService: MockProxy<OrganizationUserService>;
+  let i18nService: MockProxy<I18nService>;
+  let service: PasswordResetEnrollmentServiceImplementation;
+
+  beforeEach(() => {
+    organizationApiService = mock<OrganizationApiServiceAbstraction>();
+    stateService = mock<StateService>();
+    cryptoService = mock<CryptoService>();
+    organizationUserService = mock<OrganizationUserService>();
+    i18nService = mock<I18nService>();
+    service = new PasswordResetEnrollmentServiceImplementation(
+      organizationApiService,
+      stateService,
+      cryptoService,
+      organizationUserService,
+      i18nService
+    );
+  });
+
+  describe("enrollIfRequired", () => {
+    it("should not enroll when user is already enrolled in password reset", async () => {
+      const mockResponse = new OrganizationAutoEnrollStatusResponse({
+        ResetPasswordEnabled: true,
+        Id: "orgId",
+      });
+      organizationApiService.getAutoEnrollStatus.mockResolvedValue(mockResponse);
+
+      const enrollSpy = jest.spyOn(service, "enroll");
+      enrollSpy.mockResolvedValue();
+
+      await service.enrollIfRequired("ssoId");
+
+      expect(service.enroll).not.toHaveBeenCalled();
+    });
+
+    it("should enroll when user is not enrolled in password reset", async () => {
+      const mockResponse = new OrganizationAutoEnrollStatusResponse({
+        ResetPasswordEnabled: false,
+        Id: "orgId",
+      });
+      organizationApiService.getAutoEnrollStatus.mockResolvedValue(mockResponse);
+
+      const enrollSpy = jest.spyOn(service, "enroll");
+      enrollSpy.mockResolvedValue();
+
+      await service.enrollIfRequired("ssoId");
+
+      expect(service.enroll).toHaveBeenCalled();
+    });
+  });
+
+  describe("enroll", () => {
+    it("should throw an error if the organization keys are not found", async () => {
+      organizationApiService.getKeys.mockResolvedValue(null);
+      i18nService.t.mockReturnValue("resetPasswordOrgKeysError");
+
+      const result = () => service.enroll("orgId");
+
+      await expect(result).rejects.toThrowError("resetPasswordOrgKeysError");
+    });
+
+    it("should enroll the user when no user id or key is provided", async () => {
+      const orgKeyResponse = {
+        publicKey: "publicKey",
+        privateKey: "privateKey",
+      };
+      const encryptedKey = { encryptedString: "encryptedString" };
+      organizationApiService.getKeys.mockResolvedValue(orgKeyResponse as any);
+      stateService.getUserId.mockResolvedValue("userId");
+      cryptoService.getUserKey.mockResolvedValue({ key: "key" } as any);
+      cryptoService.rsaEncrypt.mockResolvedValue(encryptedKey as any);
+
+      await service.enroll("orgId");
+
+      expect(
+        organizationUserService.putOrganizationUserResetPasswordEnrollment
+      ).toHaveBeenCalledWith(
+        "orgId",
+        "userId",
+        expect.objectContaining({
+          resetPasswordKey: encryptedKey.encryptedString,
+        })
+      );
+    });
+
+    it("should enroll the user when a user id and key is provided", async () => {
+      const orgKeyResponse = {
+        publicKey: "publicKey",
+        privateKey: "privateKey",
+      };
+      const encryptedKey = { encryptedString: "encryptedString" };
+      organizationApiService.getKeys.mockResolvedValue(orgKeyResponse as any);
+      cryptoService.rsaEncrypt.mockResolvedValue(encryptedKey as any);
+
+      await service.enroll("orgId", "userId", { key: "key" } as any);
+
+      expect(
+        organizationUserService.putOrganizationUserResetPasswordEnrollment
+      ).toHaveBeenCalledWith(
+        "orgId",
+        "userId",
+        expect.objectContaining({
+          resetPasswordKey: encryptedKey.encryptedString,
+        })
+      );
+    });
+  });
+});
diff --git a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.ts b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.ts
new file mode 100644
index 00000000000..c6e19635c8a
--- /dev/null
+++ b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.ts
@@ -0,0 +1,56 @@
+import { OrganizationUserService } from "../../abstractions/organization-user/organization-user.service";
+import { OrganizationUserResetPasswordEnrollmentRequest } from "../../abstractions/organization-user/requests";
+import { OrganizationApiServiceAbstraction } from "../../admin-console/abstractions/organization/organization-api.service.abstraction";
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { I18nService } from "../../platform/abstractions/i18n.service";
+import { StateService } from "../../platform/abstractions/state.service";
+import { Utils } from "../../platform/misc/utils";
+import { UserKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { PasswordResetEnrollmentServiceAbstraction } from "../abstractions/password-reset-enrollment.service.abstraction";
+
+export class PasswordResetEnrollmentServiceImplementation
+  implements PasswordResetEnrollmentServiceAbstraction
+{
+  constructor(
+    protected organizationApiService: OrganizationApiServiceAbstraction,
+    protected stateService: StateService,
+    protected cryptoService: CryptoService,
+    protected organizationUserService: OrganizationUserService,
+    protected i18nService: I18nService
+  ) {}
+
+  async enrollIfRequired(organizationSsoIdentifier: string): Promise<void> {
+    const orgAutoEnrollStatusResponse = await this.organizationApiService.getAutoEnrollStatus(
+      organizationSsoIdentifier
+    );
+
+    if (!orgAutoEnrollStatusResponse.resetPasswordEnabled) {
+      await this.enroll(orgAutoEnrollStatusResponse.id, null, null);
+    }
+  }
+
+  async enroll(organizationId: string): Promise<void>;
+  async enroll(organizationId: string, userId: string, userKey: UserKey): Promise<void>;
+  async enroll(organizationId: string, userId?: string, userKey?: UserKey): Promise<void> {
+    const orgKeyResponse = await this.organizationApiService.getKeys(organizationId);
+    if (orgKeyResponse == null) {
+      throw new Error(this.i18nService.t("resetPasswordOrgKeysError"));
+    }
+
+    const orgPublicKey = Utils.fromB64ToArray(orgKeyResponse.publicKey);
+
+    userId = userId ?? (await this.stateService.getUserId());
+    userKey = userKey ?? (await this.cryptoService.getUserKey(userId));
+    // RSA Encrypt user's userKey.key with organization public key
+    const encryptedKey = await this.cryptoService.rsaEncrypt(userKey.key, orgPublicKey);
+
+    const resetRequest = new OrganizationUserResetPasswordEnrollmentRequest();
+    resetRequest.resetPasswordKey = encryptedKey.encryptedString;
+
+    await this.organizationUserService.putOrganizationUserResetPasswordEnrollment(
+      organizationId,
+      userId,
+      resetRequest
+    );
+  }
+}
diff --git a/libs/common/src/auth/services/user-verification/user-verification.service.ts b/libs/common/src/auth/services/user-verification/user-verification.service.ts
index 0be8d3e7295..5e20eb7645b 100644
--- a/libs/common/src/auth/services/user-verification/user-verification.service.ts
+++ b/libs/common/src/auth/services/user-verification/user-verification.service.ts
@@ -1,5 +1,6 @@
 import { CryptoService } from "../../../platform/abstractions/crypto.service";
 import { I18nService } from "../../../platform/abstractions/i18n.service";
+import { StateService } from "../../../platform/abstractions/state.service";
 import { Verification } from "../../../types/verification";
 import { UserVerificationApiServiceAbstraction } from "../../abstractions/user-verification/user-verification-api.service.abstraction";
 import { UserVerificationService as UserVerificationServiceAbstraction } from "../../abstractions/user-verification/user-verification.service.abstraction";
@@ -13,6 +14,7 @@ import { VerifyOTPRequest } from "../../models/request/verify-otp.request";
  */
 export class UserVerificationService implements UserVerificationServiceAbstraction {
   constructor(
+    private stateService: StateService,
     private cryptoService: CryptoService,
     private i18nService: I18nService,
     private userVerificationApiService: UserVerificationApiServiceAbstraction
@@ -37,9 +39,18 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
     if (verification.type === VerificationType.OTP) {
       request.otp = verification.secret;
     } else {
+      let masterKey = await this.cryptoService.getMasterKey();
+      if (!masterKey && !alreadyHashed) {
+        masterKey = await this.cryptoService.makeMasterKey(
+          verification.secret,
+          await this.stateService.getEmail(),
+          await this.stateService.getKdfType(),
+          await this.stateService.getKdfConfig()
+        );
+      }
       request.masterPasswordHash = alreadyHashed
         ? verification.secret
-        : await this.cryptoService.hashPassword(verification.secret, null);
+        : await this.cryptoService.hashMasterKey(verification.secret, masterKey);
     }
 
     return request;
@@ -61,13 +72,23 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
         throw new Error(this.i18nService.t("invalidVerificationCode"));
       }
     } else {
+      let masterKey = await this.cryptoService.getMasterKey();
+      if (!masterKey) {
+        masterKey = await this.cryptoService.makeMasterKey(
+          verification.secret,
+          await this.stateService.getEmail(),
+          await this.stateService.getKdfType(),
+          await this.stateService.getKdfConfig()
+        );
+      }
       const passwordValid = await this.cryptoService.compareAndUpdateKeyHash(
         verification.secret,
-        null
+        masterKey
       );
       if (!passwordValid) {
         throw new Error(this.i18nService.t("invalidMasterPassword"));
       }
+      this.cryptoService.setMasterKey(masterKey);
     }
     return true;
   }
@@ -76,6 +97,30 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
     await this.userVerificationApiService.postAccountRequestOTP();
   }
 
+  /**
+   * Check if user has master password or can only use passwordless technologies to log in
+   * Note: This only checks the server, not the local state
+   * @param userId The user id to check. If not provided, the current user is used
+   * @returns True if the user has a master password
+   */
+  async hasMasterPassword(userId?: string): Promise<boolean> {
+    const decryptionOptions = await this.stateService.getAccountDecryptionOptions({ userId });
+
+    if (decryptionOptions?.hasMasterPassword != undefined) {
+      return decryptionOptions.hasMasterPassword;
+    }
+
+    // TODO: PM-3518 - Left for backwards compatibility, remove after 2023.12.0
+    return !(await this.stateService.getUsesKeyConnector({ userId }));
+  }
+
+  async hasMasterPasswordAndMasterKeyHash(userId?: string): Promise<boolean> {
+    return (
+      (await this.hasMasterPassword(userId)) &&
+      (await this.cryptoService.getMasterKeyHash()) != null
+    );
+  }
+
   private validateInput(verification: Verification) {
     if (verification?.secret == null || verification.secret === "") {
       if (verification.type === VerificationType.OTP) {
diff --git a/libs/common/src/enums/device-type.enum.ts b/libs/common/src/enums/device-type.enum.ts
index d5ab33bbdd0..663c4824892 100644
--- a/libs/common/src/enums/device-type.enum.ts
+++ b/libs/common/src/enums/device-type.enum.ts
@@ -23,3 +23,16 @@ export enum DeviceType {
   SDK = 21,
   Server = 22,
 }
+
+export const MobileDeviceTypes: Set<DeviceType> = new Set([
+  DeviceType.Android,
+  DeviceType.iOS,
+  DeviceType.AndroidAmazon,
+]);
+
+export const DesktopDeviceTypes: Set<DeviceType> = new Set([
+  DeviceType.WindowsDesktop,
+  DeviceType.MacOsDesktop,
+  DeviceType.LinuxDesktop,
+  DeviceType.UWP,
+]);
diff --git a/libs/common/src/enums/event-type.enum.ts b/libs/common/src/enums/event-type.enum.ts
index 72cd73c39bc..3232d885dca 100644
--- a/libs/common/src/enums/event-type.enum.ts
+++ b/libs/common/src/enums/event-type.enum.ts
@@ -10,6 +10,7 @@ export enum EventType {
   User_ClientExportedVault = 1007,
   User_UpdatedTempPassword = 1008,
   User_MigratedKeyToKeyConnector = 1009,
+  User_RequestedDeviceApproval = 1010,
 
   Cipher_Created = 1100,
   Cipher_Updated = 1101,
@@ -51,6 +52,8 @@ export enum EventType {
   OrganizationUser_FirstSsoLogin = 1510,
   OrganizationUser_Revoked = 1511,
   OrganizationUser_Restored = 1512,
+  OrganizationUser_ApprovedAuthRequest = 1513,
+  OrganizationUser_RejectedAuthRequest = 1514,
 
   Organization_Updated = 1600,
   Organization_PurgedVault = 1601,
diff --git a/libs/common/src/enums/key-suffix-options.enum.ts b/libs/common/src/enums/key-suffix-options.enum.ts
index 2ae98d8e9f9..b268c4b777f 100644
--- a/libs/common/src/enums/key-suffix-options.enum.ts
+++ b/libs/common/src/enums/key-suffix-options.enum.ts
@@ -1,4 +1,5 @@
 export enum KeySuffixOptions {
   Auto = "auto",
   Biometric = "biometric",
+  Pin = "pin",
 }
diff --git a/libs/common/src/platform/abstractions/crypto.service.ts b/libs/common/src/platform/abstractions/crypto.service.ts
index e8b95ff2f16..42f60bde845 100644
--- a/libs/common/src/platform/abstractions/crypto.service.ts
+++ b/libs/common/src/platform/abstractions/crypto.service.ts
@@ -5,82 +5,420 @@ import { KdfConfig } from "../../auth/models/domain/kdf-config";
 import { KeySuffixOptions, KdfType, HashPurpose } from "../../enums";
 import { EncArrayBuffer } from "../models/domain/enc-array-buffer";
 import { EncString } from "../models/domain/enc-string";
-import { SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key";
+import {
+  MasterKey,
+  OrgKey,
+  PinKey,
+  ProviderKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../models/domain/symmetric-crypto-key";
 
 export abstract class CryptoService {
-  setKey: (key: SymmetricCryptoKey) => Promise<any>;
-  setKeyHash: (keyHash: string) => Promise<void>;
-  setEncKey: (encKey: string) => Promise<void>;
-  setEncPrivateKey: (encPrivateKey: string) => Promise<void>;
+  /**
+   * Sets the provided user key and stores
+   * any other necessary versions (such as auto, biometrics,
+   * or pin)
+   * @param key The user key to set
+   * @param userId The desired user
+   */
+  setUserKey: (key: UserKey, userId?: string) => Promise<void>;
+  /**
+   * Gets the user key from memory and sets it again,
+   * kicking off a refresh of any additional keys
+   * (such as auto, biometrics, or pin)
+   */
+  /**
+   * Check if the current sessions has ever had a user key, i.e. has ever been unlocked/decrypted.
+   * This is key for differentiating between TDE locked and standard locked states.
+   * @param userId The desired user
+   * @returns True if the current session has ever had a user key
+   */
+  getEverHadUserKey: (userId?: string) => Promise<boolean>;
+  refreshAdditionalKeys: () => Promise<void>;
+  /**
+   * Retrieves the user key
+   * @param userId The desired user
+   * @returns The user key
+   */
+  getUserKey: (userId?: string) => Promise<UserKey>;
+  /**
+   * Use for encryption/decryption of data in order to support legacy
+   * encryption models. It will return the user key if available,
+   * if not it will return the master key.
+   * @param userId The desired user
+   */
+  getUserKeyWithLegacySupport: (userId?: string) => Promise<UserKey>;
+  /**
+   * Retrieves the user key from storage
+   * @param keySuffix The desired version of the user's key to retrieve
+   * @param userId The desired user
+   * @returns The user key
+   */
+  getUserKeyFromStorage: (keySuffix: KeySuffixOptions, userId?: string) => Promise<UserKey>;
+
+  /**
+   * @returns True if the user key is available
+   */
+  hasUserKey: () => Promise<boolean>;
+  /**
+   * @param userId The desired user
+   * @returns True if the user key is set in memory
+   */
+  hasUserKeyInMemory: (userId?: string) => Promise<boolean>;
+  /**
+   * @param keySuffix The desired version of the user's key to check
+   * @param userId The desired user
+   * @returns True if the provided version of the user key is stored
+   */
+  hasUserKeyStored: (keySuffix: KeySuffixOptions, userId?: string) => Promise<boolean>;
+  /**
+   * Generates a new user key
+   * @param masterKey The user's master key
+   * @returns A new user key and the master key protected version of it
+   */
+  makeUserKey: (key: MasterKey) => Promise<[UserKey, EncString]>;
+  /**
+   * Clears the user key
+   * @param clearStoredKeys Clears all stored versions of the user keys as well,
+   * such as the biometrics key
+   * @param userId The desired user
+   */
+  clearUserKey: (clearSecretStorage?: boolean, userId?: string) => Promise<void>;
+  /**
+   * Clears the user's stored version of the user key
+   * @param keySuffix The desired version of the key to clear
+   * @param userId The desired user
+   */
+  clearStoredUserKey: (keySuffix: KeySuffixOptions, userId?: string) => Promise<void>;
+  /**
+   * Stores the master key encrypted user key
+   * @param userKeyMasterKey The master key encrypted user key to set
+   * @param userId The desired user
+   */
+  setMasterKeyEncryptedUserKey: (UserKeyMasterKey: string, userId?: string) => Promise<void>;
+  /**
+   * Sets the user's master key
+   * @param key The user's master key to set
+   * @param userId The desired user
+   */
+  setMasterKey: (key: MasterKey, userId?: string) => Promise<void>;
+  /**
+   * @param userId The desired user
+   * @returns The user's master key
+   */
+  getMasterKey: (userId?: string) => Promise<MasterKey>;
+
+  /**
+   * @param password The user's master password that will be used to derive a master key if one isn't found
+   * @param userId The desired user
+   */
+  getOrDeriveMasterKey: (password: string, userId?: string) => Promise<MasterKey>;
+  /**
+   * Generates a master key from the provided password
+   * @param password The user's master password
+   * @param email The user's email
+   * @param kdf The user's selected key derivation function to use
+   * @param KdfConfig The user's key derivation function configuration
+   * @returns A master key derived from the provided password
+   */
+  makeMasterKey: (
+    password: string,
+    email: string,
+    kdf: KdfType,
+    KdfConfig: KdfConfig
+  ) => Promise<MasterKey>;
+  /**
+   * Clears the user's master key
+   * @param userId The desired user
+   */
+  clearMasterKey: (userId?: string) => Promise<void>;
+  /**
+   * Encrypts the existing (or provided) user key with the
+   * provided master key
+   * @param masterKey The user's master key
+   * @param userKey The user key
+   * @returns The user key and the master key protected version of it
+   */
+  encryptUserKeyWithMasterKey: (
+    masterKey: MasterKey,
+    userKey?: UserKey
+  ) => Promise<[UserKey, EncString]>;
+  /**
+   * Decrypts the user key with the provided master key
+   * @param masterKey The user's master key
+   * @param userKey The user's encrypted symmetric key
+   * @param userId The desired user
+   * @returns The user key
+   */
+  decryptUserKeyWithMasterKey: (
+    masterKey: MasterKey,
+    userKey?: EncString,
+    userId?: string
+  ) => Promise<UserKey>;
+  /**
+   * Creates a master password hash from the user's master password. Can
+   * be used for local authentication or for server authentication depending
+   * on the hashPurpose provided.
+   * @param password The user's master password
+   * @param key The user's master key
+   * @param hashPurpose The iterations to use for the hash
+   * @returns The user's master password hash
+   */
+  hashMasterKey: (password: string, key: MasterKey, hashPurpose?: HashPurpose) => Promise<string>;
+  /**
+   * Sets the user's master password hash
+   * @param keyHash The user's master password hash to set
+   */
+  setMasterKeyHash: (keyHash: string) => Promise<void>;
+  /**
+   * @returns The user's master password hash
+   */
+  getMasterKeyHash: () => Promise<string>;
+  /**
+   * Clears the user's stored master password hash
+   * @param userId The desired user
+   */
+  clearMasterKeyHash: (userId?: string) => Promise<void>;
+  /**
+   * Compares the provided master password to the stored password hash and server password hash.
+   * Updates the stored hash if outdated.
+   * @param masterPassword The user's master password
+   * @param key The user's master key
+   * @returns True if the provided master password matches either the stored
+   * key hash or the server key hash
+   */
+  compareAndUpdateKeyHash: (masterPassword: string, masterKey: MasterKey) => Promise<boolean>;
+  /**
+   * Stores the encrypted organization keys and clears any decrypted
+   * organization keys currently in memory
+   * @param orgs The organizations to set keys for
+   * @param providerOrgs The provider organizations to set keys for
+   */
   setOrgKeys: (
     orgs: ProfileOrganizationResponse[],
     providerOrgs: ProfileProviderOrganizationResponse[]
   ) => Promise<void>;
-  setProviderKeys: (orgs: ProfileProviderResponse[]) => Promise<void>;
-  getKey: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<SymmetricCryptoKey>;
-  getKeyFromStorage: (keySuffix: KeySuffixOptions, userId?: string) => Promise<SymmetricCryptoKey>;
-  getKeyHash: () => Promise<string>;
-  compareAndUpdateKeyHash: (masterPassword: string, key: SymmetricCryptoKey) => Promise<boolean>;
-  getEncKey: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
-  getPublicKey: () => Promise<Uint8Array>;
-  getPrivateKey: () => Promise<Uint8Array>;
-  getFingerprint: (fingerprintMaterial: string, publicKey?: Uint8Array) => Promise<string[]>;
+  /**
+   * Returns the organization's symmetric key
+   * @param orgId The desired organization
+   * @returns The organization's symmetric key
+   */
+  getOrgKey: (orgId: string) => Promise<OrgKey>;
+  /**
+   * @returns A map of the organization Ids to their symmetric keys
+   */
   getOrgKeys: () => Promise<Map<string, SymmetricCryptoKey>>;
-  getOrgKey: (orgId: string) => Promise<SymmetricCryptoKey>;
-  getProviderKey: (providerId: string) => Promise<SymmetricCryptoKey>;
-  getKeyForUserEncryption: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
-  hasKey: () => Promise<boolean>;
-  hasKeyInMemory: (userId?: string) => Promise<boolean>;
-  hasKeyStored: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<boolean>;
-  hasEncKey: () => Promise<boolean>;
-  clearKey: (clearSecretStorage?: boolean, userId?: string) => Promise<any>;
-  clearKeyHash: () => Promise<any>;
-  clearEncKey: (memoryOnly?: boolean, userId?: string) => Promise<any>;
-  clearKeyPair: (memoryOnly?: boolean, userId?: string) => Promise<any>;
-  clearOrgKeys: (memoryOnly?: boolean, userId?: string) => Promise<any>;
-  clearProviderKeys: (memoryOnly?: boolean) => Promise<any>;
-  clearPinProtectedKey: () => Promise<any>;
-  clearKeys: (userId?: string) => Promise<any>;
-  toggleKey: () => Promise<any>;
-  makeKey: (
-    password: string,
-    salt: string,
-    kdf: KdfType,
-    kdfConfig: KdfConfig
-  ) => Promise<SymmetricCryptoKey>;
-  makeKeyFromPin: (
+  /**
+   * Uses the org key to derive a new symmetric key for encrypting data
+   * @param orgKey The organization's symmetric key
+   */
+  makeDataEncKey: <T extends UserKey | OrgKey>(key: T) => Promise<[SymmetricCryptoKey, EncString]>;
+  /**
+   * Clears the user's stored organization keys
+   * @param memoryOnly Clear only the in-memory keys
+   * @param userId The desired user
+   */
+  clearOrgKeys: (memoryOnly?: boolean, userId?: string) => Promise<void>;
+  /**
+   * Stores the encrypted provider keys and clears any decrypted
+   * provider keys currently in memory
+   * @param providers The providers to set keys for
+   */
+  setProviderKeys: (orgs: ProfileProviderResponse[]) => Promise<void>;
+  /**
+   * @param providerId The desired provider
+   * @returns The provider's symmetric key
+   */
+  getProviderKey: (providerId: string) => Promise<ProviderKey>;
+  /**
+   * @returns A map of the provider Ids to their symmetric keys
+   */
+  getProviderKeys: () => Promise<Map<string, ProviderKey>>;
+  /**
+   * @param memoryOnly Clear only the in-memory keys
+   * @param userId The desired user
+   */
+  clearProviderKeys: (memoryOnly?: boolean, userId?: string) => Promise<void>;
+  /**
+   * Returns the public key from memory. If not available, extracts it
+   * from the private key and stores it in memory
+   * @returns The user's public key
+   */
+  getPublicKey: () => Promise<Uint8Array>;
+  /**
+   * Creates a new organization key and encrypts it with the user's public key.
+   * This method can also return Provider keys for creating new Provider users.
+   * @returns The new encrypted org key and the decrypted key itself
+   */
+  makeOrgKey: <T extends OrgKey | ProviderKey>() => Promise<[EncString, T]>;
+  /**
+   * Sets the the user's encrypted private key in storage and
+   * clears the decrypted private key from memory
+   * Note: does not clear the private key if null is provided
+   * @param encPrivateKey An encrypted private key
+   */
+  setPrivateKey: (encPrivateKey: string) => Promise<void>;
+  /**
+   * Returns the private key from memory. If not available, decrypts it
+   * from storage and stores it in memory
+   * @returns The user's private key
+   */
+  getPrivateKey: () => Promise<Uint8Array>;
+  /**
+   * Generates a fingerprint phrase for the user based on their public key
+   * @param fingerprintMaterial Fingerprint material
+   * @param publicKey The user's public key
+   * @returns The user's fingerprint phrase
+   */
+  getFingerprint: (fingerprintMaterial: string, publicKey?: Uint8Array) => Promise<string[]>;
+  /**
+   * Generates a new keypair
+   * @param key A key to encrypt the private key with. If not provided,
+   * defaults to the user key
+   * @returns A new keypair: [publicKey in Base64, encrypted privateKey]
+   */
+  makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, EncString]>;
+  /**
+   * Clears the user's key pair
+   * @param memoryOnly Clear only the in-memory keys
+   * @param userId The desired user
+   */
+  clearKeyPair: (memoryOnly?: boolean, userId?: string) => Promise<void[]>;
+  /**
+   * @param pin The user's pin
+   * @param salt The user's salt
+   * @param kdf The user's kdf
+   * @param kdfConfig The user's kdf config
+   * @returns A key derived from the user's pin
+   */
+  makePinKey: (pin: string, salt: string, kdf: KdfType, kdfConfig: KdfConfig) => Promise<PinKey>;
+  /**
+   * Clears the user's pin keys from storage
+   * Note: This will remove the stored pin and as a result,
+   * disable pin protection for the user
+   * @param userId The desired user
+   */
+  clearPinKeys: (userId?: string) => Promise<void>;
+  /**
+   * Decrypts the user key with their pin
+   * @param pin The user's PIN
+   * @param salt The user's salt
+   * @param kdf The user's KDF
+   * @param kdfConfig The user's KDF config
+   * @param pinProtectedUserKey The user's PIN protected symmetric key, if not provided
+   * it will be retrieved from storage
+   * @returns The decrypted user key
+   */
+  decryptUserKeyWithPin: (
     pin: string,
     salt: string,
     kdf: KdfType,
     kdfConfig: KdfConfig,
     protectedKeyCs?: EncString
-  ) => Promise<SymmetricCryptoKey>;
-  makeShareKey: () => Promise<[EncString, SymmetricCryptoKey]>;
-  makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, EncString]>;
-  makePinKey: (
+  ) => Promise<UserKey>;
+  /**
+   * Creates a new Pin key that encrypts the user key instead of the
+   * master key. Clears the old Pin key from state.
+   * @param masterPasswordOnRestart True if Master Password on Restart is enabled
+   * @param pin User's PIN
+   * @param email User's email
+   * @param kdf User's KdfType
+   * @param kdfConfig User's KdfConfig
+   * @param oldPinKey The old Pin key from state (retrieved from different
+   * places depending on if Master Password on Restart was enabled)
+   * @returns The user key
+   */
+  decryptAndMigrateOldPinKey: (
+    masterPasswordOnRestart: boolean,
+    pin: string,
+    email: string,
+    kdf: KdfType,
+    kdfConfig: KdfConfig,
+    oldPinKey: EncString
+  ) => Promise<UserKey>;
+  /**
+   * Replaces old master auto keys with new user auto keys
+   */
+  migrateAutoKeyIfNeeded: (userId?: string) => Promise<void>;
+  /**
+   * @param keyMaterial The key material to derive the send key from
+   * @returns A new send key
+   */
+  makeSendKey: (keyMaterial: Uint8Array) => Promise<SymmetricCryptoKey>;
+  /**
+   * Clears all of the user's keys from storage
+   * @param userId The user's Id
+   */
+  clearKeys: (userId?: string) => Promise<any>;
+  /**
+   * RSA encrypts a value.
+   * @param data The data to encrypt
+   * @param publicKey The public key to use for encryption, if not provided, the user's public key will be used
+   * @returns The encrypted data
+   */
+  rsaEncrypt: (data: Uint8Array, publicKey?: Uint8Array) => Promise<EncString>;
+  /**
+   * Decrypts a value using RSA.
+   * @param encValue The encrypted value to decrypt
+   * @param privateKeyValue The private key to use for decryption
+   * @returns The decrypted value
+   */
+  rsaDecrypt: (encValue: string, privateKeyValue?: Uint8Array) => Promise<Uint8Array>;
+  randomNumber: (min: number, max: number) => Promise<number>;
+
+  /**
+   * Initialize all necessary crypto keys needed for a new account.
+   * Warning! This completely replaces any existing keys!
+   * @returns The user's newly created  public key, private key, and encrypted private key
+   */
+  initAccount: () => Promise<{
+    userKey: UserKey;
+    publicKey: string;
+    privateKey: EncString;
+  }>;
+
+  /**
+   * @deprecated Left for migration purposes. Use decryptUserKeyWithPin instead.
+   */
+  decryptMasterKeyWithPin: (
     pin: string,
     salt: string,
     kdf: KdfType,
-    kdfConfig: KdfConfig
-  ) => Promise<SymmetricCryptoKey>;
-  makeSendKey: (keyMaterial: Uint8Array) => Promise<SymmetricCryptoKey>;
-  hashPassword: (
-    password: string,
-    key: SymmetricCryptoKey,
-    hashPurpose?: HashPurpose
-  ) => Promise<string>;
-  makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, EncString]>;
-  remakeEncKey: (
-    key: SymmetricCryptoKey,
-    encKey?: SymmetricCryptoKey
-  ) => Promise<[SymmetricCryptoKey, EncString]>;
+    kdfConfig: KdfConfig,
+    protectedKeyCs?: EncString
+  ) => Promise<MasterKey>;
+  /**
+   * Previously, the master key was used for any additional key like the biometrics or pin key.
+   * We have switched to using the user key for these purposes. This method is for clearing the state
+   * of the older keys on logout or post migration.
+   * @param keySuffix The desired type of key to clear
+   * @param userId The desired user
+   */
+  clearDeprecatedKeys: (keySuffix: KeySuffixOptions, userId?: string) => Promise<void>;
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.encrypt
+   */
   encrypt: (plainValue: string | Uint8Array, key?: SymmetricCryptoKey) => Promise<EncString>;
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.encryptToBytes
+   */
   encryptToBytes: (plainValue: Uint8Array, key?: SymmetricCryptoKey) => Promise<EncArrayBuffer>;
-  rsaEncrypt: (data: Uint8Array, publicKey?: Uint8Array) => Promise<EncString>;
-  rsaDecrypt: (encValue: string, privateKeyValue?: Uint8Array) => Promise<Uint8Array>;
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.decryptToBytes
+   */
   decryptToBytes: (encString: EncString, key?: SymmetricCryptoKey) => Promise<Uint8Array>;
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.decryptToUtf8
+   */
   decryptToUtf8: (encString: EncString, key?: SymmetricCryptoKey) => Promise<string>;
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.decryptToBytes
+   */
   decryptFromBytes: (encBuffer: EncArrayBuffer, key: SymmetricCryptoKey) => Promise<Uint8Array>;
-  randomNumber: (min: number, max: number) => Promise<number>;
-  validateKey: (key: SymmetricCryptoKey) => Promise<boolean>;
 }
diff --git a/libs/common/src/platform/abstractions/state.service.ts b/libs/common/src/platform/abstractions/state.service.ts
index 80159a9a8b9..4a2b515b74a 100644
--- a/libs/common/src/platform/abstractions/state.service.ts
+++ b/libs/common/src/platform/abstractions/state.service.ts
@@ -5,6 +5,7 @@ import { OrganizationData } from "../../admin-console/models/data/organization.d
 import { PolicyData } from "../../admin-console/models/data/policy.data";
 import { ProviderData } from "../../admin-console/models/data/provider.data";
 import { Policy } from "../../admin-console/models/domain/policy";
+import { AdminAuthRequestStorable } from "../../auth/models/domain/admin-auth-req-storable";
 import { EnvironmentUrls } from "../../auth/models/domain/environment-urls";
 import { ForceResetPasswordReason } from "../../auth/models/domain/force-reset-password-reason";
 import { KdfConfig } from "../../auth/models/domain/kdf-config";
@@ -23,10 +24,19 @@ import { CipherView } from "../../vault/models/view/cipher.view";
 import { CollectionView } from "../../vault/models/view/collection.view";
 import { AddEditCipherInfo } from "../../vault/types/add-edit-cipher-info";
 import { ServerConfigData } from "../models/data/server-config.data";
-import { Account, AccountSettingsSettings } from "../models/domain/account";
+import {
+  Account,
+  AccountDecryptionOptions,
+  AccountSettingsSettings,
+} from "../models/domain/account";
 import { EncString } from "../models/domain/enc-string";
 import { StorageOptions } from "../models/domain/storage-options";
-import { DeviceKey, SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key";
+import {
+  DeviceKey,
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../models/domain/symmetric-crypto-key";
 
 export abstract class StateService<T extends Account = Account> {
   accounts$: Observable<{ [userId: string]: T }>;
@@ -71,24 +81,106 @@ export abstract class StateService<T extends Account = Account> {
   setCollapsedGroupings: (value: string[], options?: StorageOptions) => Promise<void>;
   getConvertAccountToKeyConnector: (options?: StorageOptions) => Promise<boolean>;
   setConvertAccountToKeyConnector: (value: boolean, options?: StorageOptions) => Promise<void>;
+  /**
+   * gets the user key
+   */
+  getUserKey: (options?: StorageOptions) => Promise<UserKey>;
+  /**
+   * Sets the user key
+   */
+  setUserKey: (value: UserKey, options?: StorageOptions) => Promise<void>;
+  /**
+   * Gets the user's master key
+   */
+  getMasterKey: (options?: StorageOptions) => Promise<MasterKey>;
+  /**
+   * Sets the user's master key
+   */
+  setMasterKey: (value: MasterKey, options?: StorageOptions) => Promise<void>;
+  /**
+   * Gets the user key encrypted by the master key
+   */
+  getMasterKeyEncryptedUserKey: (options?: StorageOptions) => Promise<string>;
+  /**
+   * Sets the user key encrypted by the master key
+   */
+  setMasterKeyEncryptedUserKey: (value: string, options?: StorageOptions) => Promise<void>;
+  /**
+   * Gets the user's auto key
+   */
+  getUserKeyAutoUnlock: (options?: StorageOptions) => Promise<string>;
+  /**
+   * Sets the user's auto key
+   */
+  setUserKeyAutoUnlock: (value: string, options?: StorageOptions) => Promise<void>;
+  /**
+   * Gets the user's biometric key
+   */
+  getUserKeyBiometric: (options?: StorageOptions) => Promise<string>;
+  /**
+   * Checks if the user has a biometric key available
+   */
+  hasUserKeyBiometric: (options?: StorageOptions) => Promise<boolean>;
+  /**
+   * Sets the user's biometric key
+   */
+  setUserKeyBiometric: (value: BiometricKey, options?: StorageOptions) => Promise<void>;
+  /**
+   * Gets the user key encrypted by the Pin key.
+   * Used when Lock with MP on Restart is disabled
+   */
+  getPinKeyEncryptedUserKey: (options?: StorageOptions) => Promise<EncString>;
+  /**
+   * Sets the user key encrypted by the Pin key.
+   * Used when Lock with MP on Restart is disabled
+   */
+  setPinKeyEncryptedUserKey: (value: EncString, options?: StorageOptions) => Promise<void>;
+  /**
+   * Gets the ephemeral version of the user key encrypted by the Pin key.
+   * Used when Lock with MP on Restart is enabled
+   */
+  getPinKeyEncryptedUserKeyEphemeral: (options?: StorageOptions) => Promise<EncString>;
+  /**
+   * Sets the ephemeral version of the user key encrypted by the Pin key.
+   * Used when Lock with MP on Restart is enabled
+   */
+  setPinKeyEncryptedUserKeyEphemeral: (value: EncString, options?: StorageOptions) => Promise<void>;
+  /**
+   * @deprecated For migration purposes only, use getUserKeyMasterKey instead
+   */
+  getEncryptedCryptoSymmetricKey: (options?: StorageOptions) => Promise<string>;
+  /**
+   * @deprecated For migration purposes only, use setUserKeyMasterKey instead
+   */
+  setEncryptedCryptoSymmetricKey: (value: string, options?: StorageOptions) => Promise<void>;
+  /**
+   * @deprecated For legacy purposes only, use getMasterKey instead
+   */
   getCryptoMasterKey: (options?: StorageOptions) => Promise<SymmetricCryptoKey>;
-  setCryptoMasterKey: (value: SymmetricCryptoKey, options?: StorageOptions) => Promise<void>;
+  /**
+   * @deprecated For migration purposes only, use getUserKeyAuto instead
+   */
   getCryptoMasterKeyAuto: (options?: StorageOptions) => Promise<string>;
+  /**
+   * @deprecated For migration purposes only, use setUserKeyAuto instead
+   */
   setCryptoMasterKeyAuto: (value: string, options?: StorageOptions) => Promise<void>;
-  getCryptoMasterKeyB64: (options?: StorageOptions) => Promise<string>;
-  setCryptoMasterKeyB64: (value: string, options?: StorageOptions) => Promise<void>;
+  /**
+   * @deprecated For migration purposes only, use getUserKeyBiometric instead
+   */
   getCryptoMasterKeyBiometric: (options?: StorageOptions) => Promise<string>;
+  /**
+   * @deprecated For migration purposes only, use hasUserKeyBiometric instead
+   */
   hasCryptoMasterKeyBiometric: (options?: StorageOptions) => Promise<boolean>;
+  /**
+   * @deprecated For migration purposes only, use setUserKeyBiometric instead
+   */
   setCryptoMasterKeyBiometric: (value: BiometricKey, options?: StorageOptions) => Promise<void>;
   getDecryptedCiphers: (options?: StorageOptions) => Promise<CipherView[]>;
   setDecryptedCiphers: (value: CipherView[], options?: StorageOptions) => Promise<void>;
   getDecryptedCollections: (options?: StorageOptions) => Promise<CollectionView[]>;
   setDecryptedCollections: (value: CollectionView[], options?: StorageOptions) => Promise<void>;
-  getDecryptedCryptoSymmetricKey: (options?: StorageOptions) => Promise<SymmetricCryptoKey>;
-  setDecryptedCryptoSymmetricKey: (
-    value: SymmetricCryptoKey,
-    options?: StorageOptions
-  ) => Promise<void>;
   getDecryptedOrganizationKeys: (
     options?: StorageOptions
   ) => Promise<Map<string, SymmetricCryptoKey>>;
@@ -103,7 +195,13 @@ export abstract class StateService<T extends Account = Account> {
     value: GeneratedPasswordHistory[],
     options?: StorageOptions
   ) => Promise<void>;
+  /**
+   * @deprecated For migration purposes only, use getDecryptedUserKeyPin instead
+   */
   getDecryptedPinProtected: (options?: StorageOptions) => Promise<EncString>;
+  /**
+   * @deprecated For migration purposes only, use setDecryptedUserKeyPin instead
+   */
   setDecryptedPinProtected: (value: EncString, options?: StorageOptions) => Promise<void>;
   /**
    * @deprecated Do not call this, use PolicyService
@@ -164,7 +262,21 @@ export abstract class StateService<T extends Account = Account> {
   getDuckDuckGoSharedKey: (options?: StorageOptions) => Promise<string>;
   setDuckDuckGoSharedKey: (value: string, options?: StorageOptions) => Promise<void>;
   getDeviceKey: (options?: StorageOptions) => Promise<DeviceKey | null>;
-  setDeviceKey: (value: DeviceKey, options?: StorageOptions) => Promise<void>;
+  setDeviceKey: (value: DeviceKey | null, options?: StorageOptions) => Promise<void>;
+  getAdminAuthRequest: (options?: StorageOptions) => Promise<AdminAuthRequestStorable | null>;
+  setAdminAuthRequest: (
+    adminAuthRequest: AdminAuthRequestStorable,
+    options?: StorageOptions
+  ) => Promise<void>;
+  getShouldTrustDevice: (options?: StorageOptions) => Promise<boolean | null>;
+  setShouldTrustDevice: (value: boolean, options?: StorageOptions) => Promise<void>;
+  getAccountDecryptionOptions: (
+    options?: StorageOptions
+  ) => Promise<AccountDecryptionOptions | null>;
+  setAccountDecryptionOptions: (
+    value: AccountDecryptionOptions,
+    options?: StorageOptions
+  ) => Promise<void>;
   getEmail: (options?: StorageOptions) => Promise<string>;
   setEmail: (value: string, options?: StorageOptions) => Promise<void>;
   getEmailVerified: (options?: StorageOptions) => Promise<boolean>;
@@ -205,8 +317,6 @@ export abstract class StateService<T extends Account = Account> {
     value: { [id: string]: CollectionData },
     options?: StorageOptions
   ) => Promise<void>;
-  getEncryptedCryptoSymmetricKey: (options?: StorageOptions) => Promise<string>;
-  setEncryptedCryptoSymmetricKey: (value: string, options?: StorageOptions) => Promise<void>;
   /**
    * @deprecated Do not call this directly, use FolderService
    */
@@ -232,7 +342,13 @@ export abstract class StateService<T extends Account = Account> {
     value: GeneratedPasswordHistory[],
     options?: StorageOptions
   ) => Promise<void>;
+  /**
+   * @deprecated For migration purposes only, use getEncryptedUserKeyPin instead
+   */
   getEncryptedPinProtected: (options?: StorageOptions) => Promise<string>;
+  /**
+   * @deprecated For migration purposes only, use setEncryptedUserKeyPin instead
+   */
   setEncryptedPinProtected: (value: string, options?: StorageOptions) => Promise<void>;
   /**
    * @deprecated Do not call this directly, use PolicyService
@@ -269,6 +385,8 @@ export abstract class StateService<T extends Account = Account> {
   setEquivalentDomains: (value: string, options?: StorageOptions) => Promise<void>;
   getEventCollection: (options?: StorageOptions) => Promise<EventData[]>;
   setEventCollection: (value: EventData[], options?: StorageOptions) => Promise<void>;
+  getEverHadUserKey: (options?: StorageOptions) => Promise<boolean>;
+  setEverHadUserKey: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEverBeenUnlocked: (options?: StorageOptions) => Promise<boolean>;
   setEverBeenUnlocked: (value: boolean, options?: StorageOptions) => Promise<void>;
   getForcePasswordResetReason: (options?: StorageOptions) => Promise<ForceResetPasswordReason>;
@@ -327,7 +445,13 @@ export abstract class StateService<T extends Account = Account> {
   setUsernameGenerationOptions: (value: any, options?: StorageOptions) => Promise<void>;
   getGeneratorOptions: (options?: StorageOptions) => Promise<any>;
   setGeneratorOptions: (value: any, options?: StorageOptions) => Promise<void>;
+  /**
+   * Gets the user's Pin, encrypted by the user key
+   */
   getProtectedPin: (options?: StorageOptions) => Promise<string>;
+  /**
+   * Sets the user's Pin, encrypted by the user key
+   */
   setProtectedPin: (value: string, options?: StorageOptions) => Promise<void>;
   getProviders: (options?: StorageOptions) => Promise<{ [id: string]: ProviderData }>;
   setProviders: (value: { [id: string]: ProviderData }, options?: StorageOptions) => Promise<void>;
@@ -353,6 +477,11 @@ export abstract class StateService<T extends Account = Account> {
   setSsoOrganizationIdentifier: (value: string, options?: StorageOptions) => Promise<void>;
   getSsoState: (options?: StorageOptions) => Promise<string>;
   setSsoState: (value: string, options?: StorageOptions) => Promise<void>;
+  getUserSsoOrganizationIdentifier: (options?: StorageOptions) => Promise<string>;
+  setUserSsoOrganizationIdentifier: (
+    value: string | null,
+    options?: StorageOptions
+  ) => Promise<void>;
   getTheme: (options?: StorageOptions) => Promise<ThemeType>;
   setTheme: (value: ThemeType, options?: StorageOptions) => Promise<void>;
   getTwoFactorToken: (options?: StorageOptions) => Promise<string>;
diff --git a/libs/common/src/platform/models/domain/account-keys.spec.ts b/libs/common/src/platform/models/domain/account-keys.spec.ts
index 36fdb6a2763..96e30a8c6e1 100644
--- a/libs/common/src/platform/models/domain/account-keys.spec.ts
+++ b/libs/common/src/platform/models/domain/account-keys.spec.ts
@@ -1,8 +1,9 @@
 import { makeStaticByteArray } from "../../../../spec";
+import { CsprngArray } from "../../../types/csprng";
 import { Utils } from "../../misc/utils";
 
 import { AccountKeys, EncryptionPair } from "./account";
-import { SymmetricCryptoKey } from "./symmetric-crypto-key";
+import { DeviceKey, SymmetricCryptoKey } from "./symmetric-crypto-key";
 
 describe("AccountKeys", () => {
   describe("toJSON", () => {
@@ -22,6 +23,23 @@ describe("AccountKeys", () => {
       const json = JSON.stringify(keys);
       expect(json).toContain('"publicKey":"hello"');
     });
+
+    // As the accountKeys.toJSON doesn't really serialize the device key
+    // this method just checks the persistence of the deviceKey
+    it("should persist deviceKey", () => {
+      // Arrange
+      const accountKeys = new AccountKeys();
+      const deviceKeyBytesLength = 64;
+      accountKeys.deviceKey = new SymmetricCryptoKey(
+        new Uint8Array(deviceKeyBytesLength).buffer as CsprngArray
+      ) as DeviceKey;
+
+      // Act
+      const serializedKeys = accountKeys.toJSON();
+
+      // Assert
+      expect(serializedKeys.deviceKey).toEqual(accountKeys.deviceKey);
+    });
   });
 
   describe("fromJSON", () => {
@@ -57,5 +75,24 @@ describe("AccountKeys", () => {
       } as any);
       expect(spy).toHaveBeenCalled();
     });
+
+    it("should deserialize deviceKey", () => {
+      // Arrange
+      const expectedKeyB64 =
+        "ZJNnhx9BbJeb2EAq1hlMjqt6GFsg9G/GzoFf6SbPKsaiMhKGDcbHcwcyEg56Lh8lfilpZz4SRM6UA7oFCg+lSg==";
+
+      const symmetricCryptoKeyFromJsonSpy = jest.spyOn(SymmetricCryptoKey, "fromJSON");
+
+      // Act
+      const accountKeys = AccountKeys.fromJSON({
+        deviceKey: {
+          keyB64: expectedKeyB64,
+        },
+      } as any);
+
+      // Assert
+      expect(symmetricCryptoKeyFromJsonSpy).toHaveBeenCalled();
+      expect(accountKeys.deviceKey.keyB64).toEqual(expectedKeyB64);
+    });
   });
 });
diff --git a/libs/common/src/platform/models/domain/account.ts b/libs/common/src/platform/models/domain/account.ts
index f40df3aa538..95a5a899129 100644
--- a/libs/common/src/platform/models/domain/account.ts
+++ b/libs/common/src/platform/models/domain/account.ts
@@ -6,8 +6,12 @@ import { PolicyData } from "../../../admin-console/models/data/policy.data";
 import { ProviderData } from "../../../admin-console/models/data/provider.data";
 import { Policy } from "../../../admin-console/models/domain/policy";
 import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
+import { AdminAuthRequestStorable } from "../../../auth/models/domain/admin-auth-req-storable";
 import { EnvironmentUrls } from "../../../auth/models/domain/environment-urls";
 import { ForceResetPasswordReason } from "../../../auth/models/domain/force-reset-password-reason";
+import { KeyConnectorUserDecryptionOption } from "../../../auth/models/domain/user-decryption-options/key-connector-user-decryption-option";
+import { TrustedDeviceUserDecryptionOption } from "../../../auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
+import { UserDecryptionOptionsResponse } from "../../../auth/models/response/user-decryption-options/user-decryption-options.response";
 import { KdfType, UriMatchType } from "../../../enums";
 import { EventData } from "../../../models/data/event.data";
 import { GeneratedPasswordHistory } from "../../../tools/generator/password";
@@ -22,8 +26,8 @@ import { CollectionView } from "../../../vault/models/view/collection.view";
 import { Utils } from "../../misc/utils";
 import { ServerConfigData } from "../../models/data/server-config.data";
 
-import { EncString } from "./enc-string";
-import { DeviceKey, SymmetricCryptoKey } from "./symmetric-crypto-key";
+import { EncryptedString, EncString } from "./enc-string";
+import { MasterKey, SymmetricCryptoKey, UserKey } from "./symmetric-crypto-key";
 
 export class EncryptionPair<TEncrypted, TDecrypted> {
   encrypted?: TEncrypted;
@@ -99,15 +103,10 @@ export class AccountData {
 }
 
 export class AccountKeys {
-  cryptoMasterKey?: SymmetricCryptoKey;
-  cryptoMasterKeyAuto?: string;
-  cryptoMasterKeyB64?: string;
-  cryptoMasterKeyBiometric?: string;
-  cryptoSymmetricKey?: EncryptionPair<string, SymmetricCryptoKey> = new EncryptionPair<
-    string,
-    SymmetricCryptoKey
-  >();
-  deviceKey?: DeviceKey;
+  userKey?: UserKey;
+  masterKey?: MasterKey;
+  masterKeyEncryptedUserKey?: string;
+  deviceKey?: ReturnType<SymmetricCryptoKey["toJSON"]>;
   organizationKeys?: EncryptionPair<
     { [orgId: string]: EncryptedOrganizationKeyData },
     Record<string, SymmetricCryptoKey>
@@ -123,6 +122,18 @@ export class AccountKeys {
   publicKey?: Uint8Array;
   apiKeyClientSecret?: string;
 
+  /** @deprecated July 2023, left for migration purposes*/
+  cryptoMasterKey?: SymmetricCryptoKey;
+  /** @deprecated July 2023, left for migration purposes*/
+  cryptoMasterKeyAuto?: string;
+  /** @deprecated July 2023, left for migration purposes*/
+  cryptoMasterKeyBiometric?: string;
+  /** @deprecated July 2023, left for migration purposes*/
+  cryptoSymmetricKey?: EncryptionPair<string, SymmetricCryptoKey> = new EncryptionPair<
+    string,
+    SymmetricCryptoKey
+  >();
+
   toJSON() {
     return Utils.merge(this, {
       publicKey: Utils.fromBufferToByteString(this.publicKey),
@@ -135,6 +146,9 @@ export class AccountKeys {
     }
 
     return Object.assign(new AccountKeys(), {
+      userKey: SymmetricCryptoKey.fromJSON(obj?.userKey),
+      masterKey: SymmetricCryptoKey.fromJSON(obj?.masterKey),
+      deviceKey: obj?.deviceKey,
       cryptoMasterKey: SymmetricCryptoKey.fromJSON(obj?.cryptoMasterKey),
       cryptoSymmetricKey: EncryptionPair.fromJSON(
         obj?.cryptoSymmetricKey,
@@ -173,6 +187,7 @@ export class AccountProfile {
   emailVerified?: boolean;
   entityId?: string;
   entityType?: string;
+  everHadUserKey?: boolean;
   everBeenUnlocked?: boolean;
   forcePasswordResetReason?: ForceResetPasswordReason;
   hasPremiumPersonally?: boolean;
@@ -223,7 +238,8 @@ export class AccountSettings {
   passwordGenerationOptions?: any;
   usernameGenerationOptions?: any;
   generatorOptions?: any;
-  pinProtected?: EncryptionPair<string, EncString> = new EncryptionPair<string, EncString>();
+  pinKeyEncryptedUserKey?: EncryptedString;
+  pinKeyEncryptedUserKeyEphemeral?: EncryptedString;
   protectedPin?: string;
   settings?: AccountSettingsSettings; // TODO: Merge whatever is going on here into the AccountSettings model properly
   vaultTimeout?: number;
@@ -234,6 +250,10 @@ export class AccountSettings {
   activateAutoFillOnPageLoadFromPolicy?: boolean;
   region?: string;
   smOnboardingTasks?: Record<string, Record<string, boolean>>;
+  trustDeviceChoiceForDecryption?: boolean;
+
+  /** @deprecated July 2023, left for migration purposes*/
+  pinProtected?: EncryptionPair<string, EncString> = new EncryptionPair<string, EncString>();
 
   static fromJSON(obj: Jsonify<AccountSettings>): AccountSettings {
     if (obj == null) {
@@ -269,12 +289,106 @@ export class AccountTokens {
   }
 }
 
+export class AccountDecryptionOptions {
+  hasMasterPassword: boolean;
+  trustedDeviceOption?: TrustedDeviceUserDecryptionOption;
+  keyConnectorOption?: KeyConnectorUserDecryptionOption;
+
+  constructor(init?: Partial<AccountDecryptionOptions>) {
+    if (init) {
+      Object.assign(this, init);
+    }
+  }
+
+  // TODO: these nice getters don't work because the Account object is not properly being deserialized out of
+  // JSON (the Account static fromJSON method is not running) so these getters don't exist on the
+  // account decryptions options object when pulled out of state.  This is a bug that needs to be fixed later on
+  // get hasTrustedDeviceOption(): boolean {
+  //   return this.trustedDeviceOption !== null && this.trustedDeviceOption !== undefined;
+  // }
+
+  // get hasKeyConnectorOption(): boolean {
+  //   return this.keyConnectorOption !== null && this.keyConnectorOption !== undefined;
+  // }
+
+  static fromResponse(response: UserDecryptionOptionsResponse): AccountDecryptionOptions {
+    if (response == null) {
+      return null;
+    }
+
+    const accountDecryptionOptions = new AccountDecryptionOptions();
+    accountDecryptionOptions.hasMasterPassword = response.hasMasterPassword;
+
+    if (response.trustedDeviceOption) {
+      accountDecryptionOptions.trustedDeviceOption = new TrustedDeviceUserDecryptionOption(
+        response.trustedDeviceOption.hasAdminApproval,
+        response.trustedDeviceOption.hasLoginApprovingDevice,
+        response.trustedDeviceOption.hasManageResetPasswordPermission
+      );
+    }
+
+    if (response.keyConnectorOption) {
+      accountDecryptionOptions.keyConnectorOption = new KeyConnectorUserDecryptionOption(
+        response.keyConnectorOption.keyConnectorUrl
+      );
+    }
+
+    return accountDecryptionOptions;
+  }
+
+  static fromJSON(obj: Jsonify<AccountDecryptionOptions>): AccountDecryptionOptions {
+    if (obj == null) {
+      return null;
+    }
+
+    const accountDecryptionOptions = Object.assign(new AccountDecryptionOptions(), obj);
+
+    if (obj.trustedDeviceOption) {
+      accountDecryptionOptions.trustedDeviceOption = new TrustedDeviceUserDecryptionOption(
+        obj.trustedDeviceOption.hasAdminApproval,
+        obj.trustedDeviceOption.hasLoginApprovingDevice,
+        obj.trustedDeviceOption.hasManageResetPasswordPermission
+      );
+    }
+
+    if (obj.keyConnectorOption) {
+      accountDecryptionOptions.keyConnectorOption = new KeyConnectorUserDecryptionOption(
+        obj.keyConnectorOption.keyConnectorUrl
+      );
+    }
+
+    return accountDecryptionOptions;
+  }
+}
+
+export class LoginState {
+  ssoOrganizationIdentifier?: string;
+
+  constructor(init?: Partial<LoginState>) {
+    if (init) {
+      Object.assign(this, init);
+    }
+  }
+
+  static fromJSON(obj: Jsonify<LoginState>): LoginState {
+    if (obj == null) {
+      return null;
+    }
+
+    const loginState = Object.assign(new LoginState(), obj);
+    return loginState;
+  }
+}
+
 export class Account {
   data?: AccountData = new AccountData();
   keys?: AccountKeys = new AccountKeys();
   profile?: AccountProfile = new AccountProfile();
   settings?: AccountSettings = new AccountSettings();
   tokens?: AccountTokens = new AccountTokens();
+  decryptionOptions?: AccountDecryptionOptions = new AccountDecryptionOptions();
+  loginState?: LoginState = new LoginState();
+  adminAuthRequest?: Jsonify<AdminAuthRequestStorable> = null;
 
   constructor(init: Partial<Account>) {
     Object.assign(this, {
@@ -298,6 +412,15 @@ export class Account {
         ...new AccountTokens(),
         ...init?.tokens,
       },
+      decryptionOptions: {
+        ...new AccountDecryptionOptions(),
+        ...init?.decryptionOptions,
+      },
+      loginState: {
+        ...new LoginState(),
+        ...init?.loginState,
+      },
+      adminAuthRequest: init?.adminAuthRequest,
     });
   }
 
@@ -311,6 +434,9 @@ export class Account {
       profile: AccountProfile.fromJSON(json?.profile),
       settings: AccountSettings.fromJSON(json?.settings),
       tokens: AccountTokens.fromJSON(json?.tokens),
+      decryptionOptions: AccountDecryptionOptions.fromJSON(json?.decryptionOptions),
+      loginState: LoginState.fromJSON(json?.loginState),
+      adminAuthRequest: AdminAuthRequestStorable.fromJSON(json?.adminAuthRequest),
     });
   }
 }
diff --git a/libs/common/src/platform/models/domain/enc-string.spec.ts b/libs/common/src/platform/models/domain/enc-string.spec.ts
index 31f515229d7..2aa4f2161fe 100644
--- a/libs/common/src/platform/models/domain/enc-string.spec.ts
+++ b/libs/common/src/platform/models/domain/enc-string.spec.ts
@@ -4,7 +4,11 @@ import { mock, MockProxy } from "jest-mock-extended";
 
 import { EncryptionType } from "../../../enums";
 import { EncryptService } from "../../../platform/abstractions/encrypt.service";
-import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
+import {
+  OrgKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../../../platform/models/domain/symmetric-crypto-key";
 import { CryptoService } from "../../abstractions/crypto.service";
 import { ContainerService } from "../../services/container.service";
 
@@ -225,12 +229,12 @@ describe("EncString", () => {
 
       await encString.decrypt(null, key);
 
-      expect(cryptoService.getKeyForUserEncryption).not.toHaveBeenCalled();
+      expect(cryptoService.getUserKeyWithLegacySupport).not.toHaveBeenCalled();
       expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, key);
     });
 
     it("gets an organization key if required", async () => {
-      const orgKey = mock<SymmetricCryptoKey>();
+      const orgKey = mock<OrgKey>();
 
       cryptoService.getOrgKey.calledWith("orgId").mockResolvedValue(orgKey);
 
@@ -241,13 +245,13 @@ describe("EncString", () => {
     });
 
     it("gets the user's decryption key if required", async () => {
-      const userKey = mock<SymmetricCryptoKey>();
+      const userKey = mock<UserKey>();
 
-      cryptoService.getKeyForUserEncryption.mockResolvedValue(userKey);
+      cryptoService.getUserKeyWithLegacySupport.mockResolvedValue(userKey);
 
       await encString.decrypt(null, null);
 
-      expect(cryptoService.getKeyForUserEncryption).toHaveBeenCalledWith();
+      expect(cryptoService.getUserKeyWithLegacySupport).toHaveBeenCalledWith();
       expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, userKey);
     });
   });
diff --git a/libs/common/src/platform/models/domain/enc-string.ts b/libs/common/src/platform/models/domain/enc-string.ts
index 017e0211146..60b59fa4d8c 100644
--- a/libs/common/src/platform/models/domain/enc-string.ts
+++ b/libs/common/src/platform/models/domain/enc-string.ts
@@ -1,4 +1,4 @@
-import { Jsonify } from "type-fest";
+import { Jsonify, Opaque } from "type-fest";
 
 import { EncryptionType, EXPECTED_NUM_PARTS_BY_ENCRYPTION_TYPE } from "../../../enums";
 import { Utils } from "../../../platform/misc/utils";
@@ -7,7 +7,7 @@ import { Encrypted } from "../../interfaces/encrypted";
 import { SymmetricCryptoKey } from "./symmetric-crypto-key";
 
 export class EncString implements Encrypted {
-  encryptedString?: string;
+  encryptedString?: EncryptedString;
   encryptionType?: EncryptionType;
   decryptedValue?: string;
   data?: string;
@@ -53,14 +53,14 @@ export class EncString implements Encrypted {
 
   private initFromData(encType: EncryptionType, data: string, iv: string, mac: string) {
     if (iv != null) {
-      this.encryptedString = encType + "." + iv + "|" + data;
+      this.encryptedString = (encType + "." + iv + "|" + data) as EncryptedString;
     } else {
-      this.encryptedString = encType + "." + data;
+      this.encryptedString = (encType + "." + data) as EncryptedString;
     }
 
     // mac
     if (mac != null) {
-      this.encryptedString += "|" + mac;
+      this.encryptedString = (this.encryptedString + "|" + mac) as EncryptedString;
     }
 
     this.encryptionType = encType;
@@ -70,7 +70,7 @@ export class EncString implements Encrypted {
   }
 
   private initFromEncryptedString(encryptedString: string) {
-    this.encryptedString = encryptedString as string;
+    this.encryptedString = encryptedString as EncryptedString;
     if (!this.encryptedString) {
       return;
     }
@@ -162,6 +162,8 @@ export class EncString implements Encrypted {
     const cryptoService = Utils.getContainerService().getCryptoService();
     return orgId != null
       ? await cryptoService.getOrgKey(orgId)
-      : await cryptoService.getKeyForUserEncryption();
+      : await cryptoService.getUserKeyWithLegacySupport();
   }
 }
+
+export type EncryptedString = Opaque<string, "EncString">;
diff --git a/libs/common/src/platform/models/domain/symmetric-crypto-key.ts b/libs/common/src/platform/models/domain/symmetric-crypto-key.ts
index 8ba6c411276..818155ef98d 100644
--- a/libs/common/src/platform/models/domain/symmetric-crypto-key.ts
+++ b/libs/common/src/platform/models/domain/symmetric-crypto-key.ts
@@ -78,3 +78,8 @@ export class SymmetricCryptoKey {
 
 // Setup all separate key types as opaque types
 export type DeviceKey = Opaque<SymmetricCryptoKey, "DeviceKey">;
+export type UserKey = Opaque<SymmetricCryptoKey, "UserKey">;
+export type MasterKey = Opaque<SymmetricCryptoKey, "MasterKey">;
+export type PinKey = Opaque<SymmetricCryptoKey, "PinKey">;
+export type OrgKey = Opaque<SymmetricCryptoKey, "OrgKey">;
+export type ProviderKey = Opaque<SymmetricCryptoKey, "ProviderKey">;
diff --git a/libs/common/src/platform/services/config/config.service.ts b/libs/common/src/platform/services/config/config.service.ts
index 54ece293a01..5b0325b68ac 100644
--- a/libs/common/src/platform/services/config/config.service.ts
+++ b/libs/common/src/platform/services/config/config.service.ts
@@ -36,16 +36,25 @@ export class ConfigService implements ConfigServiceAbstraction {
     try {
       const response = await this.configApiService.get();
 
-      if (response != null) {
-        const data = new ServerConfigData(response);
-        const serverConfig = new ServerConfig(data);
-        this._serverConfig.next(serverConfig);
-        if ((await this.authService.getAuthStatus()) === AuthenticationStatus.LoggedOut) {
-          return serverConfig;
-        }
+      if (response == null) {
+        return;
+      }
+
+      const data = new ServerConfigData(response);
+      const serverConfig = new ServerConfig(data);
+      this._serverConfig.next(serverConfig);
+
+      const userAuthStatus = await this.authService.getAuthStatus();
+      if (userAuthStatus !== AuthenticationStatus.LoggedOut) {
+        // Store the config for offline use if the user is logged in
         await this.stateService.setServerConfig(data);
         this.environmentService.setCloudWebVaultUrl(data.environment?.cloudRegion);
       }
+      // Always return new server config from server to calling method
+      // to ensure up to date information
+      // This change is specifically for the getFeatureFlag > buildServerConfig flow
+      // for locked or logged in users.
+      return serverConfig;
     } catch {
       return null;
     }
diff --git a/libs/common/src/platform/services/crypto.service.spec.ts b/libs/common/src/platform/services/crypto.service.spec.ts
index 6e8e1982e97..c84b305537a 100644
--- a/libs/common/src/platform/services/crypto.service.spec.ts
+++ b/libs/common/src/platform/services/crypto.service.spec.ts
@@ -1,10 +1,18 @@
 import { mock, mockReset } from "jest-mock-extended";
 
+import { CsprngArray } from "../../types/csprng";
 import { CryptoFunctionService } from "../abstractions/crypto-function.service";
 import { EncryptService } from "../abstractions/encrypt.service";
 import { LogService } from "../abstractions/log.service";
 import { PlatformUtilsService } from "../abstractions/platform-utils.service";
 import { StateService } from "../abstractions/state.service";
+import { EncString } from "../models/domain/enc-string";
+import {
+  MasterKey,
+  PinKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../models/domain/symmetric-crypto-key";
 import { CryptoService } from "../services/crypto.service";
 
 describe("cryptoService", () => {
@@ -16,6 +24,8 @@ describe("cryptoService", () => {
   const logService = mock<LogService>();
   const stateService = mock<StateService>();
 
+  const mockUserId = "mock user id";
+
   beforeEach(() => {
     mockReset(cryptoFunctionService);
     mockReset(encryptService);
@@ -35,4 +45,172 @@ describe("cryptoService", () => {
   it("instantiates", () => {
     expect(cryptoService).not.toBeFalsy();
   });
+
+  describe("getUserKey", () => {
+    let mockUserKey: UserKey;
+    let stateSvcGetUserKey: jest.SpyInstance;
+
+    beforeEach(() => {
+      const mockRandomBytes = new Uint8Array(64) as CsprngArray;
+      mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey;
+
+      stateSvcGetUserKey = jest.spyOn(stateService, "getUserKey");
+    });
+
+    it("returns the User Key if available", async () => {
+      stateSvcGetUserKey.mockResolvedValue(mockUserKey);
+
+      const userKey = await cryptoService.getUserKey(mockUserId);
+
+      expect(stateSvcGetUserKey).toHaveBeenCalledWith({ userId: mockUserId });
+      expect(userKey).toEqual(mockUserKey);
+    });
+
+    it("sets the Auto key if the User Key if not set", async () => {
+      const autoKeyB64 =
+        "IT5cA1i5Hncd953pb00E58D2FqJX+fWTj4AvoI67qkGHSQPgulAqKv+LaKRAo9Bg0xzP9Nw00wk4TqjMmGSM+g==";
+      stateService.getUserKeyAutoUnlock.mockResolvedValue(autoKeyB64);
+
+      const userKey = await cryptoService.getUserKey(mockUserId);
+
+      expect(stateService.setUserKey).toHaveBeenCalledWith(expect.any(SymmetricCryptoKey), {
+        userId: mockUserId,
+      });
+      expect(userKey.keyB64).toEqual(autoKeyB64);
+    });
+  });
+
+  describe("getUserKeyWithLegacySupport", () => {
+    let mockUserKey: UserKey;
+    let mockMasterKey: MasterKey;
+    let stateSvcGetUserKey: jest.SpyInstance;
+    let stateSvcGetMasterKey: jest.SpyInstance;
+
+    beforeEach(() => {
+      const mockRandomBytes = new Uint8Array(64) as CsprngArray;
+      mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey;
+      mockMasterKey = new SymmetricCryptoKey(new Uint8Array(64) as CsprngArray) as MasterKey;
+
+      stateSvcGetUserKey = jest.spyOn(stateService, "getUserKey");
+      stateSvcGetMasterKey = jest.spyOn(stateService, "getMasterKey");
+    });
+
+    it("returns the User Key if available", async () => {
+      stateSvcGetUserKey.mockResolvedValue(mockUserKey);
+
+      const userKey = await cryptoService.getUserKeyWithLegacySupport(mockUserId);
+
+      expect(stateSvcGetUserKey).toHaveBeenCalledWith({ userId: mockUserId });
+      expect(stateSvcGetMasterKey).not.toHaveBeenCalled();
+
+      expect(userKey).toEqual(mockUserKey);
+    });
+
+    it("returns the user's master key when User Key is not available", async () => {
+      stateSvcGetUserKey.mockResolvedValue(null);
+      stateSvcGetMasterKey.mockResolvedValue(mockMasterKey);
+
+      const userKey = await cryptoService.getUserKeyWithLegacySupport(mockUserId);
+
+      expect(stateSvcGetMasterKey).toHaveBeenCalledWith({ userId: mockUserId });
+      expect(userKey).toEqual(mockMasterKey);
+    });
+  });
+
+  describe("setUserKey", () => {
+    let mockUserKey: UserKey;
+
+    beforeEach(() => {
+      const mockRandomBytes = new Uint8Array(64) as CsprngArray;
+      mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey;
+    });
+
+    describe("Auto Key refresh", () => {
+      it("sets an Auto key if vault timeout is set to null", async () => {
+        stateService.getVaultTimeout.mockResolvedValue(null);
+
+        await cryptoService.setUserKey(mockUserKey, mockUserId);
+
+        expect(stateService.setUserKeyAutoUnlock).toHaveBeenCalledWith(mockUserKey.keyB64, {
+          userId: mockUserId,
+        });
+      });
+
+      it("clears the Auto key if vault timeout is set to anything other than null", async () => {
+        stateService.getVaultTimeout.mockResolvedValue(10);
+
+        await cryptoService.setUserKey(mockUserKey, mockUserId);
+
+        expect(stateService.setUserKeyAutoUnlock).toHaveBeenCalledWith(null, {
+          userId: mockUserId,
+        });
+      });
+
+      it("clears the old deprecated Auto key whenever a User Key is set", async () => {
+        await cryptoService.setUserKey(mockUserKey, mockUserId);
+
+        expect(stateService.setCryptoMasterKeyAuto).toHaveBeenCalledWith(null, {
+          userId: mockUserId,
+        });
+      });
+    });
+
+    describe("Pin Key refresh", () => {
+      let cryptoSvcMakePinKey: jest.SpyInstance;
+      const protectedPin =
+        "2.jcow2vTUePO+CCyokcIfVw==|DTBNlJ5yVsV2Bsk3UU3H6Q==|YvFBff5gxWqM+UsFB6BKimKxhC32AtjF3IStpU1Ijwg=";
+      let encPin: EncString;
+
+      beforeEach(() => {
+        cryptoSvcMakePinKey = jest.spyOn(cryptoService, "makePinKey");
+        cryptoSvcMakePinKey.mockResolvedValue(new SymmetricCryptoKey(new Uint8Array(64)) as PinKey);
+        encPin = new EncString(
+          "2.jcow2vTUePO+CCyokcIfVw==|DTBNlJ5yVsV2Bsk3UU3H6Q==|YvFBff5gxWqM+UsFB6BKimKxhC32AtjF3IStpU1Ijwg="
+        );
+        encryptService.encrypt.mockResolvedValue(encPin);
+      });
+
+      it("sets a UserKeyPin if a ProtectedPin and UserKeyPin is set", async () => {
+        stateService.getProtectedPin.mockResolvedValue(protectedPin);
+        stateService.getPinKeyEncryptedUserKey.mockResolvedValue(
+          new EncString(
+            "2.OdGNE3L23GaDZGvu9h2Brw==|/OAcNnrYwu0rjiv8+RUr3Tc+Ef8fV035Tm1rbTxfEuC+2LZtiCAoIvHIZCrM/V1PWnb/pHO2gh9+Koks04YhX8K29ED4FzjeYP8+YQD/dWo=|+12xTcIK/UVRsOyawYudPMHb6+lCHeR2Peq1pQhPm0A="
+          )
+        );
+
+        await cryptoService.setUserKey(mockUserKey, mockUserId);
+
+        expect(stateService.setPinKeyEncryptedUserKey).toHaveBeenCalledWith(expect.any(EncString), {
+          userId: mockUserId,
+        });
+      });
+
+      it("sets a PinKeyEphemeral if a ProtectedPin is set, but a UserKeyPin is not set", async () => {
+        stateService.getProtectedPin.mockResolvedValue(protectedPin);
+        stateService.getPinKeyEncryptedUserKey.mockResolvedValue(null);
+
+        await cryptoService.setUserKey(mockUserKey, mockUserId);
+
+        expect(stateService.setPinKeyEncryptedUserKeyEphemeral).toHaveBeenCalledWith(
+          expect.any(EncString),
+          {
+            userId: mockUserId,
+          }
+        );
+      });
+
+      it("clears the UserKeyPin and UserKeyPinEphemeral if the ProtectedPin is not set", async () => {
+        stateService.getProtectedPin.mockResolvedValue(null);
+
+        await cryptoService.setUserKey(mockUserKey, mockUserId);
+
+        expect(stateService.setPinKeyEncryptedUserKey).toHaveBeenCalledWith(null, {
+          userId: mockUserId,
+        });
+        expect(stateService.setPinKeyEncryptedUserKeyEphemeral).toHaveBeenCalledWith(null, {
+          userId: mockUserId,
+        });
+      });
+    });
+  });
 });
diff --git a/libs/common/src/platform/services/crypto.service.ts b/libs/common/src/platform/services/crypto.service.ts
index c42c7cc32a1..7be0738f68a 100644
--- a/libs/common/src/platform/services/crypto.service.ts
+++ b/libs/common/src/platform/services/crypto.service.ts
@@ -26,7 +26,14 @@ import { sequentialize } from "../misc/sequentialize";
 import { EFFLongWordList } from "../misc/wordlist";
 import { EncArrayBuffer } from "../models/domain/enc-array-buffer";
 import { EncString } from "../models/domain/enc-string";
-import { SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key";
+import {
+  MasterKey,
+  OrgKey,
+  PinKey,
+  ProviderKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../models/domain/symmetric-crypto-key";
 
 export class CryptoService implements CryptoServiceAbstraction {
   constructor(
@@ -37,31 +44,248 @@ export class CryptoService implements CryptoServiceAbstraction {
     protected stateService: StateService
   ) {}
 
-  async setKey(key: SymmetricCryptoKey, userId?: string): Promise<any> {
-    await this.stateService.setCryptoMasterKey(key, { userId: userId });
-    await this.storeKey(key, userId);
+  async setUserKey(key: UserKey, userId?: string): Promise<void> {
+    if (key != null) {
+      await this.stateService.setEverHadUserKey(true, { userId: userId });
+    }
+    await this.stateService.setUserKey(key, { userId: userId });
+    await this.storeAdditionalKeys(key, userId);
   }
 
-  async setKeyHash(keyHash: string): Promise<void> {
+  async getEverHadUserKey(userId?: string): Promise<boolean> {
+    return await this.stateService.getEverHadUserKey({ userId: userId });
+  }
+
+  async refreshAdditionalKeys(): Promise<void> {
+    const key = await this.getUserKey();
+    await this.setUserKey(key);
+  }
+
+  async getUserKey(userId?: string): Promise<UserKey> {
+    let userKey = await this.stateService.getUserKey({ userId: userId });
+    if (userKey) {
+      return userKey;
+    }
+
+    // If the user has set their vault timeout to 'Never', we can load the user key from storage
+    if (await this.hasUserKeyStored(KeySuffixOptions.Auto, userId)) {
+      userKey = await this.getKeyFromStorage(KeySuffixOptions.Auto, userId);
+      if (userKey) {
+        await this.setUserKey(userKey, userId);
+        return userKey;
+      }
+    }
+  }
+
+  async getUserKeyWithLegacySupport(userId?: string): Promise<UserKey> {
+    const userKey = await this.getUserKey(userId);
+    if (userKey) {
+      return userKey;
+    }
+
+    // Legacy support: encryption used to be done with the master key (derived from master password).
+    // Users who have not migrated will have a null user key and must use the master key instead.
+    return (await this.getMasterKey(userId)) as unknown as UserKey;
+  }
+
+  async getUserKeyFromStorage(keySuffix: KeySuffixOptions, userId?: string): Promise<UserKey> {
+    const userKey = await this.getKeyFromStorage(keySuffix, userId);
+    if (userKey) {
+      if (!(await this.validateUserKey(userKey))) {
+        this.logService.warning("Invalid key, throwing away stored keys");
+        await this.clearAllStoredUserKeys(userId);
+      }
+      return userKey;
+    }
+  }
+
+  async hasUserKey(): Promise<boolean> {
+    return (
+      (await this.hasUserKeyInMemory()) || (await this.hasUserKeyStored(KeySuffixOptions.Auto))
+    );
+  }
+
+  async hasUserKeyInMemory(userId?: string): Promise<boolean> {
+    return (await this.stateService.getUserKey({ userId: userId })) != null;
+  }
+
+  async hasUserKeyStored(keySuffix: KeySuffixOptions, userId?: string): Promise<boolean> {
+    return (await this.getKeyFromStorage(keySuffix, userId)) != null;
+  }
+
+  async makeUserKey(masterKey: MasterKey): Promise<[UserKey, EncString]> {
+    masterKey ||= await this.getMasterKey();
+    if (masterKey == null) {
+      throw new Error("No Master Key found.");
+    }
+
+    const newUserKey = await this.cryptoFunctionService.randomBytes(64);
+    return this.buildProtectedSymmetricKey(masterKey, newUserKey);
+  }
+
+  async clearUserKey(clearStoredKeys = true, userId?: string): Promise<void> {
+    await this.stateService.setUserKey(null, { userId: userId });
+    if (clearStoredKeys) {
+      await this.clearAllStoredUserKeys(userId);
+    }
+  }
+
+  async clearStoredUserKey(keySuffix: KeySuffixOptions, userId?: string): Promise<void> {
+    if (keySuffix === KeySuffixOptions.Auto) {
+      this.stateService.setUserKeyAutoUnlock(null, { userId: userId });
+      this.clearDeprecatedKeys(KeySuffixOptions.Auto, userId);
+    }
+    if (keySuffix === KeySuffixOptions.Pin) {
+      this.stateService.setPinKeyEncryptedUserKeyEphemeral(null, { userId: userId });
+      this.clearDeprecatedKeys(KeySuffixOptions.Pin, userId);
+    }
+  }
+
+  async setMasterKeyEncryptedUserKey(userKeyMasterKey: string, userId?: string): Promise<void> {
+    await this.stateService.setMasterKeyEncryptedUserKey(userKeyMasterKey, { userId: userId });
+  }
+
+  async setMasterKey(key: MasterKey, userId?: string): Promise<void> {
+    await this.stateService.setMasterKey(key, { userId: userId });
+  }
+
+  async getMasterKey(userId?: string): Promise<MasterKey> {
+    let masterKey = await this.stateService.getMasterKey({ userId: userId });
+    if (!masterKey) {
+      masterKey = (await this.stateService.getCryptoMasterKey({ userId: userId })) as MasterKey;
+      await this.setMasterKey(masterKey, userId);
+    }
+    return masterKey;
+  }
+
+  async getOrDeriveMasterKey(password: string, userId?: string) {
+    let masterKey = await this.getMasterKey(userId);
+    return (masterKey ||= await this.makeMasterKey(
+      password,
+      await this.stateService.getEmail({ userId: userId }),
+      await this.stateService.getKdfType({ userId: userId }),
+      await this.stateService.getKdfConfig({ userId: userId })
+    ));
+  }
+
+  async makeMasterKey(
+    password: string,
+    email: string,
+    kdf: KdfType,
+    KdfConfig: KdfConfig
+  ): Promise<MasterKey> {
+    return (await this.makeKey(password, email, kdf, KdfConfig)) as MasterKey;
+  }
+
+  async clearMasterKey(userId?: string): Promise<void> {
+    await this.stateService.setMasterKey(null, { userId: userId });
+  }
+
+  async encryptUserKeyWithMasterKey(
+    masterKey: MasterKey,
+    userKey?: UserKey
+  ): Promise<[UserKey, EncString]> {
+    userKey ||= await this.getUserKey();
+    return await this.buildProtectedSymmetricKey(masterKey, userKey.key);
+  }
+
+  async decryptUserKeyWithMasterKey(
+    masterKey: MasterKey,
+    userKey?: EncString,
+    userId?: string
+  ): Promise<UserKey> {
+    masterKey ||= await this.getMasterKey(userId);
+    if (masterKey == null) {
+      throw new Error("No master key found.");
+    }
+
+    if (!userKey) {
+      let masterKeyEncryptedUserKey = await this.stateService.getMasterKeyEncryptedUserKey({
+        userId: userId,
+      });
+
+      // Try one more way to get the user key if it still wasn't found.
+      if (masterKeyEncryptedUserKey == null) {
+        masterKeyEncryptedUserKey = await this.stateService.getEncryptedCryptoSymmetricKey({
+          userId: userId,
+        });
+      }
+
+      if (masterKeyEncryptedUserKey == null) {
+        throw new Error("No encrypted user key found.");
+      }
+      userKey = new EncString(masterKeyEncryptedUserKey);
+    }
+
+    let decUserKey: Uint8Array;
+    if (userKey.encryptionType === EncryptionType.AesCbc256_B64) {
+      decUserKey = await this.encryptService.decryptToBytes(userKey, masterKey);
+    } else if (userKey.encryptionType === EncryptionType.AesCbc256_HmacSha256_B64) {
+      const newKey = await this.stretchKey(masterKey);
+      decUserKey = await this.encryptService.decryptToBytes(userKey, newKey);
+    } else {
+      throw new Error("Unsupported encryption type.");
+    }
+    if (decUserKey == null) {
+      return null;
+    }
+
+    return new SymmetricCryptoKey(decUserKey) as UserKey;
+  }
+
+  async hashMasterKey(
+    password: string,
+    key: MasterKey,
+    hashPurpose?: HashPurpose
+  ): Promise<string> {
+    key ||= await this.getMasterKey();
+
+    if (password == null || key == null) {
+      throw new Error("Invalid parameters.");
+    }
+
+    const iterations = hashPurpose === HashPurpose.LocalAuthorization ? 2 : 1;
+    const hash = await this.cryptoFunctionService.pbkdf2(key.key, password, "sha256", iterations);
+    return Utils.fromBufferToB64(hash);
+  }
+
+  async setMasterKeyHash(keyHash: string): Promise<void> {
     await this.stateService.setKeyHash(keyHash);
   }
 
-  async setEncKey(encKey: string): Promise<void> {
-    if (encKey == null) {
-      return;
-    }
-
-    await this.stateService.setDecryptedCryptoSymmetricKey(null);
-    await this.stateService.setEncryptedCryptoSymmetricKey(encKey);
+  async getMasterKeyHash(): Promise<string> {
+    return await this.stateService.getKeyHash();
   }
 
-  async setEncPrivateKey(encPrivateKey: string): Promise<void> {
-    if (encPrivateKey == null) {
-      return;
+  async clearMasterKeyHash(userId?: string): Promise<void> {
+    return await this.stateService.setKeyHash(null, { userId: userId });
+  }
+
+  async compareAndUpdateKeyHash(masterPassword: string, masterKey: MasterKey): Promise<boolean> {
+    const storedPasswordHash = await this.getMasterKeyHash();
+    if (masterPassword != null && storedPasswordHash != null) {
+      const localKeyHash = await this.hashMasterKey(
+        masterPassword,
+        masterKey,
+        HashPurpose.LocalAuthorization
+      );
+      if (localKeyHash != null && storedPasswordHash === localKeyHash) {
+        return true;
+      }
+
+      // TODO: remove serverKeyHash check in 1-2 releases after everyone's keyHash has been updated
+      const serverKeyHash = await this.hashMasterKey(
+        masterPassword,
+        masterKey,
+        HashPurpose.ServerAuthorization
+      );
+      if (serverKeyHash != null && storedPasswordHash === serverKeyHash) {
+        await this.setMasterKeyHash(localKeyHash);
+        return true;
+      }
     }
 
-    await this.stateService.setDecryptedPrivateKey(null);
-    await this.stateService.setEncryptedPrivateKey(encPrivateKey);
+    return false;
   }
 
   async setOrgKeys(
@@ -89,6 +313,71 @@ export class CryptoService implements CryptoServiceAbstraction {
     return await this.stateService.setEncryptedOrganizationKeys(encOrgKeyData);
   }
 
+  async getOrgKey(orgId: string): Promise<OrgKey> {
+    if (orgId == null) {
+      return null;
+    }
+
+    const orgKeys = await this.getOrgKeys();
+    if (orgKeys == null || !orgKeys.has(orgId)) {
+      return null;
+    }
+
+    return orgKeys.get(orgId);
+  }
+
+  @sequentialize(() => "getOrgKeys")
+  async getOrgKeys(): Promise<Map<string, OrgKey>> {
+    const result: Map<string, OrgKey> = new Map<string, OrgKey>();
+    const decryptedOrganizationKeys = await this.stateService.getDecryptedOrganizationKeys();
+    if (decryptedOrganizationKeys != null && decryptedOrganizationKeys.size > 0) {
+      return decryptedOrganizationKeys as Map<string, OrgKey>;
+    }
+
+    const encOrgKeyData = await this.stateService.getEncryptedOrganizationKeys();
+    if (encOrgKeyData == null) {
+      return result;
+    }
+
+    let setKey = false;
+
+    for (const orgId of Object.keys(encOrgKeyData)) {
+      if (result.has(orgId)) {
+        continue;
+      }
+
+      const encOrgKey = BaseEncryptedOrganizationKey.fromData(encOrgKeyData[orgId]);
+      const decOrgKey = (await encOrgKey.decrypt(this)) as OrgKey;
+      result.set(orgId, decOrgKey);
+
+      setKey = true;
+    }
+
+    if (setKey) {
+      await this.stateService.setDecryptedOrganizationKeys(result);
+    }
+
+    return result;
+  }
+
+  async makeDataEncKey<T extends OrgKey | UserKey>(
+    key: T
+  ): Promise<[SymmetricCryptoKey, EncString]> {
+    if (key == null) {
+      throw new Error("No key provided");
+    }
+
+    const newSymKey = await this.cryptoFunctionService.randomBytes(64);
+    return this.buildProtectedSymmetricKey(key, newSymKey);
+  }
+
+  async clearOrgKeys(memoryOnly?: boolean, userId?: string): Promise<void> {
+    await this.stateService.setDecryptedOrganizationKeys(null, { userId: userId });
+    if (!memoryOnly) {
+      await this.stateService.setEncryptedOrganizationKeys(null, { userId: userId });
+    }
+  }
+
   async setProviderKeys(providers: ProfileProviderResponse[]): Promise<void> {
     const providerKeys: any = {};
     providers.forEach((provider) => {
@@ -99,77 +388,57 @@ export class CryptoService implements CryptoServiceAbstraction {
     return await this.stateService.setEncryptedProviderKeys(providerKeys);
   }
 
-  async getKey(keySuffix?: KeySuffixOptions, userId?: string): Promise<SymmetricCryptoKey> {
-    const inMemoryKey = await this.stateService.getCryptoMasterKey({ userId: userId });
-
-    if (inMemoryKey != null) {
-      return inMemoryKey;
+  async getProviderKey(providerId: string): Promise<ProviderKey> {
+    if (providerId == null) {
+      return null;
     }
 
-    keySuffix ||= KeySuffixOptions.Auto;
-    const symmetricKey = await this.getKeyFromStorage(keySuffix, userId);
-
-    if (symmetricKey != null) {
-      // TODO: Refactor here so get key doesn't also set key
-      this.setKey(symmetricKey, userId);
+    const providerKeys = await this.getProviderKeys();
+    if (providerKeys == null || !providerKeys.has(providerId)) {
+      return null;
     }
 
-    return symmetricKey;
+    return providerKeys.get(providerId);
   }
 
-  async getKeyFromStorage(
-    keySuffix: KeySuffixOptions,
-    userId?: string
-  ): Promise<SymmetricCryptoKey> {
-    const key = await this.retrieveKeyFromStorage(keySuffix, userId);
-    if (key != null) {
-      const symmetricKey = new SymmetricCryptoKey(Utils.fromB64ToArray(key));
+  @sequentialize(() => "getProviderKeys")
+  async getProviderKeys(): Promise<Map<string, ProviderKey>> {
+    const providerKeys: Map<string, ProviderKey> = new Map<string, ProviderKey>();
+    const decryptedProviderKeys = await this.stateService.getDecryptedProviderKeys();
+    if (decryptedProviderKeys != null && decryptedProviderKeys.size > 0) {
+      return decryptedProviderKeys as Map<string, ProviderKey>;
+    }
 
-      if (!(await this.validateKey(symmetricKey))) {
-        this.logService.warning("Wrong key, throwing away stored key");
-        await this.clearSecretKeyStore(userId);
-        return null;
+    const encProviderKeys = await this.stateService.getEncryptedProviderKeys();
+    if (encProviderKeys == null) {
+      return null;
+    }
+
+    let setKey = false;
+
+    for (const orgId in encProviderKeys) {
+      // eslint-disable-next-line
+      if (!encProviderKeys.hasOwnProperty(orgId)) {
+        continue;
       }
 
-      return symmetricKey;
-    }
-    return null;
-  }
-
-  async getKeyHash(): Promise<string> {
-    return await this.stateService.getKeyHash();
-  }
-
-  async compareAndUpdateKeyHash(masterPassword: string, key: SymmetricCryptoKey): Promise<boolean> {
-    const storedKeyHash = await this.getKeyHash();
-    if (masterPassword != null && storedKeyHash != null) {
-      const localKeyHash = await this.hashPassword(
-        masterPassword,
-        key,
-        HashPurpose.LocalAuthorization
-      );
-      if (localKeyHash != null && storedKeyHash === localKeyHash) {
-        return true;
-      }
-
-      // TODO: remove serverKeyHash check in 1-2 releases after everyone's keyHash has been updated
-      const serverKeyHash = await this.hashPassword(
-        masterPassword,
-        key,
-        HashPurpose.ServerAuthorization
-      );
-      if (serverKeyHash != null && storedKeyHash === serverKeyHash) {
-        await this.setKeyHash(localKeyHash);
-        return true;
-      }
+      const decValue = await this.rsaDecrypt(encProviderKeys[orgId]);
+      providerKeys.set(orgId, new SymmetricCryptoKey(decValue) as ProviderKey);
+      setKey = true;
     }
 
-    return false;
+    if (setKey) {
+      await this.stateService.setDecryptedProviderKeys(providerKeys);
+    }
+
+    return providerKeys;
   }
 
-  @sequentialize(() => "getEncKey")
-  getEncKey(key: SymmetricCryptoKey = null): Promise<SymmetricCryptoKey> {
-    return this.getEncKeyHelper(key);
+  async clearProviderKeys(memoryOnly?: boolean, userId?: string): Promise<void> {
+    await this.stateService.setDecryptedProviderKeys(null, { userId: userId });
+    if (!memoryOnly) {
+      await this.stateService.setEncryptedProviderKeys(null, { userId: userId });
+    }
   }
 
   async getPublicKey(): Promise<Uint8Array> {
@@ -188,6 +457,22 @@ export class CryptoService implements CryptoServiceAbstraction {
     return publicKey;
   }
 
+  async makeOrgKey<T extends OrgKey | ProviderKey>(): Promise<[EncString, T]> {
+    const shareKey = await this.cryptoFunctionService.randomBytes(64);
+    const publicKey = await this.getPublicKey();
+    const encShareKey = await this.rsaEncrypt(shareKey, publicKey);
+    return [encShareKey, new SymmetricCryptoKey(shareKey) as T];
+  }
+
+  async setPrivateKey(encPrivateKey: string): Promise<void> {
+    if (encPrivateKey == null) {
+      return;
+    }
+
+    await this.stateService.setDecryptedPrivateKey(null);
+    await this.stateService.setEncryptedPrivateKey(encPrivateKey);
+  }
+
   async getPrivateKey(): Promise<Uint8Array> {
     const decryptedPrivateKey = await this.stateService.getDecryptedPrivateKey();
     if (decryptedPrivateKey != null) {
@@ -199,7 +484,10 @@ export class CryptoService implements CryptoServiceAbstraction {
       return null;
     }
 
-    const privateKey = await this.decryptToBytes(new EncString(encPrivateKey), null);
+    const privateKey = await this.encryptService.decryptToBytes(
+      new EncString(encPrivateKey),
+      await this.getUserKeyWithLegacySupport()
+    );
     await this.stateService.setDecryptedPrivateKey(privateKey);
     return privateKey;
   }
@@ -221,151 +509,16 @@ export class CryptoService implements CryptoServiceAbstraction {
     return this.hashPhrase(userFingerprint);
   }
 
-  @sequentialize(() => "getOrgKeys")
-  async getOrgKeys(): Promise<Map<string, SymmetricCryptoKey>> {
-    const result: Map<string, SymmetricCryptoKey> = new Map<string, SymmetricCryptoKey>();
-    const decryptedOrganizationKeys = await this.stateService.getDecryptedOrganizationKeys();
-    if (decryptedOrganizationKeys != null && decryptedOrganizationKeys.size > 0) {
-      return decryptedOrganizationKeys;
-    }
+  async makeKeyPair(key?: SymmetricCryptoKey): Promise<[string, EncString]> {
+    key ||= await this.getUserKey();
 
-    const encOrgKeyData = await this.stateService.getEncryptedOrganizationKeys();
-    if (encOrgKeyData == null) {
-      return null;
-    }
-
-    let setKey = false;
-
-    for (const orgId of Object.keys(encOrgKeyData)) {
-      if (result.has(orgId)) {
-        continue;
-      }
-
-      const encOrgKey = BaseEncryptedOrganizationKey.fromData(encOrgKeyData[orgId]);
-      const decOrgKey = await encOrgKey.decrypt(this);
-      result.set(orgId, decOrgKey);
-
-      setKey = true;
-    }
-
-    if (setKey) {
-      await this.stateService.setDecryptedOrganizationKeys(result);
-    }
-
-    return result;
+    const keyPair = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);
+    const publicB64 = Utils.fromBufferToB64(keyPair[0]);
+    const privateEnc = await this.encryptService.encrypt(keyPair[1], key);
+    return [publicB64, privateEnc];
   }
 
-  async getOrgKey(orgId: string): Promise<SymmetricCryptoKey> {
-    if (orgId == null) {
-      return null;
-    }
-
-    const orgKeys = await this.getOrgKeys();
-    if (orgKeys == null || !orgKeys.has(orgId)) {
-      return null;
-    }
-
-    return orgKeys.get(orgId);
-  }
-
-  @sequentialize(() => "getProviderKeys")
-  async getProviderKeys(): Promise<Map<string, SymmetricCryptoKey>> {
-    const providerKeys: Map<string, SymmetricCryptoKey> = new Map<string, SymmetricCryptoKey>();
-    const decryptedProviderKeys = await this.stateService.getDecryptedProviderKeys();
-    if (decryptedProviderKeys != null && decryptedProviderKeys.size > 0) {
-      return decryptedProviderKeys;
-    }
-
-    const encProviderKeys = await this.stateService.getEncryptedProviderKeys();
-    if (encProviderKeys == null) {
-      return null;
-    }
-
-    let setKey = false;
-
-    for (const orgId in encProviderKeys) {
-      // eslint-disable-next-line
-      if (!encProviderKeys.hasOwnProperty(orgId)) {
-        continue;
-      }
-
-      const decValue = await this.rsaDecrypt(encProviderKeys[orgId]);
-      providerKeys.set(orgId, new SymmetricCryptoKey(decValue));
-      setKey = true;
-    }
-
-    if (setKey) {
-      await this.stateService.setDecryptedProviderKeys(providerKeys);
-    }
-
-    return providerKeys;
-  }
-
-  async getProviderKey(providerId: string): Promise<SymmetricCryptoKey> {
-    if (providerId == null) {
-      return null;
-    }
-
-    const providerKeys = await this.getProviderKeys();
-    if (providerKeys == null || !providerKeys.has(providerId)) {
-      return null;
-    }
-
-    return providerKeys.get(providerId);
-  }
-
-  async hasKey(): Promise<boolean> {
-    return (
-      (await this.hasKeyInMemory()) ||
-      (await this.hasKeyStored(KeySuffixOptions.Auto)) ||
-      (await this.hasKeyStored(KeySuffixOptions.Biometric))
-    );
-  }
-
-  async hasKeyInMemory(userId?: string): Promise<boolean> {
-    return (await this.stateService.getCryptoMasterKey({ userId: userId })) != null;
-  }
-
-  async hasKeyStored(keySuffix: KeySuffixOptions, userId?: string): Promise<boolean> {
-    switch (keySuffix) {
-      case KeySuffixOptions.Auto:
-        return (await this.stateService.getCryptoMasterKeyAuto({ userId: userId })) != null;
-      case KeySuffixOptions.Biometric:
-        return (await this.stateService.hasCryptoMasterKeyBiometric({ userId: userId })) === true;
-      default:
-        return false;
-    }
-  }
-
-  async hasEncKey(): Promise<boolean> {
-    return (await this.stateService.getEncryptedCryptoSymmetricKey()) != null;
-  }
-
-  async clearKey(clearSecretStorage = true, userId?: string): Promise<any> {
-    await this.stateService.setCryptoMasterKey(null, { userId: userId });
-    if (clearSecretStorage) {
-      await this.clearSecretKeyStore(userId);
-    }
-  }
-
-  async clearStoredKey(keySuffix: KeySuffixOptions) {
-    keySuffix === KeySuffixOptions.Auto
-      ? await this.stateService.setCryptoMasterKeyAuto(null)
-      : await this.stateService.setCryptoMasterKeyBiometric(null);
-  }
-
-  async clearKeyHash(userId?: string): Promise<any> {
-    return await this.stateService.setKeyHash(null, { userId: userId });
-  }
-
-  async clearEncKey(memoryOnly?: boolean, userId?: string): Promise<void> {
-    await this.stateService.setDecryptedCryptoSymmetricKey(null, { userId: userId });
-    if (!memoryOnly) {
-      await this.stateService.setEncryptedCryptoSymmetricKey(null, { userId: userId });
-    }
-  }
-
-  async clearKeyPair(memoryOnly?: boolean, userId?: string): Promise<any> {
+  async clearKeyPair(memoryOnly?: boolean, userId?: string): Promise<void[]> {
     const keysToClear: Promise<void>[] = [
       this.stateService.setDecryptedPrivateKey(null, { userId: userId }),
       this.stateService.setPublicKey(null, { userId: userId }),
@@ -376,130 +529,53 @@ export class CryptoService implements CryptoServiceAbstraction {
     return Promise.all(keysToClear);
   }
 
-  async clearOrgKeys(memoryOnly?: boolean, userId?: string): Promise<void> {
-    await this.stateService.setDecryptedOrganizationKeys(null, { userId: userId });
-    if (!memoryOnly) {
-      await this.stateService.setEncryptedOrganizationKeys(null, { userId: userId });
-    }
+  async makePinKey(pin: string, salt: string, kdf: KdfType, kdfConfig: KdfConfig): Promise<PinKey> {
+    const pinKey = await this.makeKey(pin, salt, kdf, kdfConfig);
+    return (await this.stretchKey(pinKey)) as PinKey;
   }
 
-  async clearProviderKeys(memoryOnly?: boolean, userId?: string): Promise<void> {
-    await this.stateService.setDecryptedProviderKeys(null, { userId: userId });
-    if (!memoryOnly) {
-      await this.stateService.setEncryptedProviderKeys(null, { userId: userId });
-    }
+  async clearPinKeys(userId?: string): Promise<void> {
+    await this.stateService.setPinKeyEncryptedUserKey(null, { userId: userId });
+    await this.stateService.setPinKeyEncryptedUserKeyEphemeral(null, { userId: userId });
+    await this.stateService.setProtectedPin(null, { userId: userId });
+    await this.clearDeprecatedKeys(KeySuffixOptions.Pin, userId);
   }
 
-  async clearPinProtectedKey(userId?: string): Promise<any> {
-    return await this.stateService.setEncryptedPinProtected(null, { userId: userId });
-  }
-
-  async clearKeys(userId?: string): Promise<any> {
-    await this.clearKey(true, userId);
-    await this.clearKeyHash(userId);
-    await this.clearOrgKeys(false, userId);
-    await this.clearProviderKeys(false, userId);
-    await this.clearEncKey(false, userId);
-    await this.clearKeyPair(false, userId);
-    await this.clearPinProtectedKey(userId);
-  }
-
-  async toggleKey(): Promise<any> {
-    const key = await this.getKey();
-
-    await this.setKey(key);
-  }
-
-  async makeKey(
-    password: string,
-    salt: string,
-    kdf: KdfType,
-    kdfConfig: KdfConfig
-  ): Promise<SymmetricCryptoKey> {
-    let key: Uint8Array = null;
-    if (kdf == null || kdf === KdfType.PBKDF2_SHA256) {
-      if (kdfConfig.iterations == null) {
-        kdfConfig.iterations = 5000;
-      } else if (kdfConfig.iterations < 5000) {
-        throw new Error("PBKDF2 iteration minimum is 5000.");
-      }
-      key = await this.cryptoFunctionService.pbkdf2(password, salt, "sha256", kdfConfig.iterations);
-    } else if (kdf == KdfType.Argon2id) {
-      if (kdfConfig.iterations == null) {
-        kdfConfig.iterations = DEFAULT_ARGON2_ITERATIONS;
-      } else if (kdfConfig.iterations < 2) {
-        throw new Error("Argon2 iteration minimum is 2.");
-      }
-
-      if (kdfConfig.memory == null) {
-        kdfConfig.memory = DEFAULT_ARGON2_MEMORY;
-      } else if (kdfConfig.memory < 16) {
-        throw new Error("Argon2 memory minimum is 16 MB");
-      } else if (kdfConfig.memory > 1024) {
-        throw new Error("Argon2 memory maximum is 1024 MB");
-      }
-
-      if (kdfConfig.parallelism == null) {
-        kdfConfig.parallelism = DEFAULT_ARGON2_PARALLELISM;
-      } else if (kdfConfig.parallelism < 1) {
-        throw new Error("Argon2 parallelism minimum is 1.");
-      }
-
-      const saltHash = await this.cryptoFunctionService.hash(salt, "sha256");
-      key = await this.cryptoFunctionService.argon2(
-        password,
-        saltHash,
-        kdfConfig.iterations,
-        kdfConfig.memory * 1024, // convert to KiB from MiB
-        kdfConfig.parallelism
-      );
-    } else {
-      throw new Error("Unknown Kdf.");
-    }
-    return new SymmetricCryptoKey(key);
-  }
-
-  async makeKeyFromPin(
+  async decryptUserKeyWithPin(
     pin: string,
     salt: string,
     kdf: KdfType,
     kdfConfig: KdfConfig,
-    protectedKeyCs: EncString = null
-  ): Promise<SymmetricCryptoKey> {
-    if (protectedKeyCs == null) {
-      const pinProtectedKey = await this.stateService.getEncryptedPinProtected();
-      if (pinProtectedKey == null) {
-        throw new Error("No PIN protected key found.");
-      }
-      protectedKeyCs = new EncString(pinProtectedKey);
+    pinProtectedUserKey?: EncString
+  ): Promise<UserKey> {
+    pinProtectedUserKey ||= await this.stateService.getPinKeyEncryptedUserKey();
+    pinProtectedUserKey ||= await this.stateService.getPinKeyEncryptedUserKeyEphemeral();
+    if (!pinProtectedUserKey) {
+      throw new Error("No PIN protected key found.");
     }
     const pinKey = await this.makePinKey(pin, salt, kdf, kdfConfig);
-    const decKey = await this.decryptToBytes(protectedKeyCs, pinKey);
-    return new SymmetricCryptoKey(decKey);
+    const userKey = await this.encryptService.decryptToBytes(pinProtectedUserKey, pinKey);
+    return new SymmetricCryptoKey(userKey) as UserKey;
   }
 
-  async makeShareKey(): Promise<[EncString, SymmetricCryptoKey]> {
-    const shareKey = await this.cryptoFunctionService.randomBytes(64);
-    const publicKey = await this.getPublicKey();
-    const encShareKey = await this.rsaEncrypt(shareKey, publicKey);
-    return [encShareKey, new SymmetricCryptoKey(shareKey)];
-  }
-
-  async makeKeyPair(key?: SymmetricCryptoKey): Promise<[string, EncString]> {
-    const keyPair = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);
-    const publicB64 = Utils.fromBufferToB64(keyPair[0]);
-    const privateEnc = await this.encrypt(keyPair[1], key);
-    return [publicB64, privateEnc];
-  }
-
-  async makePinKey(
+  // only for migration purposes
+  async decryptMasterKeyWithPin(
     pin: string,
     salt: string,
     kdf: KdfType,
-    kdfConfig: KdfConfig
-  ): Promise<SymmetricCryptoKey> {
-    const pinKey = await this.makeKey(pin, salt, kdf, kdfConfig);
-    return await this.stretchKey(pinKey);
+    kdfConfig: KdfConfig,
+    pinProtectedMasterKey?: EncString
+  ): Promise<MasterKey> {
+    if (!pinProtectedMasterKey) {
+      const pinProtectedMasterKeyString = await this.stateService.getEncryptedPinProtected();
+      if (pinProtectedMasterKeyString == null) {
+        throw new Error("No PIN protected key found.");
+      }
+      pinProtectedMasterKey = new EncString(pinProtectedMasterKeyString);
+    }
+    const pinKey = await this.makePinKey(pin, salt, kdf, kdfConfig);
+    const masterKey = await this.encryptService.decryptToBytes(pinProtectedMasterKey, pinKey);
+    return new SymmetricCryptoKey(masterKey) as MasterKey;
   }
 
   async makeSendKey(keyMaterial: Uint8Array): Promise<SymmetricCryptoKey> {
@@ -513,55 +589,13 @@ export class CryptoService implements CryptoServiceAbstraction {
     return new SymmetricCryptoKey(sendKey);
   }
 
-  async hashPassword(
-    password: string,
-    key: SymmetricCryptoKey,
-    hashPurpose?: HashPurpose
-  ): Promise<string> {
-    if (key == null) {
-      key = await this.getKey();
-    }
-    if (password == null || key == null) {
-      throw new Error("Invalid parameters.");
-    }
-
-    const iterations = hashPurpose === HashPurpose.LocalAuthorization ? 2 : 1;
-    const hash = await this.cryptoFunctionService.pbkdf2(key.key, password, "sha256", iterations);
-    return Utils.fromBufferToB64(hash);
-  }
-
-  async makeEncKey(key: SymmetricCryptoKey): Promise<[SymmetricCryptoKey, EncString]> {
-    const theKey = await this.getKeyForUserEncryption(key);
-    const encKey = await this.cryptoFunctionService.randomBytes(64);
-    return this.buildEncKey(theKey, encKey);
-  }
-
-  async remakeEncKey(
-    key: SymmetricCryptoKey,
-    encKey?: SymmetricCryptoKey
-  ): Promise<[SymmetricCryptoKey, EncString]> {
-    if (encKey == null) {
-      encKey = await this.getEncKey();
-    }
-    return this.buildEncKey(key, encKey.key);
-  }
-
-  /**
-   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
-   * and then call encryptService.encrypt
-   */
-  async encrypt(plainValue: string | Uint8Array, key?: SymmetricCryptoKey): Promise<EncString> {
-    key = await this.getKeyForUserEncryption(key);
-    return await this.encryptService.encrypt(plainValue, key);
-  }
-
-  /**
-   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
-   * and then call encryptService.encryptToBytes
-   */
-  async encryptToBytes(plainValue: Uint8Array, key?: SymmetricCryptoKey): Promise<EncArrayBuffer> {
-    key = await this.getKeyForUserEncryption(key);
-    return this.encryptService.encryptToBytes(plainValue, key);
+  async clearKeys(userId?: string): Promise<any> {
+    await this.clearUserKey(true, userId);
+    await this.clearMasterKeyHash(userId);
+    await this.clearOrgKeys(false, userId);
+    await this.clearProviderKeys(false, userId);
+    await this.clearKeyPair(false, userId);
+    await this.clearPinKeys(userId);
   }
 
   async rsaEncrypt(data: Uint8Array, publicKey?: Uint8Array): Promise<EncString> {
@@ -629,38 +663,6 @@ export class CryptoService implements CryptoServiceAbstraction {
     return this.cryptoFunctionService.rsaDecrypt(data, privateKey, alg);
   }
 
-  /**
-   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
-   * and then call encryptService.decryptToBytes
-   */
-  async decryptToBytes(encString: EncString, key?: SymmetricCryptoKey): Promise<Uint8Array> {
-    const keyForEnc = await this.getKeyForUserEncryption(key);
-    return this.encryptService.decryptToBytes(encString, keyForEnc);
-  }
-
-  /**
-   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
-   * and then call encryptService.decryptToUtf8
-   */
-  async decryptToUtf8(encString: EncString, key?: SymmetricCryptoKey): Promise<string> {
-    key = await this.getKeyForUserEncryption(key);
-    return await this.encryptService.decryptToUtf8(encString, key);
-  }
-
-  /**
-   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
-   * and then call encryptService.decryptToBytes
-   */
-  async decryptFromBytes(encBuffer: EncArrayBuffer, key: SymmetricCryptoKey): Promise<Uint8Array> {
-    if (encBuffer == null) {
-      throw new Error("No buffer provided for decryption.");
-    }
-
-    key = await this.getKeyForUserEncryption(key);
-
-    return this.encryptService.decryptToBytes(encBuffer, key);
-  }
-
   // EFForg/OpenWireless
   // ref https://github.com/EFForg/OpenWireless/blob/master/app/js/diceware.js
   async randomNumber(min: number, max: number): Promise<number> {
@@ -696,15 +698,22 @@ export class CryptoService implements CryptoServiceAbstraction {
     return min + rval;
   }
 
-  async validateKey(key: SymmetricCryptoKey) {
+  // ---HELPERS---
+  protected async validateUserKey(key: UserKey): Promise<boolean> {
+    if (!key) {
+      return false;
+    }
+
     try {
       const encPrivateKey = await this.stateService.getEncryptedPrivateKey();
-      const encKey = await this.getEncKeyHelper(key);
-      if (encPrivateKey == null || encKey == null) {
+      if (encPrivateKey == null) {
         return false;
       }
 
-      const privateKey = await this.decryptToBytes(new EncString(encPrivateKey), encKey);
+      const privateKey = await this.encryptService.decryptToBytes(
+        new EncString(encPrivateKey),
+        key
+      );
       await this.cryptoFunctionService.rsaExtractPublicKey(privateKey);
     } catch (e) {
       return false;
@@ -713,53 +722,115 @@ export class CryptoService implements CryptoServiceAbstraction {
     return true;
   }
 
-  // ---HELPERS---
+  /**
+   * Initialize all necessary crypto keys needed for a new account.
+   * Warning! This completely replaces any existing keys!
+   */
+  async initAccount(): Promise<{
+    userKey: UserKey;
+    publicKey: string;
+    privateKey: EncString;
+  }> {
+    const randomBytes = await this.cryptoFunctionService.randomBytes(64);
+    const userKey = new SymmetricCryptoKey(randomBytes) as UserKey;
+    const [publicKey, privateKey] = await this.makeKeyPair(userKey);
+    await this.setUserKey(userKey);
+    await this.stateService.setEncryptedPrivateKey(privateKey.encryptedString);
 
-  protected async storeKey(key: SymmetricCryptoKey, userId?: string) {
+    return {
+      userKey,
+      publicKey,
+      privateKey,
+    };
+  }
+
+  /**
+   * Generates any additional keys if needed. Additional keys are
+   * keys such as biometrics, auto, and pin keys.
+   * Useful to make sure other keys stay in sync when the user key
+   * has been rotated.
+   * @param key The user key
+   * @param userId The desired user
+   */
+  protected async storeAdditionalKeys(key: UserKey, userId?: string) {
     const storeAuto = await this.shouldStoreKey(KeySuffixOptions.Auto, userId);
-
     if (storeAuto) {
-      await this.storeAutoKey(key, userId);
+      await this.stateService.setUserKeyAutoUnlock(key.keyB64, { userId: userId });
     } else {
-      await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
+      await this.stateService.setUserKeyAutoUnlock(null, { userId: userId });
+    }
+    await this.clearDeprecatedKeys(KeySuffixOptions.Auto, userId);
+
+    const storePin = await this.shouldStoreKey(KeySuffixOptions.Pin, userId);
+    if (storePin) {
+      await this.storePinKey(key, userId);
+      // We can't always clear deprecated keys because the pin is only
+      // migrated once used to unlock
+      await this.clearDeprecatedKeys(KeySuffixOptions.Pin, userId);
+    } else {
+      await this.stateService.setPinKeyEncryptedUserKey(null, { userId: userId });
+      await this.stateService.setPinKeyEncryptedUserKeyEphemeral(null, { userId: userId });
     }
   }
 
-  protected async storeAutoKey(key: SymmetricCryptoKey, userId?: string) {
-    await this.stateService.setCryptoMasterKeyAuto(key.keyB64, { userId: userId });
+  /**
+   * Stores the pin key if needed. If MP on Reset is enabled, stores the
+   * ephemeral version.
+   * @param key The user key
+   */
+  protected async storePinKey(key: UserKey, userId?: string) {
+    const pin = await this.encryptService.decryptToUtf8(
+      new EncString(await this.stateService.getProtectedPin({ userId: userId })),
+      key
+    );
+    const pinKey = await this.makePinKey(
+      pin,
+      await this.stateService.getEmail({ userId: userId }),
+      await this.stateService.getKdfType({ userId: userId }),
+      await this.stateService.getKdfConfig({ userId: userId })
+    );
+    const encPin = await this.encryptService.encrypt(key.key, pinKey);
+
+    if ((await this.stateService.getPinKeyEncryptedUserKey({ userId: userId })) != null) {
+      await this.stateService.setPinKeyEncryptedUserKey(encPin, { userId: userId });
+    } else {
+      await this.stateService.setPinKeyEncryptedUserKeyEphemeral(encPin, { userId: userId });
+    }
   }
 
   protected async shouldStoreKey(keySuffix: KeySuffixOptions, userId?: string) {
     let shouldStoreKey = false;
-    if (keySuffix === KeySuffixOptions.Auto) {
-      const vaultTimeout = await this.stateService.getVaultTimeout({ userId: userId });
-      shouldStoreKey = vaultTimeout == null;
-    } else if (keySuffix === KeySuffixOptions.Biometric) {
-      const biometricUnlock = await this.stateService.getBiometricUnlock({ userId: userId });
-      shouldStoreKey = biometricUnlock && this.platformUtilService.supportsSecureStorage();
+    switch (keySuffix) {
+      case KeySuffixOptions.Auto: {
+        const vaultTimeout = await this.stateService.getVaultTimeout({ userId: userId });
+        shouldStoreKey = vaultTimeout == null;
+        break;
+      }
+      case KeySuffixOptions.Pin: {
+        const protectedPin = await this.stateService.getProtectedPin({ userId: userId });
+        shouldStoreKey = !!protectedPin;
+        break;
+      }
     }
     return shouldStoreKey;
   }
 
-  protected async retrieveKeyFromStorage(keySuffix: KeySuffixOptions, userId?: string) {
-    return keySuffix === KeySuffixOptions.Auto
-      ? await this.stateService.getCryptoMasterKeyAuto({ userId: userId })
-      : await this.stateService.getCryptoMasterKeyBiometric({ userId: userId });
+  protected async getKeyFromStorage(
+    keySuffix: KeySuffixOptions,
+    userId?: string
+  ): Promise<UserKey> {
+    if (keySuffix === KeySuffixOptions.Auto) {
+      const userKey = await this.stateService.getUserKeyAutoUnlock({ userId: userId });
+      if (userKey) {
+        return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey)) as UserKey;
+      }
+    }
+    return null;
   }
 
-  async getKeyForUserEncryption(key?: SymmetricCryptoKey): Promise<SymmetricCryptoKey> {
-    if (key != null) {
-      return key;
-    }
-
-    const encKey = await this.getEncKey();
-    if (encKey != null) {
-      return encKey;
-    }
-
-    // Legacy support: encryption used to be done with the user key (derived from master password).
-    // Users who have not migrated will have a null encKey and must use the user key instead.
-    return await this.getKey();
+  protected async clearAllStoredUserKeys(userId?: string): Promise<void> {
+    await this.stateService.setUserKeyAutoUnlock(null, { userId: userId });
+    await this.stateService.setPinKeyEncryptedUserKeyEphemeral(null, { userId: userId });
   }
 
   private async stretchKey(key: SymmetricCryptoKey): Promise<SymmetricCryptoKey> {
@@ -791,60 +862,187 @@ export class CryptoService implements CryptoServiceAbstraction {
     return phrase;
   }
 
-  private async buildEncKey(
-    key: SymmetricCryptoKey,
-    encKey: Uint8Array
-  ): Promise<[SymmetricCryptoKey, EncString]> {
-    let encKeyEnc: EncString = null;
-    if (key.key.byteLength === 32) {
-      const newKey = await this.stretchKey(key);
-      encKeyEnc = await this.encrypt(encKey, newKey);
-    } else if (key.key.byteLength === 64) {
-      encKeyEnc = await this.encrypt(encKey, key);
+  private async buildProtectedSymmetricKey<T extends SymmetricCryptoKey>(
+    encryptionKey: SymmetricCryptoKey,
+    newSymKey: Uint8Array
+  ): Promise<[T, EncString]> {
+    let protectedSymKey: EncString = null;
+    if (encryptionKey.key.byteLength === 32) {
+      const stretchedEncryptionKey = await this.stretchKey(encryptionKey);
+      protectedSymKey = await this.encryptService.encrypt(newSymKey, stretchedEncryptionKey);
+    } else if (encryptionKey.key.byteLength === 64) {
+      protectedSymKey = await this.encryptService.encrypt(newSymKey, encryptionKey);
     } else {
       throw new Error("Invalid key size.");
     }
-    return [new SymmetricCryptoKey(encKey), encKeyEnc];
+    return [new SymmetricCryptoKey(newSymKey) as T, protectedSymKey];
   }
 
-  private async clearSecretKeyStore(userId?: string): Promise<void> {
-    await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
-    await this.stateService.setCryptoMasterKeyBiometric(null, { userId: userId });
-  }
+  private async makeKey(
+    password: string,
+    salt: string,
+    kdf: KdfType,
+    kdfConfig: KdfConfig
+  ): Promise<SymmetricCryptoKey> {
+    let key: Uint8Array = null;
+    if (kdf == null || kdf === KdfType.PBKDF2_SHA256) {
+      if (kdfConfig.iterations == null) {
+        kdfConfig.iterations = 5000;
+      } else if (kdfConfig.iterations < 5000) {
+        throw new Error("PBKDF2 iteration minimum is 5000.");
+      }
+      key = await this.cryptoFunctionService.pbkdf2(password, salt, "sha256", kdfConfig.iterations);
+    } else if (kdf == KdfType.Argon2id) {
+      if (kdfConfig.iterations == null) {
+        kdfConfig.iterations = DEFAULT_ARGON2_ITERATIONS;
+      } else if (kdfConfig.iterations < 2) {
+        throw new Error("Argon2 iteration minimum is 2.");
+      }
 
-  private async getEncKeyHelper(key: SymmetricCryptoKey = null): Promise<SymmetricCryptoKey> {
-    const inMemoryKey = await this.stateService.getDecryptedCryptoSymmetricKey();
-    if (inMemoryKey != null) {
-      return inMemoryKey;
-    }
+      if (kdfConfig.memory == null) {
+        kdfConfig.memory = DEFAULT_ARGON2_MEMORY;
+      } else if (kdfConfig.memory < 16) {
+        throw new Error("Argon2 memory minimum is 16 MB");
+      } else if (kdfConfig.memory > 1024) {
+        throw new Error("Argon2 memory maximum is 1024 MB");
+      }
 
-    const encKey = await this.stateService.getEncryptedCryptoSymmetricKey();
-    if (encKey == null) {
-      return null;
-    }
+      if (kdfConfig.parallelism == null) {
+        kdfConfig.parallelism = DEFAULT_ARGON2_PARALLELISM;
+      } else if (kdfConfig.parallelism < 1) {
+        throw new Error("Argon2 parallelism minimum is 1.");
+      }
 
-    if (key == null) {
-      key = await this.getKey();
-    }
-    if (key == null) {
-      return null;
-    }
-
-    let decEncKey: Uint8Array;
-    const encKeyCipher = new EncString(encKey);
-    if (encKeyCipher.encryptionType === EncryptionType.AesCbc256_B64) {
-      decEncKey = await this.decryptToBytes(encKeyCipher, key);
-    } else if (encKeyCipher.encryptionType === EncryptionType.AesCbc256_HmacSha256_B64) {
-      const newKey = await this.stretchKey(key);
-      decEncKey = await this.decryptToBytes(encKeyCipher, newKey);
+      const saltHash = await this.cryptoFunctionService.hash(salt, "sha256");
+      key = await this.cryptoFunctionService.argon2(
+        password,
+        saltHash,
+        kdfConfig.iterations,
+        kdfConfig.memory * 1024, // convert to KiB from MiB
+        kdfConfig.parallelism
+      );
     } else {
-      throw new Error("Unsupported encKey type.");
+      throw new Error("Unknown Kdf.");
     }
-    if (decEncKey == null) {
-      return null;
+    return new SymmetricCryptoKey(key);
+  }
+
+  // --LEGACY METHODS--
+  // We previously used the master key for additional keys, but now we use the user key.
+  // These methods support migrating the old keys to the new ones.
+  // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3475)
+
+  async clearDeprecatedKeys(keySuffix: KeySuffixOptions, userId?: string) {
+    if (keySuffix === KeySuffixOptions.Auto) {
+      await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
+    } else if (keySuffix === KeySuffixOptions.Pin) {
+      await this.stateService.setEncryptedPinProtected(null, { userId: userId });
+      await this.stateService.setDecryptedPinProtected(null, { userId: userId });
     }
-    const symmetricCryptoKey = new SymmetricCryptoKey(decEncKey);
-    await this.stateService.setDecryptedCryptoSymmetricKey(symmetricCryptoKey);
-    return symmetricCryptoKey;
+  }
+
+  async migrateAutoKeyIfNeeded(userId?: string) {
+    const oldAutoKey = await this.stateService.getCryptoMasterKeyAuto({ userId: userId });
+    if (oldAutoKey) {
+      // decrypt
+      const masterKey = new SymmetricCryptoKey(Utils.fromB64ToArray(oldAutoKey)) as MasterKey;
+      const encryptedUserKey = await this.stateService.getEncryptedCryptoSymmetricKey({
+        userId: userId,
+      });
+      const userKey = await this.decryptUserKeyWithMasterKey(
+        masterKey,
+        new EncString(encryptedUserKey),
+        userId
+      );
+      // migrate
+      await this.stateService.setUserKeyAutoUnlock(userKey.keyB64, { userId: userId });
+      await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
+      // set encrypted user key in case user immediately locks without syncing
+      await this.setMasterKeyEncryptedUserKey(encryptedUserKey);
+    }
+  }
+
+  async decryptAndMigrateOldPinKey(
+    masterPasswordOnRestart: boolean,
+    pin: string,
+    email: string,
+    kdf: KdfType,
+    kdfConfig: KdfConfig,
+    oldPinKey: EncString
+  ): Promise<UserKey> {
+    // Decrypt
+    const masterKey = await this.decryptMasterKeyWithPin(pin, email, kdf, kdfConfig, oldPinKey);
+    const encUserKey = await this.stateService.getEncryptedCryptoSymmetricKey();
+    const userKey = await this.decryptUserKeyWithMasterKey(masterKey, new EncString(encUserKey));
+    // Migrate
+    const pinKey = await this.makePinKey(pin, email, kdf, kdfConfig);
+    const pinProtectedKey = await this.encryptService.encrypt(userKey.key, pinKey);
+    if (masterPasswordOnRestart) {
+      await this.stateService.setDecryptedPinProtected(null);
+      await this.stateService.setPinKeyEncryptedUserKeyEphemeral(pinProtectedKey);
+    } else {
+      await this.stateService.setEncryptedPinProtected(null);
+      await this.stateService.setPinKeyEncryptedUserKey(pinProtectedKey);
+      // We previously only set the protected pin if MP on Restart was enabled
+      // now we set it regardless
+      const encPin = await this.encryptService.encrypt(pin, userKey);
+      await this.stateService.setProtectedPin(encPin.encryptedString);
+    }
+    // This also clears the old Biometrics key since the new Biometrics key will
+    // be created when the user key is set.
+    await this.stateService.setCryptoMasterKeyBiometric(null);
+    return userKey;
+  }
+
+  // --DEPRECATED METHODS--
+
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.encrypt
+   */
+  async encrypt(plainValue: string | Uint8Array, key?: SymmetricCryptoKey): Promise<EncString> {
+    key ||= await this.getUserKeyWithLegacySupport();
+    return await this.encryptService.encrypt(plainValue, key);
+  }
+
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.encryptToBytes
+   */
+  async encryptToBytes(plainValue: Uint8Array, key?: SymmetricCryptoKey): Promise<EncArrayBuffer> {
+    key ||= await this.getUserKeyWithLegacySupport();
+    return this.encryptService.encryptToBytes(plainValue, key);
+  }
+
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.decryptToBytes
+   */
+  async decryptToBytes(encString: EncString, key?: SymmetricCryptoKey): Promise<Uint8Array> {
+    key ||= await this.getUserKeyWithLegacySupport();
+    return this.encryptService.decryptToBytes(encString, key);
+  }
+
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.decryptToUtf8
+   */
+  async decryptToUtf8(encString: EncString, key?: SymmetricCryptoKey): Promise<string> {
+    key ||= await this.getUserKeyWithLegacySupport();
+    return await this.encryptService.decryptToUtf8(encString, key);
+  }
+
+  /**
+   * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+   * and then call encryptService.decryptToBytes
+   */
+  async decryptFromBytes(encBuffer: EncArrayBuffer, key: SymmetricCryptoKey): Promise<Uint8Array> {
+    if (encBuffer == null) {
+      throw new Error("No buffer provided for decryption.");
+    }
+
+    key ||= await this.getUserKeyWithLegacySupport();
+
+    return this.encryptService.decryptToBytes(encBuffer, key);
   }
 }
diff --git a/libs/common/src/platform/services/state.service.ts b/libs/common/src/platform/services/state.service.ts
index 98525c16b06..14ba4abfd39 100644
--- a/libs/common/src/platform/services/state.service.ts
+++ b/libs/common/src/platform/services/state.service.ts
@@ -6,6 +6,7 @@ import { OrganizationData } from "../../admin-console/models/data/organization.d
 import { PolicyData } from "../../admin-console/models/data/policy.data";
 import { ProviderData } from "../../admin-console/models/data/provider.data";
 import { Policy } from "../../admin-console/models/domain/policy";
+import { AdminAuthRequestStorable } from "../../auth/models/domain/admin-auth-req-storable";
 import { EnvironmentUrls } from "../../auth/models/domain/environment-urls";
 import { ForceResetPasswordReason } from "../../auth/models/domain/force-reset-password-reason";
 import { KdfConfig } from "../../auth/models/domain/kdf-config";
@@ -43,6 +44,7 @@ import { ServerConfigData } from "../models/data/server-config.data";
 import {
   Account,
   AccountData,
+  AccountDecryptionOptions,
   AccountSettings,
   AccountSettingsSettings,
 } from "../models/domain/account";
@@ -50,7 +52,12 @@ import { EncString } from "../models/domain/enc-string";
 import { GlobalState } from "../models/domain/global-state";
 import { State } from "../models/domain/state";
 import { StorageOptions } from "../models/domain/storage-options";
-import { DeviceKey, SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key";
+import {
+  DeviceKey,
+  MasterKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../models/domain/symmetric-crypto-key";
 
 const keys = {
   state: "state",
@@ -62,6 +69,9 @@ const keys = {
 };
 
 const partialKeys = {
+  userAutoKey: "_user_auto",
+  userBiometricKey: "_user_biometric",
+
   autoKey: "_masterkey_auto",
   biometricKey: "_masterkey_biometric",
   masterKey: "_masterkey",
@@ -112,7 +122,7 @@ export class StateService<
           // FIXME: This should be refactored into AuthService or a similar service,
           //  as checking for the existence of the crypto key is a low level
           //  implementation detail.
-          this.activeAccountUnlockedSubject.next((await this.getCryptoMasterKey()) != null);
+          this.activeAccountUnlockedSubject.next((await this.getUserKey()) != null);
         })
       )
       .subscribe();
@@ -515,6 +525,9 @@ export class StateService<
     );
   }
 
+  /**
+   * @deprecated Do not save the Master Key. Use the User Symmetric Key instead
+   */
   async getCryptoMasterKey(options?: StorageOptions): Promise<SymmetricCryptoKey> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
@@ -522,6 +535,9 @@ export class StateService<
     return account?.keys?.cryptoMasterKey;
   }
 
+  /**
+   * @deprecated Do not save the Master Key. Use the User Symmetric Key instead
+   */
   async setCryptoMasterKey(value: SymmetricCryptoKey, options?: StorageOptions): Promise<void> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
@@ -542,6 +558,203 @@ export class StateService<
     }
   }
 
+  /**
+   * user key used to encrypt/decrypt data
+   */
+  async getUserKey(options?: StorageOptions): Promise<UserKey> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+    return account?.keys?.userKey as UserKey;
+  }
+
+  /**
+   * user key used to encrypt/decrypt data
+   */
+  async setUserKey(value: UserKey, options?: StorageOptions): Promise<void> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+    account.keys.userKey = value;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+
+    if (options?.userId == this.activeAccountSubject.getValue()) {
+      const nextValue = value != null;
+
+      // Avoid emitting if we are already unlocked
+      if (this.activeAccountUnlockedSubject.getValue() != nextValue) {
+        this.activeAccountUnlockedSubject.next(nextValue);
+      }
+    }
+  }
+
+  /**
+   * User's master key derived from MP, saved only if we decrypted with MP
+   */
+  async getMasterKey(options?: StorageOptions): Promise<MasterKey> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+    return account?.keys?.masterKey;
+  }
+
+  /**
+   * User's master key derived from MP, saved only if we decrypted with MP
+   */
+  async setMasterKey(value: MasterKey, options?: StorageOptions): Promise<void> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+    account.keys.masterKey = value;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+  }
+
+  /**
+   * The master key encrypted User symmetric key, saved on every auth
+   * so we can unlock with MP offline
+   */
+  async getMasterKeyEncryptedUserKey(options?: StorageOptions): Promise<string> {
+    return (
+      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
+    )?.keys.masterKeyEncryptedUserKey;
+  }
+
+  /**
+   * The master key encrypted User symmetric key, saved on every auth
+   * so we can unlock with MP offline
+   */
+  async setMasterKeyEncryptedUserKey(value: string, options?: StorageOptions): Promise<void> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+    account.keys.masterKeyEncryptedUserKey = value;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+  }
+
+  /**
+   * user key when using the "never" option of vault timeout
+   */
+  async getUserKeyAutoUnlock(options?: StorageOptions): Promise<string> {
+    options = this.reconcileOptions(
+      this.reconcileOptions(options, { keySuffix: "auto" }),
+      await this.defaultSecureStorageOptions()
+    );
+    if (options?.userId == null) {
+      return null;
+    }
+    return await this.secureStorageService.get<string>(
+      `${options.userId}${partialKeys.userAutoKey}`,
+      options
+    );
+  }
+
+  /**
+   * user key when using the "never" option of vault timeout
+   */
+  async setUserKeyAutoUnlock(value: string, options?: StorageOptions): Promise<void> {
+    options = this.reconcileOptions(
+      this.reconcileOptions(options, { keySuffix: "auto" }),
+      await this.defaultSecureStorageOptions()
+    );
+    if (options?.userId == null) {
+      return;
+    }
+    await this.saveSecureStorageKey(partialKeys.userAutoKey, value, options);
+  }
+
+  /**
+   * User's encrypted symmetric key when using biometrics
+   */
+  async getUserKeyBiometric(options?: StorageOptions): Promise<string> {
+    options = this.reconcileOptions(
+      this.reconcileOptions(options, { keySuffix: "biometric" }),
+      await this.defaultSecureStorageOptions()
+    );
+    if (options?.userId == null) {
+      return null;
+    }
+    return await this.secureStorageService.get<string>(
+      `${options.userId}${partialKeys.userBiometricKey}`,
+      options
+    );
+  }
+
+  async hasUserKeyBiometric(options?: StorageOptions): Promise<boolean> {
+    options = this.reconcileOptions(
+      this.reconcileOptions(options, { keySuffix: "biometric" }),
+      await this.defaultSecureStorageOptions()
+    );
+    if (options?.userId == null) {
+      return false;
+    }
+    return await this.secureStorageService.has(
+      `${options.userId}${partialKeys.userBiometricKey}`,
+      options
+    );
+  }
+
+  async setUserKeyBiometric(value: BiometricKey, options?: StorageOptions): Promise<void> {
+    options = this.reconcileOptions(
+      this.reconcileOptions(options, { keySuffix: "biometric" }),
+      await this.defaultSecureStorageOptions()
+    );
+    if (options?.userId == null) {
+      return;
+    }
+    await this.saveSecureStorageKey(partialKeys.userBiometricKey, value, options);
+  }
+
+  async getPinKeyEncryptedUserKey(options?: StorageOptions): Promise<EncString> {
+    return EncString.fromJSON(
+      (await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
+        ?.settings?.pinKeyEncryptedUserKey
+    );
+  }
+
+  async setPinKeyEncryptedUserKey(value: EncString, options?: StorageOptions): Promise<void> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+    account.settings.pinKeyEncryptedUserKey = value?.encryptedString;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+  }
+
+  async getPinKeyEncryptedUserKeyEphemeral(options?: StorageOptions): Promise<EncString> {
+    return EncString.fromJSON(
+      (await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions())))
+        ?.settings?.pinKeyEncryptedUserKeyEphemeral
+    );
+  }
+
+  async setPinKeyEncryptedUserKeyEphemeral(
+    value: EncString,
+    options?: StorageOptions
+  ): Promise<void> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+    account.settings.pinKeyEncryptedUserKeyEphemeral = value?.encryptedString;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+  }
+
+  /**
+   * @deprecated Use UserKeyAuto instead
+   */
   async getCryptoMasterKeyAuto(options?: StorageOptions): Promise<string> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "auto" }),
@@ -556,6 +769,9 @@ export class StateService<
     );
   }
 
+  /**
+   * @deprecated Use UserKeyAuto instead
+   */
   async setCryptoMasterKeyAuto(value: string, options?: StorageOptions): Promise<void> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "auto" }),
@@ -567,6 +783,9 @@ export class StateService<
     await this.saveSecureStorageKey(partialKeys.autoKey, value, options);
   }
 
+  /**
+   * @deprecated I don't see where this is even used
+   */
   async getCryptoMasterKeyB64(options?: StorageOptions): Promise<string> {
     options = this.reconcileOptions(options, await this.defaultSecureStorageOptions());
     if (options?.userId == null) {
@@ -578,6 +797,9 @@ export class StateService<
     );
   }
 
+  /**
+   * @deprecated I don't see where this is even used
+   */
   async setCryptoMasterKeyB64(value: string, options?: StorageOptions): Promise<void> {
     options = this.reconcileOptions(options, await this.defaultSecureStorageOptions());
     if (options?.userId == null) {
@@ -586,6 +808,9 @@ export class StateService<
     await this.saveSecureStorageKey(partialKeys.masterKey, value, options);
   }
 
+  /**
+   * @deprecated Use UserKeyBiometric instead
+   */
   async getCryptoMasterKeyBiometric(options?: StorageOptions): Promise<string> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "biometric" }),
@@ -600,6 +825,9 @@ export class StateService<
     );
   }
 
+  /**
+   * @deprecated Use UserKeyBiometric instead
+   */
   async hasCryptoMasterKeyBiometric(options?: StorageOptions): Promise<boolean> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "biometric" }),
@@ -614,6 +842,9 @@ export class StateService<
     );
   }
 
+  /**
+   * @deprecated Use UserKeyBiometric instead
+   */
   async setCryptoMasterKeyBiometric(value: BiometricKey, options?: StorageOptions): Promise<void> {
     options = this.reconcileOptions(
       this.reconcileOptions(options, { keySuffix: "biometric" }),
@@ -661,6 +892,9 @@ export class StateService<
     );
   }
 
+  /**
+   * @deprecated Use UserKey instead
+   */
   async getDecryptedCryptoSymmetricKey(options?: StorageOptions): Promise<SymmetricCryptoKey> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
@@ -668,6 +902,9 @@ export class StateService<
     return account?.keys?.cryptoSymmetricKey?.decrypted;
   }
 
+  /**
+   * @deprecated Use UserKey instead
+   */
   async setDecryptedCryptoSymmetricKey(
     value: SymmetricCryptoKey,
     options?: StorageOptions
@@ -728,12 +965,18 @@ export class StateService<
     );
   }
 
+  /**
+   * @deprecated Use getPinKeyEncryptedUserKeyEphemeral instead
+   */
   async getDecryptedPinProtected(options?: StorageOptions): Promise<EncString> {
     return (
       await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions()))
     )?.settings?.pinProtected?.decrypted;
   }
 
+  /**
+   * @deprecated Use setPinKeyEncryptedUserKeyEphemeral instead
+   */
   async setDecryptedPinProtected(value: EncString, options?: StorageOptions): Promise<void> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultInMemoryOptions())
@@ -1069,10 +1312,17 @@ export class StateService<
 
     const account = await this.getAccount(options);
 
-    return account?.keys?.deviceKey as DeviceKey;
+    const existingDeviceKey = account?.keys?.deviceKey;
+
+    // Must manually instantiate the SymmetricCryptoKey class from the JSON object
+    if (existingDeviceKey != null) {
+      return SymmetricCryptoKey.fromJSON(existingDeviceKey) as DeviceKey;
+    } else {
+      return null;
+    }
   }
 
-  async setDeviceKey(value: DeviceKey, options?: StorageOptions): Promise<void> {
+  async setDeviceKey(value: DeviceKey | null, options?: StorageOptions): Promise<void> {
     options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
 
     if (options?.userId == null) {
@@ -1081,7 +1331,94 @@ export class StateService<
 
     const account = await this.getAccount(options);
 
-    account.keys.deviceKey = value;
+    account.keys.deviceKey = value?.toJSON() ?? null;
+
+    await this.saveAccount(account, options);
+  }
+
+  async getAdminAuthRequest(options?: StorageOptions): Promise<AdminAuthRequestStorable | null> {
+    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
+
+    if (options?.userId == null) {
+      return null;
+    }
+
+    const account = await this.getAccount(options);
+
+    return account?.adminAuthRequest
+      ? AdminAuthRequestStorable.fromJSON(account.adminAuthRequest)
+      : null;
+  }
+
+  async setAdminAuthRequest(
+    adminAuthRequest: AdminAuthRequestStorable,
+    options?: StorageOptions
+  ): Promise<void> {
+    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
+
+    if (options?.userId == null) {
+      return;
+    }
+
+    const account = await this.getAccount(options);
+
+    account.adminAuthRequest = adminAuthRequest?.toJSON();
+
+    await this.saveAccount(account, options);
+  }
+
+  async getShouldTrustDevice(options?: StorageOptions): Promise<boolean | null> {
+    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
+
+    if (options?.userId == null) {
+      return null;
+    }
+
+    const account = await this.getAccount(options);
+
+    return account?.settings?.trustDeviceChoiceForDecryption ?? null;
+  }
+
+  async setShouldTrustDevice(value: boolean, options?: StorageOptions): Promise<void> {
+    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
+    if (options?.userId == null) {
+      return;
+    }
+
+    const account = await this.getAccount(options);
+
+    account.settings.trustDeviceChoiceForDecryption = value;
+
+    await this.saveAccount(account, options);
+  }
+
+  async getAccountDecryptionOptions(
+    options?: StorageOptions
+  ): Promise<AccountDecryptionOptions | null> {
+    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
+
+    if (options?.userId == null) {
+      return null;
+    }
+
+    const account = await this.getAccount(options);
+
+    return account?.decryptionOptions as AccountDecryptionOptions;
+  }
+
+  async setAccountDecryptionOptions(
+    value: AccountDecryptionOptions,
+    options?: StorageOptions
+  ): Promise<void> {
+    options = this.reconcileOptions(options, await this.defaultOnDiskLocalOptions());
+
+    if (options?.userId == null) {
+      return;
+    }
+
+    const account = await this.getAccount(options);
+
+    account.decryptionOptions = value;
 
     await this.saveAccount(account, options);
   }
@@ -1366,12 +1703,18 @@ export class StateService<
     );
   }
 
+  /**
+   * @deprecated Use UserKey instead
+   */
   async getEncryptedCryptoSymmetricKey(options?: StorageOptions): Promise<string> {
     return (
       await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
     )?.keys.cryptoSymmetricKey.encrypted;
   }
 
+  /**
+   * @deprecated Use UserKey instead
+   */
   async setEncryptedCryptoSymmetricKey(value: string, options?: StorageOptions): Promise<void> {
     const account = await this.getAccount(
       this.reconcileOptions(options, await this.defaultOnDiskOptions())
@@ -1655,6 +1998,24 @@ export class StateService<
     );
   }
 
+  async getEverHadUserKey(options?: StorageOptions): Promise<boolean> {
+    return (
+      (await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
+        ?.profile?.everHadUserKey ?? false
+    );
+  }
+
+  async setEverHadUserKey(value: boolean, options?: StorageOptions): Promise<void> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+    account.profile.everHadUserKey = value;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+  }
+
   async getEverBeenUnlocked(options?: StorageOptions): Promise<boolean> {
     return (
       (await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions())))
@@ -2229,6 +2590,26 @@ export class StateService<
     );
   }
 
+  async getUserSsoOrganizationIdentifier(options?: StorageOptions): Promise<string> {
+    return (
+      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
+    )?.loginState?.ssoOrganizationIdentifier;
+  }
+
+  async setUserSsoOrganizationIdentifier(
+    value: string | null,
+    options?: StorageOptions
+  ): Promise<void> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+    account.loginState.ssoOrganizationIdentifier = value;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+  }
+
   async getTheme(options?: StorageOptions): Promise<ThemeType> {
     return (
       await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
@@ -2783,6 +3164,8 @@ export class StateService<
 
   protected async removeAccountFromSecureStorage(userId: string = null): Promise<void> {
     userId = userId ?? (await this.state())?.activeUserId;
+    await this.setUserKeyAutoUnlock(null, { userId: userId });
+    await this.setUserKeyBiometric(null, { userId: userId });
     await this.setCryptoMasterKeyAuto(null, { userId: userId });
     await this.setCryptoMasterKeyBiometric(null, { userId: userId });
     await this.setCryptoMasterKeyB64(null, { userId: userId });
@@ -2808,11 +3191,12 @@ export class StateService<
     }
   }
 
-  // settings persist even on reset, and are not effected by this method
+  // settings persist even on reset, and are not affected by this method
   protected resetAccount(account: TAccount) {
     const persistentAccountInformation = {
       settings: account.settings,
       keys: { deviceKey: account.keys.deviceKey },
+      adminAuthRequest: account.adminAuthRequest,
     };
     return Object.assign(this.createAccount(), persistentAccountInformation);
   }
@@ -2940,7 +3324,7 @@ export class StateService<
     }
   }
 
-  private deleteDiskCache(key: string) {
+  protected deleteDiskCache(key: string) {
     if (this.useAccountCache) {
       delete this.accountDiskCache.value[key];
       this.accountDiskCache.next(this.accountDiskCache.value);
diff --git a/libs/common/src/platform/services/system.service.ts b/libs/common/src/platform/services/system.service.ts
index 90a382e5abc..ac7e46948e3 100644
--- a/libs/common/src/platform/services/system.service.ts
+++ b/libs/common/src/platform/services/system.service.ts
@@ -39,8 +39,8 @@ export class SystemService implements SystemServiceAbstraction {
     }
 
     // User has set a PIN, with ask for master password on restart, to protect their vault
-    const decryptedPinProtected = await this.stateService.getDecryptedPinProtected();
-    if (decryptedPinProtected != null) {
+    const ephemeralPin = await this.stateService.getPinKeyEncryptedUserKeyEphemeral();
+    if (ephemeralPin != null) {
       return;
     }
 
diff --git a/libs/common/src/services/api.service.ts b/libs/common/src/services/api.service.ts
index 0e03231652b..9f658a0955e 100644
--- a/libs/common/src/services/api.service.ts
+++ b/libs/common/src/services/api.service.ts
@@ -251,10 +251,15 @@ export class ApiService implements ApiServiceAbstraction {
     }
   }
 
+  // TODO: PM-3519: Create and move to AuthRequest Api service
   async postAuthRequest(request: PasswordlessCreateAuthRequest): Promise<AuthRequestResponse> {
     const r = await this.send("POST", "/auth-requests/", request, false, true);
     return new AuthRequestResponse(r);
   }
+  async postAdminAuthRequest(request: PasswordlessCreateAuthRequest): Promise<AuthRequestResponse> {
+    const r = await this.send("POST", "/auth-requests/admin-request", request, true, true);
+    return new AuthRequestResponse(r);
+  }
 
   async getAuthResponse(id: string, accessCode: string): Promise<AuthRequestResponse> {
     const path = `/auth-requests/${id}/response?code=${accessCode}`;
@@ -1580,7 +1585,9 @@ export class ApiService implements ApiServiceAbstraction {
 
   // Key Connector
 
-  async getUserKeyFromKeyConnector(keyConnectorUrl: string): Promise<KeyConnectorUserKeyResponse> {
+  async getMasterKeyFromKeyConnector(
+    keyConnectorUrl: string
+  ): Promise<KeyConnectorUserKeyResponse> {
     const authHeader = await this.getActiveBearerToken();
 
     const response = await this.fetch(
diff --git a/libs/common/src/services/device-crypto.service.implementation.ts b/libs/common/src/services/device-crypto.service.implementation.ts
deleted file mode 100644
index e2179e6e524..00000000000
--- a/libs/common/src/services/device-crypto.service.implementation.ts
+++ /dev/null
@@ -1,85 +0,0 @@
-import { DeviceCryptoServiceAbstraction } from "../abstractions/device-crypto.service.abstraction";
-import { DevicesApiServiceAbstraction } from "../abstractions/devices/devices-api.service.abstraction";
-import { DeviceResponse } from "../abstractions/devices/responses/device.response";
-import { AppIdService } from "../platform/abstractions/app-id.service";
-import { CryptoFunctionService } from "../platform/abstractions/crypto-function.service";
-import { CryptoService } from "../platform/abstractions/crypto.service";
-import { EncryptService } from "../platform/abstractions/encrypt.service";
-import { StateService } from "../platform/abstractions/state.service";
-import { SymmetricCryptoKey, DeviceKey } from "../platform/models/domain/symmetric-crypto-key";
-import { CsprngArray } from "../types/csprng";
-
-export class DeviceCryptoService implements DeviceCryptoServiceAbstraction {
-  constructor(
-    protected cryptoFunctionService: CryptoFunctionService,
-    protected cryptoService: CryptoService,
-    protected encryptService: EncryptService,
-    protected stateService: StateService,
-    protected appIdService: AppIdService,
-    protected devicesApiService: DevicesApiServiceAbstraction
-  ) {}
-
-  async trustDevice(): Promise<DeviceResponse> {
-    // Attempt to get user symmetric key
-    const userSymKey: SymmetricCryptoKey = await this.cryptoService.getEncKey();
-
-    // If user symmetric key is not found, throw error
-    if (!userSymKey) {
-      throw new Error("User symmetric key not found");
-    }
-
-    // Generate deviceKey
-    const deviceKey = await this.makeDeviceKey();
-
-    // Generate asymmetric RSA key pair: devicePrivateKey, devicePublicKey
-    const [devicePublicKey, devicePrivateKey] = await this.cryptoFunctionService.rsaGenerateKeyPair(
-      2048
-    );
-
-    const [
-      devicePublicKeyEncryptedUserSymKey,
-      userSymKeyEncryptedDevicePublicKey,
-      deviceKeyEncryptedDevicePrivateKey,
-    ] = await Promise.all([
-      // Encrypt user symmetric key with the DevicePublicKey
-      this.cryptoService.rsaEncrypt(userSymKey.encKey, devicePublicKey),
-
-      // Encrypt devicePublicKey with user symmetric key
-      this.encryptService.encrypt(devicePublicKey, userSymKey),
-
-      // Encrypt devicePrivateKey with deviceKey
-      this.encryptService.encrypt(devicePrivateKey, deviceKey),
-    ]);
-
-    // Send encrypted keys to server
-    const deviceIdentifier = await this.appIdService.getAppId();
-    return this.devicesApiService.updateTrustedDeviceKeys(
-      deviceIdentifier,
-      devicePublicKeyEncryptedUserSymKey.encryptedString,
-      userSymKeyEncryptedDevicePublicKey.encryptedString,
-      deviceKeyEncryptedDevicePrivateKey.encryptedString
-    );
-  }
-
-  async getDeviceKey(): Promise<DeviceKey> {
-    // Check if device key is already stored
-    const existingDeviceKey = await this.stateService.getDeviceKey();
-
-    if (existingDeviceKey != null) {
-      return existingDeviceKey;
-    } else {
-      return this.makeDeviceKey();
-    }
-  }
-
-  private async makeDeviceKey(): Promise<DeviceKey> {
-    // Create 512-bit device key
-    const randomBytes: CsprngArray = await this.cryptoFunctionService.randomBytes(64);
-    const deviceKey = new SymmetricCryptoKey(randomBytes) as DeviceKey;
-
-    // Save device key in secure storage
-    await this.stateService.setDeviceKey(deviceKey);
-
-    return deviceKey;
-  }
-}
diff --git a/libs/common/src/services/device-crypto.service.spec.ts b/libs/common/src/services/device-crypto.service.spec.ts
deleted file mode 100644
index cf01f008377..00000000000
--- a/libs/common/src/services/device-crypto.service.spec.ts
+++ /dev/null
@@ -1,317 +0,0 @@
-import { mock, mockReset } from "jest-mock-extended";
-
-import { DevicesApiServiceAbstraction } from "../abstractions/devices/devices-api.service.abstraction";
-import { DeviceResponse } from "../abstractions/devices/responses/device.response";
-import { EncryptionType } from "../enums/encryption-type.enum";
-import { AppIdService } from "../platform/abstractions/app-id.service";
-import { CryptoFunctionService } from "../platform/abstractions/crypto-function.service";
-import { EncryptService } from "../platform/abstractions/encrypt.service";
-import { StateService } from "../platform/abstractions/state.service";
-import { EncString } from "../platform/models/domain/enc-string";
-import { SymmetricCryptoKey, DeviceKey } from "../platform/models/domain/symmetric-crypto-key";
-import { CryptoService } from "../platform/services/crypto.service";
-import { CsprngArray } from "../types/csprng";
-
-import { DeviceCryptoService } from "./device-crypto.service.implementation";
-
-describe("deviceCryptoService", () => {
-  let deviceCryptoService: DeviceCryptoService;
-
-  const cryptoFunctionService = mock<CryptoFunctionService>();
-  const cryptoService = mock<CryptoService>();
-  const encryptService = mock<EncryptService>();
-  const stateService = mock<StateService>();
-  const appIdService = mock<AppIdService>();
-  const devicesApiService = mock<DevicesApiServiceAbstraction>();
-
-  beforeEach(() => {
-    mockReset(cryptoFunctionService);
-    mockReset(encryptService);
-    mockReset(stateService);
-    mockReset(appIdService);
-    mockReset(devicesApiService);
-
-    deviceCryptoService = new DeviceCryptoService(
-      cryptoFunctionService,
-      cryptoService,
-      encryptService,
-      stateService,
-      appIdService,
-      devicesApiService
-    );
-  });
-
-  it("instantiates", () => {
-    expect(deviceCryptoService).not.toBeFalsy();
-  });
-
-  describe("Trusted Device Encryption", () => {
-    const deviceKeyBytesLength = 64;
-    const userSymKeyBytesLength = 64;
-
-    describe("getDeviceKey", () => {
-      let mockRandomBytes: CsprngArray;
-      let mockDeviceKey: SymmetricCryptoKey;
-      let existingDeviceKey: DeviceKey;
-      let stateSvcGetDeviceKeySpy: jest.SpyInstance;
-      let makeDeviceKeySpy: jest.SpyInstance;
-
-      beforeEach(() => {
-        mockRandomBytes = new Uint8Array(deviceKeyBytesLength) as CsprngArray;
-        mockDeviceKey = new SymmetricCryptoKey(mockRandomBytes);
-        existingDeviceKey = new SymmetricCryptoKey(
-          new Uint8Array(deviceKeyBytesLength) as CsprngArray
-        ) as DeviceKey;
-
-        stateSvcGetDeviceKeySpy = jest.spyOn(stateService, "getDeviceKey");
-        makeDeviceKeySpy = jest.spyOn(deviceCryptoService as any, "makeDeviceKey");
-      });
-
-      it("gets a device key when there is not an existing device key", async () => {
-        stateSvcGetDeviceKeySpy.mockResolvedValue(null);
-        makeDeviceKeySpy.mockResolvedValue(mockDeviceKey);
-
-        const deviceKey = await deviceCryptoService.getDeviceKey();
-
-        expect(stateSvcGetDeviceKeySpy).toHaveBeenCalledTimes(1);
-        expect(makeDeviceKeySpy).toHaveBeenCalledTimes(1);
-
-        expect(deviceKey).not.toBeNull();
-        expect(deviceKey).toBeInstanceOf(SymmetricCryptoKey);
-        expect(deviceKey).toEqual(mockDeviceKey);
-      });
-
-      it("returns the existing device key without creating a new one when there is an existing device key", async () => {
-        stateSvcGetDeviceKeySpy.mockResolvedValue(existingDeviceKey);
-
-        const deviceKey = await deviceCryptoService.getDeviceKey();
-
-        expect(stateSvcGetDeviceKeySpy).toHaveBeenCalledTimes(1);
-        expect(makeDeviceKeySpy).not.toHaveBeenCalled();
-
-        expect(deviceKey).not.toBeNull();
-        expect(deviceKey).toBeInstanceOf(SymmetricCryptoKey);
-        expect(deviceKey).toEqual(existingDeviceKey);
-      });
-    });
-
-    describe("makeDeviceKey", () => {
-      it("creates a new non-null 64 byte device key, securely stores it, and returns it", async () => {
-        const mockRandomBytes = new Uint8Array(deviceKeyBytesLength) as CsprngArray;
-
-        const cryptoFuncSvcRandomBytesSpy = jest
-          .spyOn(cryptoFunctionService, "randomBytes")
-          .mockResolvedValue(mockRandomBytes);
-
-        const stateSvcSetDeviceKeySpy = jest.spyOn(stateService, "setDeviceKey");
-
-        // TypeScript will allow calling private methods if the object is of type 'any'
-        // This is a hacky workaround, but it allows for cleaner tests
-        const deviceKey = await (deviceCryptoService as any).makeDeviceKey();
-
-        expect(cryptoFuncSvcRandomBytesSpy).toHaveBeenCalledTimes(1);
-        expect(cryptoFuncSvcRandomBytesSpy).toHaveBeenCalledWith(deviceKeyBytesLength);
-
-        expect(deviceKey).not.toBeNull();
-        expect(deviceKey).toBeInstanceOf(SymmetricCryptoKey);
-
-        expect(stateSvcSetDeviceKeySpy).toHaveBeenCalledTimes(1);
-        expect(stateSvcSetDeviceKeySpy).toHaveBeenCalledWith(deviceKey);
-      });
-    });
-
-    describe("trustDevice", () => {
-      let mockDeviceKeyRandomBytes: CsprngArray;
-      let mockDeviceKey: DeviceKey;
-
-      let mockUserSymKeyRandomBytes: CsprngArray;
-      let mockUserSymKey: SymmetricCryptoKey;
-
-      const deviceRsaKeyLength = 2048;
-      let mockDeviceRsaKeyPair: [Uint8Array, Uint8Array];
-      let mockDevicePrivateKey: Uint8Array;
-      let mockDevicePublicKey: Uint8Array;
-      let mockDevicePublicKeyEncryptedUserSymKey: EncString;
-      let mockUserSymKeyEncryptedDevicePublicKey: EncString;
-      let mockDeviceKeyEncryptedDevicePrivateKey: EncString;
-
-      const mockDeviceResponse: DeviceResponse = new DeviceResponse({
-        Id: "mockId",
-        Name: "mockName",
-        Identifier: "mockIdentifier",
-        Type: "mockType",
-        CreationDate: "mockCreationDate",
-      });
-
-      const mockDeviceId = "mockDeviceId";
-
-      let makeDeviceKeySpy: jest.SpyInstance;
-      let rsaGenerateKeyPairSpy: jest.SpyInstance;
-      let cryptoSvcGetEncKeySpy: jest.SpyInstance;
-      let cryptoSvcRsaEncryptSpy: jest.SpyInstance;
-      let encryptServiceEncryptSpy: jest.SpyInstance;
-      let appIdServiceGetAppIdSpy: jest.SpyInstance;
-      let devicesApiServiceUpdateTrustedDeviceKeysSpy: jest.SpyInstance;
-
-      beforeEach(() => {
-        // Setup all spies and default return values for the happy path
-
-        mockDeviceKeyRandomBytes = new Uint8Array(deviceKeyBytesLength) as CsprngArray;
-        mockDeviceKey = new SymmetricCryptoKey(mockDeviceKeyRandomBytes) as DeviceKey;
-
-        mockUserSymKeyRandomBytes = new Uint8Array(userSymKeyBytesLength) as CsprngArray;
-        mockUserSymKey = new SymmetricCryptoKey(mockUserSymKeyRandomBytes);
-
-        mockDeviceRsaKeyPair = [
-          new Uint8Array(deviceRsaKeyLength),
-          new Uint8Array(deviceRsaKeyLength),
-        ];
-
-        mockDevicePublicKey = mockDeviceRsaKeyPair[0];
-        mockDevicePrivateKey = mockDeviceRsaKeyPair[1];
-
-        mockDevicePublicKeyEncryptedUserSymKey = new EncString(
-          EncryptionType.Rsa2048_OaepSha1_B64,
-          "mockDevicePublicKeyEncryptedUserSymKey"
-        );
-
-        mockUserSymKeyEncryptedDevicePublicKey = new EncString(
-          EncryptionType.AesCbc256_HmacSha256_B64,
-          "mockUserSymKeyEncryptedDevicePublicKey"
-        );
-
-        mockDeviceKeyEncryptedDevicePrivateKey = new EncString(
-          EncryptionType.AesCbc256_HmacSha256_B64,
-          "mockDeviceKeyEncryptedDevicePrivateKey"
-        );
-
-        // TypeScript will allow calling private methods if the object is of type 'any'
-        makeDeviceKeySpy = jest
-          .spyOn(deviceCryptoService as any, "makeDeviceKey")
-          .mockResolvedValue(mockDeviceKey);
-
-        rsaGenerateKeyPairSpy = jest
-          .spyOn(cryptoFunctionService, "rsaGenerateKeyPair")
-          .mockResolvedValue(mockDeviceRsaKeyPair);
-
-        cryptoSvcGetEncKeySpy = jest
-          .spyOn(cryptoService, "getEncKey")
-          .mockResolvedValue(mockUserSymKey);
-
-        cryptoSvcRsaEncryptSpy = jest
-          .spyOn(cryptoService, "rsaEncrypt")
-          .mockResolvedValue(mockDevicePublicKeyEncryptedUserSymKey);
-
-        encryptServiceEncryptSpy = jest
-          .spyOn(encryptService, "encrypt")
-          .mockImplementation((plainValue, key) => {
-            if (plainValue === mockDevicePublicKey && key === mockUserSymKey) {
-              return Promise.resolve(mockUserSymKeyEncryptedDevicePublicKey);
-            }
-            if (plainValue === mockDevicePrivateKey && key === mockDeviceKey) {
-              return Promise.resolve(mockDeviceKeyEncryptedDevicePrivateKey);
-            }
-          });
-
-        appIdServiceGetAppIdSpy = jest
-          .spyOn(appIdService, "getAppId")
-          .mockResolvedValue(mockDeviceId);
-
-        devicesApiServiceUpdateTrustedDeviceKeysSpy = jest
-          .spyOn(devicesApiService, "updateTrustedDeviceKeys")
-          .mockResolvedValue(mockDeviceResponse);
-      });
-
-      it("calls the required methods with the correct arguments and returns a DeviceResponse", async () => {
-        const response = await deviceCryptoService.trustDevice();
-
-        expect(makeDeviceKeySpy).toHaveBeenCalledTimes(1);
-        expect(rsaGenerateKeyPairSpy).toHaveBeenCalledTimes(1);
-        expect(cryptoSvcGetEncKeySpy).toHaveBeenCalledTimes(1);
-
-        expect(cryptoSvcRsaEncryptSpy).toHaveBeenCalledTimes(1);
-        expect(encryptServiceEncryptSpy).toHaveBeenCalledTimes(2);
-
-        expect(appIdServiceGetAppIdSpy).toHaveBeenCalledTimes(1);
-        expect(devicesApiServiceUpdateTrustedDeviceKeysSpy).toHaveBeenCalledTimes(1);
-        expect(devicesApiServiceUpdateTrustedDeviceKeysSpy).toHaveBeenCalledWith(
-          mockDeviceId,
-          mockDevicePublicKeyEncryptedUserSymKey.encryptedString,
-          mockUserSymKeyEncryptedDevicePublicKey.encryptedString,
-          mockDeviceKeyEncryptedDevicePrivateKey.encryptedString
-        );
-
-        expect(response).toBeInstanceOf(DeviceResponse);
-        expect(response).toEqual(mockDeviceResponse);
-      });
-
-      it("throws specific error if user symmetric key is not found", async () => {
-        // setup the spy to return null
-        cryptoSvcGetEncKeySpy.mockResolvedValue(null);
-        // check if the expected error is thrown
-        await expect(deviceCryptoService.trustDevice()).rejects.toThrow(
-          "User symmetric key not found"
-        );
-
-        // reset the spy
-        cryptoSvcGetEncKeySpy.mockReset();
-
-        // setup the spy to return undefined
-        cryptoSvcGetEncKeySpy.mockResolvedValue(undefined);
-        // check if the expected error is thrown
-        await expect(deviceCryptoService.trustDevice()).rejects.toThrow(
-          "User symmetric key not found"
-        );
-      });
-
-      const methodsToTestForErrorsOrInvalidReturns = [
-        {
-          method: "makeDeviceKey",
-          spy: () => makeDeviceKeySpy,
-          errorText: "makeDeviceKey error",
-        },
-        {
-          method: "rsaGenerateKeyPair",
-          spy: () => rsaGenerateKeyPairSpy,
-          errorText: "rsaGenerateKeyPair error",
-        },
-        {
-          method: "getEncKey",
-          spy: () => cryptoSvcGetEncKeySpy,
-          errorText: "getEncKey error",
-        },
-        {
-          method: "rsaEncrypt",
-          spy: () => cryptoSvcRsaEncryptSpy,
-          errorText: "rsaEncrypt error",
-        },
-        {
-          method: "encryptService.encrypt",
-          spy: () => encryptServiceEncryptSpy,
-          errorText: "encryptService.encrypt error",
-        },
-      ];
-
-      describe.each(methodsToTestForErrorsOrInvalidReturns)(
-        "trustDevice error handling and invalid return testing",
-        ({ method, spy, errorText }) => {
-          // ensures that error propagation works correctly
-          it(`throws an error if ${method} fails`, async () => {
-            const methodSpy = spy();
-            methodSpy.mockRejectedValue(new Error(errorText));
-            await expect(deviceCryptoService.trustDevice()).rejects.toThrow(errorText);
-          });
-
-          test.each([null, undefined])(
-            `throws an error if ${method} returns %s`,
-            async (invalidValue) => {
-              const methodSpy = spy();
-              methodSpy.mockResolvedValue(invalidValue);
-              await expect(deviceCryptoService.trustDevice()).rejects.toThrow();
-            }
-          );
-        }
-      );
-    });
-  });
-});
diff --git a/libs/common/src/services/devices/devices-api.service.implementation.ts b/libs/common/src/services/devices/devices-api.service.implementation.ts
deleted file mode 100644
index 3121ace6f89..00000000000
--- a/libs/common/src/services/devices/devices-api.service.implementation.ts
+++ /dev/null
@@ -1,64 +0,0 @@
-import { DevicesApiServiceAbstraction } from "../../abstractions/devices/devices-api.service.abstraction";
-import { DeviceResponse } from "../../abstractions/devices/responses/device.response";
-import { Utils } from "../../platform/misc/utils";
-import { ApiService } from "../api.service";
-
-import { TrustedDeviceKeysRequest } from "./requests/trusted-device-keys.request";
-
-export class DevicesApiServiceImplementation implements DevicesApiServiceAbstraction {
-  constructor(private apiService: ApiService) {}
-
-  async getKnownDevice(email: string, deviceIdentifier: string): Promise<boolean> {
-    const r = await this.apiService.send(
-      "GET",
-      "/devices/knowndevice",
-      null,
-      false,
-      true,
-      null,
-      (headers) => {
-        headers.set("X-Device-Identifier", deviceIdentifier);
-        headers.set("X-Request-Email", Utils.fromUtf8ToUrlB64(email));
-      }
-    );
-    return r as boolean;
-  }
-
-  /**
-   * Get device by identifier
-   * @param deviceIdentifier - client generated id (not device id in DB)
-   */
-  async getDeviceByIdentifier(deviceIdentifier: string): Promise<DeviceResponse> {
-    const r = await this.apiService.send(
-      "GET",
-      `/devices/identifier/${deviceIdentifier}`,
-      null,
-      true,
-      true
-    );
-    return new DeviceResponse(r);
-  }
-
-  async updateTrustedDeviceKeys(
-    deviceIdentifier: string,
-    devicePublicKeyEncryptedUserSymKey: string,
-    userSymKeyEncryptedDevicePublicKey: string,
-    deviceKeyEncryptedDevicePrivateKey: string
-  ): Promise<DeviceResponse> {
-    const request = new TrustedDeviceKeysRequest(
-      devicePublicKeyEncryptedUserSymKey,
-      userSymKeyEncryptedDevicePublicKey,
-      deviceKeyEncryptedDevicePrivateKey
-    );
-
-    const result = await this.apiService.send(
-      "PUT",
-      `/devices/${deviceIdentifier}/keys`,
-      request,
-      true,
-      true
-    );
-
-    return new DeviceResponse(result);
-  }
-}
diff --git a/libs/common/src/services/devices/devices.service.implementation.ts b/libs/common/src/services/devices/devices.service.implementation.ts
new file mode 100644
index 00000000000..fe6e2a37d2a
--- /dev/null
+++ b/libs/common/src/services/devices/devices.service.implementation.ts
@@ -0,0 +1,68 @@
+import { Observable, defer, map } from "rxjs";
+
+import { DevicesServiceAbstraction } from "../../abstractions/devices/devices.service.abstraction";
+import { DeviceResponse } from "../../abstractions/devices/responses/device.response";
+import { DeviceView } from "../../abstractions/devices/views/device.view";
+import { DevicesApiServiceAbstraction } from "../../auth/abstractions/devices-api.service.abstraction";
+import { ListResponse } from "../../models/response/list.response";
+
+/**
+ * @class DevicesServiceImplementation
+ * @implements {DevicesServiceAbstraction}
+ * @description Observable based data store service for Devices.
+ * note: defer is used to convert the promises to observables and to ensure
+ * that observables are created for each subscription
+ * (i.e., promsise --> observables are cold until subscribed to)
+ */
+export class DevicesServiceImplementation implements DevicesServiceAbstraction {
+  constructor(private devicesApiService: DevicesApiServiceAbstraction) {}
+
+  /**
+   * @description Gets the list of all devices.
+   */
+  getDevices$(): Observable<Array<DeviceView>> {
+    return defer(() => this.devicesApiService.getDevices()).pipe(
+      map((deviceResponses: ListResponse<DeviceResponse>) => {
+        return deviceResponses.data.map((deviceResponse: DeviceResponse) => {
+          return new DeviceView(deviceResponse);
+        });
+      })
+    );
+  }
+
+  /**
+   * @description Gets the device with the specified identifier.
+   */
+  getDeviceByIdentifier$(deviceIdentifier: string): Observable<DeviceView> {
+    return defer(() => this.devicesApiService.getDeviceByIdentifier(deviceIdentifier)).pipe(
+      map((deviceResponse: DeviceResponse) => new DeviceView(deviceResponse))
+    );
+  }
+
+  /**
+   * @description Checks if a device is known for a user by user's email and device's identifier.
+   */
+  isDeviceKnownForUser$(email: string, deviceIdentifier: string): Observable<boolean> {
+    return defer(() => this.devicesApiService.getKnownDevice(email, deviceIdentifier));
+  }
+
+  /**
+   * @description Updates the keys for the specified device.
+   */
+
+  updateTrustedDeviceKeys$(
+    deviceIdentifier: string,
+    devicePublicKeyEncryptedUserKey: string,
+    userKeyEncryptedDevicePublicKey: string,
+    deviceKeyEncryptedDevicePrivateKey: string
+  ): Observable<DeviceView> {
+    return defer(() =>
+      this.devicesApiService.updateTrustedDeviceKeys(
+        deviceIdentifier,
+        devicePublicKeyEncryptedUserKey,
+        userKeyEncryptedDevicePublicKey,
+        deviceKeyEncryptedDevicePrivateKey
+      )
+    ).pipe(map((deviceResponse: DeviceResponse) => new DeviceView(deviceResponse)));
+  }
+}
diff --git a/libs/common/src/services/vault-timeout/vault-timeout-settings.service.spec.ts b/libs/common/src/services/vault-timeout/vault-timeout-settings.service.spec.ts
new file mode 100644
index 00000000000..0e2c9151868
--- /dev/null
+++ b/libs/common/src/services/vault-timeout/vault-timeout-settings.service.spec.ts
@@ -0,0 +1,146 @@
+import { mock, MockProxy } from "jest-mock-extended";
+import { firstValueFrom } from "rxjs";
+
+import { PolicyService } from "../../admin-console/abstractions/policy/policy.service.abstraction";
+import { Policy } from "../../admin-console/models/domain/policy";
+import { TokenService } from "../../auth/abstractions/token.service";
+import { UserVerificationService } from "../../auth/abstractions/user-verification/user-verification.service.abstraction";
+import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum";
+import { CryptoService } from "../../platform/abstractions/crypto.service";
+import { StateService } from "../../platform/abstractions/state.service";
+import { EncString } from "../../platform/models/domain/enc-string";
+
+import { VaultTimeoutSettingsService } from "./vault-timeout-settings.service";
+
+describe("VaultTimeoutSettingsService", () => {
+  let cryptoService: MockProxy<CryptoService>;
+  let tokenService: MockProxy<TokenService>;
+  let policyService: MockProxy<PolicyService>;
+  let stateService: MockProxy<StateService>;
+  let userVerificationService: MockProxy<UserVerificationService>;
+  let service: VaultTimeoutSettingsService;
+
+  beforeEach(() => {
+    cryptoService = mock<CryptoService>();
+    tokenService = mock<TokenService>();
+    policyService = mock<PolicyService>();
+    stateService = mock<StateService>();
+    userVerificationService = mock<UserVerificationService>();
+    service = new VaultTimeoutSettingsService(
+      cryptoService,
+      tokenService,
+      policyService,
+      stateService,
+      userVerificationService
+    );
+  });
+
+  describe("availableVaultTimeoutActions$", () => {
+    it("always returns LogOut", async () => {
+      const result = await firstValueFrom(service.availableVaultTimeoutActions$());
+
+      expect(result).toContain(VaultTimeoutAction.LogOut);
+    });
+
+    it("contains Lock when the user has a master password", async () => {
+      userVerificationService.hasMasterPassword.mockResolvedValue(true);
+
+      const result = await firstValueFrom(service.availableVaultTimeoutActions$());
+
+      expect(result).toContain(VaultTimeoutAction.Lock);
+    });
+
+    it("contains Lock when the user has a persistent PIN configured", async () => {
+      stateService.getPinKeyEncryptedUserKey.mockResolvedValue(createEncString());
+
+      const result = await firstValueFrom(service.availableVaultTimeoutActions$());
+
+      expect(result).toContain(VaultTimeoutAction.Lock);
+    });
+
+    it("contains Lock when the user has a transient/ephemeral PIN configured", async () => {
+      stateService.getProtectedPin.mockResolvedValue("some-key");
+
+      const result = await firstValueFrom(service.availableVaultTimeoutActions$());
+
+      expect(result).toContain(VaultTimeoutAction.Lock);
+    });
+
+    it("contains Lock when the user has biometrics configured", async () => {
+      stateService.getBiometricUnlock.mockResolvedValue(true);
+
+      const result = await firstValueFrom(service.availableVaultTimeoutActions$());
+
+      expect(result).toContain(VaultTimeoutAction.Lock);
+    });
+
+    it("not contains Lock when the user does not have a master password, PIN, or biometrics", async () => {
+      userVerificationService.hasMasterPassword.mockResolvedValue(false);
+      stateService.getPinKeyEncryptedUserKey.mockResolvedValue(null);
+      stateService.getProtectedPin.mockResolvedValue(null);
+      stateService.getBiometricUnlock.mockResolvedValue(false);
+
+      const result = await firstValueFrom(service.availableVaultTimeoutActions$());
+
+      expect(result).not.toContain(VaultTimeoutAction.Lock);
+    });
+  });
+
+  describe("vaultTimeoutAction$", () => {
+    describe("given the user has a master password", () => {
+      it.each`
+        policy                       | userPreference               | expected
+        ${null}                      | ${null}                      | ${VaultTimeoutAction.Lock}
+        ${null}                      | ${VaultTimeoutAction.LogOut} | ${VaultTimeoutAction.LogOut}
+        ${VaultTimeoutAction.LogOut} | ${null}                      | ${VaultTimeoutAction.LogOut}
+        ${VaultTimeoutAction.LogOut} | ${VaultTimeoutAction.Lock}   | ${VaultTimeoutAction.LogOut}
+      `(
+        "returns $expected when policy is $policy, and user preference is $userPreference",
+        async ({ policy, userPreference, expected }) => {
+          userVerificationService.hasMasterPassword.mockResolvedValue(true);
+          policyService.policyAppliesToUser.mockResolvedValue(policy === null ? false : true);
+          policyService.getAll.mockResolvedValue(
+            policy === null ? [] : ([{ data: { action: policy } }] as unknown as Policy[])
+          );
+          stateService.getVaultTimeoutAction.mockResolvedValue(userPreference);
+
+          const result = await firstValueFrom(service.vaultTimeoutAction$());
+
+          expect(result).toBe(expected);
+        }
+      );
+    });
+
+    describe("given the user does not have a master password", () => {
+      it.each`
+        unlockMethod | policy                     | userPreference               | expected
+        ${false}     | ${null}                    | ${null}                      | ${VaultTimeoutAction.LogOut}
+        ${false}     | ${null}                    | ${VaultTimeoutAction.Lock}   | ${VaultTimeoutAction.LogOut}
+        ${false}     | ${VaultTimeoutAction.Lock} | ${null}                      | ${VaultTimeoutAction.LogOut}
+        ${true}      | ${null}                    | ${null}                      | ${VaultTimeoutAction.LogOut}
+        ${true}      | ${null}                    | ${VaultTimeoutAction.Lock}   | ${VaultTimeoutAction.Lock}
+        ${true}      | ${VaultTimeoutAction.Lock} | ${null}                      | ${VaultTimeoutAction.Lock}
+        ${true}      | ${VaultTimeoutAction.Lock} | ${VaultTimeoutAction.LogOut} | ${VaultTimeoutAction.Lock}
+      `(
+        "returns $expected when policy is $policy, has unlock method is $unlockMethod, and user preference is $userPreference",
+        async ({ unlockMethod, policy, userPreference, expected }) => {
+          stateService.getBiometricUnlock.mockResolvedValue(unlockMethod);
+          userVerificationService.hasMasterPassword.mockResolvedValue(false);
+          policyService.policyAppliesToUser.mockResolvedValue(policy === null ? false : true);
+          policyService.getAll.mockResolvedValue(
+            policy === null ? [] : ([{ data: { action: policy } }] as unknown as Policy[])
+          );
+          stateService.getVaultTimeoutAction.mockResolvedValue(userPreference);
+
+          const result = await firstValueFrom(service.vaultTimeoutAction$());
+
+          expect(result).toBe(expected);
+        }
+      );
+    });
+  });
+});
+
+function createEncString() {
+  return Symbol() as unknown as EncString;
+}
diff --git a/libs/common/src/services/vaultTimeout/vaultTimeoutSettings.service.ts b/libs/common/src/services/vault-timeout/vault-timeout-settings.service.ts
similarity index 50%
rename from libs/common/src/services/vaultTimeout/vaultTimeoutSettings.service.ts
rename to libs/common/src/services/vault-timeout/vault-timeout-settings.service.ts
index ae3c16e5865..f34983b910c 100644
--- a/libs/common/src/services/vaultTimeout/vaultTimeoutSettings.service.ts
+++ b/libs/common/src/services/vault-timeout/vault-timeout-settings.service.ts
@@ -1,17 +1,28 @@
-import { VaultTimeoutSettingsService as VaultTimeoutSettingsServiceAbstraction } from "../../abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { defer } from "rxjs";
+
+import { VaultTimeoutSettingsService as VaultTimeoutSettingsServiceAbstraction } from "../../abstractions/vault-timeout/vault-timeout-settings.service";
 import { PolicyService } from "../../admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyType } from "../../admin-console/enums";
 import { TokenService } from "../../auth/abstractions/token.service";
+import { UserVerificationService } from "../../auth/abstractions/user-verification/user-verification.service.abstraction";
 import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum";
 import { CryptoService } from "../../platform/abstractions/crypto.service";
 import { StateService } from "../../platform/abstractions/state.service";
 
+/**
+ * - DISABLED: No Pin set
+ * - PERSISTENT: Pin is set and survives client reset
+ * - TRANSIENT: Pin is set and requires password unlock after client reset
+ */
+export type PinLockType = "DISABLED" | "PERSISTANT" | "TRANSIENT";
+
 export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceAbstraction {
   constructor(
     private cryptoService: CryptoService,
     private tokenService: TokenService,
     private policyService: PolicyService,
-    private stateService: StateService
+    private stateService: StateService,
+    private userVerificationService: UserVerificationService
   ) {}
 
   async setVaultTimeoutOptions(timeout: number, action: VaultTimeoutAction): Promise<void> {
@@ -41,21 +52,35 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
     await this.tokenService.setClientId(clientId);
     await this.tokenService.setClientSecret(clientSecret);
 
-    await this.cryptoService.toggleKey();
+    await this.cryptoService.refreshAdditionalKeys();
   }
 
-  async isPinLockSet(): Promise<[boolean, boolean]> {
-    const protectedPin = await this.stateService.getProtectedPin();
-    const pinProtectedKey = await this.stateService.getEncryptedPinProtected();
-    return [protectedPin != null, pinProtectedKey != null];
+  availableVaultTimeoutActions$(userId?: string) {
+    return defer(() => this.getAvailableVaultTimeoutActions(userId));
   }
 
-  async isBiometricLockSet(): Promise<boolean> {
-    return await this.stateService.getBiometricUnlock();
+  async isPinLockSet(userId?: string): Promise<PinLockType> {
+    // we can't check the protected pin for both because old accounts only
+    // used it for MP on Restart
+    const pinIsEnabled = !!(await this.stateService.getProtectedPin({ userId }));
+    const aUserKeyPinIsSet = !!(await this.stateService.getPinKeyEncryptedUserKey({ userId }));
+    const anOldUserKeyPinIsSet = !!(await this.stateService.getEncryptedPinProtected({ userId }));
+
+    if (aUserKeyPinIsSet || anOldUserKeyPinIsSet) {
+      return "PERSISTANT";
+    } else if (pinIsEnabled && !aUserKeyPinIsSet && !anOldUserKeyPinIsSet) {
+      return "TRANSIENT";
+    } else {
+      return "DISABLED";
+    }
+  }
+
+  async isBiometricLockSet(userId?: string): Promise<boolean> {
+    return await this.stateService.getBiometricUnlock({ userId });
   }
 
   async getVaultTimeout(userId?: string): Promise<number> {
-    const vaultTimeout = await this.stateService.getVaultTimeout({ userId: userId });
+    const vaultTimeout = await this.stateService.getVaultTimeout({ userId });
 
     if (
       await this.policyService.policyAppliesToUser(PolicyType.MaximumVaultTimeout, null, userId)
@@ -68,9 +93,11 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
         timeout = policy[0].data.minutes;
       }
 
+      // TODO @jlf0dev: Can we move this somwhere else? Maybe add it to the initialization process?
+      // ( Apparently I'm the one that reviewed the original PR that added this :) )
       // We really shouldn't need to set the value here, but multiple services relies on this value being correct.
       if (vaultTimeout !== timeout) {
-        await this.stateService.setVaultTimeout(timeout, { userId: userId });
+        await this.stateService.setVaultTimeout(timeout, { userId });
       }
 
       return timeout;
@@ -79,22 +106,40 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
     return vaultTimeout;
   }
 
+  vaultTimeoutAction$(userId?: string) {
+    return defer(() => this.getVaultTimeoutAction(userId));
+  }
+
   async getVaultTimeoutAction(userId?: string): Promise<VaultTimeoutAction> {
-    let vaultTimeoutAction = await this.stateService.getVaultTimeoutAction({ userId: userId });
+    const availableActions = await this.getAvailableVaultTimeoutActions();
+    if (availableActions.length === 1) {
+      return availableActions[0];
+    }
+
+    const vaultTimeoutAction = await this.stateService.getVaultTimeoutAction({ userId: userId });
 
     if (
       await this.policyService.policyAppliesToUser(PolicyType.MaximumVaultTimeout, null, userId)
     ) {
       const policy = await this.policyService.getAll(PolicyType.MaximumVaultTimeout, userId);
       const action = policy[0].data.action;
-
-      if (action) {
-        // We really shouldn't need to set the value here, but multiple services relies on this value being correct.
-        if (action && vaultTimeoutAction !== action) {
-          await this.stateService.setVaultTimeoutAction(action, { userId: userId });
-        }
-        vaultTimeoutAction = action;
+      // We really shouldn't need to set the value here, but multiple services relies on this value being correct.
+      if (action && vaultTimeoutAction !== action) {
+        await this.stateService.setVaultTimeoutAction(action, { userId: userId });
       }
+      if (action && availableActions.includes(action)) {
+        return action;
+      }
+    }
+
+    if (vaultTimeoutAction == null) {
+      // Depends on whether or not the user has a master password
+      const defaultValue = (await this.userVerificationService.hasMasterPassword())
+        ? VaultTimeoutAction.Lock
+        : VaultTimeoutAction.LogOut;
+      // We really shouldn't need to set the value here, but multiple services relies on this value being correct.
+      await this.stateService.setVaultTimeoutAction(defaultValue, { userId: userId });
+      return defaultValue;
     }
 
     return vaultTimeoutAction === VaultTimeoutAction.LogOut
@@ -102,9 +147,23 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
       : VaultTimeoutAction.Lock;
   }
 
+  private async getAvailableVaultTimeoutActions(userId?: string): Promise<VaultTimeoutAction[]> {
+    const availableActions = [VaultTimeoutAction.LogOut];
+
+    const canLock =
+      (await this.userVerificationService.hasMasterPassword(userId)) ||
+      (await this.isPinLockSet(userId)) !== "DISABLED" ||
+      (await this.isBiometricLockSet(userId));
+
+    if (canLock) {
+      availableActions.push(VaultTimeoutAction.Lock);
+    }
+
+    return availableActions;
+  }
+
   async clear(userId?: string): Promise<void> {
     await this.stateService.setEverBeenUnlocked(false, { userId: userId });
-    await this.stateService.setDecryptedPinProtected(null, { userId: userId });
-    await this.stateService.setProtectedPin(null, { userId: userId });
+    await this.cryptoService.clearPinKeys(userId);
   }
 }
diff --git a/libs/common/src/services/vaultTimeout/vaultTimeout.service.ts b/libs/common/src/services/vault-timeout/vault-timeout.service.ts
similarity index 79%
rename from libs/common/src/services/vaultTimeout/vaultTimeout.service.ts
rename to libs/common/src/services/vault-timeout/vault-timeout.service.ts
index 169273bdfdb..0fbbf51bd60 100644
--- a/libs/common/src/services/vaultTimeout/vaultTimeout.service.ts
+++ b/libs/common/src/services/vault-timeout/vault-timeout.service.ts
@@ -1,10 +1,9 @@
 import { firstValueFrom } from "rxjs";
 
 import { SearchService } from "../../abstractions/search.service";
-import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "../../abstractions/vaultTimeout/vaultTimeout.service";
-import { VaultTimeoutSettingsService } from "../../abstractions/vaultTimeout/vaultTimeoutSettings.service";
+import { VaultTimeoutSettingsService } from "../../abstractions/vault-timeout/vault-timeout-settings.service";
+import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "../../abstractions/vault-timeout/vault-timeout.service";
 import { AuthService } from "../../auth/abstractions/auth.service";
-import { KeyConnectorService } from "../../auth/abstractions/key-connector.service";
 import { AuthenticationStatus } from "../../auth/enums/authentication-status";
 import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum";
 import { CryptoService } from "../../platform/abstractions/crypto.service";
@@ -26,7 +25,6 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
     protected platformUtilsService: PlatformUtilsService,
     private messagingService: MessagingService,
     private searchService: SearchService,
-    private keyConnectorService: KeyConnectorService,
     private stateService: StateService,
     private authService: AuthService,
     private vaultTimeoutSettingsService: VaultTimeoutSettingsService,
@@ -34,10 +32,12 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
     private loggedOutCallback: (expired: boolean, userId?: string) => Promise<void> = null
   ) {}
 
-  init(checkOnInterval: boolean) {
+  async init(checkOnInterval: boolean) {
     if (this.inited) {
       return;
     }
+    // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3483)
+    await this.migrateKeyForNeverLockIfNeeded();
 
     this.inited = true;
     if (checkOnInterval) {
@@ -69,14 +69,12 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
       return;
     }
 
-    if (await this.keyConnectorService.getUsesKeyConnector()) {
-      const pinSet = await this.vaultTimeoutSettingsService.isPinLockSet();
-      const pinLock =
-        (pinSet[0] && (await this.stateService.getDecryptedPinProtected()) != null) || pinSet[1];
-
-      if (!pinLock && !(await this.vaultTimeoutSettingsService.isBiometricLockSet())) {
-        await this.logOut(userId);
-      }
+    const availableActions = await firstValueFrom(
+      this.vaultTimeoutSettingsService.availableVaultTimeoutActions$()
+    );
+    const supportsLock = availableActions.includes(VaultTimeoutAction.Lock);
+    if (!supportsLock) {
+      await this.logOut(userId);
     }
 
     if (userId == null || userId === (await this.stateService.getUserId())) {
@@ -85,12 +83,13 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
     }
 
     await this.stateService.setEverBeenUnlocked(true, { userId: userId });
+    await this.stateService.setUserKeyAutoUnlock(null, { userId: userId });
     await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
 
-    await this.cryptoService.clearKey(false, userId);
+    await this.cryptoService.clearUserKey(false, userId);
+    await this.cryptoService.clearMasterKey(userId);
     await this.cryptoService.clearOrgKeys(true, userId);
     await this.cryptoService.clearKeyPair(true, userId);
-    await this.cryptoService.clearEncKey(true, userId);
 
     await this.cipherService.clearCache(userId);
     await this.collectionService.clearCache(userId);
@@ -133,9 +132,20 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
   }
 
   private async executeTimeoutAction(userId: string): Promise<void> {
-    const timeoutAction = await this.vaultTimeoutSettingsService.getVaultTimeoutAction(userId);
+    const timeoutAction = await firstValueFrom(
+      this.vaultTimeoutSettingsService.vaultTimeoutAction$(userId)
+    );
     timeoutAction === VaultTimeoutAction.LogOut
       ? await this.logOut(userId)
       : await this.lock(userId);
   }
+
+  private async migrateKeyForNeverLockIfNeeded(): Promise<void> {
+    const accounts = await firstValueFrom(this.stateService.accounts$);
+    for (const userId in accounts) {
+      if (userId != null) {
+        await this.cryptoService.migrateAutoKeyIfNeeded(userId);
+      }
+    }
+  }
 }
diff --git a/libs/common/src/tools/generator/password/password-generation.service.ts b/libs/common/src/tools/generator/password/password-generation.service.ts
index 079d455c46d..55bab173cec 100644
--- a/libs/common/src/tools/generator/password/password-generation.service.ts
+++ b/libs/common/src/tools/generator/password/password-generation.service.ts
@@ -336,7 +336,7 @@ export class PasswordGenerationService implements PasswordGenerationServiceAbstr
   }
 
   async getHistory(): Promise<GeneratedPasswordHistory[]> {
-    const hasKey = await this.cryptoService.hasKey();
+    const hasKey = await this.cryptoService.hasUserKey();
     if (!hasKey) {
       return new Array<GeneratedPasswordHistory>();
     }
@@ -356,7 +356,7 @@ export class PasswordGenerationService implements PasswordGenerationServiceAbstr
 
   async addHistory(password: string): Promise<void> {
     // Cannot add new history if no key is available
-    const hasKey = await this.cryptoService.hasKey();
+    const hasKey = await this.cryptoService.hasUserKey();
     if (!hasKey) {
       return;
     }
diff --git a/libs/common/src/tools/send/services/send.service.ts b/libs/common/src/tools/send/services/send.service.ts
index 2b4a2684030..e1ddeae7087 100644
--- a/libs/common/src/tools/send/services/send.service.ts
+++ b/libs/common/src/tools/send/services/send.service.ts
@@ -143,9 +143,9 @@ export class SendService implements InternalSendServiceAbstraction {
     }
 
     decSends = [];
-    const hasKey = await this.cryptoService.hasKey();
+    const hasKey = await this.cryptoService.hasUserKey();
     if (!hasKey) {
-      throw new Error("No key.");
+      throw new Error("No user key found.");
     }
 
     const promises: Promise<any>[] = [];
@@ -249,7 +249,7 @@ export class SendService implements InternalSendServiceAbstraction {
     const sends = Object.values(sendsMap || {}).map((f) => new Send(f));
     this._sends.next(sends);
 
-    if (await this.cryptoService.hasKey()) {
+    if (await this.cryptoService.hasUserKey()) {
       this._sendViews.next(await this.decryptSends(sends));
     }
   }
diff --git a/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts b/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts
index baefc6d509d..f888b5d6892 100644
--- a/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts
+++ b/libs/common/src/vault/abstractions/fido2/fido2-client.service.abstraction.ts
@@ -11,6 +11,7 @@ export abstract class Fido2ClientService {
     params: AssertCredentialParams,
     abortController?: AbortController
   ) => Promise<AssertCredentialResult>;
+  isFido2FeatureEnabled: () => Promise<boolean>;
 }
 
 export interface CreateCredentialParams {
diff --git a/libs/common/src/vault/models/domain/attachment.spec.ts b/libs/common/src/vault/models/domain/attachment.spec.ts
index 2d581189597..0af7df73e10 100644
--- a/libs/common/src/vault/models/domain/attachment.spec.ts
+++ b/libs/common/src/vault/models/domain/attachment.spec.ts
@@ -3,8 +3,12 @@ import { mock, MockProxy } from "jest-mock-extended";
 import { makeStaticByteArray, mockEnc, mockFromJson } from "../../../../spec";
 import { CryptoService } from "../../../platform/abstractions/crypto.service";
 import { EncryptService } from "../../../platform/abstractions/encrypt.service";
-import { EncString } from "../../../platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
+import { EncryptedString, EncString } from "../../../platform/models/domain/enc-string";
+import {
+  OrgKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../../../platform/models/domain/symmetric-crypto-key";
 import { ContainerService } from "../../../platform/services/container.service";
 import { AttachmentData } from "../../models/data/attachment.data";
 import { Attachment } from "../../models/domain/attachment";
@@ -105,12 +109,12 @@ describe("Attachment", () => {
 
         await attachment.decrypt(null, providedKey);
 
-        expect(cryptoService.getKeyForUserEncryption).not.toHaveBeenCalled();
+        expect(cryptoService.getUserKeyWithLegacySupport).not.toHaveBeenCalled();
         expect(encryptService.decryptToBytes).toHaveBeenCalledWith(attachment.key, providedKey);
       });
 
       it("gets an organization key if required", async () => {
-        const orgKey = mock<SymmetricCryptoKey>();
+        const orgKey = mock<OrgKey>();
         cryptoService.getOrgKey.calledWith("orgId").mockResolvedValue(orgKey);
 
         await attachment.decrypt("orgId", null);
@@ -120,12 +124,12 @@ describe("Attachment", () => {
       });
 
       it("gets the user's decryption key if required", async () => {
-        const userKey = mock<SymmetricCryptoKey>();
-        cryptoService.getKeyForUserEncryption.mockResolvedValue(userKey);
+        const userKey = mock<UserKey>();
+        cryptoService.getUserKeyWithLegacySupport.mockResolvedValue(userKey);
 
         await attachment.decrypt(null, null);
 
-        expect(cryptoService.getKeyForUserEncryption).toHaveBeenCalled();
+        expect(cryptoService.getUserKeyWithLegacySupport).toHaveBeenCalled();
         expect(encryptService.decryptToBytes).toHaveBeenCalledWith(attachment.key, userKey);
       });
     });
@@ -136,8 +140,8 @@ describe("Attachment", () => {
       jest.spyOn(EncString, "fromJSON").mockImplementation(mockFromJson);
 
       const actual = Attachment.fromJSON({
-        key: "myKey",
-        fileName: "myFileName",
+        key: "myKey" as EncryptedString,
+        fileName: "myFileName" as EncryptedString,
       });
 
       expect(actual).toEqual({
diff --git a/libs/common/src/vault/models/domain/attachment.ts b/libs/common/src/vault/models/domain/attachment.ts
index a5e0aa9d4ed..1caa290fd6a 100644
--- a/libs/common/src/vault/models/domain/attachment.ts
+++ b/libs/common/src/vault/models/domain/attachment.ts
@@ -71,7 +71,7 @@ export class Attachment extends Domain {
     const cryptoService = Utils.getContainerService().getCryptoService();
     return orgId != null
       ? await cryptoService.getOrgKey(orgId)
-      : await cryptoService.getKeyForUserEncryption();
+      : await cryptoService.getUserKeyWithLegacySupport();
   }
 
   toAttachmentData(): AttachmentData {
diff --git a/libs/common/src/vault/models/domain/card.spec.ts b/libs/common/src/vault/models/domain/card.spec.ts
index b84e8683532..a7011966d94 100644
--- a/libs/common/src/vault/models/domain/card.spec.ts
+++ b/libs/common/src/vault/models/domain/card.spec.ts
@@ -1,5 +1,5 @@
 import { mockEnc, mockFromJson } from "../../../../spec";
-import { EncString } from "../../../platform/models/domain/enc-string";
+import { EncryptedString, EncString } from "../../../platform/models/domain/enc-string";
 import { CardData } from "../../../vault/models/data/card.data";
 import { Card } from "../../models/domain/card";
 
@@ -76,12 +76,12 @@ describe("Card", () => {
       jest.spyOn(EncString, "fromJSON").mockImplementation(mockFromJson);
 
       const actual = Card.fromJSON({
-        cardholderName: "mockCardHolder",
-        brand: "mockBrand",
-        number: "mockNumber",
-        expMonth: "mockExpMonth",
-        expYear: "mockExpYear",
-        code: "mockCode",
+        cardholderName: "mockCardHolder" as EncryptedString,
+        brand: "mockBrand" as EncryptedString,
+        number: "mockNumber" as EncryptedString,
+        expMonth: "mockExpMonth" as EncryptedString,
+        expYear: "mockExpYear" as EncryptedString,
+        code: "mockCode" as EncryptedString,
       });
 
       expect(actual).toEqual({
diff --git a/libs/common/src/vault/models/domain/field.spec.ts b/libs/common/src/vault/models/domain/field.spec.ts
index aab8d933a3a..8aa77b78a51 100644
--- a/libs/common/src/vault/models/domain/field.spec.ts
+++ b/libs/common/src/vault/models/domain/field.spec.ts
@@ -1,6 +1,6 @@
 import { mockEnc, mockFromJson } from "../../../../spec";
 import { FieldType } from "../../../enums";
-import { EncString } from "../../../platform/models/domain/enc-string";
+import { EncryptedString, EncString } from "../../../platform/models/domain/enc-string";
 import { FieldData } from "../../models/data/field.data";
 import { Field } from "../../models/domain/field";
 
@@ -67,8 +67,8 @@ describe("Field", () => {
       jest.spyOn(EncString, "fromJSON").mockImplementation(mockFromJson);
 
       const actual = Field.fromJSON({
-        name: "myName",
-        value: "myValue",
+        name: "myName" as EncryptedString,
+        value: "myValue" as EncryptedString,
       });
 
       expect(actual).toEqual({
diff --git a/libs/common/src/vault/models/domain/folder.spec.ts b/libs/common/src/vault/models/domain/folder.spec.ts
index 686a8b886ef..69134d19cfb 100644
--- a/libs/common/src/vault/models/domain/folder.spec.ts
+++ b/libs/common/src/vault/models/domain/folder.spec.ts
@@ -1,5 +1,5 @@
 import { mockEnc, mockFromJson } from "../../../../spec";
-import { EncString } from "../../../platform/models/domain/enc-string";
+import { EncryptedString, EncString } from "../../../platform/models/domain/enc-string";
 import { FolderData } from "../../models/data/folder.data";
 import { Folder } from "../../models/domain/folder";
 
@@ -47,7 +47,7 @@ describe("Folder", () => {
       const revisionDate = new Date("2022-08-04T01:06:40.441Z");
       const actual = Folder.fromJSON({
         revisionDate: revisionDate.toISOString(),
-        name: "name",
+        name: "name" as EncryptedString,
         id: "id",
       });
 
diff --git a/libs/common/src/vault/models/domain/identity.spec.ts b/libs/common/src/vault/models/domain/identity.spec.ts
index 929124fd875..3a95138998b 100644
--- a/libs/common/src/vault/models/domain/identity.spec.ts
+++ b/libs/common/src/vault/models/domain/identity.spec.ts
@@ -1,5 +1,5 @@
 import { mockEnc, mockFromJson } from "../../../../spec";
-import { EncString } from "../../../platform/models/domain/enc-string";
+import { EncryptedString, EncString } from "../../../platform/models/domain/enc-string";
 import { IdentityData } from "../../models/data/identity.data";
 import { Identity } from "../../models/domain/identity";
 
@@ -137,24 +137,24 @@ describe("Identity", () => {
       jest.spyOn(EncString, "fromJSON").mockImplementation(mockFromJson);
 
       const actual = Identity.fromJSON({
-        firstName: "mockFirstName",
-        lastName: "mockLastName",
-        address1: "mockAddress1",
-        address2: "mockAddress2",
-        address3: "mockAddress3",
-        city: "mockCity",
-        company: "mockCompany",
-        country: "mockCountry",
-        email: "mockEmail",
-        licenseNumber: "mockLicenseNumber",
-        middleName: "mockMiddleName",
-        passportNumber: "mockPassportNumber",
-        phone: "mockPhone",
-        postalCode: "mockPostalCode",
-        ssn: "mockSsn",
-        state: "mockState",
-        title: "mockTitle",
-        username: "mockUsername",
+        firstName: "mockFirstName" as EncryptedString,
+        lastName: "mockLastName" as EncryptedString,
+        address1: "mockAddress1" as EncryptedString,
+        address2: "mockAddress2" as EncryptedString,
+        address3: "mockAddress3" as EncryptedString,
+        city: "mockCity" as EncryptedString,
+        company: "mockCompany" as EncryptedString,
+        country: "mockCountry" as EncryptedString,
+        email: "mockEmail" as EncryptedString,
+        licenseNumber: "mockLicenseNumber" as EncryptedString,
+        middleName: "mockMiddleName" as EncryptedString,
+        passportNumber: "mockPassportNumber" as EncryptedString,
+        phone: "mockPhone" as EncryptedString,
+        postalCode: "mockPostalCode" as EncryptedString,
+        ssn: "mockSsn" as EncryptedString,
+        state: "mockState" as EncryptedString,
+        title: "mockTitle" as EncryptedString,
+        username: "mockUsername" as EncryptedString,
       });
 
       expect(actual).toEqual({
diff --git a/libs/common/src/vault/models/domain/login.spec.ts b/libs/common/src/vault/models/domain/login.spec.ts
index e1708a3cdc0..6a4f5ba3c93 100644
--- a/libs/common/src/vault/models/domain/login.spec.ts
+++ b/libs/common/src/vault/models/domain/login.spec.ts
@@ -3,7 +3,7 @@ import { Substitute, Arg } from "@fluffy-spoon/substitute";
 
 import { mockEnc, mockFromJson } from "../../../../spec";
 import { UriMatchType } from "../../../enums";
-import { EncString } from "../../../platform/models/domain/enc-string";
+import { EncryptedString, EncString } from "../../../platform/models/domain/enc-string";
 import { LoginData } from "../../models/data/login.data";
 import { Login } from "../../models/domain/login";
 import { LoginUri } from "../../models/domain/login-uri";
@@ -108,22 +108,22 @@ describe("Login DTO", () => {
 
       const actual = Login.fromJSON({
         uris: ["loginUri1", "loginUri2"] as any,
-        username: "myUsername",
-        password: "myPassword",
+        username: "myUsername" as EncryptedString,
+        password: "myPassword" as EncryptedString,
         passwordRevisionDate: passwordRevisionDate.toISOString(),
-        totp: "myTotp",
+        totp: "myTotp" as EncryptedString,
         fido2Key: {
-          nonDiscoverableId: "keyId",
-          keyType: "keyType",
-          keyAlgorithm: "keyAlgorithm",
-          keyCurve: "keyCurve",
-          keyValue: "keyValue",
-          rpId: "rpId",
-          userHandle: "userHandle",
-          counter: "counter",
-          rpName: "rpName",
-          userName: "userName",
-          origin: "origin",
+          nonDiscoverableId: "keyId" as EncryptedString,
+          keyType: "keyType" as EncryptedString,
+          keyAlgorithm: "keyAlgorithm" as EncryptedString,
+          keyCurve: "keyCurve" as EncryptedString,
+          keyValue: "keyValue" as EncryptedString,
+          rpId: "rpId" as EncryptedString,
+          userHandle: "userHandle" as EncryptedString,
+          counter: "counter" as EncryptedString,
+          rpName: "rpName" as EncryptedString,
+          userName: "userName" as EncryptedString,
+          origin: "origin" as EncryptedString,
         },
       });
 
diff --git a/libs/common/src/vault/models/domain/password.spec.ts b/libs/common/src/vault/models/domain/password.spec.ts
index ccd2e77576f..614b9639e52 100644
--- a/libs/common/src/vault/models/domain/password.spec.ts
+++ b/libs/common/src/vault/models/domain/password.spec.ts
@@ -1,5 +1,5 @@
 import { mockEnc, mockFromJson } from "../../../../spec";
-import { EncString } from "../../../platform/models/domain/enc-string";
+import { EncryptedString, EncString } from "../../../platform/models/domain/enc-string";
 import { PasswordHistoryData } from "../../models/data/password-history.data";
 import { Password } from "../../models/domain/password";
 
@@ -55,7 +55,7 @@ describe("Password", () => {
       const lastUsedDate = new Date("2022-01-31T12:00:00.000Z");
 
       const actual = Password.fromJSON({
-        password: "myPassword",
+        password: "myPassword" as EncryptedString,
         lastUsedDate: lastUsedDate.toISOString(),
       });
 
diff --git a/libs/common/src/vault/services/cipher.service.spec.ts b/libs/common/src/vault/services/cipher.service.spec.ts
index d6e631cfae5..daaa6fbc91b 100644
--- a/libs/common/src/vault/services/cipher.service.spec.ts
+++ b/libs/common/src/vault/services/cipher.service.spec.ts
@@ -9,7 +9,7 @@ import { CryptoService } from "../../platform/abstractions/crypto.service";
 import { EncryptService } from "../../platform/abstractions/encrypt.service";
 import { I18nService } from "../../platform/abstractions/i18n.service";
 import { StateService } from "../../platform/abstractions/state.service";
-import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import { OrgKey, SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
 import { CipherFileUploadService } from "../abstractions/file-upload/cipher-file-upload.service";
 import { CipherRepromptType } from "../enums/cipher-reprompt-type";
 import { CipherType } from "../enums/cipher-type";
@@ -118,11 +118,11 @@ describe("Cipher Service", () => {
   describe("saveAttachmentRawWithServer()", () => {
     it("should upload encrypted file contents with save attachments", async () => {
       const fileName = "filename";
-      const fileData = new Uint8Array(10).buffer;
+      const fileData = new Uint8Array(10);
       cryptoService.getOrgKey.mockReturnValue(
-        Promise.resolve<any>(new SymmetricCryptoKey(new Uint8Array(32)))
+        Promise.resolve<any>(new SymmetricCryptoKey(new Uint8Array(32)) as OrgKey)
       );
-      cryptoService.makeEncKey.mockReturnValue(
+      cryptoService.makeDataEncKey.mockReturnValue(
         Promise.resolve<any>(new SymmetricCryptoKey(new Uint8Array(32)))
       );
       const spy = jest.spyOn(cipherFileUploadService, "upload");
diff --git a/libs/common/src/vault/services/cipher.service.ts b/libs/common/src/vault/services/cipher.service.ts
index 10e14ac0290..e307066f69e 100644
--- a/libs/common/src/vault/services/cipher.service.ts
+++ b/libs/common/src/vault/services/cipher.service.ts
@@ -13,7 +13,11 @@ import { Utils } from "../../platform/misc/utils";
 import Domain from "../../platform/models/domain/domain-base";
 import { EncArrayBuffer } from "../../platform/models/domain/enc-array-buffer";
 import { EncString } from "../../platform/models/domain/enc-string";
-import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
+import {
+  OrgKey,
+  SymmetricCryptoKey,
+  UserKey,
+} from "../../platform/models/domain/symmetric-crypto-key";
 import { CipherService as CipherServiceAbstraction } from "../abstractions/cipher.service";
 import { CipherFileUploadService } from "../abstractions/file-upload/cipher-file-upload.service";
 import { CipherType } from "../enums/cipher-type";
@@ -326,14 +330,14 @@ export class CipherService implements CipherServiceAbstraction {
       return await this.getDecryptedCipherCache();
     }
 
-    const hasKey = await this.cryptoService.hasKey();
+    const hasKey = await this.cryptoService.hasUserKey();
     if (!hasKey) {
-      throw new Error("No key.");
+      throw new Error("No user key found.");
     }
 
     const ciphers = await this.getAll();
     const orgKeys = await this.cryptoService.getOrgKeys();
-    const userKey = await this.cryptoService.getKeyForUserEncryption();
+    const userKey = await this.cryptoService.getUserKeyWithLegacySupport();
 
     // Group ciphers by orgId or under 'null' for the user's ciphers
     const grouped = ciphers.reduce((agg, c) => {
@@ -637,14 +641,17 @@ export class CipherService implements CipherServiceAbstraction {
   async saveAttachmentRawWithServer(
     cipher: Cipher,
     filename: string,
-    data: ArrayBuffer,
+    data: Uint8Array,
     admin = false
   ): Promise<Cipher> {
-    const key = await this.cryptoService.getOrgKey(cipher.organizationId);
-    const encFileName = await this.cryptoService.encrypt(filename, key);
+    let encKey: UserKey | OrgKey;
+    encKey = await this.cryptoService.getOrgKey(cipher.organizationId);
+    encKey ||= await this.cryptoService.getUserKeyWithLegacySupport();
 
-    const dataEncKey = await this.cryptoService.makeEncKey(key);
-    const encData = await this.cryptoService.encryptToBytes(new Uint8Array(data), dataEncKey[0]);
+    const dataEncKey = await this.cryptoService.makeDataEncKey(encKey);
+
+    const encFileName = await this.encryptService.encrypt(filename, encKey);
+    const encData = await this.encryptService.encryptToBytes(data, dataEncKey[0]);
 
     const response = await this.cipherFileUploadService.upload(
       cipher,
@@ -971,11 +978,15 @@ export class CipherService implements CipherServiceAbstraction {
 
     const encBuf = await EncArrayBuffer.fromResponse(attachmentResponse);
     const decBuf = await this.cryptoService.decryptFromBytes(encBuf, null);
-    const key = await this.cryptoService.getOrgKey(organizationId);
-    const encFileName = await this.cryptoService.encrypt(attachmentView.fileName, key);
 
-    const dataEncKey = await this.cryptoService.makeEncKey(key);
-    const encData = await this.cryptoService.encryptToBytes(decBuf, dataEncKey[0]);
+    let encKey: UserKey | OrgKey;
+    encKey = await this.cryptoService.getOrgKey(organizationId);
+    encKey ||= (await this.cryptoService.getUserKeyWithLegacySupport()) as UserKey;
+
+    const dataEncKey = await this.cryptoService.makeDataEncKey(encKey);
+
+    const encFileName = await this.encryptService.encrypt(attachmentView.fileName, encKey);
+    const encData = await this.encryptService.encryptToBytes(new Uint8Array(decBuf), dataEncKey[0]);
 
     const fd = new FormData();
     try {
diff --git a/libs/common/src/vault/services/collection.service.ts b/libs/common/src/vault/services/collection.service.ts
index c0148bddd75..277d40cc88d 100644
--- a/libs/common/src/vault/services/collection.service.ts
+++ b/libs/common/src/vault/services/collection.service.ts
@@ -79,7 +79,7 @@ export class CollectionService implements CollectionServiceAbstraction {
       return decryptedCollections;
     }
 
-    const hasKey = await this.cryptoService.hasKey();
+    const hasKey = await this.cryptoService.hasUserKey();
     if (!hasKey) {
       throw new Error("No key.");
     }
diff --git a/libs/common/src/vault/services/fido2/fido2-client.service.ts b/libs/common/src/vault/services/fido2/fido2-client.service.ts
index 0932799a78b..4733010944a 100644
--- a/libs/common/src/vault/services/fido2/fido2-client.service.ts
+++ b/libs/common/src/vault/services/fido2/fido2-client.service.ts
@@ -34,13 +34,15 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
     private logService?: LogService
   ) {}
 
+  async isFido2FeatureEnabled(): Promise<boolean> {
+    return await this.configService.getFeatureFlagBool(FeatureFlag.Fido2VaultCredentials);
+  }
+
   async createCredential(
     params: CreateCredentialParams,
     abortController = new AbortController()
   ): Promise<CreateCredentialResult> {
-    const enableFido2VaultCredentials = await this.configService.getFeatureFlagBool(
-      FeatureFlag.Fido2VaultCredentials
-    );
+    const enableFido2VaultCredentials = await this.isFido2FeatureEnabled();
 
     if (!enableFido2VaultCredentials) {
       this.logService?.warning(`[Fido2Client] Fido2VaultCredential is not enabled`);
@@ -191,9 +193,7 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
     params: AssertCredentialParams,
     abortController = new AbortController()
   ): Promise<AssertCredentialResult> {
-    const enableFido2VaultCredentials = await this.configService.getFeatureFlagBool(
-      FeatureFlag.Fido2VaultCredentials
-    );
+    const enableFido2VaultCredentials = await this.isFido2FeatureEnabled();
 
     if (!enableFido2VaultCredentials) {
       this.logService?.warning(`[Fido2Client] Fido2VaultCredential is not enabled`);
diff --git a/libs/common/src/vault/services/folder/folder.service.ts b/libs/common/src/vault/services/folder/folder.service.ts
index 9f8645e87a6..2244d7a458a 100644
--- a/libs/common/src/vault/services/folder/folder.service.ts
+++ b/libs/common/src/vault/services/folder/folder.service.ts
@@ -173,7 +173,7 @@ export class FolderService implements InternalFolderServiceAbstraction {
 
     this._folders.next(folders);
 
-    if (await this.cryptoService.hasKey()) {
+    if (await this.cryptoService.hasUserKey()) {
       this._folderViews.next(await this.decryptFolders(folders));
     }
   }
diff --git a/libs/common/src/vault/services/sync/sync.service.ts b/libs/common/src/vault/services/sync/sync.service.ts
index b2c203b4e7f..c8bd274a4d9 100644
--- a/libs/common/src/vault/services/sync/sync.service.ts
+++ b/libs/common/src/vault/services/sync/sync.service.ts
@@ -303,8 +303,8 @@ export class SyncService implements SyncServiceAbstraction {
       throw new Error("Stamp has changed");
     }
 
-    await this.cryptoService.setEncKey(response.key);
-    await this.cryptoService.setEncPrivateKey(response.privateKey);
+    await this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
+    await this.cryptoService.setPrivateKey(response.privateKey);
     await this.cryptoService.setProviderKeys(response.providers);
     await this.cryptoService.setOrgKeys(response.organizations, response.providerOrganizations);
     await this.stateService.setAvatarColor(response.avatarColor);
diff --git a/libs/components/src/callout/callout.component.html b/libs/components/src/callout/callout.component.html
index 3d66642fa5a..57da850d8bb 100644
--- a/libs/components/src/callout/callout.component.html
+++ b/libs/components/src/callout/callout.component.html
@@ -1,14 +1,16 @@
-<div
+<aside
   class="tw-mb-4 tw-box-border tw-rounded tw-border tw-border-l-8 tw-border-solid tw-border-secondary-300 tw-bg-background-alt tw-px-5 tw-py-3 tw-leading-5 tw-text-main"
   [ngClass]="calloutClass"
+  [attr.aria-labelledby]="titleId"
 >
-  <h3
+  <header
+    id="{{ titleId }}"
     class="tw-mb-2 tw-mt-0 tw-text-base tw-font-bold tw-uppercase"
     [ngClass]="headerClass"
     *ngIf="title"
   >
     <i class="bwi {{ icon }}" *ngIf="icon" aria-hidden="true"></i>
     {{ title }}
-  </h3>
+  </header>
   <ng-content></ng-content>
-</div>
+</aside>
diff --git a/libs/components/src/callout/callout.component.ts b/libs/components/src/callout/callout.component.ts
index b62f830d448..7ce79071bf0 100644
--- a/libs/components/src/callout/callout.component.ts
+++ b/libs/components/src/callout/callout.component.ts
@@ -16,6 +16,9 @@ const defaultI18n: Partial<Record<CalloutTypes, string>> = {
   danger: "error",
 };
 
+// Increments for each instance of this component
+let nextId = 0;
+
 @Component({
   selector: "bit-callout",
   templateUrl: "callout.component.html",
@@ -25,6 +28,7 @@ export class CalloutComponent implements OnInit {
   @Input() icon: string;
   @Input() title: string;
   @Input() useAlertRole = false;
+  protected titleId = `bit-callout-title-${nextId++}`;
 
   constructor(private i18nService: I18nService) {}
 
diff --git a/libs/components/src/dialog/dialog.module.ts b/libs/components/src/dialog/dialog.module.ts
index f7e0c1e9578..a4e119bcc29 100644
--- a/libs/components/src/dialog/dialog.module.ts
+++ b/libs/components/src/dialog/dialog.module.ts
@@ -2,8 +2,6 @@ import { DialogModule as CdkDialogModule } from "@angular/cdk/dialog";
 import { NgModule } from "@angular/core";
 import { ReactiveFormsModule } from "@angular/forms";
 
-import { DialogServiceAbstraction } from "@bitwarden/angular/services/dialog";
-
 import { AsyncActionsModule } from "../async-actions";
 import { ButtonModule } from "../button";
 import { IconButtonModule } from "../icon-button";
@@ -13,7 +11,7 @@ import { DialogComponent } from "./dialog/dialog.component";
 import { DialogService } from "./dialog.service";
 import { DialogCloseDirective } from "./directives/dialog-close.directive";
 import { DialogTitleContainerDirective } from "./directives/dialog-title-container.directive";
-import { SimpleConfigurableDialogComponent } from "./simple-configurable-dialog/simple-configurable-dialog.component";
+import { SimpleConfigurableDialogComponent } from "./simple-dialog/simple-configurable-dialog/simple-configurable-dialog.component";
 import { IconDirective, SimpleDialogComponent } from "./simple-dialog/simple-dialog.component";
 
 @NgModule({
@@ -40,11 +38,6 @@ import { IconDirective, SimpleDialogComponent } from "./simple-dialog/simple-dia
     DialogCloseDirective,
     IconDirective,
   ],
-  providers: [
-    {
-      provide: DialogServiceAbstraction,
-      useClass: DialogService,
-    },
-  ],
+  providers: [DialogService],
 })
 export class DialogModule {}
diff --git a/libs/components/src/dialog/dialog.service.ts b/libs/components/src/dialog/dialog.service.ts
index 0f58c1c847f..27930189bfc 100644
--- a/libs/components/src/dialog/dialog.service.ts
+++ b/libs/components/src/dialog/dialog.service.ts
@@ -18,19 +18,15 @@ import {
 import { NavigationEnd, Router } from "@angular/router";
 import { filter, firstValueFrom, Subject, switchMap, takeUntil } from "rxjs";
 
-import {
-  DialogServiceAbstraction,
-  SimpleDialogCloseType,
-} from "@bitwarden/angular/services/dialog";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 
-import { SimpleDialogOptions } from "../../../angular/src/services/dialog/simple-dialog-options";
-
-import { SimpleConfigurableDialogComponent } from "./simple-configurable-dialog/simple-configurable-dialog.component";
+import { SimpleConfigurableDialogComponent } from "./simple-dialog/simple-configurable-dialog/simple-configurable-dialog.component";
+import { SimpleDialogOptions, Translation } from "./simple-dialog/types";
 
 @Injectable()
-export class DialogService extends Dialog implements OnDestroy, DialogServiceAbstraction {
+export class DialogService extends Dialog implements OnDestroy {
   private _destroy$ = new Subject<void>();
 
   private backDropClasses = ["tw-fixed", "tw-bg-black", "tw-bg-opacity-30", "tw-inset-0"];
@@ -46,7 +42,9 @@ export class DialogService extends Dialog implements OnDestroy, DialogServiceAbs
 
     /** Not in parent class */
     @Optional() router: Router,
-    @Optional() authService: AuthService
+    @Optional() authService: AuthService,
+
+    protected i18nService: I18nService
   ) {
     super(_overlay, _injector, _defaultOptions, _parentDialog, _overlayContainer, scrollStrategy);
 
@@ -88,12 +86,12 @@ export class DialogService extends Dialog implements OnDestroy, DialogServiceAbs
    * @returns `boolean` - True if the user accepted the dialog, false otherwise.
    */
   async openSimpleDialog(simpleDialogOptions: SimpleDialogOptions): Promise<boolean> {
-    const dialogRef = this.open(SimpleConfigurableDialogComponent, {
+    const dialogRef = this.open<boolean>(SimpleConfigurableDialogComponent, {
       data: simpleDialogOptions,
       disableClose: simpleDialogOptions.disableClose,
     });
 
-    return (await firstValueFrom(dialogRef.closed)) == SimpleDialogCloseType.ACCEPT;
+    return firstValueFrom(dialogRef.closed);
   }
 
   /**
@@ -105,7 +103,7 @@ export class DialogService extends Dialog implements OnDestroy, DialogServiceAbs
    * @param {SimpleDialogOptions} simpleDialogOptions - An object containing options for the dialog.
    * @returns `DialogRef` - The reference to the opened dialog.
    * Contains a closed observable which can be subscribed to for determining which button
-   * a user pressed (see `SimpleDialogCloseType`)
+   * a user pressed
    */
   openSimpleDialogRef(simpleDialogOptions: SimpleDialogOptions): DialogRef {
     return this.open(SimpleConfigurableDialogComponent, {
@@ -113,4 +111,21 @@ export class DialogService extends Dialog implements OnDestroy, DialogServiceAbs
       disableClose: simpleDialogOptions.disableClose,
     });
   }
+
+  protected translate(translation: string | Translation, defaultKey?: string): string {
+    if (translation == null && defaultKey == null) {
+      return null;
+    }
+
+    if (translation == null) {
+      return this.i18nService.t(defaultKey);
+    }
+
+    // Translation interface use implies we must localize.
+    if (typeof translation === "object") {
+      return this.i18nService.t(translation.key, ...(translation.placeholders ?? []));
+    }
+
+    return translation;
+  }
 }
diff --git a/libs/components/src/dialog/index.ts b/libs/components/src/dialog/index.ts
index fa6585a3416..d63fa39b7b2 100644
--- a/libs/components/src/dialog/index.ts
+++ b/libs/components/src/dialog/index.ts
@@ -1 +1,3 @@
 export * from "./dialog.module";
+export * from "./simple-dialog/types";
+export * from "./dialog.service";
diff --git a/libs/components/src/dialog/simple-configurable-dialog/simple-configurable-dialog.component.html b/libs/components/src/dialog/simple-dialog/simple-configurable-dialog/simple-configurable-dialog.component.html
similarity index 91%
rename from libs/components/src/dialog/simple-configurable-dialog/simple-configurable-dialog.component.html
rename to libs/components/src/dialog/simple-dialog/simple-configurable-dialog/simple-configurable-dialog.component.html
index fd8b2e90172..cb916d8dba2 100644
--- a/libs/components/src/dialog/simple-configurable-dialog/simple-configurable-dialog.component.html
+++ b/libs/components/src/dialog/simple-dialog/simple-configurable-dialog/simple-configurable-dialog.component.html
@@ -17,7 +17,7 @@
         bitButton
         bitFormButton
         buttonType="secondary"
-        (click)="dialogRef.close(SimpleDialogCloseType.CANCEL)"
+        (click)="dialogRef.close(false)"
       >
         {{ cancelButtonText }}
       </button>
diff --git a/libs/components/src/dialog/simple-configurable-dialog/simple-configurable-dialog.component.ts b/libs/components/src/dialog/simple-dialog/simple-configurable-dialog/simple-configurable-dialog.component.ts
similarity index 72%
rename from libs/components/src/dialog/simple-configurable-dialog/simple-configurable-dialog.component.ts
rename to libs/components/src/dialog/simple-dialog/simple-configurable-dialog/simple-configurable-dialog.component.ts
index d8824cd7dd4..f9acdbe8c6e 100644
--- a/libs/components/src/dialog/simple-configurable-dialog/simple-configurable-dialog.component.ts
+++ b/libs/components/src/dialog/simple-dialog/simple-configurable-dialog/simple-configurable-dialog.component.ts
@@ -2,37 +2,30 @@ import { DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
 import { Component, Inject } from "@angular/core";
 import { FormGroup } from "@angular/forms";
 
-import {
-  SimpleDialogType,
-  SimpleDialogCloseType,
-  Translation,
-} from "@bitwarden/angular/services/dialog";
-import { SimpleDialogOptions } from "@bitwarden/angular/services/dialog/simple-dialog-options";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 
+import { SimpleDialogOptions, SimpleDialogType, Translation } from "../..";
+
 const DEFAULT_ICON: Record<SimpleDialogType, string> = {
-  [SimpleDialogType.PRIMARY]: "bwi-business",
-  [SimpleDialogType.SUCCESS]: "bwi-star",
-  [SimpleDialogType.INFO]: "bwi-info-circle",
-  [SimpleDialogType.WARNING]: "bwi-exclamation-triangle",
-  [SimpleDialogType.DANGER]: "bwi-error",
+  primary: "bwi-business",
+  success: "bwi-star",
+  info: "bwi-info-circle",
+  warning: "bwi-exclamation-triangle",
+  danger: "bwi-error",
 };
 
 const DEFAULT_COLOR: Record<SimpleDialogType, string> = {
-  [SimpleDialogType.PRIMARY]: "tw-text-primary-500",
-  [SimpleDialogType.SUCCESS]: "tw-text-success",
-  [SimpleDialogType.INFO]: "tw-text-info",
-  [SimpleDialogType.WARNING]: "tw-text-warning",
-  [SimpleDialogType.DANGER]: "tw-text-danger",
+  primary: "tw-text-primary-500",
+  success: "tw-text-success",
+  info: "tw-text-info",
+  warning: "tw-text-warning",
+  danger: "tw-text-danger",
 };
 
 @Component({
   templateUrl: "./simple-configurable-dialog.component.html",
 })
 export class SimpleConfigurableDialogComponent {
-  protected SimpleDialogType = SimpleDialogType;
-  protected SimpleDialogCloseType = SimpleDialogCloseType;
-
   get iconClasses() {
     return [
       this.simpleDialogOpts.icon ?? DEFAULT_ICON[this.simpleDialogOpts.type],
@@ -61,7 +54,7 @@ export class SimpleConfigurableDialogComponent {
       await this.simpleDialogOpts.acceptAction();
     }
 
-    this.dialogRef.close(SimpleDialogCloseType.ACCEPT);
+    this.dialogRef.close(true);
   };
 
   private localizeText() {
diff --git a/libs/components/src/dialog/simple-configurable-dialog/simple-configurable-dialog.service.stories.ts b/libs/components/src/dialog/simple-dialog/simple-configurable-dialog/simple-configurable-dialog.service.stories.ts
similarity index 84%
rename from libs/components/src/dialog/simple-configurable-dialog/simple-configurable-dialog.service.stories.ts
rename to libs/components/src/dialog/simple-dialog/simple-configurable-dialog/simple-configurable-dialog.service.stories.ts
index 0982db1ca7a..81400537be5 100644
--- a/libs/components/src/dialog/simple-configurable-dialog/simple-configurable-dialog.service.stories.ts
+++ b/libs/components/src/dialog/simple-dialog/simple-configurable-dialog/simple-configurable-dialog.service.stories.ts
@@ -1,17 +1,13 @@
 import { Component } from "@angular/core";
 import { Meta, StoryObj, applicationConfig, moduleMetadata } from "@storybook/angular";
 
-import {
-  SimpleDialogType,
-  SimpleDialogOptions,
-  DialogServiceAbstraction,
-} from "@bitwarden/angular/services/dialog";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 
-import { ButtonModule } from "../../button";
-import { CalloutModule } from "../../callout";
-import { I18nMockService } from "../../utils/i18n-mock.service";
-import { DialogModule } from "../dialog.module";
+import { SimpleDialogOptions, DialogService } from "../..";
+import { ButtonModule } from "../../../button";
+import { CalloutModule } from "../../../callout";
+import { I18nMockService } from "../../../utils/i18n-mock.service";
+import { DialogModule } from "../../dialog.module";
 
 @Component({
   template: `
@@ -41,27 +37,27 @@ class StoryDialogComponent {
         {
           title: this.i18nService.t("primaryTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.PRIMARY,
+          type: "primary",
         },
         {
           title: this.i18nService.t("successTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.SUCCESS,
+          type: "success",
         },
         {
           title: this.i18nService.t("infoTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.INFO,
+          type: "info",
         },
         {
           title: this.i18nService.t("warningTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.WARNING,
+          type: "warning",
         },
         {
           title: this.i18nService.t("dangerTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.DANGER,
+          type: "danger",
         },
       ],
     },
@@ -71,21 +67,21 @@ class StoryDialogComponent {
         {
           title: this.i18nService.t("primaryTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.PRIMARY,
+          type: "primary",
           acceptButtonText: "Ok",
           cancelButtonText: null,
         },
         {
           title: this.i18nService.t("primaryTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.PRIMARY,
+          type: "primary",
           acceptButtonText: this.i18nService.t("accept"),
           cancelButtonText: this.i18nService.t("decline"),
         },
         {
           title: this.i18nService.t("primaryTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.PRIMARY,
+          type: "primary",
           acceptButtonText: "Ok",
         },
       ],
@@ -96,7 +92,7 @@ class StoryDialogComponent {
         {
           title: this.i18nService.t("primaryTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.PRIMARY,
+          type: "primary",
           icon: "bwi-family",
         },
       ],
@@ -107,7 +103,7 @@ class StoryDialogComponent {
         {
           title: this.i18nService.t("primaryTypeSimpleDialog"),
           content: this.i18nService.t("dialogContent"),
-          type: SimpleDialogType.PRIMARY,
+          type: "primary",
           disableClose: true,
         },
         {
@@ -116,7 +112,7 @@ class StoryDialogComponent {
           acceptAction: () => {
             return new Promise((resolve) => setTimeout(resolve, 10000));
           },
-          type: SimpleDialogType.PRIMARY,
+          type: "primary",
         },
       ],
     },
@@ -126,7 +122,7 @@ class StoryDialogComponent {
   calloutType = "info";
   dialogCloseResult: boolean;
 
-  constructor(public dialogService: DialogServiceAbstraction, private i18nService: I18nService) {}
+  constructor(public dialogService: DialogService, private i18nService: I18nService) {}
 
   async openSimpleConfigurableDialog(opts: SimpleDialogOptions) {
     this.dialogCloseResult = await this.dialogService.openSimpleDialog(opts);
diff --git a/libs/components/src/dialog/simple-dialog.service.stories.ts b/libs/components/src/dialog/simple-dialog/simple-dialog.service.stories.ts
similarity index 80%
rename from libs/components/src/dialog/simple-dialog.service.stories.ts
rename to libs/components/src/dialog/simple-dialog/simple-dialog.service.stories.ts
index 5050af35b6f..b6615184ecb 100644
--- a/libs/components/src/dialog/simple-dialog.service.stories.ts
+++ b/libs/components/src/dialog/simple-dialog/simple-dialog.service.stories.ts
@@ -4,15 +4,15 @@ import { Meta, StoryObj, moduleMetadata } from "@storybook/angular";
 
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 
-import { ButtonModule } from "../button";
-import { IconButtonModule } from "../icon-button";
-import { SharedModule } from "../shared/shared.module";
-import { I18nMockService } from "../utils/i18n-mock.service";
+import { ButtonModule } from "../../button";
+import { IconButtonModule } from "../../icon-button";
+import { SharedModule } from "../../shared/shared.module";
+import { I18nMockService } from "../../utils/i18n-mock.service";
+import { DialogService } from "../dialog.service";
+import { DialogCloseDirective } from "../directives/dialog-close.directive";
+import { DialogTitleContainerDirective } from "../directives/dialog-title-container.directive";
 
-import { DialogService } from "./dialog.service";
-import { DialogCloseDirective } from "./directives/dialog-close.directive";
-import { DialogTitleContainerDirective } from "./directives/dialog-title-container.directive";
-import { SimpleDialogComponent } from "./simple-dialog/simple-dialog.component";
+import { SimpleDialogComponent } from "./simple-dialog.component";
 
 interface Animal {
   animal: string;
diff --git a/libs/angular/src/services/dialog/simple-dialog-options.ts b/libs/components/src/dialog/simple-dialog/types.ts
similarity index 89%
rename from libs/angular/src/services/dialog/simple-dialog-options.ts
rename to libs/components/src/dialog/simple-dialog/types.ts
index aec6f00e32f..4032b499cbe 100644
--- a/libs/angular/src/services/dialog/simple-dialog-options.ts
+++ b/libs/components/src/dialog/simple-dialog/types.ts
@@ -1,5 +1,7 @@
-import { SimpleDialogType } from "./simple-dialog-type.enum";
-import { Translation } from "./translation";
+export interface Translation {
+  key: string;
+  placeholders?: Array<string | number>;
+}
 
 // Using type lets devs skip optional params w/out having to pass undefined.
 /**
@@ -55,3 +57,5 @@ export type SimpleDialogOptions = {
    */
   acceptAction?: () => Promise<void>;
 };
+
+export type SimpleDialogType = "primary" | "success" | "info" | "warning" | "danger";
diff --git a/libs/components/src/index.ts b/libs/components/src/index.ts
index dbc4f0b4948..d4fdda08a2a 100644
--- a/libs/components/src/index.ts
+++ b/libs/components/src/index.ts
@@ -13,6 +13,7 @@ export * from "./form-field";
 export * from "./icon-button";
 export * from "./icon";
 export * from "./input";
+export * from "./layout";
 export * from "./link";
 export * from "./menu";
 export * from "./multi-select";
diff --git a/libs/components/src/layout/index.ts b/libs/components/src/layout/index.ts
new file mode 100644
index 00000000000..6994a4f639f
--- /dev/null
+++ b/libs/components/src/layout/index.ts
@@ -0,0 +1 @@
+export * from "./layout.component";
diff --git a/libs/components/src/layout/layout.component.html b/libs/components/src/layout/layout.component.html
new file mode 100644
index 00000000000..addbede7b44
--- /dev/null
+++ b/libs/components/src/layout/layout.component.html
@@ -0,0 +1,10 @@
+<div class="tw-flex tw-w-full">
+  <aside
+    class="tw-fixed tw-inset-y-0 tw-left-0 tw-h-screen tw-w-60 tw-overflow-auto tw-bg-background-alt3"
+  >
+    <ng-content select="[slot=sidebar]"></ng-content>
+  </aside>
+  <main class="tw-ml-60 tw-min-h-screen tw-min-w-0 tw-flex-1 tw-bg-background tw-p-6">
+    <ng-content></ng-content>
+  </main>
+</div>
diff --git a/libs/components/src/layout/layout.component.ts b/libs/components/src/layout/layout.component.ts
new file mode 100644
index 00000000000..337cbf080b6
--- /dev/null
+++ b/libs/components/src/layout/layout.component.ts
@@ -0,0 +1,9 @@
+import { Component } from "@angular/core";
+
+@Component({
+  selector: "bit-layout",
+  templateUrl: "layout.component.html",
+  standalone: true,
+  imports: [],
+})
+export class LayoutComponent {}
diff --git a/libs/components/src/layout/layout.stories.ts b/libs/components/src/layout/layout.stories.ts
new file mode 100644
index 00000000000..7ac986aa72a
--- /dev/null
+++ b/libs/components/src/layout/layout.stories.ts
@@ -0,0 +1,64 @@
+import { RouterTestingModule } from "@angular/router/testing";
+import { Meta, StoryObj, componentWrapperDecorator, moduleMetadata } from "@storybook/angular";
+
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+
+import { CalloutModule } from "../callout";
+import { NavigationModule } from "../navigation";
+import { I18nMockService } from "../utils/i18n-mock.service";
+
+import { LayoutComponent } from "./layout.component";
+
+export default {
+  title: "Component Library/Layout",
+  component: LayoutComponent,
+  decorators: [
+    componentWrapperDecorator(
+      /**
+       * Applying a CSS transform makes a `position: fixed` element act like it is `position: relative`
+       * https://github.com/storybookjs/storybook/issues/8011#issue-490251969
+       */
+      (story) => /* HTML */ `<div class="tw-scale-100 tw-border-2 tw-border-solid tw-border-[red]">
+        ${story}
+      </div>`
+    ),
+    moduleMetadata({
+      imports: [NavigationModule, RouterTestingModule, CalloutModule],
+      providers: [
+        {
+          provide: I18nService,
+          useFactory: () => {
+            return new I18nMockService({});
+          },
+        },
+      ],
+    }),
+  ],
+} as Meta;
+
+type Story = StoryObj<LayoutComponent>;
+
+export const Empty: Story = {
+  render: (args) => ({
+    props: args,
+    template: /* HTML */ `<bit-layout></bit-layout>`,
+  }),
+};
+
+export const WithContent: Story = {
+  render: (args) => ({
+    props: args,
+    template: /* HTML */ `
+      <bit-layout>
+        <nav slot="sidebar">
+          <bit-nav-item text="Item A" icon="bwi-collection"></bit-nav-item>
+          <bit-nav-item text="Item B" icon="bwi-collection"></bit-nav-item>
+          <bit-nav-divider></bit-nav-divider>
+          <bit-nav-item text="Item C" icon="bwi-collection"></bit-nav-item>
+          <bit-nav-item text="Item D" icon="bwi-collection"></bit-nav-item>
+        </nav>
+        <bit-callout title="Foobar"> Hello world! </bit-callout>
+      </bit-layout>
+    `,
+  }),
+};
diff --git a/libs/components/src/navigation/nav-group.component.html b/libs/components/src/navigation/nav-group.component.html
index 00382d8636a..ca9a7c3aecf 100644
--- a/libs/components/src/navigation/nav-group.component.html
+++ b/libs/components/src/navigation/nav-group.component.html
@@ -29,10 +29,10 @@
   </ng-template>
 
   <!-- Show toggle to the left for trees otherwise to the right -->
-  <ng-container slot-start *ngIf="variant === 'tree'">
+  <ng-container slot="start" *ngIf="variant === 'tree'">
     <ng-container *ngTemplateOutlet="button"></ng-container>
   </ng-container>
-  <ng-container slot-end *ngIf="variant !== 'tree'">
+  <ng-container slot="end" *ngIf="variant !== 'tree'">
     <ng-container *ngTemplateOutlet="button"></ng-container>
   </ng-container>
 </bit-nav-item>
diff --git a/libs/components/src/navigation/nav-item.component.html b/libs/components/src/navigation/nav-item.component.html
index b2c061a4600..32c8dfbf980 100644
--- a/libs/components/src/navigation/nav-item.component.html
+++ b/libs/components/src/navigation/nav-item.component.html
@@ -16,7 +16,7 @@
       #slotStart
       class="[&>*:focus-visible::before]:!tw-ring-text-alt2 [&>*:hover]:!tw-border-text-alt2 [&>*]:!tw-text-alt2"
     >
-      <ng-content select="[slot-start]"></ng-content>
+      <ng-content select="[slot=start]"></ng-content>
     </div>
     <!-- Default content for #slotStart (for consistent sizing) -->
     <div
@@ -47,7 +47,7 @@
       <!-- The `fvw` class passes focus to `this.focusVisibleWithin$` -->
       <!-- The following `class` field should match the `#isButton` class field below -->
       <a
-        class="fvw tw-w-full tw-overflow-hidden tw-text-ellipsis tw-whitespace-nowrap tw-border-none tw-bg-transparent tw-p-0 tw-text-start !tw-text-alt2 hover:tw-text-alt2 hover:tw-no-underline focus:tw-outline-none [&>:not(.bwi)]:hover:tw-underline"
+        class="fvw tw-w-full tw-truncate tw-border-none tw-bg-transparent tw-p-0 tw-text-start !tw-text-alt2 hover:tw-text-alt2 hover:tw-no-underline focus:tw-outline-none [&>:not(.bwi)]:hover:tw-underline"
         [routerLink]="route"
         [attr.aria-label]="ariaLabel || text"
         routerLinkActive
@@ -65,7 +65,7 @@
       <!-- Class field should match `#isAnchor` class field above -->
       <button
         type="button"
-        class="fvw tw-w-full tw-overflow-hidden tw-text-ellipsis tw-whitespace-nowrap tw-border-none tw-bg-transparent tw-p-0 tw-text-start !tw-text-alt2 hover:tw-text-alt2 hover:tw-no-underline focus:tw-outline-none [&>:not(.bwi)]:hover:tw-underline"
+        class="fvw tw-w-full tw-truncate tw-border-none tw-bg-transparent tw-p-0 tw-text-start !tw-text-alt2 hover:tw-text-alt2 hover:tw-no-underline focus:tw-outline-none [&>:not(.bwi)]:hover:tw-underline"
         (click)="mainContentClicked.emit()"
       >
         <ng-container *ngTemplateOutlet="anchorAndButtonContent"></ng-container>
@@ -75,7 +75,7 @@
     <div
       class="tw-flex tw-gap-1 [&>*:focus-visible::before]:!tw-ring-text-alt2 [&>*:hover]:!tw-border-text-alt2 [&>*]:!tw-text-alt2"
     >
-      <ng-content select="[slot-end]"></ng-content>
+      <ng-content select="[slot=end]"></ng-content>
     </div>
   </div>
 </div>
diff --git a/libs/components/src/navigation/nav-item.stories.ts b/libs/components/src/navigation/nav-item.stories.ts
index 47960f874fb..7fdbadce31a 100644
--- a/libs/components/src/navigation/nav-item.stories.ts
+++ b/libs/components/src/navigation/nav-item.stories.ts
@@ -61,7 +61,7 @@ export const WithChildButtons: Story = {
     template: `
       <bit-nav-item text="Hello World" [route]="['']" icon="bwi-collection">
         <button
-          slot-start
+          slot="start"
           class="tw-ml-auto"
           [bitIconButton]="'bwi-clone'"
           [buttonType]="'contrast'"
@@ -69,7 +69,7 @@ export const WithChildButtons: Story = {
           aria-label="option 1"
         ></button>
         <button
-          slot-end
+          slot="end"
           class="tw-ml-auto"
           [bitIconButton]="'bwi-pencil-square'"
           [buttonType]="'contrast'"
@@ -77,7 +77,7 @@ export const WithChildButtons: Story = {
           aria-label="option 2"
         ></button>
         <button
-          slot-end
+          slot="end"
           class="tw-ml-auto"
           [bitIconButton]="'bwi-check'"
           [buttonType]="'contrast'"
diff --git a/libs/components/src/search/search.stories.ts b/libs/components/src/search/search.stories.ts
index c68d6112809..d4af6e676ae 100644
--- a/libs/components/src/search/search.stories.ts
+++ b/libs/components/src/search/search.stories.ts
@@ -1,10 +1,10 @@
 import { FormsModule, ReactiveFormsModule } from "@angular/forms";
 import { Meta, StoryObj, moduleMetadata } from "@storybook/angular";
 
-import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 
 import { InputModule } from "../input/input.module";
+import { SharedModule } from "../shared";
 import { I18nMockService } from "../utils/i18n-mock.service";
 
 import { SearchComponent } from "./search.component";
@@ -14,7 +14,7 @@ export default {
   component: SearchComponent,
   decorators: [
     moduleMetadata({
-      imports: [InputModule, FormsModule, ReactiveFormsModule, JslibModule],
+      imports: [SharedModule, InputModule, FormsModule, ReactiveFormsModule],
       providers: [
         {
           provide: I18nService,
diff --git a/libs/components/src/stories/responsive-design.mdx b/libs/components/src/stories/responsive-design.mdx
new file mode 100644
index 00000000000..a54baf6a231
--- /dev/null
+++ b/libs/components/src/stories/responsive-design.mdx
@@ -0,0 +1,31 @@
+import { Meta } from "@storybook/addon-docs";
+
+<Meta title="Documentation/Responsive Design" />
+
+# Responsive Design
+
+Bitwarden supports the following breakpoints:
+
+| Breakpoint prefix | Minimum width |
+| ----------------- | ------------- |
+| `sm`              | 640px         |
+| `md`              | 768px         |
+| `lg`              | 1024px        |
+| `xl`              | 1280px        |
+| `2xl`             | 1536px        |
+
+These can be used to conditionally apply other Tailwind classes at specific screen sizes. Find more
+info in the [Tailwind docs](https://tailwindcss.com/docs/responsive-design).
+
+## Example
+
+```html
+<!-- Width of 16 by default, 32 on medium screens, and 48 on large screens -->
+<img class="tw-w-16 md:tw-w-32 lg:tw-w-48" src="..." />
+```
+
+<img
+  class="tw-w-16 md:tw-w-32 lg:tw-w-48"
+  alt="Bitwarden logo"
+  src="https://upload.wikimedia.org/wikipedia/commons/thumb/c/cc/Bitwarden_logo.svg/512px-Bitwarden_logo.svg.png"
+/>
diff --git a/libs/components/src/table/table.mdx b/libs/components/src/table/table.mdx
index a36c54aba98..89a341eeaad 100644
--- a/libs/components/src/table/table.mdx
+++ b/libs/components/src/table/table.mdx
@@ -28,6 +28,8 @@ The UI component consists of a couple of elements.
 - Always include a row or column header with your table; this allows screen readers to better
   contextualize the data.
 - Avoid spanning data across cells.
+- When a cell contains an interactive element, the whole cell should be selectable and trigger the
+  action not just the element the cell contains.
 - Be sure to make repeating actions unique by associating them with the object they relate to.
   Example: if there are multiple “Edit” buttons on a table, a screen reader should read “Edit,
   Netflix” for an edit option for a Netflix item.
diff --git a/libs/exporter/src/vault-export/services/vault-export.service.spec.ts b/libs/exporter/src/vault-export/services/vault-export.service.spec.ts
index aa4a32805d5..6b3224c8653 100644
--- a/libs/exporter/src/vault-export/services/vault-export.service.spec.ts
+++ b/libs/exporter/src/vault-export/services/vault-export.service.spec.ts
@@ -8,7 +8,7 @@ import { CipherWithIdExport } from "@bitwarden/common/models/export/cipher-with-
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
+import { EncryptedString, EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { StateService } from "@bitwarden/common/platform/services/state.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
@@ -94,7 +94,7 @@ function generateFolderView() {
 function generateFolder() {
   const actual = Folder.fromJSON({
     revisionDate: new Date("2022-08-04T01:06:40.441Z").toISOString(),
-    name: "name",
+    name: "name" as EncryptedString,
     id: "id",
   });
   return actual;
@@ -217,8 +217,8 @@ describe("VaultExportService", () => {
         mac = Substitute.for<EncString>();
         data = Substitute.for<EncString>();
 
-        mac.encryptedString.returns("mac");
-        data.encryptedString.returns("encData");
+        mac.encryptedString.returns("mac" as EncryptedString);
+        data.encryptedString.returns("encData" as EncryptedString);
 
         jest.spyOn(Utils, "fromBufferToB64").mockReturnValue(salt);
         cipherService.getAllDecrypted().resolves(UserCipherViews.slice(0, 1));
diff --git a/libs/importer/spec/protonpass-json-importer.spec.ts b/libs/importer/spec/protonpass-json-importer.spec.ts
new file mode 100644
index 00000000000..b8d57b9be7b
--- /dev/null
+++ b/libs/importer/spec/protonpass-json-importer.spec.ts
@@ -0,0 +1,117 @@
+import { MockProxy } from "jest-mock-extended";
+
+import { FieldType } from "@bitwarden/common/enums";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
+
+import { ProtonPassJsonImporter } from "../src/importers";
+
+import { testData } from "./test-data/protonpass-json/protonpass.json";
+
+describe("Protonpass Json Importer", () => {
+  let importer: ProtonPassJsonImporter;
+  let i18nService: MockProxy<I18nService>;
+  beforeEach(() => {
+    importer = new ProtonPassJsonImporter(i18nService);
+  });
+
+  it("should parse login data", async () => {
+    const testDataJson = JSON.stringify(testData);
+
+    const result = await importer.parse(testDataJson);
+    expect(result != null).toBe(true);
+
+    const cipher = result.ciphers.shift();
+    expect(cipher.name).toEqual("Test Login - Personal Vault");
+    expect(cipher.type).toEqual(CipherType.Login);
+    expect(cipher.login.username).toEqual("Username");
+    expect(cipher.login.password).toEqual("Password");
+    expect(cipher.login.uris.length).toEqual(2);
+    const uriView = cipher.login.uris.shift();
+    expect(uriView.uri).toEqual("https://example.com/");
+    expect(cipher.notes).toEqual("My login secure note.");
+
+    expect(cipher.fields.at(2).name).toEqual("second 2fa secret");
+    expect(cipher.fields.at(2).value).toEqual("TOTPCODE");
+    expect(cipher.fields.at(2).type).toEqual(FieldType.Hidden);
+  });
+
+  it("should parse note data", async () => {
+    const testDataJson = JSON.stringify(testData);
+
+    const result = await importer.parse(testDataJson);
+    expect(result != null).toBe(true);
+
+    result.ciphers.shift();
+    const noteCipher = result.ciphers.shift();
+    expect(noteCipher.type).toEqual(CipherType.SecureNote);
+    expect(noteCipher.name).toEqual("My Secure Note");
+    expect(noteCipher.notes).toEqual("Secure note contents.");
+  });
+
+  it("should parse credit card data", async () => {
+    const testDataJson = JSON.stringify(testData);
+
+    const result = await importer.parse(testDataJson);
+    expect(result != null).toBe(true);
+
+    result.ciphers.shift();
+    result.ciphers.shift();
+
+    const creditCardCipher = result.ciphers.shift();
+    expect(creditCardCipher.type).toBe(CipherType.Card);
+    expect(creditCardCipher.card.number).toBe("1234222233334444");
+    expect(creditCardCipher.card.cardholderName).toBe("Test name");
+    expect(creditCardCipher.card.expMonth).toBe("1");
+    expect(creditCardCipher.card.expYear).toBe("2025");
+    expect(creditCardCipher.card.code).toBe("333");
+    expect(creditCardCipher.fields.at(0).name).toEqual("PIN");
+    expect(creditCardCipher.fields.at(0).value).toEqual("1234");
+    expect(creditCardCipher.fields.at(0).type).toEqual(FieldType.Hidden);
+  });
+
+  it("should create folders if not part of an organization", async () => {
+    const testDataJson = JSON.stringify(testData);
+    const result = await importer.parse(testDataJson);
+
+    const folders = result.folders;
+    expect(folders.length).toBe(2);
+    expect(folders[0].name).toBe("Personal");
+    expect(folders[1].name).toBe("Test");
+
+    // "My Secure Note" is assigned to folder "Personal"
+    expect(result.folderRelationships[1]).toEqual([1, 0]);
+    // "Other vault login" is assigned to folder "Test"
+    expect(result.folderRelationships[3]).toEqual([3, 1]);
+  });
+
+  it("should create collections if part of an organization", async () => {
+    const testDataJson = JSON.stringify(testData);
+    importer.organizationId = Utils.newGuid();
+    const result = await importer.parse(testDataJson);
+    expect(result != null).toBe(true);
+
+    const collections = result.collections;
+    expect(collections.length).toBe(2);
+    expect(collections[0].name).toBe("Personal");
+    expect(collections[1].name).toBe("Test");
+
+    // "My Secure Note" is assigned to folder "Personal"
+    expect(result.collectionRelationships[1]).toEqual([1, 0]);
+    // "Other vault login" is assigned to folder "Test"
+    expect(result.collectionRelationships[3]).toEqual([3, 1]);
+  });
+
+  it("should not add deleted items", async () => {
+    const testDataJson = JSON.stringify(testData);
+    const result = await importer.parse(testDataJson);
+
+    const ciphers = result.ciphers;
+    for (const cipher of ciphers) {
+      expect(cipher.name).not.toBe("My Deleted Note");
+    }
+
+    expect(ciphers.length).toBe(4);
+  });
+});
diff --git a/libs/importer/spec/test-data/protonpass-json/protonpass.json.ts b/libs/importer/spec/test-data/protonpass-json/protonpass.json.ts
new file mode 100644
index 00000000000..4217ddd4d5b
--- /dev/null
+++ b/libs/importer/spec/test-data/protonpass-json/protonpass.json.ts
@@ -0,0 +1,174 @@
+import { ProtonPassJsonFile } from "../../../src/importers/protonpass/types/protonpass-json-type";
+
+export const testData: ProtonPassJsonFile = {
+  version: "1.3.1",
+  userId: "REDACTED_USER_ID",
+  encrypted: false,
+  vaults: {
+    REDACTED_VAULT_ID_A: {
+      name: "Personal",
+      description: "Personal vault",
+      display: {
+        color: 0,
+        icon: 0,
+      },
+      items: [
+        {
+          itemId:
+            "yZENmDjtmZGODNy3Q_CZiPAF_IgINq8w-R-qazrOh-Nt9YJeVF3gu07ovzDS4jhYHoMdOebTw5JkYPGgIL1mwQ==",
+          shareId:
+            "SN5uWo4WZF2uT5wIDqtbdpkjuxCbNTOIdf-JQ_DYZcKYKURHiZB5csS1a1p9lklvju9ni42l08IKzwQG0B2ySg==",
+          data: {
+            metadata: {
+              name: "Test Login - Personal Vault",
+              note: "My login secure note.",
+              itemUuid: "e8ee1a0c",
+            },
+            extraFields: [
+              {
+                fieldName: "non-hidden field",
+                type: "text",
+                data: {
+                  content: "non-hidden field content",
+                },
+              },
+              {
+                fieldName: "hidden field",
+                type: "hidden",
+                data: {
+                  content: "hidden field content",
+                },
+              },
+              {
+                fieldName: "second 2fa secret",
+                type: "totp",
+                data: {
+                  totpUri: "TOTPCODE",
+                },
+              },
+            ],
+            type: "login",
+            content: {
+              username: "Username",
+              password: "Password",
+              urls: ["https://example.com/", "https://example2.com/"],
+              totpUri:
+                "otpauth://totp/Test%20Login%20-%20Personal%20Vault:Username?issuer=Test%20Login%20-%20Personal%20Vault&secret=TOTPCODE&algorithm=SHA1&digits=6&period=30",
+            },
+          },
+          state: 1,
+          aliasEmail: null,
+          contentFormatVersion: 1,
+          createTime: 1689182868,
+          modifyTime: 1689182868,
+        },
+        {
+          itemId:
+            "xqq_Bh8RxNMBerkiMvRdH427yswZznjYwps-f6C5D8tmKiPgMxCSPNz1BOd4nRJ309gciDiPhXcCVWOyfJ66ZA==",
+          shareId:
+            "SN5uWo4WZF2uT5wIDqtbdpkjuxCbNTOIdf-JQ_DYZcKYKURHiZB5csS1a1p9lklvju9ni42l08IKzwQG0B2ySg==",
+          data: {
+            metadata: {
+              name: "My Secure Note",
+              note: "Secure note contents.",
+              itemUuid: "ad618070",
+            },
+            extraFields: [],
+            type: "note",
+            content: {},
+          },
+          state: 1,
+          aliasEmail: null,
+          contentFormatVersion: 1,
+          createTime: 1689182908,
+          modifyTime: 1689182908,
+        },
+        {
+          itemId:
+            "ZmGzd-HNQYTr6wmfWlSfiStXQLqGic_PYB2Q2T_hmuRM2JIA4pKAPJcmFafxJrDpXxLZ2EPjgD6Noc9a0U6AVQ==",
+          shareId:
+            "SN5uWo4WZF2uT5wIDqtbdpkjuxCbNTOIdf-JQ_DYZcKYKURHiZB5csS1a1p9lklvju9ni42l08IKzwQG0B2ySg==",
+          data: {
+            metadata: {
+              name: "Test Card",
+              note: "Credit Card Note",
+              itemUuid: "d8f45370",
+            },
+            extraFields: [],
+            type: "creditCard",
+            content: {
+              cardholderName: "Test name",
+              cardType: 0,
+              number: "1234222233334444",
+              verificationNumber: "333",
+              expirationDate: "012025",
+              pin: "1234",
+            },
+          },
+          state: 1,
+          aliasEmail: null,
+          contentFormatVersion: 1,
+          createTime: 1691001643,
+          modifyTime: 1691001643,
+        },
+        {
+          itemId:
+            "xqq_Bh8RxNMBerkiMvRdH427yswZznjYwps-f6C5D8tmKiPgMxCSPNz1BOd4nRJ309gciDiPhXcCVWOyfJ66ZA==",
+          shareId:
+            "SN5uWo4WZF2uT5wIDqtbdpkjuxCbNTOIdf-JQ_DYZcKYKURHiZB5csS1a1p9lklvju9ni42l08IKzwQG0B2ySg==",
+          data: {
+            metadata: {
+              name: "My Deleted Note",
+              note: "Secure note contents.",
+              itemUuid: "ad618070",
+            },
+            extraFields: [],
+            type: "note",
+            content: {},
+          },
+          state: 2,
+          aliasEmail: null,
+          contentFormatVersion: 1,
+          createTime: 1689182908,
+          modifyTime: 1689182908,
+        },
+      ],
+    },
+    REDACTED_VAULT_ID_B: {
+      name: "Test",
+      description: "",
+      display: {
+        color: 4,
+        icon: 2,
+      },
+      items: [
+        {
+          itemId:
+            "U_J8-eUR15sC-PjUhjVcixDcayhjGuoerUZCr560RlAi0ZjBNkSaSKAytVzZn4E0hiFX1_y4qZbUetl6jO3aJw==",
+          shareId:
+            "OJz-4MnPqAuYnyemhctcGDlSLJrzsTnf2FnFSwxh1QP_oth9xyGDc2ZAqCv5FnqkVgTNHT5aPj62zcekNemfNw==",
+          data: {
+            metadata: {
+              name: "Other vault login",
+              note: "",
+              itemUuid: "f3429d44",
+            },
+            extraFields: [],
+            type: "login",
+            content: {
+              username: "other vault username",
+              password: "other vault password",
+              urls: [],
+              totpUri: "",
+            },
+          },
+          state: 1,
+          aliasEmail: null,
+          contentFormatVersion: 1,
+          createTime: 1689182949,
+          modifyTime: 1689182949,
+        },
+      ],
+    },
+  },
+};
diff --git a/libs/importer/src/importers/index.ts b/libs/importer/src/importers/index.ts
index 1a479a4cf5f..fff2edf3d54 100644
--- a/libs/importer/src/importers/index.ts
+++ b/libs/importer/src/importers/index.ts
@@ -44,6 +44,7 @@ export { PasswordBossJsonImporter } from "./passwordboss-json-importer";
 export { PasswordDragonXmlImporter } from "./passworddragon-xml-importer";
 export { PasswordSafeXmlImporter } from "./passwordsafe-xml-importer";
 export { PasswordWalletTxtImporter } from "./passwordwallet-txt-importer";
+export { ProtonPassJsonImporter } from "./protonpass/protonpass-json-importer";
 export { PsonoJsonImporter } from "./psono/psono-json-importer";
 export { RememBearCsvImporter } from "./remembear-csv-importer";
 export { RoboFormCsvImporter } from "./roboform-csv-importer";
diff --git a/libs/importer/src/importers/protonpass/protonpass-json-importer.ts b/libs/importer/src/importers/protonpass/protonpass-json-importer.ts
new file mode 100644
index 00000000000..86f4444ec4d
--- /dev/null
+++ b/libs/importer/src/importers/protonpass/protonpass-json-importer.ts
@@ -0,0 +1,105 @@
+import { FieldType, SecureNoteType } from "@bitwarden/common/enums";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
+import { CardView } from "@bitwarden/common/vault/models/view/card.view";
+import { SecureNoteView } from "@bitwarden/common/vault/models/view/secure-note.view";
+
+import { ImportResult } from "../../models/import-result";
+import { BaseImporter } from "../base-importer";
+import { Importer } from "../importer";
+
+import {
+  ProtonPassCreditCardItemContent,
+  ProtonPassItemState,
+  ProtonPassJsonFile,
+  ProtonPassLoginItemContent,
+} from "./types/protonpass-json-type";
+
+export class ProtonPassJsonImporter extends BaseImporter implements Importer {
+  constructor(private i18nService: I18nService) {
+    super();
+  }
+
+  parse(data: string): Promise<ImportResult> {
+    const result = new ImportResult();
+    const results: ProtonPassJsonFile = JSON.parse(data);
+    if (results == null || results.vaults == null) {
+      result.success = false;
+      return Promise.resolve(result);
+    }
+
+    if (results.encrypted) {
+      result.success = false;
+      result.errorMessage = this.i18nService.t("unsupportedEncryptedImport");
+      return Promise.resolve(result);
+    }
+
+    for (const [, vault] of Object.entries(results.vaults)) {
+      for (const item of vault.items) {
+        if (item.state == ProtonPassItemState.TRASHED) {
+          continue;
+        }
+        this.processFolder(result, vault.name);
+
+        const cipher = this.initLoginCipher();
+        cipher.name = item.data.metadata.name;
+        cipher.notes = item.data.metadata.note;
+
+        switch (item.data.type) {
+          case "login": {
+            const loginContent = item.data.content as ProtonPassLoginItemContent;
+            cipher.login.uris = this.makeUriArray(loginContent.urls);
+            cipher.login.username = loginContent.username;
+            cipher.login.password = loginContent.password;
+            if (loginContent.totpUri != "") {
+              cipher.login.totp = new URL(loginContent.totpUri).searchParams.get("secret");
+            }
+            for (const extraField of item.data.extraFields) {
+              this.processKvp(
+                cipher,
+                extraField.fieldName,
+                extraField.type == "totp" ? extraField.data.totpUri : extraField.data.content,
+                extraField.type == "text" ? FieldType.Text : FieldType.Hidden
+              );
+            }
+            break;
+          }
+          case "note":
+            cipher.type = CipherType.SecureNote;
+            cipher.secureNote = new SecureNoteView();
+            cipher.secureNote.type = SecureNoteType.Generic;
+            break;
+          case "creditCard": {
+            const creditCardContent = item.data.content as ProtonPassCreditCardItemContent;
+            cipher.type = CipherType.Card;
+            cipher.card = new CardView();
+            cipher.card.cardholderName = creditCardContent.cardholderName;
+            cipher.card.number = creditCardContent.number;
+            cipher.card.brand = CardView.getCardBrandByPatterns(creditCardContent.number);
+            cipher.card.code = creditCardContent.verificationNumber;
+
+            if (!this.isNullOrWhitespace(creditCardContent.expirationDate)) {
+              cipher.card.expMonth = creditCardContent.expirationDate.substring(0, 2);
+              cipher.card.expMonth = cipher.card.expMonth.replace(/^0+/, "");
+              cipher.card.expYear = creditCardContent.expirationDate.substring(2, 6);
+            }
+
+            if (!this.isNullOrWhitespace(creditCardContent.pin)) {
+              this.processKvp(cipher, "PIN", creditCardContent.pin, FieldType.Hidden);
+            }
+
+            break;
+          }
+        }
+
+        this.cleanupCipher(cipher);
+        result.ciphers.push(cipher);
+      }
+    }
+    if (this.organization) {
+      this.moveFoldersToCollections(result);
+    }
+    result.success = true;
+    return Promise.resolve(result);
+  }
+}
diff --git a/libs/importer/src/importers/protonpass/types/protonpass-json-type.ts b/libs/importer/src/importers/protonpass/types/protonpass-json-type.ts
new file mode 100644
index 00000000000..27b38f434e7
--- /dev/null
+++ b/libs/importer/src/importers/protonpass/types/protonpass-json-type.ts
@@ -0,0 +1,72 @@
+export type ProtonPassJsonFile = {
+  version: string;
+  userId: string;
+  encrypted: boolean;
+  vaults: Record<string, ProtonPassVault>;
+};
+
+export type ProtonPassVault = {
+  name: string;
+  description: string;
+  display: {
+    color: number;
+    icon: number;
+  };
+  items: ProtonPassItem[];
+};
+
+export type ProtonPassItem = {
+  itemId: string;
+  shareId: string;
+  data: ProtonPassItemData;
+  state: ProtonPassItemState;
+  aliasEmail: string | null;
+  contentFormatVersion: number;
+  createTime: number;
+  modifyTime: number;
+};
+
+export enum ProtonPassItemState {
+  ACTIVE = 1,
+  TRASHED = 2,
+}
+
+export type ProtonPassItemData = {
+  metadata: ProtonPassItemMetadata;
+  extraFields: ProtonPassItemExtraField[];
+  type: "login" | "alias" | "creditCard" | "note";
+  content: ProtonPassLoginItemContent | ProtonPassCreditCardItemContent;
+};
+
+export type ProtonPassItemMetadata = {
+  name: string;
+  note: string;
+  itemUuid: string;
+};
+
+export type ProtonPassItemExtraField = {
+  fieldName: string;
+  type: string;
+  data: ProtonPassItemExtraFieldData;
+};
+
+export type ProtonPassItemExtraFieldData = {
+  content?: string;
+  totpUri?: string;
+};
+
+export type ProtonPassLoginItemContent = {
+  username?: string;
+  password?: string;
+  urls?: string[];
+  totpUri?: string;
+};
+
+export type ProtonPassCreditCardItemContent = {
+  cardholderName?: string;
+  cardType?: number;
+  number?: string;
+  verificationNumber?: string;
+  expirationDate?: string;
+  pin?: string;
+};
diff --git a/libs/importer/src/models/import-options.ts b/libs/importer/src/models/import-options.ts
index 8a8ead96a49..2afe801d202 100644
--- a/libs/importer/src/models/import-options.ts
+++ b/libs/importer/src/models/import-options.ts
@@ -27,6 +27,7 @@ export const regularImportOptions = [
   // { id: "keeperjson", name: "Keeper (json)" },
   { id: "enpasscsv", name: "Enpass (csv)" },
   { id: "enpassjson", name: "Enpass (json)" },
+  { id: "protonpass", name: "ProtonPass (zip/json)" },
   { id: "safeincloudxml", name: "SafeInCloud (xml)" },
   { id: "pwsafexml", name: "Password Safe (xml)" },
   { id: "stickypasswordxml", name: "Sticky Password (xml)" },
diff --git a/libs/importer/src/services/import.service.ts b/libs/importer/src/services/import.service.ts
index 5920ec200d4..4ff15174c56 100644
--- a/libs/importer/src/services/import.service.ts
+++ b/libs/importer/src/services/import.service.ts
@@ -62,6 +62,7 @@ import {
   PasswordDragonXmlImporter,
   PasswordSafeXmlImporter,
   PasswordWalletTxtImporter,
+  ProtonPassJsonImporter,
   PsonoJsonImporter,
   RememBearCsvImporter,
   RoboFormCsvImporter,
@@ -319,6 +320,8 @@ export class ImportService implements ImportServiceAbstraction {
         return new PsonoJsonImporter();
       case "passkyjson":
         return new PasskyJsonImporter();
+      case "protonpass":
+        return new ProtonPassJsonImporter(this.i18nService);
       default:
         return null;
     }
diff --git a/libs/shared/tsconfig.libs.json b/libs/shared/tsconfig.libs.json
index 28a1ccdfa4c..85d55542707 100644
--- a/libs/shared/tsconfig.libs.json
+++ b/libs/shared/tsconfig.libs.json
@@ -3,11 +3,13 @@
   "compilerOptions": {
     "paths": {
       "@bitwarden/angular/*": ["../angular/src/*"],
-      "@bitwarden/auth": ["../auth/src/*"],
+      "@bitwarden/auth": ["../auth/src"],
       "@bitwarden/common/*": ["../common/src/*"],
+      "@bitwarden/components": ["../components/src"],
       "@bitwarden/exporter/*": ["../exporter/src/*"],
       "@bitwarden/importer": ["../importer/src"],
-      "@bitwarden/node/*": ["../node/src/*"]
+      "@bitwarden/node/*": ["../node/src/*"],
+      "@bitwarden/vault": ["../vault/src"]
     }
   }
 }
diff --git a/libs/vault/README.md b/libs/vault/README.md
new file mode 100644
index 00000000000..6665f2312c9
--- /dev/null
+++ b/libs/vault/README.md
@@ -0,0 +1,3 @@
+# Vault
+
+This lib represents the public API of the Vault team at Bitwarden. Modules are imported using `@bitwarden/vault`.
diff --git a/libs/vault/jest.config.js b/libs/vault/jest.config.js
new file mode 100644
index 00000000000..e960eed9f1a
--- /dev/null
+++ b/libs/vault/jest.config.js
@@ -0,0 +1,16 @@
+const { pathsToModuleNameMapper } = require("ts-jest");
+
+const { compilerOptions } = require("../shared/tsconfig.libs");
+
+const sharedConfig = require("../../libs/shared/jest.config.angular");
+
+/** @type {import('jest').Config} */
+module.exports = {
+  ...sharedConfig,
+  displayName: "libs/vault tests",
+  preset: "jest-preset-angular",
+  setupFilesAfterEnv: ["<rootDir>/test.setup.ts"],
+  moduleNameMapper: pathsToModuleNameMapper(compilerOptions?.paths || {}, {
+    prefix: "<rootDir>/",
+  }),
+};
diff --git a/libs/vault/package.json b/libs/vault/package.json
new file mode 100644
index 00000000000..48822f93a40
--- /dev/null
+++ b/libs/vault/package.json
@@ -0,0 +1,20 @@
+{
+  "name": "@bitwarden/vault",
+  "version": "0.0.0",
+  "description": "Common code used across Bitwarden JavaScript projects.",
+  "keywords": [
+    "bitwarden"
+  ],
+  "author": "Bitwarden Inc.",
+  "homepage": "https://bitwarden.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bitwarden/clients"
+  },
+  "license": "GPL-3.0",
+  "scripts": {
+    "clean": "rimraf dist",
+    "build": "npm run clean && tsc",
+    "build:watch": "npm run clean && tsc -watch"
+  }
+}
diff --git a/libs/vault/src/index.ts b/libs/vault/src/index.ts
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/libs/vault/test.setup.ts b/libs/vault/test.setup.ts
new file mode 100644
index 00000000000..6be6e7b8dd1
--- /dev/null
+++ b/libs/vault/test.setup.ts
@@ -0,0 +1,28 @@
+import { webcrypto } from "crypto";
+import "jest-preset-angular/setup-jest";
+
+Object.defineProperty(window, "CSS", { value: null });
+Object.defineProperty(window, "getComputedStyle", {
+  value: () => {
+    return {
+      display: "none",
+      appearance: ["-webkit-appearance"],
+    };
+  },
+});
+
+Object.defineProperty(document, "doctype", {
+  value: "<!DOCTYPE html>",
+});
+Object.defineProperty(document.body.style, "transform", {
+  value: () => {
+    return {
+      enumerable: true,
+      configurable: true,
+    };
+  },
+});
+
+Object.defineProperty(window, "crypto", {
+  value: webcrypto,
+});
diff --git a/libs/vault/tsconfig.json b/libs/vault/tsconfig.json
new file mode 100644
index 00000000000..6004a56fb55
--- /dev/null
+++ b/libs/vault/tsconfig.json
@@ -0,0 +1,5 @@
+{
+  "extends": "../shared/tsconfig.libs",
+  "include": ["src", "spec"],
+  "exclude": ["node_modules", "dist"]
+}
diff --git a/libs/vault/tsconfig.spec.json b/libs/vault/tsconfig.spec.json
new file mode 100644
index 00000000000..de184bd7608
--- /dev/null
+++ b/libs/vault/tsconfig.spec.json
@@ -0,0 +1,4 @@
+{
+  "extends": "./tsconfig.json",
+  "files": ["./test.setup.ts"]
+}
diff --git a/package-lock.json b/package-lock.json
index 613a2ce58cd..689376f26a2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -26,36 +26,36 @@
         "@angular/router": "15.2.9",
         "@koa/multer": "3.0.2",
         "@koa/router": "12.0.0",
-        "@microsoft/signalr": "6.0.16",
-        "@microsoft/signalr-protocol-msgpack": "6.0.16",
+        "@microsoft/signalr": "6.0.21",
+        "@microsoft/signalr-protocol-msgpack": "6.0.21",
         "@ng-select/ng-select": "10.0.4",
-        "argon2": "0.30.3",
+        "argon2": "0.31.0",
         "argon2-browser": "1.18.0",
         "big-integer": "1.6.51",
         "bootstrap": "4.6.0",
-        "braintree-web-drop-in": "1.38.0",
+        "braintree-web-drop-in": "1.40.0",
         "bufferutil": "4.0.7",
         "cbor-redux": "^0.4.0",
         "chalk": "4.1.2",
         "commander": "7.2.0",
-        "core-js": "3.30.2",
+        "core-js": "3.32.0",
         "date-input-polyfill": "2.14.0",
         "duo_web_sdk": "github:duosecurity/duo_web_sdk",
         "form-data": "4.0.0",
         "https-proxy-agent": "5.0.1",
-        "inquirer": "8.2.5",
+        "inquirer": "8.2.6",
         "jquery": "3.7.0",
         "jsdom": "22.1.0",
         "jszip": "3.10.1",
         "koa": "2.14.2",
-        "koa-bodyparser": "4.4.0",
+        "koa-bodyparser": "4.4.1",
         "koa-json": "2.0.2",
         "lowdb": "1.0.0",
         "lunr": "2.3.9",
         "multer": "1.4.5-lts.1",
         "ngx-infinite-scroll": "15.0.0",
         "ngx-toastr": "16.2.0",
-        "node-fetch": "2.6.11",
+        "node-fetch": "2.6.12",
         "node-forge": "1.3.1",
         "nord": "0.2.1",
         "open": "8.4.2",
@@ -66,62 +66,62 @@
         "qrious": "4.0.2",
         "rxjs": "7.8.1",
         "sweetalert2": "10.16.11",
-        "tldts": "6.0.5",
+        "tldts": "6.0.14",
         "utf-8-validate": "5.0.10",
         "zone.js": "0.12.0",
         "zxcvbn": "4.4.2"
       },
       "devDependencies": {
-        "@angular-devkit/build-angular": "15.2.8",
+        "@angular-devkit/build-angular": "15.2.9",
         "@angular-eslint/eslint-plugin": "15.2.1",
         "@angular-eslint/eslint-plugin-template": "15.2.1",
         "@angular-eslint/template-parser": "15.2.1",
-        "@angular/cli": "15.2.8",
+        "@angular/cli": "15.2.9",
         "@angular/compiler-cli": "15.2.9",
         "@angular/elements": "15.2.9",
         "@compodoc/compodoc": "1.1.21",
-        "@electron/notarize": "1.2.3",
+        "@electron/notarize": "1.2.4",
         "@electron/rebuild": "3.2.13",
         "@fluffy-spoon/substitute": "1.208.0",
-        "@ngtools/webpack": "15.2.8",
-        "@storybook/addon-a11y": "7.2.2",
-        "@storybook/addon-actions": "7.2.2",
+        "@ngtools/webpack": "15.2.9",
+        "@storybook/addon-a11y": "7.3.0",
+        "@storybook/addon-actions": "7.3.0",
         "@storybook/addon-designs": "7.0.4",
-        "@storybook/addon-essentials": "7.2.2",
-        "@storybook/addon-links": "7.2.2",
-        "@storybook/angular": "7.2.2",
+        "@storybook/addon-essentials": "7.3.0",
+        "@storybook/addon-links": "7.3.0",
+        "@storybook/angular": "7.3.0",
         "@types/argon2-browser": "1.18.1",
-        "@types/chrome": "0.0.237",
+        "@types/chrome": "0.0.243",
         "@types/duo_web_sdk": "2.7.1",
         "@types/firefox-webext-browser": "111.0.1",
         "@types/inquirer": "8.2.6",
-        "@types/jest": "29.5.2",
+        "@types/jest": "29.5.3",
         "@types/jquery": "3.5.16",
         "@types/jsdom": "21.1.1",
-        "@types/koa": "2.13.6",
+        "@types/koa": "2.13.8",
         "@types/koa__multer": "2.0.4",
         "@types/koa__router": "12.0.0",
         "@types/koa-bodyparser": "4.3.7",
         "@types/koa-json": "2.0.20",
         "@types/lowdb": "1.0.11",
         "@types/lunr": "2.3.4",
-        "@types/node": "18.16.16",
+        "@types/node": "18.17.5",
         "@types/node-fetch": "2.6.4",
-        "@types/node-forge": "1.3.2",
+        "@types/node-forge": "1.3.4",
         "@types/node-ipc": "9.2.0",
         "@types/papaparse": "5.3.7",
         "@types/proper-lockfile": "4.1.2",
-        "@types/react": "16.14.42",
+        "@types/react": "16.14.45",
         "@types/retry": "0.12.2",
         "@types/zxcvbn": "4.4.1",
-        "@typescript-eslint/eslint-plugin": "5.59.8",
-        "@typescript-eslint/parser": "5.59.8",
-        "autoprefixer": "10.4.14",
+        "@typescript-eslint/eslint-plugin": "5.62.0",
+        "@typescript-eslint/parser": "5.62.0",
+        "autoprefixer": "10.4.15",
         "base64-loader": "1.0.0",
         "buffer": "6.0.3",
-        "chromatic": "6.18.0",
+        "chromatic": "6.22.0",
         "clean-webpack-plugin": "4.0.0",
-        "concurrently": "8.1.0",
+        "concurrently": "8.2.0",
         "copy-webpack-plugin": "11.0.0",
         "cross-env": "7.0.3",
         "css-loader": "6.8.1",
@@ -132,33 +132,33 @@
         "electron-reload": "2.0.0-alpha.1",
         "electron-store": "8.1.0",
         "electron-updater": "5.3.0",
-        "eslint": "8.42.0",
-        "eslint-config-prettier": "8.8.0",
-        "eslint-import-resolver-typescript": "3.5.5",
-        "eslint-plugin-import": "2.27.5",
+        "eslint": "8.47.0",
+        "eslint-config-prettier": "8.10.0",
+        "eslint-import-resolver-typescript": "3.6.0",
+        "eslint-plugin-import": "2.28.0",
         "eslint-plugin-rxjs": "5.0.3",
         "eslint-plugin-rxjs-angular": "2.0.1",
         "eslint-plugin-storybook": "0.6.13",
-        "eslint-plugin-tailwindcss": "3.12.1",
+        "eslint-plugin-tailwindcss": "3.13.0",
         "gulp": "4.0.2",
         "gulp-filter": "7.0.0",
         "gulp-if": "3.0.0",
-        "gulp-json-editor": "2.5.6",
+        "gulp-json-editor": "2.5.7",
         "gulp-replace": "1.1.4",
         "gulp-zip": "5.1.0",
         "html-loader": "4.2.0",
         "html-webpack-injector": "1.1.4",
-        "html-webpack-plugin": "5.5.1",
+        "html-webpack-plugin": "5.5.3",
         "husky": "8.0.3",
         "jest-junit": "16.0.0",
-        "jest-mock-extended": "3.0.4",
+        "jest-mock-extended": "3.0.5",
         "jest-preset-angular": "13.1.1",
-        "lint-staged": "13.2.2",
+        "lint-staged": "13.3.0",
         "mini-css-extract-plugin": "2.7.6",
         "node-ipc": "9.2.1",
         "pkg": "5.8.1",
-        "postcss": "8.4.24",
-        "postcss-loader": "7.3.2",
+        "postcss": "8.4.27",
+        "postcss-loader": "7.3.3",
         "prettier": "2.8.8",
         "prettier-plugin-tailwindcss": "0.3.0",
         "process": "0.11.10",
@@ -167,22 +167,22 @@
         "regedit": "^3.0.3",
         "remark-gfm": "3.0.1",
         "rimraf": "5.0.1",
-        "sass": "1.62.1",
-        "sass-loader": "13.3.1",
-        "storybook": "7.2.2",
+        "sass": "1.65.1",
+        "sass-loader": "13.3.2",
+        "storybook": "7.3.0",
         "style-loader": "3.3.3",
-        "tailwindcss": "3.3.2",
-        "ts-jest": "29.1.0",
-        "ts-loader": "9.4.3",
-        "tsconfig-paths-webpack-plugin": "4.0.1",
+        "tailwindcss": "3.3.3",
+        "ts-jest": "29.1.1",
+        "ts-loader": "9.4.4",
+        "tsconfig-paths-webpack-plugin": "4.1.0",
         "type-fest": "2.19.0",
         "typescript": "4.9.5",
-        "url": "0.11.0",
+        "url": "0.11.1",
         "util": "0.12.5",
         "wait-on": "7.0.1",
-        "webpack": "5.85.0",
-        "webpack-cli": "5.1.3",
-        "webpack-dev-server": "4.15.0",
+        "webpack": "5.88.2",
+        "webpack-cli": "5.1.4",
+        "webpack-dev-server": "4.15.1",
         "webpack-node-externals": "3.0.0"
       },
       "engines": {
@@ -192,38 +192,38 @@
     },
     "apps/browser": {
       "name": "@bitwarden/browser",
-      "version": "2023.7.1"
+      "version": "2023.8.0"
     },
     "apps/cli": {
       "name": "@bitwarden/cli",
-      "version": "2023.7.0",
+      "version": "2023.8.0",
       "license": "GPL-3.0-only",
       "dependencies": {
         "@koa/multer": "3.0.2",
         "@koa/router": "12.0.0",
-        "argon2": "0.30.3",
+        "argon2": "0.31.0",
         "big-integer": "1.6.51",
         "browser-hrtime": "1.1.8",
         "chalk": "4.1.2",
         "commander": "7.2.0",
         "form-data": "4.0.0",
         "https-proxy-agent": "5.0.1",
-        "inquirer": "8.2.5",
+        "inquirer": "8.2.6",
         "jsdom": "22.1.0",
         "jszip": "3.10.1",
         "koa": "2.14.2",
-        "koa-bodyparser": "4.4.0",
+        "koa-bodyparser": "4.4.1",
         "koa-json": "2.0.2",
         "lowdb": "1.0.0",
         "lunr": "2.3.9",
         "multer": "1.4.5-lts.1",
-        "node-fetch": "2.6.11",
+        "node-fetch": "2.6.12",
         "node-forge": "1.3.1",
         "open": "8.4.2",
         "papaparse": "5.4.1",
         "proper-lockfile": "4.1.2",
         "rxjs": "7.8.1",
-        "tldts": "6.0.5",
+        "tldts": "6.0.14",
         "zxcvbn": "4.4.2"
       },
       "bin": {
@@ -232,7 +232,7 @@
     },
     "apps/desktop": {
       "name": "@bitwarden/desktop",
-      "version": "2023.7.2",
+      "version": "2023.8.0",
       "hasInstallScript": true,
       "license": "GPL-3.0"
     },
@@ -241,12 +241,28 @@
       "version": "0.1.0",
       "license": "GPL-3.0",
       "devDependencies": {
-        "@napi-rs/cli": "2.16.1"
+        "@napi-rs/cli": "2.16.2"
+      }
+    },
+    "apps/desktop/node_modules/@napi-rs/cli": {
+      "version": "2.16.2",
+      "resolved": "https://registry.npmjs.org/@napi-rs/cli/-/cli-2.16.2.tgz",
+      "integrity": "sha512-U2aZfnr0s9KkXpZlYC0l5WxWCXL7vJUNpCnWMwq3T9GG9rhYAAUM9CTZsi1Z+0iR2LcHbfq9EfMgoqnuTyUjfg==",
+      "dev": true,
+      "bin": {
+        "napi": "scripts/index.js"
+      },
+      "engines": {
+        "node": ">= 10"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/Brooooooklyn"
       }
     },
     "apps/web": {
       "name": "@bitwarden/web-vault",
-      "version": "2023.7.1"
+      "version": "2023.8.0"
     },
     "libs/angular": {
       "name": "@bitwarden/angular",
@@ -292,6 +308,19 @@
         "@bitwarden/common": "file:../common"
       }
     },
+    "libs/vault": {
+      "version": "0.0.0",
+      "license": "GPL-3.0"
+    },
+    "node_modules/@aashutoshrathi/word-wrap": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz",
+      "integrity": "sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/@aduh95/viz.js": {
       "version": "3.4.0",
       "resolved": "https://registry.npmjs.org/@aduh95/viz.js/-/viz.js-3.4.0.tgz",
@@ -339,15 +368,15 @@
       }
     },
     "node_modules/@angular-devkit/build-angular": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/build-angular/-/build-angular-15.2.8.tgz",
-      "integrity": "sha512-TGDnXhhOG6h6TOrWWzfnkha7wYBOXi7iJc1o1w1VKCayE3T6TZZdF847aK66vL9KG7AKYVdGhWEGw2WBHUBUpg==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/build-angular/-/build-angular-15.2.9.tgz",
+      "integrity": "sha512-djOo2Q22zLrxPccSbINz93hD+pES/nNPoze4Ys/0IdtMlLmxO/YGsA+FG5eNeNAf2jK/JRoNydaYOh7XpGoCzA==",
       "dev": true,
       "dependencies": {
         "@ampproject/remapping": "2.2.0",
-        "@angular-devkit/architect": "0.1502.8",
-        "@angular-devkit/build-webpack": "0.1502.8",
-        "@angular-devkit/core": "15.2.8",
+        "@angular-devkit/architect": "0.1502.9",
+        "@angular-devkit/build-webpack": "0.1502.9",
+        "@angular-devkit/core": "15.2.9",
         "@babel/core": "7.20.12",
         "@babel/generator": "7.20.14",
         "@babel/helper-annotate-as-pure": "7.18.6",
@@ -359,7 +388,7 @@
         "@babel/runtime": "7.20.13",
         "@babel/template": "7.20.7",
         "@discoveryjs/json-ext": "0.5.7",
-        "@ngtools/webpack": "15.2.8",
+        "@ngtools/webpack": "15.2.9",
         "ansi-colors": "4.1.3",
         "autoprefixer": "10.4.13",
         "babel-loader": "9.1.2",
@@ -392,7 +421,7 @@
         "rxjs": "6.6.7",
         "sass": "1.58.1",
         "sass-loader": "13.2.0",
-        "semver": "7.3.8",
+        "semver": "7.5.3",
         "source-map-loader": "4.0.1",
         "source-map-support": "0.5.21",
         "terser": "5.16.3",
@@ -449,12 +478,12 @@
       }
     },
     "node_modules/@angular-devkit/build-angular/node_modules/@angular-devkit/architect": {
-      "version": "0.1502.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.1502.8.tgz",
-      "integrity": "sha512-rTltw2ABHrcKc8EGimALvXmrDTP5hlNbEy6nYolJoXEI9EwHgriWrVLVPs3OEF+/ed47dbJi9EGOXUOgzgpB5A==",
+      "version": "0.1502.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.1502.9.tgz",
+      "integrity": "sha512-CFn+LbtYeLG7WqO+BBSjogl764StHpwgfJnNAXQ/3UouUktZ92z4lxhUm0PwIPb5k0lILsf81ubcS1vzwoXEEg==",
       "dev": true,
       "dependencies": {
-        "@angular-devkit/core": "15.2.8",
+        "@angular-devkit/core": "15.2.9",
         "rxjs": "6.6.7"
       },
       "engines": {
@@ -464,9 +493,9 @@
       }
     },
     "node_modules/@angular-devkit/build-angular/node_modules/@angular-devkit/core": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.8.tgz",
-      "integrity": "sha512-Lo4XrbDMtXarKnMrFgWLmQdSX+3QPNAg4otG8cmp/U4jJyjV4dAYKEAsb1sCNGUSM4h4v09EQU/5ugVjDU29lQ==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.9.tgz",
+      "integrity": "sha512-6u44YJ9tEG2hiWITL1rwA9yP6ot4a3cyN/UOMRkYSa/XO2Gz5/dM3U74E2kwg+P1NcxLXffBWl0rz8/Y/lSZyQ==",
       "dev": true,
       "dependencies": {
         "ajv": "8.12.0",
@@ -817,6 +846,18 @@
       "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
       "dev": true
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "dev": true,
+      "dependencies": {
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@angular-devkit/build-angular/node_modules/mini-css-extract-plugin": {
       "version": "2.7.2",
       "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.7.2.tgz",
@@ -1007,6 +1048,21 @@
         }
       }
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/semver": {
+      "version": "7.5.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.3.tgz",
+      "integrity": "sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ==",
+      "dev": true,
+      "dependencies": {
+        "lru-cache": "^6.0.0"
+      },
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@angular-devkit/build-angular/node_modules/webpack": {
       "version": "5.76.1",
       "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.76.1.tgz",
@@ -1196,13 +1252,19 @@
         }
       }
     },
+    "node_modules/@angular-devkit/build-angular/node_modules/yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
+      "dev": true
+    },
     "node_modules/@angular-devkit/build-webpack": {
-      "version": "0.1502.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/build-webpack/-/build-webpack-0.1502.8.tgz",
-      "integrity": "sha512-jWtNv+S03FFLDe/C8SPCcRvkz3bSb2R+919IT086Q9axIPQ1VowOEwzt2k3qXPSSrC7GSYuASM+X92dB47NTQQ==",
+      "version": "0.1502.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/build-webpack/-/build-webpack-0.1502.9.tgz",
+      "integrity": "sha512-VzMXoZjrbL1XlcSegqpZCBDbVvKFGPs3cKp4bXDD5ht95jcCyJPk5FA/wrh0pGGwbOF8ae/XOWFcPRzctC35iA==",
       "dev": true,
       "dependencies": {
-        "@angular-devkit/architect": "0.1502.8",
+        "@angular-devkit/architect": "0.1502.9",
         "rxjs": "6.6.7"
       },
       "engines": {
@@ -1216,12 +1278,12 @@
       }
     },
     "node_modules/@angular-devkit/build-webpack/node_modules/@angular-devkit/architect": {
-      "version": "0.1502.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.1502.8.tgz",
-      "integrity": "sha512-rTltw2ABHrcKc8EGimALvXmrDTP5hlNbEy6nYolJoXEI9EwHgriWrVLVPs3OEF+/ed47dbJi9EGOXUOgzgpB5A==",
+      "version": "0.1502.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.1502.9.tgz",
+      "integrity": "sha512-CFn+LbtYeLG7WqO+BBSjogl764StHpwgfJnNAXQ/3UouUktZ92z4lxhUm0PwIPb5k0lILsf81ubcS1vzwoXEEg==",
       "dev": true,
       "dependencies": {
-        "@angular-devkit/core": "15.2.8",
+        "@angular-devkit/core": "15.2.9",
         "rxjs": "6.6.7"
       },
       "engines": {
@@ -1231,9 +1293,9 @@
       }
     },
     "node_modules/@angular-devkit/build-webpack/node_modules/@angular-devkit/core": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.8.tgz",
-      "integrity": "sha512-Lo4XrbDMtXarKnMrFgWLmQdSX+3QPNAg4otG8cmp/U4jJyjV4dAYKEAsb1sCNGUSM4h4v09EQU/5ugVjDU29lQ==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.9.tgz",
+      "integrity": "sha512-6u44YJ9tEG2hiWITL1rwA9yP6ot4a3cyN/UOMRkYSa/XO2Gz5/dM3U74E2kwg+P1NcxLXffBWl0rz8/Y/lSZyQ==",
       "dev": true,
       "dependencies": {
         "ajv": "8.12.0",
@@ -1302,12 +1364,12 @@
       }
     },
     "node_modules/@angular-devkit/schematics": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-15.2.8.tgz",
-      "integrity": "sha512-w6EUGC96kVsH9f8sEzajzbONMawezyVBiSo+JYp5r25rQArAz/a+KZntbuETWHQ0rQOEsKmUNKxwmr11BaptSQ==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/schematics/-/schematics-15.2.9.tgz",
+      "integrity": "sha512-o08nE8sTpfq/Fknrr1rzBsM8vY36BDox+8dOo9Zc/KqcVPwDy94YKRzHb+xxVaU9jy1VYeCjy63mkyELy7Z3zQ==",
       "dev": true,
       "dependencies": {
-        "@angular-devkit/core": "15.2.8",
+        "@angular-devkit/core": "15.2.9",
         "jsonc-parser": "3.2.0",
         "magic-string": "0.29.0",
         "ora": "5.4.1",
@@ -1320,9 +1382,9 @@
       }
     },
     "node_modules/@angular-devkit/schematics/node_modules/@angular-devkit/core": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.8.tgz",
-      "integrity": "sha512-Lo4XrbDMtXarKnMrFgWLmQdSX+3QPNAg4otG8cmp/U4jJyjV4dAYKEAsb1sCNGUSM4h4v09EQU/5ugVjDU29lQ==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.9.tgz",
+      "integrity": "sha512-6u44YJ9tEG2hiWITL1rwA9yP6ot4a3cyN/UOMRkYSa/XO2Gz5/dM3U74E2kwg+P1NcxLXffBWl0rz8/Y/lSZyQ==",
       "dev": true,
       "dependencies": {
         "ajv": "8.12.0",
@@ -1460,15 +1522,15 @@
       }
     },
     "node_modules/@angular/cli": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@angular/cli/-/cli-15.2.8.tgz",
-      "integrity": "sha512-3VlTfm6DUZfFHBY43vQSAaqmFTxy3VtRd/iDBCHcEPhHwYLWBvNwReJuJfNja8O105QQ6DBiYVBExEBtPmjQ4w==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@angular/cli/-/cli-15.2.9.tgz",
+      "integrity": "sha512-mI6hkGyIJDKd8MRiBl3p5chsUhgnluwmpsq3g1FFPw+wv+eXsPYgCiHqXS/OsK+shFxii9XMxoZQO28bJ4NAOQ==",
       "dev": true,
       "dependencies": {
-        "@angular-devkit/architect": "0.1502.8",
-        "@angular-devkit/core": "15.2.8",
-        "@angular-devkit/schematics": "15.2.8",
-        "@schematics/angular": "15.2.8",
+        "@angular-devkit/architect": "0.1502.9",
+        "@angular-devkit/core": "15.2.9",
+        "@angular-devkit/schematics": "15.2.9",
+        "@schematics/angular": "15.2.9",
         "@yarnpkg/lockfile": "1.1.0",
         "ansi-colors": "4.1.3",
         "ini": "3.0.1",
@@ -1480,7 +1542,7 @@
         "ora": "5.4.1",
         "pacote": "15.1.0",
         "resolve": "1.22.1",
-        "semver": "7.3.8",
+        "semver": "7.5.3",
         "symbol-observable": "4.0.0",
         "yargs": "17.6.2"
       },
@@ -1494,12 +1556,12 @@
       }
     },
     "node_modules/@angular/cli/node_modules/@angular-devkit/architect": {
-      "version": "0.1502.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.1502.8.tgz",
-      "integrity": "sha512-rTltw2ABHrcKc8EGimALvXmrDTP5hlNbEy6nYolJoXEI9EwHgriWrVLVPs3OEF+/ed47dbJi9EGOXUOgzgpB5A==",
+      "version": "0.1502.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/architect/-/architect-0.1502.9.tgz",
+      "integrity": "sha512-CFn+LbtYeLG7WqO+BBSjogl764StHpwgfJnNAXQ/3UouUktZ92z4lxhUm0PwIPb5k0lILsf81ubcS1vzwoXEEg==",
       "dev": true,
       "dependencies": {
-        "@angular-devkit/core": "15.2.8",
+        "@angular-devkit/core": "15.2.9",
         "rxjs": "6.6.7"
       },
       "engines": {
@@ -1521,9 +1583,9 @@
       }
     },
     "node_modules/@angular/cli/node_modules/@angular-devkit/core": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.8.tgz",
-      "integrity": "sha512-Lo4XrbDMtXarKnMrFgWLmQdSX+3QPNAg4otG8cmp/U4jJyjV4dAYKEAsb1sCNGUSM4h4v09EQU/5ugVjDU29lQ==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.9.tgz",
+      "integrity": "sha512-6u44YJ9tEG2hiWITL1rwA9yP6ot4a3cyN/UOMRkYSa/XO2Gz5/dM3U74E2kwg+P1NcxLXffBWl0rz8/Y/lSZyQ==",
       "dev": true,
       "dependencies": {
         "ajv": "8.12.0",
@@ -1584,6 +1646,18 @@
         "node": ">=12.0.0"
       }
     },
+    "node_modules/@angular/cli/node_modules/lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "dev": true,
+      "dependencies": {
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@angular/cli/node_modules/open": {
       "version": "8.4.1",
       "resolved": "https://registry.npmjs.org/open/-/open-8.4.1.tgz",
@@ -1601,12 +1675,33 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/@angular/cli/node_modules/semver": {
+      "version": "7.5.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.3.tgz",
+      "integrity": "sha512-QBlUtyVk/5EeHbi7X0fw6liDZc7BBmEaSYn01fMU1OUYbf6GPsbTtd8WmnqbI20SeycoHSeiybkE/q1Q+qlThQ==",
+      "dev": true,
+      "dependencies": {
+        "lru-cache": "^6.0.0"
+      },
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@angular/cli/node_modules/tslib": {
       "version": "1.14.1",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
       "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
       "dev": true
     },
+    "node_modules/@angular/cli/node_modules/yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
+      "dev": true
+    },
     "node_modules/@angular/common": {
       "version": "15.2.9",
       "resolved": "https://registry.npmjs.org/@angular/common/-/common-15.2.9.tgz",
@@ -1825,15 +1920,6 @@
         "rxjs": "^6.5.3 || ^7.4.0"
       }
     },
-    "node_modules/@arcanis/slice-ansi": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@arcanis/slice-ansi/-/slice-ansi-1.1.1.tgz",
-      "integrity": "sha512-xguP2WR2Dv0gQ7Ykbdb7BNCnPnIPB94uTi0Z2NvkRBEnhbwjOQ7QyQKJXrVQg4qDpiD9hA5l5cCwy/z2OXgc3w==",
-      "dev": true,
-      "dependencies": {
-        "grapheme-splitter": "^1.0.4"
-      }
-    },
     "node_modules/@assemblyscript/loader": {
       "version": "0.10.1",
       "resolved": "https://registry.npmjs.org/@assemblyscript/loader/-/loader-0.10.1.tgz",
@@ -4511,6 +4597,10 @@
       "resolved": "libs/node",
       "link": true
     },
+    "node_modules/@bitwarden/vault": {
+      "resolved": "libs/vault",
+      "link": true
+    },
     "node_modules/@bitwarden/web-vault": {
       "resolved": "apps/web",
       "link": true
@@ -5242,9 +5332,9 @@
       }
     },
     "node_modules/@electron/notarize": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/@electron/notarize/-/notarize-1.2.3.tgz",
-      "integrity": "sha512-9oRzT56rKh5bspk3KpAVF8lPKHYQrBnRwcgiOeR0hdilVEQmszDaAu0IPCPrwwzJN0ugNs0rRboTreHMt/6mBQ==",
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/@electron/notarize/-/notarize-1.2.4.tgz",
+      "integrity": "sha512-W5GQhJEosFNafewnS28d3bpQ37/s91CDWqxVchHfmv2dQSTWpOzNlUVQwYzC1ay5bChRV/A9BTL68yj0Pa+TSg==",
       "dev": true,
       "dependencies": {
         "debug": "^4.1.1",
@@ -5750,23 +5840,23 @@
       }
     },
     "node_modules/@eslint-community/regexpp": {
-      "version": "4.5.1",
-      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.5.1.tgz",
-      "integrity": "sha512-Z5ba73P98O1KUYCCJTUeVpja9RcGoMdncZ6T49FCUl2lN38JtCJ+3WgIDBv0AuY4WChU5PmtJmOCTlN6FZTFKQ==",
+      "version": "4.6.2",
+      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.6.2.tgz",
+      "integrity": "sha512-pPTNuaAG3QMH+buKyBIGJs3g/S5y0caxw0ygM3YyE6yJFySwiGGSzA+mM3KJ8QQvzeLh3blwgSonkFjgQdxzMw==",
       "dev": true,
       "engines": {
         "node": "^12.0.0 || ^14.0.0 || >=16.0.0"
       }
     },
     "node_modules/@eslint/eslintrc": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.0.3.tgz",
-      "integrity": "sha512-+5gy6OQfk+xx3q0d6jGZZC3f3KzAkXc/IanVxd1is/VIIziRqqt3ongQz0FiTUXqTk0c7aDB3OaFuKnuSoJicQ==",
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.2.tgz",
+      "integrity": "sha512-+wvgpDsrB1YqAMdEUCcnTlpfVBH7Vqn6A/NT3D8WVXFIaKMlErPIZT3oCIAVCOtarRpMtelZLqJeU3t7WY6X6g==",
       "dev": true,
       "dependencies": {
         "ajv": "^6.12.4",
         "debug": "^4.3.2",
-        "espree": "^9.5.2",
+        "espree": "^9.6.0",
         "globals": "^13.19.0",
         "ignore": "^5.2.0",
         "import-fresh": "^3.2.1",
@@ -5804,9 +5894,9 @@
       "dev": true
     },
     "node_modules/@eslint/eslintrc/node_modules/globals": {
-      "version": "13.20.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-13.20.0.tgz",
-      "integrity": "sha512-Qg5QtVkCy/kv3FUSlu4ukeZDVf9ee0iXLAUYX13gbR17bnejFTzr4iS9bY7kwCf1NztRNm1t91fjOiyx4CSwPQ==",
+      "version": "13.21.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-13.21.0.tgz",
+      "integrity": "sha512-ybyme3s4yy/t/3s35bewwXKOf7cvzfreG2lH0lZl0JB7I4GxRP2ghxOK/Nb9EkRXdbBXZLfq/p/0W2JUONB/Gg==",
       "dev": true,
       "dependencies": {
         "type-fest": "^0.20.2"
@@ -5849,9 +5939,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "8.42.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.42.0.tgz",
-      "integrity": "sha512-6SWlXpWU5AvId8Ac7zjzmIOqMOba/JWY8XZ4A7q7Gn1Vlfg/SFFIlrtHXt9nPn4op9ZPAkl91Jao+QQv3r/ukw==",
+      "version": "8.47.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.47.0.tgz",
+      "integrity": "sha512-P6omY1zv5MItm93kLM8s2vr1HICJH8v0dvddDhysbIuZ+vcjOHg5Zbkf1mTkcmi2JA9oBG2anOkRnW8WJTS8Og==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -6746,9 +6836,9 @@
       }
     },
     "node_modules/@mapbox/node-pre-gyp": {
-      "version": "1.0.10",
-      "resolved": "https://registry.npmjs.org/@mapbox/node-pre-gyp/-/node-pre-gyp-1.0.10.tgz",
-      "integrity": "sha512-4ySo4CjzStuprMwk35H5pPbkymjv1SF3jGLj6rAHp/xT/RF7TL7bd9CTm1xDY49K2qF7jmR/g7k+SkLETP6opA==",
+      "version": "1.0.11",
+      "resolved": "https://registry.npmjs.org/@mapbox/node-pre-gyp/-/node-pre-gyp-1.0.11.tgz",
+      "integrity": "sha512-Yhlar6v9WQgUp/He7BdgzOz8lqMQ8sU+jkCq7Wx8Myc5YFJLbEe7lgui/V7G1qB1DJykHSGwreceSaD60Y0PUQ==",
       "dependencies": {
         "detect-libc": "^2.0.0",
         "https-proxy-agent": "^5.0.0",
@@ -6815,9 +6905,9 @@
       }
     },
     "node_modules/@microsoft/signalr": {
-      "version": "6.0.16",
-      "resolved": "https://registry.npmjs.org/@microsoft/signalr/-/signalr-6.0.16.tgz",
-      "integrity": "sha512-wekzRtt2Ti38Ja0OQwLE0EKN0Zm7RI9VilrungwHe5Eej1IwnRYuhpauAqNtwwP3CY2j7uFT4XUk74E2vythTQ==",
+      "version": "6.0.21",
+      "resolved": "https://registry.npmjs.org/@microsoft/signalr/-/signalr-6.0.21.tgz",
+      "integrity": "sha512-3MWhSUE7AxkQs3QBuJ/spJJpg1mAHo0/6yRGhs5+Hew3Z+iqYrHVfo0yTElC7W2bVA9t3fW3jliQ9rBN0OvJLA==",
       "dependencies": {
         "abort-controller": "^3.0.0",
         "eventsource": "^1.0.7",
@@ -6827,11 +6917,11 @@
       }
     },
     "node_modules/@microsoft/signalr-protocol-msgpack": {
-      "version": "6.0.16",
-      "resolved": "https://registry.npmjs.org/@microsoft/signalr-protocol-msgpack/-/signalr-protocol-msgpack-6.0.16.tgz",
-      "integrity": "sha512-cEbtkYZ9cmcdxsdYn2N5ZKX6GAgQClYHqe4p9Y7Gs1WyUXSpIXDWM7JLnMuFaoQJDw2Jhh/lizdTUvJUcMKrAQ==",
+      "version": "6.0.21",
+      "resolved": "https://registry.npmjs.org/@microsoft/signalr-protocol-msgpack/-/signalr-protocol-msgpack-6.0.21.tgz",
+      "integrity": "sha512-Z62G5Sq0HSkS2iJEEugqXHU2nNVgPZLI5vSoqUo0IghCc6AJRCZzPcxgCeLsaQcpUYqWxo29YWkyzylrw5snsw==",
       "dependencies": {
-        "@microsoft/signalr": ">=6.0.16",
+        "@microsoft/signalr": ">=6.0.21",
         "@msgpack/msgpack": "^2.7.0"
       }
     },
@@ -6843,22 +6933,6 @@
         "node": ">= 10"
       }
     },
-    "node_modules/@napi-rs/cli": {
-      "version": "2.16.1",
-      "resolved": "https://registry.npmjs.org/@napi-rs/cli/-/cli-2.16.1.tgz",
-      "integrity": "sha512-L0Gr5iEQIDEbvWdDr1HUaBOxBSHL1VZhWSk1oryawoT8qJIY+KGfLFelU+Qma64ivCPbxYpkfPoKYVG3rcoGIA==",
-      "dev": true,
-      "bin": {
-        "napi": "scripts/index.js"
-      },
-      "engines": {
-        "node": ">= 10"
-      },
-      "funding": {
-        "type": "github",
-        "url": "https://github.com/sponsors/Brooooooklyn"
-      }
-    },
     "node_modules/@ndelangen/get-tarball": {
       "version": "3.0.9",
       "resolved": "https://registry.npmjs.org/@ndelangen/get-tarball/-/get-tarball-3.0.9.tgz",
@@ -6888,9 +6962,9 @@
       }
     },
     "node_modules/@ngtools/webpack": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@ngtools/webpack/-/webpack-15.2.8.tgz",
-      "integrity": "sha512-BJexeT4FxMtToVBGa3wdl6rrkYXgilP0kkSH4Qzu4MPlLPbeBSr4XQalQriewlpC2uzG0r2SJfrAe2eDhtSykA==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@ngtools/webpack/-/webpack-15.2.9.tgz",
+      "integrity": "sha512-nOXUGqKkAEMlCcrhkDwWDzcVdKNH7MNRUXfNzsFc9zdeR/5p3qt6SVMN7OOE3NREyI7P6nzARc3S+6QDBjf3Jg==",
       "dev": true,
       "engines": {
         "node": "^14.20.0 || ^16.13.0 || >=18.10.0",
@@ -7125,6 +7199,12 @@
         "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
       }
     },
+    "node_modules/@one-ini/wasm": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/@one-ini/wasm/-/wasm-0.1.1.tgz",
+      "integrity": "sha512-XuySG1E38YScSJoMlqovLru4KTUNSjgVTIjyh7qMX6aNN5HY5Ct5LhRJdxO79JtTzKfzV/bnWpz+zquYrISsvw==",
+      "dev": true
+    },
     "node_modules/@phc/format": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/@phc/format/-/format-1.0.0.tgz",
@@ -7143,56 +7223,6 @@
         "node": ">=14"
       }
     },
-    "node_modules/@pkgr/utils": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/@pkgr/utils/-/utils-2.4.1.tgz",
-      "integrity": "sha512-JOqwkgFEyi+OROIyq7l4Jy28h/WwhDnG/cPkXG2Z1iFbubB6jsHW1NDvmyOzTBxHr3yg68YGirmh1JUgMqa+9w==",
-      "dev": true,
-      "dependencies": {
-        "cross-spawn": "^7.0.3",
-        "fast-glob": "^3.2.12",
-        "is-glob": "^4.0.3",
-        "open": "^9.1.0",
-        "picocolors": "^1.0.0",
-        "tslib": "^2.5.0"
-      },
-      "engines": {
-        "node": "^12.20.0 || ^14.18.0 || >=16.0.0"
-      },
-      "funding": {
-        "url": "https://opencollective.com/unts"
-      }
-    },
-    "node_modules/@pkgr/utils/node_modules/define-lazy-prop": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-3.0.0.tgz",
-      "integrity": "sha512-N+MeXYoqr3pOgn8xfyRPREN7gHakLYjhsHhWGT3fWAiL4IkAt0iDw14QiiEm2bE30c5XX5q0FtAA3CK5f9/BUg==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/@pkgr/utils/node_modules/open": {
-      "version": "9.1.0",
-      "resolved": "https://registry.npmjs.org/open/-/open-9.1.0.tgz",
-      "integrity": "sha512-OS+QTnw1/4vrf+9hh1jc1jnYjzSG4ttTBB8UxOwAnInG3Uo4ssetzC1ihqaIHjLJnA5GGlRl6QlZXOTQhRBUvg==",
-      "dev": true,
-      "dependencies": {
-        "default-browser": "^4.0.0",
-        "define-lazy-prop": "^3.0.0",
-        "is-inside-container": "^1.0.0",
-        "is-wsl": "^2.2.0"
-      },
-      "engines": {
-        "node": ">=14.16"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/@radix-ui/number": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/@radix-ui/number/-/number-1.0.1.tgz",
@@ -7488,6 +7518,38 @@
         }
       }
     },
+    "node_modules/@radix-ui/react-roving-focus": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@radix-ui/react-roving-focus/-/react-roving-focus-1.0.4.tgz",
+      "integrity": "sha512-2mUg5Mgcu001VkGy+FfzZyzbmuUWzgWkj3rvv4yu+mLw03+mTzbxZHvfcGyFp2b8EkQeMkpRQ5FiA2Vr2O6TeQ==",
+      "dev": true,
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/primitive": "1.0.1",
+        "@radix-ui/react-collection": "1.0.3",
+        "@radix-ui/react-compose-refs": "1.0.1",
+        "@radix-ui/react-context": "1.0.1",
+        "@radix-ui/react-direction": "1.0.1",
+        "@radix-ui/react-id": "1.0.1",
+        "@radix-ui/react-primitive": "1.0.3",
+        "@radix-ui/react-use-callback-ref": "1.0.1",
+        "@radix-ui/react-use-controllable-state": "1.0.1"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@radix-ui/react-select": {
       "version": "1.2.2",
       "resolved": "https://registry.npmjs.org/@radix-ui/react-select/-/react-select-1.2.2.tgz",
@@ -7532,6 +7594,30 @@
         }
       }
     },
+    "node_modules/@radix-ui/react-separator": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@radix-ui/react-separator/-/react-separator-1.0.3.tgz",
+      "integrity": "sha512-itYmTy/kokS21aiV5+Z56MZB54KrhPgn6eHDKkFeOLR34HMN2s8PaN47qZZAGnvupcjxHaFZnW4pQEh0BvvVuw==",
+      "dev": true,
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/react-primitive": "1.0.3"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@radix-ui/react-slot": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/@radix-ui/react-slot/-/react-slot-1.0.2.tgz",
@@ -7551,6 +7637,92 @@
         }
       }
     },
+    "node_modules/@radix-ui/react-toggle": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@radix-ui/react-toggle/-/react-toggle-1.0.3.tgz",
+      "integrity": "sha512-Pkqg3+Bc98ftZGsl60CLANXQBBQ4W3mTFS9EJvNxKMZ7magklKV69/id1mlAlOFDDfHvlCms0fx8fA4CMKDJHg==",
+      "dev": true,
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/primitive": "1.0.1",
+        "@radix-ui/react-primitive": "1.0.3",
+        "@radix-ui/react-use-controllable-state": "1.0.1"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-toggle-group": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@radix-ui/react-toggle-group/-/react-toggle-group-1.0.4.tgz",
+      "integrity": "sha512-Uaj/M/cMyiyT9Bx6fOZO0SAG4Cls0GptBWiBmBxofmDbNVnYYoyRWj/2M/6VCi/7qcXFWnHhRUfdfZFvvkuu8A==",
+      "dev": true,
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/primitive": "1.0.1",
+        "@radix-ui/react-context": "1.0.1",
+        "@radix-ui/react-direction": "1.0.1",
+        "@radix-ui/react-primitive": "1.0.3",
+        "@radix-ui/react-roving-focus": "1.0.4",
+        "@radix-ui/react-toggle": "1.0.3",
+        "@radix-ui/react-use-controllable-state": "1.0.1"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@radix-ui/react-toolbar": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@radix-ui/react-toolbar/-/react-toolbar-1.0.4.tgz",
+      "integrity": "sha512-tBgmM/O7a07xbaEkYJWYTXkIdU/1pW4/KZORR43toC/4XWyBCURK0ei9kMUdp+gTPPKBgYLxXmRSH1EVcIDp8Q==",
+      "dev": true,
+      "dependencies": {
+        "@babel/runtime": "^7.13.10",
+        "@radix-ui/primitive": "1.0.1",
+        "@radix-ui/react-context": "1.0.1",
+        "@radix-ui/react-direction": "1.0.1",
+        "@radix-ui/react-primitive": "1.0.3",
+        "@radix-ui/react-roving-focus": "1.0.4",
+        "@radix-ui/react-separator": "1.0.3",
+        "@radix-ui/react-toggle-group": "1.0.4"
+      },
+      "peerDependencies": {
+        "@types/react": "*",
+        "@types/react-dom": "*",
+        "react": "^16.8 || ^17.0 || ^18.0",
+        "react-dom": "^16.8 || ^17.0 || ^18.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "@types/react-dom": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@radix-ui/react-use-callback-ref": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/@radix-ui/react-use-callback-ref/-/react-use-callback-ref-1.0.1.tgz",
@@ -7715,13 +7887,13 @@
       }
     },
     "node_modules/@schematics/angular": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@schematics/angular/-/angular-15.2.8.tgz",
-      "integrity": "sha512-F49IEzCFxQlpaMIgTO/wF1l/CLQKif7VaiDdyiTKOeT22IMmyd61FUmWDyZYfCBqMlvBmvDGx64HaHWes1HYCg==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@schematics/angular/-/angular-15.2.9.tgz",
+      "integrity": "sha512-0Lit6TLNUwcAYiEkXgZp3vY9xAO1cnZCBXuUcp+6v+Ddnrt2w/YOiGe74p21cYe0StkTpTljsqsKBTiX7TMjQg==",
       "dev": true,
       "dependencies": {
-        "@angular-devkit/core": "15.2.8",
-        "@angular-devkit/schematics": "15.2.8",
+        "@angular-devkit/core": "15.2.9",
+        "@angular-devkit/schematics": "15.2.9",
         "jsonc-parser": "3.2.0"
       },
       "engines": {
@@ -7731,9 +7903,9 @@
       }
     },
     "node_modules/@schematics/angular/node_modules/@angular-devkit/core": {
-      "version": "15.2.8",
-      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.8.tgz",
-      "integrity": "sha512-Lo4XrbDMtXarKnMrFgWLmQdSX+3QPNAg4otG8cmp/U4jJyjV4dAYKEAsb1sCNGUSM4h4v09EQU/5ugVjDU29lQ==",
+      "version": "15.2.9",
+      "resolved": "https://registry.npmjs.org/@angular-devkit/core/-/core-15.2.9.tgz",
+      "integrity": "sha512-6u44YJ9tEG2hiWITL1rwA9yP6ot4a3cyN/UOMRkYSa/XO2Gz5/dM3U74E2kwg+P1NcxLXffBWl0rz8/Y/lSZyQ==",
       "dev": true,
       "dependencies": {
         "ajv": "8.12.0",
@@ -7840,75 +8012,22 @@
         "@sinonjs/commons": "^3.0.0"
       }
     },
-    "node_modules/@snyk/dep-graph": {
-      "version": "2.6.1",
-      "resolved": "https://registry.npmjs.org/@snyk/dep-graph/-/dep-graph-2.6.1.tgz",
-      "integrity": "sha512-8N+wgLCUDGbyjDpHSpPICM+elcJ06WKFRl/1nVe6OE9dFBpjC64wtFohQgQDlazPxQC2eOLqImR8QlwNQ6hoDQ==",
-      "dev": true,
-      "dependencies": {
-        "event-loop-spinner": "^2.1.0",
-        "lodash.clone": "^4.5.0",
-        "lodash.constant": "^3.0.0",
-        "lodash.filter": "^4.6.0",
-        "lodash.foreach": "^4.5.0",
-        "lodash.isempty": "^4.4.0",
-        "lodash.isequal": "^4.5.0",
-        "lodash.isfunction": "^3.0.9",
-        "lodash.isundefined": "^3.0.1",
-        "lodash.map": "^4.6.0",
-        "lodash.reduce": "^4.6.0",
-        "lodash.size": "^4.2.0",
-        "lodash.transform": "^4.6.0",
-        "lodash.union": "^4.6.0",
-        "lodash.values": "^4.3.0",
-        "object-hash": "^3.0.0",
-        "packageurl-js": "^1.0.0",
-        "semver": "^7.0.0",
-        "tslib": "^2"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@snyk/graphlib": {
-      "version": "2.1.9-patch.3",
-      "resolved": "https://registry.npmjs.org/@snyk/graphlib/-/graphlib-2.1.9-patch.3.tgz",
-      "integrity": "sha512-bBY9b9ulfLj0v2Eer0yFYa3syVeIxVKl2EpxSrsVeT4mjA0CltZyHsF0JjoaGXP27nItTdJS5uVsj1NA+3aE+Q==",
-      "dev": true,
-      "dependencies": {
-        "lodash.clone": "^4.5.0",
-        "lodash.constant": "^3.0.0",
-        "lodash.filter": "^4.6.0",
-        "lodash.foreach": "^4.5.0",
-        "lodash.has": "^4.5.2",
-        "lodash.isempty": "^4.4.0",
-        "lodash.isfunction": "^3.0.9",
-        "lodash.isundefined": "^3.0.1",
-        "lodash.keys": "^4.2.0",
-        "lodash.map": "^4.6.0",
-        "lodash.reduce": "^4.6.0",
-        "lodash.size": "^4.2.0",
-        "lodash.transform": "^4.6.0",
-        "lodash.union": "^4.6.0",
-        "lodash.values": "^4.3.0"
-      }
-    },
     "node_modules/@storybook/addon-a11y": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-a11y/-/addon-a11y-7.2.2.tgz",
-      "integrity": "sha512-gMGP5GdnTENdv5M1+1buk2n9md43jx6S8ZCsXlRagpVM57+jE9WyKtV6R+BPwfX2lBY45nhAj7Qmiy+OrUHarA==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-a11y/-/addon-a11y-7.3.0.tgz",
+      "integrity": "sha512-MdUv6kI4CSfAaOnsZYTCGnyHm8xHewEbVXQ966WSh6aUuTvRaiwX/eZu2Fk4ZA8WtIs8cuS0/YA+dcdxvwwwTA==",
       "dev": true,
       "dependencies": {
-        "@storybook/addon-highlight": "7.2.2",
-        "@storybook/channels": "7.2.2",
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/core-events": "7.2.2",
+        "@storybook/addon-highlight": "7.3.0",
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/theming": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
         "axe-core": "^4.2.0",
         "lodash": "^4.17.21",
         "react-resize-detector": "^7.1.2"
@@ -7930,20 +8049,173 @@
         }
       }
     },
-    "node_modules/@storybook/addon-actions": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-actions/-/addon-actions-7.2.2.tgz",
-      "integrity": "sha512-Ev9oGlpxrt7tCpCmAYA04hsZYKnZIiksaQDCgKAf6I2+yUZBBkZh490yBPkMExpH5bLk7fAgjCMZP9gOyzaq3A==",
+    "node_modules/@storybook/addon-a11y/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
       "dev": true,
       "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/core-events": "7.2.2",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/theming": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-a11y/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-a11y/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-a11y/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-a11y/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-a11y/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-a11y/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-a11y/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-actions": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-actions/-/addon-actions-7.3.0.tgz",
+      "integrity": "sha512-JOEbJ4eDUDaW9bx7yAg5/3Mglj2uxNZAlSIV1YM2MF4R4Tc7vM6EnmBavUwC+9iSvoSzupG9EnO12ZcAB/2oAQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
         "dequal": "^2.0.2",
         "lodash": "^4.17.21",
         "polished": "^4.2.2",
@@ -7970,6 +8242,159 @@
         }
       }
     },
+    "node_modules/@storybook/addon-actions/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-actions/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-actions/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-actions/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-actions/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-actions/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-actions/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-actions/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/addon-actions/node_modules/uuid": {
       "version": "9.0.0",
       "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.0.tgz",
@@ -7980,19 +8405,19 @@
       }
     },
     "node_modules/@storybook/addon-backgrounds": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-backgrounds/-/addon-backgrounds-7.2.2.tgz",
-      "integrity": "sha512-ZqSEw9R+ar9jMW6dxfnAAn7hQn9uC9z0om9dbOHNiulOz1CYa62GAyJXU+uZyCyuThqyEa0W8D2+Jsm/s9AuBw==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-backgrounds/-/addon-backgrounds-7.3.0.tgz",
+      "integrity": "sha512-ZczNrcfXII6OuybeUr2r3H+d++OFIEOwktFSFO20kfGegNHFLr6URVqzSUUQlTyR/J7QgXFlMBwKSvZfxjMQlg==",
       "dev": true,
       "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/core-events": "7.2.2",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/theming": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
         "memoizerific": "^1.11.3",
         "ts-dedent": "^2.0.0"
       },
@@ -8013,22 +8438,175 @@
         }
       }
     },
-    "node_modules/@storybook/addon-controls": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-controls/-/addon-controls-7.2.2.tgz",
-      "integrity": "sha512-kcFG7RMQJVz3fNvQO+9vjAodKbRrobsdr3WJYN6zmugh+qxEdUvHUUe093t0MpMKp2njY6c9eAbfjN+PrLSCJQ==",
+    "node_modules/@storybook/addon-backgrounds/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
       "dev": true,
       "dependencies": {
-        "@storybook/blocks": "7.2.2",
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/core-common": "7.2.2",
-        "@storybook/core-events": "7.2.2",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/theming": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-backgrounds/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-backgrounds/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-backgrounds/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-backgrounds/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-backgrounds/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-backgrounds/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-backgrounds/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-controls": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-controls/-/addon-controls-7.3.0.tgz",
+      "integrity": "sha512-I8uC3KW2rVdT/7bvMzW48tJOJC6Vwg7zD4N6sQjcgo0uY39infvSWYzqeO2euHt5J1h3m538BacY/XShQhxvWQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/blocks": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
         "lodash": "^4.17.21",
         "ts-dedent": "^2.0.0"
       },
@@ -8049,6 +8627,159 @@
         }
       }
     },
+    "node_modules/@storybook/addon-controls/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-controls/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-controls/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-controls/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-controls/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-controls/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-controls/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-controls/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/addon-designs": {
       "version": "7.0.4",
       "resolved": "https://registry.npmjs.org/@storybook/addon-designs/-/addon-designs-7.0.4.tgz",
@@ -8077,26 +8808,26 @@
       }
     },
     "node_modules/@storybook/addon-docs": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-7.2.2.tgz",
-      "integrity": "sha512-rQZ/LAC1oAQityI/NNwntLellAT2yrT7vQAPhHBpaVi/AOdT87wTkCyxnFJj/y3XYDAs4XgUqgbIKSIcRni/eA==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-7.3.0.tgz",
+      "integrity": "sha512-MQWd7Rdbk3Rt8NYZ5l2Zi7YzGaSyRztRqRvqZcLcyCll+2fOHPbMy1MEoUgKqw1esevLJOG01FWkUk0Y6Qd8Lw==",
       "dev": true,
       "dependencies": {
         "@jest/transform": "^29.3.1",
         "@mdx-js/react": "^2.1.5",
-        "@storybook/blocks": "7.2.2",
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/csf-plugin": "7.2.2",
-        "@storybook/csf-tools": "7.2.2",
+        "@storybook/blocks": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/csf-plugin": "7.3.0",
+        "@storybook/csf-tools": "7.3.0",
         "@storybook/global": "^5.0.0",
         "@storybook/mdx2-csf": "^1.0.0",
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/postinstall": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/react-dom-shim": "7.2.2",
-        "@storybook/theming": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/postinstall": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/react-dom-shim": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
         "fs-extra": "^11.1.0",
         "remark-external-links": "^8.0.0",
         "remark-slug": "^6.0.0",
@@ -8111,6 +8842,109 @@
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
       }
     },
+    "node_modules/@storybook/addon-docs/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-docs/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-docs/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-docs/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-docs/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-docs/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/addon-docs/node_modules/fs-extra": {
       "version": "11.1.1",
       "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.1.tgz",
@@ -8126,24 +8960,24 @@
       }
     },
     "node_modules/@storybook/addon-essentials": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-essentials/-/addon-essentials-7.2.2.tgz",
-      "integrity": "sha512-x99psHZqtHFE7IKnJ3ruZIGe2xkb/xb0IQHya+zmdGHxNkcIeZVCLidPJRjrplJGmykRg+B25q2330CMIUYd9Q==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-essentials/-/addon-essentials-7.3.0.tgz",
+      "integrity": "sha512-yHnQpT/Vjff4Xufxtl81+fVGCE9VowKItXs7TjE0OXNMZaKjMOtddti/zsOAu0v/uUZV9PIu1xrPH+jGTeHXlA==",
       "dev": true,
       "dependencies": {
-        "@storybook/addon-actions": "7.2.2",
-        "@storybook/addon-backgrounds": "7.2.2",
-        "@storybook/addon-controls": "7.2.2",
-        "@storybook/addon-docs": "7.2.2",
-        "@storybook/addon-highlight": "7.2.2",
-        "@storybook/addon-measure": "7.2.2",
-        "@storybook/addon-outline": "7.2.2",
-        "@storybook/addon-toolbars": "7.2.2",
-        "@storybook/addon-viewport": "7.2.2",
-        "@storybook/core-common": "7.2.2",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
+        "@storybook/addon-actions": "7.3.0",
+        "@storybook/addon-backgrounds": "7.3.0",
+        "@storybook/addon-controls": "7.3.0",
+        "@storybook/addon-docs": "7.3.0",
+        "@storybook/addon-highlight": "7.3.0",
+        "@storybook/addon-measure": "7.3.0",
+        "@storybook/addon-outline": "7.3.0",
+        "@storybook/addon-toolbars": "7.3.0",
+        "@storybook/addon-viewport": "7.3.0",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
         "ts-dedent": "^2.0.0"
       },
       "funding": {
@@ -8155,15 +8989,251 @@
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
       }
     },
-    "node_modules/@storybook/addon-highlight": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-highlight/-/addon-highlight-7.2.2.tgz",
-      "integrity": "sha512-jyuxPPTg3q021GYBzA+JoBO2ece6B4gt4ZqtWjKbOpTHpUyzkH6IBcBuWGtgGcQgrCGlmb5B8QCLAb8Cmy6VJg==",
+    "node_modules/@storybook/addon-essentials/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
       "dev": true,
       "dependencies": {
-        "@storybook/core-events": "7.2.2",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/preview-api": "7.2.2"
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-essentials/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-essentials/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-essentials/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-essentials/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-essentials/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-essentials/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-essentials/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-highlight": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-highlight/-/addon-highlight-7.3.0.tgz",
+      "integrity": "sha512-Rsl1+/KiNuh0doTtbyDv9jO6kg6b/5LqLz0p84o+DcEwYGTQnfvPMs2e8q38DNF8HBEw4PJdWkSHlJkex56xPA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/preview-api": "7.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-highlight/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-highlight/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-highlight/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-highlight/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-highlight/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
       },
       "funding": {
         "type": "opencollective",
@@ -8171,19 +9241,19 @@
       }
     },
     "node_modules/@storybook/addon-links": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-7.2.2.tgz",
-      "integrity": "sha512-bRK0B1QLzpCJ80Cdk/SgA5qlT3RxRkouaJU/rcFc3obHng4bUBr164SLKDgWOHawSrBn3dohO0HIz2o8AevgmA==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-7.3.0.tgz",
+      "integrity": "sha512-CLYjhaSYDGX9Y8DNK1IDRwWg3dMREutu4e3uRB2sIVzs3QhF7cOKNWpojTwS4EJ3WxnBoVKIossMI6pjUn+EWg==",
       "dev": true,
       "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/core-events": "7.2.2",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/csf": "^0.1.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/router": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/types": "7.3.0",
         "prop-types": "^15.7.2",
         "ts-dedent": "^2.0.0"
       },
@@ -8204,19 +9274,172 @@
         }
       }
     },
-    "node_modules/@storybook/addon-measure": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-measure/-/addon-measure-7.2.2.tgz",
-      "integrity": "sha512-gzXj28rqmtHyTKorGleP8+wlvvT6RQMsKtdHCJL/yT3Q9+REQ4/5lAgw+jKqSG+Ka6FxUYWlCN9nD5fRwxtXyQ==",
+    "node_modules/@storybook/addon-links/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
       "dev": true,
       "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/core-events": "7.2.2",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-links/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-links/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-links/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-links/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-links/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-links/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-links/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-measure": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-measure/-/addon-measure-7.3.0.tgz",
+      "integrity": "sha512-c4p0LdsphOQAHWakBxKa4CWUuhyslDXcp+N+TxpMSJ6Ra2jXvPUy+8fhLNuCBZtrJ+DMEctjAGgDOcsxiZSsdg==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/types": "7.3.0",
         "tiny-invariant": "^1.3.1"
       },
       "funding": {
@@ -8236,19 +9459,172 @@
         }
       }
     },
-    "node_modules/@storybook/addon-outline": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-outline/-/addon-outline-7.2.2.tgz",
-      "integrity": "sha512-Mh6tOiRWVQRgMQlH2GAh2Ov3uf4wmtGXV7MBfKmqxowIp6HGCd4ZJ5tTOgD8ANRFIloH57oSa2/Jf/qiUg0/OQ==",
+    "node_modules/@storybook/addon-measure/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
       "dev": true,
       "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/core-events": "7.2.2",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-measure/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-measure/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-measure/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-measure/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-measure/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-measure/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-measure/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-outline": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-outline/-/addon-outline-7.3.0.tgz",
+      "integrity": "sha512-/KZPi6XlyJmjDyNb+rsN/UQ9F3lm0Co41guQqS3VnwjFz3RaLp8KNfHDXvQZ0Y+MO4L5gPejqOsgz6464pBkOg==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/types": "7.3.0",
         "ts-dedent": "^2.0.0"
       },
       "funding": {
@@ -8268,17 +9644,170 @@
         }
       }
     },
-    "node_modules/@storybook/addon-toolbars": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-toolbars/-/addon-toolbars-7.2.2.tgz",
-      "integrity": "sha512-KQkFwLEqi/Xm9wq6mqaqO6VEW7+Sgbr8BUtVRAB9sSpy2mlhZEzZpcWKjuHmyMb9/eiRvnicM9kXxz0tHAF0jA==",
+    "node_modules/@storybook/addon-outline/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
       "dev": true,
       "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/theming": "7.2.2"
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-outline/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-outline/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-outline/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-outline/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-outline/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-outline/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-outline/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-toolbars": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-toolbars/-/addon-toolbars-7.3.0.tgz",
+      "integrity": "sha512-1zK7lVoodN7Es+ay87R+ibzxwYxGEJN/7sWoQpL2CxkmmFD6VxHV9bfrvQmzeKW4PSoGiCWi9QpeSdEk+Wv3Fw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/theming": "7.3.0"
       },
       "funding": {
         "type": "opencollective",
@@ -8297,19 +9826,172 @@
         }
       }
     },
-    "node_modules/@storybook/addon-viewport": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/addon-viewport/-/addon-viewport-7.2.2.tgz",
-      "integrity": "sha512-6qjtkFSV+9Fxw/nS5X7b5xC1kbk+CMGUEZhzmqM+iYtijHZmK0K1+x6AoR/mOul/rLL2YT73U3OYCCKWV9lemQ==",
+    "node_modules/@storybook/addon-toolbars/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
       "dev": true,
       "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/core-events": "7.2.2",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/theming": "7.2.2",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-toolbars/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-toolbars/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-toolbars/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-toolbars/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-toolbars/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-toolbars/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-toolbars/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-viewport": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/addon-viewport/-/addon-viewport-7.3.0.tgz",
+      "integrity": "sha512-0Zk9swqw6SqWoHGq8Ccu+mHkx0+3RE4oGq+cSxModc5BVgO/dmXeSX5vzbJ0uhZXicu+T3UmbEkt0QnJ5sJCEQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/theming": "7.3.0",
         "memoizerific": "^1.11.3",
         "prop-types": "^15.7.2"
       },
@@ -8330,11 +10012,165 @@
         }
       }
     },
+    "node_modules/@storybook/addon-viewport/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-viewport/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-viewport/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-viewport/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-viewport/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/addon-viewport/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-viewport/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/addon-viewport/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/addons": {
       "version": "7.2.2",
       "resolved": "https://registry.npmjs.org/@storybook/addons/-/addons-7.2.2.tgz",
       "integrity": "sha512-yWBBpBcRyPP1deAjzWV9OAXrPfeRd/vRpJw09dWHzuD3xtnd3jZ2h+t1r9a5yTSQbP5GO1YdS/WOK5Uf9hcsuw==",
       "dev": true,
+      "peer": true,
       "dependencies": {
         "@storybook/manager-api": "7.2.2",
         "@storybook/preview-api": "7.2.2",
@@ -8350,25 +10186,25 @@
       }
     },
     "node_modules/@storybook/angular": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/angular/-/angular-7.2.2.tgz",
-      "integrity": "sha512-NXJWXII0rIFTbLZapvaD2Qg/IBe4VQsorbwuiie6/ZBdnCj+DtJwFQ3usVhuPR11woFAvBiWqaxXofsfPmOueQ==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/angular/-/angular-7.3.0.tgz",
+      "integrity": "sha512-9jMOiezBvQOLTKdfuN8bFtrIPGvx1puf0T3Zi6G4e82H2rlA2hBimecuMEwj6BjFgBBst18VkiS41FZDCLkFwQ==",
       "dev": true,
       "dependencies": {
-        "@storybook/builder-webpack5": "7.2.2",
-        "@storybook/cli": "7.2.2",
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/core-common": "7.2.2",
-        "@storybook/core-events": "7.2.2",
-        "@storybook/core-server": "7.2.2",
-        "@storybook/core-webpack": "7.2.2",
-        "@storybook/docs-tools": "7.2.2",
+        "@storybook/builder-webpack5": "7.3.0",
+        "@storybook/cli": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/core-server": "7.3.0",
+        "@storybook/core-webpack": "7.3.0",
+        "@storybook/docs-tools": "7.3.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/telemetry": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/telemetry": "7.3.0",
+        "@storybook/types": "7.3.0",
         "@types/node": "^16.0.0",
         "@types/react": "^16.14.34",
         "@types/react-dom": "^16.9.14",
@@ -8415,6 +10251,159 @@
         }
       }
     },
+    "node_modules/@storybook/angular/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/angular/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/angular/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/angular/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/angular/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/angular/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/angular/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/angular/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/angular/node_modules/@types/node": {
       "version": "16.18.34",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.34.tgz",
@@ -8422,22 +10411,22 @@
       "dev": true
     },
     "node_modules/@storybook/blocks": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/blocks/-/blocks-7.2.2.tgz",
-      "integrity": "sha512-VgO46E5zA8oo/Cn8kT9o3xiFtnqxlqsRRGp5t8A1YqgN2OvYTtg5/PLS16XH8Qui/m9EvOoT7DlOmcqlp3Z78w==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/blocks/-/blocks-7.3.0.tgz",
+      "integrity": "sha512-MUPK8aY2xyd9dHuKTBRZyDr3R0uj5BkOmbbIOUnub0brO8I8OfFi+lE1A+DdidZI/yBGvs05MJmNKHaSXpkPPA==",
       "dev": true,
       "dependencies": {
-        "@storybook/channels": "7.2.2",
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/core-events": "7.2.2",
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/components": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/csf": "^0.1.0",
-        "@storybook/docs-tools": "7.2.2",
+        "@storybook/docs-tools": "7.3.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/theming": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/manager-api": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
         "@types/lodash": "^4.14.167",
         "color-convert": "^2.0.1",
         "dequal": "^2.0.2",
@@ -8460,16 +10449,169 @@
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
       }
     },
+    "node_modules/@storybook/blocks/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/blocks/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/blocks/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/blocks/node_modules/@storybook/manager-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.3.0.tgz",
+      "integrity": "sha512-eM2O8n1LQCYJ11MVDvFuwFZkL6ZlcWt4NHvfkF6hXUmVQhVz40g5Dr7tGuPX4pDccUvSciB69GhJGvtX8jt5DQ==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/router": "7.3.0",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "semver": "^7.3.7",
+        "store2": "^2.14.2",
+        "telejson": "^7.0.3",
+        "ts-dedent": "^2.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/blocks/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/blocks/node_modules/@storybook/router": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.3.0.tgz",
+      "integrity": "sha512-BLrVTXZzDLLMxpSVk/iR2IQwqwP8Oavc3usX9GojxagSPv1IS07jj52jA2BuXCqPK/5S0eE1pTgPYa42FHvy/w==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/blocks/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/blocks/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/builder-manager": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/builder-manager/-/builder-manager-7.2.2.tgz",
-      "integrity": "sha512-19LqtL5/Yos9/wXqTxg+zOOK6M312eHXAdaYt2REGk1iqJzQXoy4wnmE2rbjBMmD5bUTzWm2vkmHGtkzAjwzzA==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/builder-manager/-/builder-manager-7.3.0.tgz",
+      "integrity": "sha512-sC5fRPnnbbYDAT4zYBtUJQ1Q/DixzI5ECZs21J+ndLyb96bZjU0uBue8dasI08zNE+hgMD8FpnAqQsCSwk5YeA==",
       "dev": true,
       "dependencies": {
         "@fal-works/esbuild-plugin-global-externals": "^2.1.2",
-        "@storybook/core-common": "7.2.2",
-        "@storybook/manager": "7.2.2",
-        "@storybook/node-logger": "7.2.2",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/manager": "7.3.0",
+        "@storybook/node-logger": "7.3.0",
         "@types/ejs": "^3.1.1",
         "@types/find-cache-dir": "^3.2.1",
         "@yarnpkg/esbuild-plugin-pnp": "^3.0.0-rc.10",
@@ -8892,28 +11034,20 @@
       }
     },
     "node_modules/@storybook/builder-webpack5": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/builder-webpack5/-/builder-webpack5-7.2.2.tgz",
-      "integrity": "sha512-+f2H3tXPZfn3q/eruXCmWPVAopd1MMEAAvneZ4iqlSHPC5HK2dcX/zj3yPar6rjfHHvZBXNm5sSi4WuD5Pw9MA==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/builder-webpack5/-/builder-webpack5-7.3.0.tgz",
+      "integrity": "sha512-Rf8+9q+y2EjNqLlLuvCgoFAa2j9lCJvbXzy9wEbUizYJuShP8B+sZEPNdd/ASgu/Wz4x58hlstGexWliu9pr2w==",
       "dev": true,
       "dependencies": {
-        "@babel/core": "^7.22.9",
-        "@storybook/addons": "7.2.2",
-        "@storybook/channels": "7.2.2",
-        "@storybook/client-api": "7.2.2",
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/components": "7.2.2",
-        "@storybook/core-common": "7.2.2",
-        "@storybook/core-events": "7.2.2",
-        "@storybook/core-webpack": "7.2.2",
-        "@storybook/global": "^5.0.0",
-        "@storybook/manager-api": "7.2.2",
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/preview": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/router": "7.2.2",
-        "@storybook/store": "7.2.2",
-        "@storybook/theming": "7.2.2",
+        "@babel/core": "^7.22.0",
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/core-webpack": "7.3.0",
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/preview": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
         "@swc/core": "^1.3.49",
         "@types/node": "^16.0.0",
         "@types/semver": "^7.3.4",
@@ -8946,16 +11080,95 @@
         "type": "opencollective",
         "url": "https://opencollective.com/storybook"
       },
-      "peerDependencies": {
-        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
-        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
-      },
       "peerDependenciesMeta": {
         "typescript": {
           "optional": true
         }
       }
     },
+    "node_modules/@storybook/builder-webpack5/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/builder-webpack5/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/builder-webpack5/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/builder-webpack5/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/builder-webpack5/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/builder-webpack5/node_modules/@types/node": {
       "version": "16.18.40",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.40.tgz",
@@ -9009,6 +11222,7 @@
       "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.2.2.tgz",
       "integrity": "sha512-FkH5QzKkq7smtPlaKTWalJ+sN13H4dWtxdZ+ePFAXaubsBqGqo3Dw3e/hrbjrMqFjTwiKnmj5K5bjhdJcvzi1A==",
       "dev": true,
+      "peer": true,
       "dependencies": {
         "@storybook/client-logger": "7.2.2",
         "@storybook/core-events": "7.2.2",
@@ -9023,22 +11237,22 @@
       }
     },
     "node_modules/@storybook/cli": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/cli/-/cli-7.2.2.tgz",
-      "integrity": "sha512-YoXRCRICj4NEqUvYvgVRmk5IJadou6feCymI5r94z7XHQiObMoZd3p6QjyEp8ayi8XpxoJM/Hrddu3hddxUvyw==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/cli/-/cli-7.3.0.tgz",
+      "integrity": "sha512-CeZfqNsjRnqiVrSeA/hnMylzpypVUkxHwmu0cbUbHhKjV2uEacF7i25bC9FhdcbZUp1geQMBsy4GleMovNTK/A==",
       "dev": true,
       "dependencies": {
         "@babel/core": "^7.22.9",
         "@babel/preset-env": "^7.22.9",
         "@babel/types": "^7.22.5",
         "@ndelangen/get-tarball": "^3.0.7",
-        "@storybook/codemod": "7.2.2",
-        "@storybook/core-common": "7.2.2",
-        "@storybook/core-server": "7.2.2",
-        "@storybook/csf-tools": "7.2.2",
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/telemetry": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/codemod": "7.3.0",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/core-server": "7.3.0",
+        "@storybook/csf-tools": "7.3.0",
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/telemetry": "7.3.0",
+        "@storybook/types": "7.3.0",
         "@types/semver": "^7.3.4",
         "@yarnpkg/fslib": "2.10.3",
         "@yarnpkg/libzip": "2.3.0",
@@ -9240,6 +11454,63 @@
         "@babel/core": "^7.0.0-0 || ^8.0.0-0 <8.0.0"
       }
     },
+    "node_modules/@storybook/cli/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/cli/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/cli/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/cli/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/cli/node_modules/babel-plugin-polyfill-corejs2": {
       "version": "0.4.5",
       "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.5.tgz",
@@ -9356,25 +11627,12 @@
       "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
       "dev": true
     },
-    "node_modules/@storybook/client-api": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/client-api/-/client-api-7.2.2.tgz",
-      "integrity": "sha512-47WDNZ5FdvtQuSijg3IexxFve2aBrBih6VHdKKcel2SSiS0W01043fNMsP1T+m6kJr4jdnp0J5GVQpTQFi8Kxg==",
-      "dev": true,
-      "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/preview-api": "7.2.2"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/storybook"
-      }
-    },
     "node_modules/@storybook/client-logger": {
       "version": "7.2.2",
       "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.2.2.tgz",
       "integrity": "sha512-ULqPNTJsJdlWTQt5V/hEv4CUq7GgrLzLvcjhKB9IYbp4a0gjhinfq7jBFIcXRE8BSOQLui2PDGE3SzElzOp5/g==",
       "dev": true,
+      "peer": true,
       "dependencies": {
         "@storybook/global": "^5.0.0"
       },
@@ -9384,18 +11642,18 @@
       }
     },
     "node_modules/@storybook/codemod": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/codemod/-/codemod-7.2.2.tgz",
-      "integrity": "sha512-i8WY3PJeJalVWTjLChlJREYHp42mGw0GXLqTH/q0hbAwzuVBBTrsMqy+oXOWRCAeCGbK5uP10GOLN23s+zuNTQ==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/codemod/-/codemod-7.3.0.tgz",
+      "integrity": "sha512-gRBrXSoP79llNBEqdxH2O/M+ED5BSyMfGsqgmXsXPVfnzgoSRWVBCQOW9mw6a986efKPMjb532GK4nbmjk1mtw==",
       "dev": true,
       "dependencies": {
         "@babel/core": "^7.22.9",
         "@babel/preset-env": "^7.22.9",
         "@babel/types": "^7.22.5",
         "@storybook/csf": "^0.1.0",
-        "@storybook/csf-tools": "7.2.2",
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/csf-tools": "7.3.0",
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/types": "7.3.0",
         "@types/cross-spawn": "^6.0.2",
         "cross-spawn": "^7.0.3",
         "globby": "^11.0.2",
@@ -9562,6 +11820,63 @@
         "@babel/core": "^7.0.0-0 || ^8.0.0-0 <8.0.0"
       }
     },
+    "node_modules/@storybook/codemod/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/codemod/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/codemod/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/codemod/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/codemod/node_modules/babel-plugin-polyfill-corejs2": {
       "version": "0.4.5",
       "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.5.tgz",
@@ -9611,18 +11926,19 @@
       }
     },
     "node_modules/@storybook/components": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/components/-/components-7.2.2.tgz",
-      "integrity": "sha512-A2SavROGKFK76w4pfMGr0Zf3A2QaQrnJqPZOfVB6dKrXBwgwM3VhdUj6N8cI9X4W7VaEvEyUWXVTCv+bG+yZtQ==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/components/-/components-7.3.0.tgz",
+      "integrity": "sha512-YHcPsH0T//ZZ3HhZDmf+UKt2R0b+kNT42LizYs5R61d47oIvsHrqPqdN7p+OuTrBpaFdVNSzO7XjpeRodqGRLQ==",
       "dev": true,
       "dependencies": {
         "@radix-ui/react-select": "^1.2.2",
-        "@storybook/client-logger": "7.2.2",
+        "@radix-ui/react-toolbar": "^1.0.4",
+        "@storybook/client-logger": "7.3.0",
         "@storybook/csf": "^0.1.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/icons": "^1.1.0",
-        "@storybook/theming": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/icons": "^1.1.6",
+        "@storybook/theming": "7.3.0",
+        "@storybook/types": "7.3.0",
         "memoizerific": "^1.11.3",
         "use-resize-observer": "^9.1.0",
         "util-deprecate": "^1.0.2"
@@ -9636,14 +11952,91 @@
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
       }
     },
-    "node_modules/@storybook/core-common": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/core-common/-/core-common-7.2.2.tgz",
-      "integrity": "sha512-evLV0oRLhByHVhrncRXdSmQL5VP8jLXUOBPiM63oCnSWDsw4GMt37JrmCYBNM4E1YiJ7zSllmvcFCBmyChcPFA==",
+    "node_modules/@storybook/components/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
       "dev": true,
       "dependencies": {
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/components/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/components/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/components/node_modules/@storybook/theming": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.3.0.tgz",
+      "integrity": "sha512-/Jcd/duEW28lvjTbocKWiB8DT3wLZeJeBg3XtknZbZ0SlPf4JR5Y3Atl4fT1HEeV30Ks9ZlE5xipVY2Z+fjS7Q==",
+      "dev": true,
+      "dependencies": {
+        "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "memoizerific": "^1.11.3"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      },
+      "peerDependencies": {
+        "react": "^16.8.0 || ^17.0.0 || ^18.0.0",
+        "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
+      }
+    },
+    "node_modules/@storybook/components/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-common": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-common/-/core-common-7.3.0.tgz",
+      "integrity": "sha512-QCTuZXLq9z2AUEMmAAfSGHdXsAMWKnOou+d6adVknJINctW6T1B2L725SpRjYIXK1xpsQrSB+VT0wR4XCNRIMA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/types": "7.3.0",
         "@types/find-cache-dir": "^3.2.1",
         "@types/node": "^16.0.0",
         "@types/node-fetch": "^2.6.4",
@@ -10022,6 +12415,63 @@
         "node": ">=12"
       }
     },
+    "node_modules/@storybook/core-common/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-common/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-common/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-common/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/core-common/node_modules/@types/node": {
       "version": "16.18.40",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.40.tgz",
@@ -10126,9 +12576,9 @@
       }
     },
     "node_modules/@storybook/core-common/node_modules/minipass": {
-      "version": "7.0.2",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.0.2.tgz",
-      "integrity": "sha512-eL79dXrE1q9dBbDCLg7xfn/vl7MS4F1gvJAgjJrQli/jbQWdUttuVawphqpffoIYfRdq78LHx6GP4bU/EQ2ATA==",
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.0.3.tgz",
+      "integrity": "sha512-LhbbwCfz3vsb12j/WkWQPZfKTsgqIe1Nf/ti1pKjYESGLHIVjWU96G9/ljLH4F9mWNVhlQOm0VySdAWzf05dpg==",
       "dev": true,
       "engines": {
         "node": ">=16 || 14 >=14.17"
@@ -10139,32 +12589,33 @@
       "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.2.2.tgz",
       "integrity": "sha512-0MUsOygFSyYRIWHrVAA7Y7zBoehdILgK2AbnV42qescmPD48YyovkSRiGq0BwSWvuvMRq+094dp7sh2tkfSGHg==",
       "dev": true,
+      "peer": true,
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/storybook"
       }
     },
     "node_modules/@storybook/core-server": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/core-server/-/core-server-7.2.2.tgz",
-      "integrity": "sha512-djtZIe/dFvjppuUMuTSHq51NW4dgkKAercfHwyyzcvN3m+ZBZdUENCUzBfwsS0+Pn64lVgppg6otm8ckMFilMQ==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-server/-/core-server-7.3.0.tgz",
+      "integrity": "sha512-TaysZpGXgdr58LkJkcXD2YyqbAxdn40X8S0HcBH241FKOGSC7GH7C5Wb1NkCuXrlek6K1h9KEfMSur7JUMn0Zw==",
       "dev": true,
       "dependencies": {
         "@aw-web-design/x-default-browser": "1.4.126",
         "@discoveryjs/json-ext": "^0.5.3",
-        "@storybook/builder-manager": "7.2.2",
-        "@storybook/channels": "7.2.2",
-        "@storybook/core-common": "7.2.2",
-        "@storybook/core-events": "7.2.2",
+        "@storybook/builder-manager": "7.3.0",
+        "@storybook/channels": "7.3.0",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/core-events": "7.3.0",
         "@storybook/csf": "^0.1.0",
-        "@storybook/csf-tools": "7.2.2",
+        "@storybook/csf-tools": "7.3.0",
         "@storybook/docs-mdx": "^0.1.0",
         "@storybook/global": "^5.0.0",
-        "@storybook/manager": "7.2.2",
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/telemetry": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/manager": "7.3.0",
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/telemetry": "7.3.0",
+        "@storybook/types": "7.3.0",
         "@types/detect-port": "^1.3.0",
         "@types/node": "^16.0.0",
         "@types/pretty-hrtime": "^1.0.0",
@@ -10198,6 +12649,89 @@
         "url": "https://opencollective.com/storybook"
       }
     },
+    "node_modules/@storybook/core-server/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-server/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-server/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-server/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-server/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/core-server/node_modules/@types/node": {
       "version": "16.18.40",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.40.tgz",
@@ -10240,14 +12774,14 @@
       }
     },
     "node_modules/@storybook/core-webpack": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/core-webpack/-/core-webpack-7.2.2.tgz",
-      "integrity": "sha512-KwdY+mFTWclIJM+qF25u0d4gQ/951uOZkgrsiRheKI5BKwD9omuF2OfLexWKnMEWz+UHzHKoN0QFlxcKs/rddw==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-webpack/-/core-webpack-7.3.0.tgz",
+      "integrity": "sha512-L1YA4GOuffMhcJaaCpmmA2gz5tIVQRRwKQI0zLA4pzeym0UktqxVScXhn1A13rY5GeeSQdTfhR3eRVKyhP+thQ==",
       "dev": true,
       "dependencies": {
-        "@storybook/core-common": "7.2.2",
-        "@storybook/node-logger": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/node-logger": "7.3.0",
+        "@storybook/types": "7.3.0",
         "@types/node": "^16.0.0",
         "ts-dedent": "^2.0.0"
       },
@@ -10256,6 +12790,63 @@
         "url": "https://opencollective.com/storybook"
       }
     },
+    "node_modules/@storybook/core-webpack/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-webpack/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-webpack/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/core-webpack/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/core-webpack/node_modules/@types/node": {
       "version": "16.18.40",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-16.18.40.tgz",
@@ -10272,12 +12863,12 @@
       }
     },
     "node_modules/@storybook/csf-plugin": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-7.2.2.tgz",
-      "integrity": "sha512-8iHeK0zfcCIXbcwQm89Bj6Ejqak/dXBwQUMFmgmKzJ4VdyzKdhLgRO3T3EYGsX4AvH0dnuAPONP5uVrGEF8iLw==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-7.3.0.tgz",
+      "integrity": "sha512-zbFY40D47ElkhvRcR7TZBa8ZgtAd7bHOeXT9zxi9fU6dH+ucHoyCgudxe2Obr4bCZUu+NtqYzmjHNkPE+QrHtw==",
       "dev": true,
       "dependencies": {
-        "@storybook/csf-tools": "7.2.2",
+        "@storybook/csf-tools": "7.3.0",
         "unplugin": "^1.3.1"
       },
       "funding": {
@@ -10286,9 +12877,9 @@
       }
     },
     "node_modules/@storybook/csf-tools": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/csf-tools/-/csf-tools-7.2.2.tgz",
-      "integrity": "sha512-uO9AXtc64tpEpnoqHk5eYCUUL6nMwo1xHTXgIst9NKOdNSBL1/wvRgaT+rW+AzyXGsBjMwvDNjX/HIptqsoNgw==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/csf-tools/-/csf-tools-7.3.0.tgz",
+      "integrity": "sha512-gAmKg3JYQx9pyDgUS/I4VyH039Mv/kIuP2nUcBeK2V6pW+3sf9jrTVi4DjSB7q1Izqhnsa25jVdPbgRuWk1RFA==",
       "dev": true,
       "dependencies": {
         "@babel/generator": "^7.22.9",
@@ -10296,7 +12887,7 @@
         "@babel/traverse": "^7.22.8",
         "@babel/types": "^7.22.5",
         "@storybook/csf": "^0.1.0",
-        "@storybook/types": "7.2.2",
+        "@storybook/types": "7.3.0",
         "fs-extra": "^11.1.0",
         "recast": "^0.23.1",
         "ts-dedent": "^2.0.0"
@@ -10335,6 +12926,63 @@
         "node": ">=6.0.0"
       }
     },
+    "node_modules/@storybook/csf-tools/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/csf-tools/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/csf-tools/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/csf-tools/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/csf-tools/node_modules/fs-extra": {
       "version": "11.1.1",
       "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.1.tgz",
@@ -10356,14 +13004,14 @@
       "dev": true
     },
     "node_modules/@storybook/docs-tools": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/docs-tools/-/docs-tools-7.2.2.tgz",
-      "integrity": "sha512-57PiramTgJio0J8HyKQI8cjb/5pTFvKxWBji8UdM6WUe1EqLIwZbymUcOQZDQWr3H+6bdrm4pgYxj7XglcUa5A==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/docs-tools/-/docs-tools-7.3.0.tgz",
+      "integrity": "sha512-Do30kbYbiQ+TgNexlhwDfvEFfuBDHp/PNTKUaV7i2ZngBaEa+VQx3GvLLnXbBMncXavdiVj5+tX2haVqtKfcZg==",
       "dev": true,
       "dependencies": {
-        "@storybook/core-common": "7.2.2",
-        "@storybook/preview-api": "7.2.2",
-        "@storybook/types": "7.2.2",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/preview-api": "7.3.0",
+        "@storybook/types": "7.3.0",
         "@types/doctrine": "^0.0.3",
         "doctrine": "^3.0.0",
         "lodash": "^4.17.21"
@@ -10373,6 +13021,89 @@
         "url": "https://opencollective.com/storybook"
       }
     },
+    "node_modules/@storybook/docs-tools/node_modules/@storybook/channels": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.3.0.tgz",
+      "integrity": "sha512-j4b5u8VSt+3975zawh6FbPS+gjQfRkPCIGV+Cd6RUrwVZnwJfr+1FeTjweyMpQaQGChtiOqx/W91TH8q2yODog==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/global": "^5.0.0",
+        "qs": "^6.10.0",
+        "telejson": "^7.0.3",
+        "tiny-invariant": "^1.3.1"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/docs-tools/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/global": "^5.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/docs-tools/node_modules/@storybook/core-events": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.3.0.tgz",
+      "integrity": "sha512-Ke3gjjJDMbihAVzgLUfXoZ3FHLLP22/TSBtytayztC0zAzEGeg6j4UUWzEKYggKIGJNIJ16GQfaGlcVLxHhSKw==",
+      "dev": true,
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/docs-tools/node_modules/@storybook/preview-api": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.3.0.tgz",
+      "integrity": "sha512-nGf7/Ra5HmecblohdQnwfVWP+Eb+g0hUldcPWkJOaC2jsCqUOagGG+zbdi7PtXHJOU0RZsuGphnwVMznPMqPcw==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-events": "7.3.0",
+        "@storybook/csf": "^0.1.0",
+        "@storybook/global": "^5.0.0",
+        "@storybook/types": "7.3.0",
+        "@types/qs": "^6.9.5",
+        "dequal": "^2.0.2",
+        "lodash": "^4.17.21",
+        "memoizerific": "^1.11.3",
+        "qs": "^6.10.0",
+        "synchronous-promise": "^2.0.15",
+        "ts-dedent": "^2.0.0",
+        "util-deprecate": "^1.0.2"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
+    "node_modules/@storybook/docs-tools/node_modules/@storybook/types": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.3.0.tgz",
+      "integrity": "sha512-NpemDA3hwK+jVTfPc1u1wQwu7DXqpatEtmAQUzEerx5lwoMvj3lGSk30xrOCpNvvpZz2P97FDScVsmzGlXwncA==",
+      "dev": true,
+      "dependencies": {
+        "@storybook/channels": "7.3.0",
+        "@types/babel__core": "^7.0.0",
+        "@types/express": "^4.7.0",
+        "file-system-cache": "2.3.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/storybook"
+      }
+    },
     "node_modules/@storybook/global": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/@storybook/global/-/global-5.0.0.tgz",
@@ -10393,9 +13124,9 @@
       }
     },
     "node_modules/@storybook/manager": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/manager/-/manager-7.2.2.tgz",
-      "integrity": "sha512-a7pGZMj5r5vk39IfB7Ca32DNkSTM6SEp+BZhqc4jMDHwSEsGKOZ+GZtWJipUlB1fEnHtdA3LH6IKTKbcpYP+Rg==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/manager/-/manager-7.3.0.tgz",
+      "integrity": "sha512-99Rob6V2MpBkHiPER5d2ZsYO3wZusgKgq2qViTTn/F7ADpHmqYYgBpywCmSs9z5JqqutQgrDBDNMERcRrhUPSQ==",
       "dev": true,
       "funding": {
         "type": "opencollective",
@@ -10407,6 +13138,7 @@
       "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.2.2.tgz",
       "integrity": "sha512-7EI7TABGGB3VOTc4q7byC5dW/9A1xUJyR1gfCPU+7XiSNItnCz+seBJMSaf6Em/9wYxSAL6PQAGhrwTHGzgWAA==",
       "dev": true,
+      "peer": true,
       "dependencies": {
         "@storybook/channels": "7.2.2",
         "@storybook/client-logger": "7.2.2",
@@ -10440,9 +13172,9 @@
       "dev": true
     },
     "node_modules/@storybook/node-logger": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/node-logger/-/node-logger-7.2.2.tgz",
-      "integrity": "sha512-Pn6NJ349S+6tkzaFc1j3qOniDR9DyFPRfZsnAT85APKQaXyzNB3b1xwAhxnVjiCHIfp/a+SLOAdfXa+F8ALFQQ==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/node-logger/-/node-logger-7.3.0.tgz",
+      "integrity": "sha512-y6No2mYWn0uPFY5DuwVBpsrjc7Q16gMLZDYFo8YSG68lbydLevmj3/lv7xAvqh002e9stE02weYt94Vl/SLLsQ==",
       "dev": true,
       "funding": {
         "type": "opencollective",
@@ -10450,9 +13182,9 @@
       }
     },
     "node_modules/@storybook/postinstall": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/postinstall/-/postinstall-7.2.2.tgz",
-      "integrity": "sha512-tGFZAFu5QFnuzhmzGMpasETVpzD1CVskok4+Dns/3iBWb8fZsFWaC0ZKazO+vHBtWZYO4uvrUbFSDTX2yPhtTQ==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/postinstall/-/postinstall-7.3.0.tgz",
+      "integrity": "sha512-/y7niDypQoAkskgllCo+DXuIf5Obq0E+EFTrIiCBQOma8zc31A2QYdyBYxGkSNXYawRReMqjiVNGMvrlZ5fv0w==",
       "dev": true,
       "funding": {
         "type": "opencollective",
@@ -10460,9 +13192,9 @@
       }
     },
     "node_modules/@storybook/preview": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/preview/-/preview-7.2.2.tgz",
-      "integrity": "sha512-F3S3yK+RmpriADWnfVZsRN36WRT6LaFjD0sNrUkX8duxdnxNDaLFfJ3Cbxwyv/2lZ48uByIQbX2LC5HieVI0KA==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/preview/-/preview-7.3.0.tgz",
+      "integrity": "sha512-mqEkPOXkhtNM9YrfwqgzI4kFOdghHAVui2HWRMziQhvH07EUs2H+Q67t4ElOlRCBe4ruqCGYn133T10H/4lF1g==",
       "dev": true,
       "funding": {
         "type": "opencollective",
@@ -10474,6 +13206,7 @@
       "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.2.2.tgz",
       "integrity": "sha512-II0EioQCGS2zTSoHbXNKyI1rwk2X7MBi2/tJerj4w4Qwi2fDQlwM0LKsIWlRjXTxBpOAsOoTelh24wSBoZu4bg==",
       "dev": true,
+      "peer": true,
       "dependencies": {
         "@storybook/channels": "7.2.2",
         "@storybook/client-logger": "7.2.2",
@@ -10496,9 +13229,9 @@
       }
     },
     "node_modules/@storybook/react-dom-shim": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-7.2.2.tgz",
-      "integrity": "sha512-H/yHlWl94vbUv1NNolcB3vCy1S185XKicswljJRC9o/AFCJK+a7d9wDVGTPKF6oy7ujrgpANLQyq02d+OuoO7w==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-7.3.0.tgz",
+      "integrity": "sha512-Xr0u2qLLaVCG6h1gdfMe6mgmQMQMy40p9McSWE2jsYxTYNVXAXD1QekQyQiFXbueoj8d4bWwCaoBDJ1eENiIVw==",
       "dev": true,
       "funding": {
         "type": "opencollective",
@@ -10514,6 +13247,7 @@
       "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.2.2.tgz",
       "integrity": "sha512-cnJg43dm3dVifKkRBUsQ4wXC4sJOm46JAS95yRPeGACoHpJTcbCWk1n5GLYA7ozO+KFQSNdxHxPIjNqvnzMFiA==",
       "dev": true,
+      "peer": true,
       "dependencies": {
         "@storybook/client-logger": "7.2.2",
         "memoizerific": "^1.11.3",
@@ -10528,34 +13262,33 @@
         "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0"
       }
     },
-    "node_modules/@storybook/store": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/store/-/store-7.2.2.tgz",
-      "integrity": "sha512-4Z0iFdD6u9u9rDvr0ekLXOx1tIcmS1OU3xhk92RFWbGpAx4+bb1JDWmO7T04l+uPvLvYpWn5NrSV1ZdgyTVxUg==",
+    "node_modules/@storybook/telemetry": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/telemetry/-/telemetry-7.3.0.tgz",
+      "integrity": "sha512-N6lNDSZ8ux5a1NLils93rGTYx4YKj+VOqu0I0um+/DB2ozPvf3nfzRxgkkmw18MtenfnwI9wnUltI8QaMnigUQ==",
       "dev": true,
       "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/preview-api": "7.2.2"
+        "@storybook/client-logger": "7.3.0",
+        "@storybook/core-common": "7.3.0",
+        "@storybook/csf-tools": "7.3.0",
+        "chalk": "^4.1.0",
+        "detect-package-manager": "^2.0.1",
+        "fetch-retry": "^5.0.2",
+        "fs-extra": "^11.1.0",
+        "read-pkg-up": "^7.0.1"
       },
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/storybook"
       }
     },
-    "node_modules/@storybook/telemetry": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/@storybook/telemetry/-/telemetry-7.2.2.tgz",
-      "integrity": "sha512-pJ8oQ++QD7hLezARp+3PR0JAw3FH6cmOrSs4KAB+IhNgACs8gehaEdy7TAikor5tlAUCWvqPetnNXDrrDIZhTQ==",
+    "node_modules/@storybook/telemetry/node_modules/@storybook/client-logger": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.3.0.tgz",
+      "integrity": "sha512-93Nf4DOgg8HwEX/n+JKB/el5MNl8v4vNfDO+5cqoKqS5b3yETDG6spKOA6GciNYBJWIKMkEg/WNPFG2N9cvhTA==",
       "dev": true,
       "dependencies": {
-        "@storybook/client-logger": "7.2.2",
-        "@storybook/core-common": "7.2.2",
-        "@storybook/csf-tools": "7.2.2",
-        "chalk": "^4.1.0",
-        "detect-package-manager": "^2.0.1",
-        "fetch-retry": "^5.0.2",
-        "fs-extra": "^11.1.0",
-        "read-pkg-up": "^7.0.1"
+        "@storybook/global": "^5.0.0"
       },
       "funding": {
         "type": "opencollective",
@@ -10581,6 +13314,7 @@
       "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.2.2.tgz",
       "integrity": "sha512-B4nxcxl4IyVvB1NXwRi4yopAS73zl052f2zJi3kVghJbZ3tgPwgvi3CVpOs2D4pgmxOrKCgiLnzLrGTH+13+0A==",
       "dev": true,
+      "peer": true,
       "dependencies": {
         "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0",
         "@storybook/client-logger": "7.2.2",
@@ -10601,6 +13335,7 @@
       "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.2.2.tgz",
       "integrity": "sha512-yrL0+KD+dsusQvDmNKQGv36WjvdhoiUxMDEBgsZkP047kRc3b8/zEbD3Tu7iMDsWnpgwip1Frgy29Ro3UtK57Q==",
       "dev": true,
+      "peer": true,
       "dependencies": {
         "@storybook/channels": "7.2.2",
         "@types/babel__core": "^7.0.0",
@@ -11011,9 +13746,9 @@
       }
     },
     "node_modules/@types/chrome": {
-      "version": "0.0.237",
-      "resolved": "https://registry.npmjs.org/@types/chrome/-/chrome-0.0.237.tgz",
-      "integrity": "sha512-krsRmyfMlck5r+H1EapsrrucDRq6iRm0NAi5fapr93CgnpVMDdK+h2+z4x79GegdW7BNH9Vb//gkptORwwwVIQ==",
+      "version": "0.0.243",
+      "resolved": "https://registry.npmjs.org/@types/chrome/-/chrome-0.0.243.tgz",
+      "integrity": "sha512-4PHv0kxxxpZFHWPBiJJ9TWH8kbx0567j1b2djnhpJjpiSGNI7UKkz7dSEECBtQ0B3N5nQTMwSB/5IopkWGAbEA==",
       "dev": true,
       "dependencies": {
         "@types/filesystem": "*",
@@ -11100,9 +13835,9 @@
       "dev": true
     },
     "node_modules/@types/emscripten": {
-      "version": "1.39.6",
-      "resolved": "https://registry.npmjs.org/@types/emscripten/-/emscripten-1.39.6.tgz",
-      "integrity": "sha512-H90aoynNhhkQP6DRweEjJp5vfUVdIj7tdPLsu7pq89vODD/lcugKfZOsfgwpvM6XUewEp2N5dCg1Uf3Qe55Dcg==",
+      "version": "1.39.7",
+      "resolved": "https://registry.npmjs.org/@types/emscripten/-/emscripten-1.39.7.tgz",
+      "integrity": "sha512-tLqYV94vuqDrXh515F/FOGtBcRMTPGvVV1LzLbtYDcQmmhtpf/gLYf+hikBbQk8MzOHNz37wpFfJbYAuSn8HqA==",
       "dev": true
     },
     "node_modules/@types/eslint": {
@@ -11290,9 +14025,9 @@
       }
     },
     "node_modules/@types/jest": {
-      "version": "29.5.2",
-      "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.2.tgz",
-      "integrity": "sha512-mSoZVJF5YzGVCk+FsDxzDuH7s+SCkzrgKZzf0Z0T2WudhBUPoF6ktoTPC4R0ZoCPCV5xUvuU6ias5NvxcBcMMg==",
+      "version": "29.5.3",
+      "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.3.tgz",
+      "integrity": "sha512-1Nq7YrO/vJE/FYnqYyw0FS8LdrjExSgIiHyKg7xPpn+yi8Q4huZryKnkJatN1ZRH89Kw2v33/8ZMB7DuZeSLlA==",
       "dev": true,
       "dependencies": {
         "expect": "^29.0.0",
@@ -11347,9 +14082,9 @@
       }
     },
     "node_modules/@types/koa": {
-      "version": "2.13.6",
-      "resolved": "https://registry.npmjs.org/@types/koa/-/koa-2.13.6.tgz",
-      "integrity": "sha512-diYUfp/GqfWBAiwxHtYJ/FQYIXhlEhlyaU7lB/bWQrx4Il9lCET5UwpFy3StOAohfsxxvEQ11qIJgT1j2tfBvw==",
+      "version": "2.13.8",
+      "resolved": "https://registry.npmjs.org/@types/koa/-/koa-2.13.8.tgz",
+      "integrity": "sha512-Ugmxmgk/yPRW3ptBTh9VjOLwsKWJuGbymo1uGX0qdaqqL18uJiiG1ZoV0rxCOYSaDGhvEp5Ece02Amx0iwaxQQ==",
       "dev": true,
       "dependencies": {
         "@types/accepts": "*",
@@ -11468,9 +14203,9 @@
       "dev": true
     },
     "node_modules/@types/node": {
-      "version": "18.16.16",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.16.16.tgz",
-      "integrity": "sha512-NpaM49IGQQAUlBhHMF82QH80J08os4ZmyF9MkpCzWAGuOHqE4gTEbhzd7L3l5LmWuZ6E0OiC1FweQ4tsiW35+g==",
+      "version": "18.17.5",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.17.5.tgz",
+      "integrity": "sha512-xNbS75FxH6P4UXTPUJp/zNPq6/xsfdJKussCWNOnz4aULWIRwMgP1LgaB5RiBnMX1DPCYenuqGZfnIAx5mbFLA==",
       "dev": true
     },
     "node_modules/@types/node-fetch": {
@@ -11498,9 +14233,9 @@
       }
     },
     "node_modules/@types/node-forge": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/@types/node-forge/-/node-forge-1.3.2.tgz",
-      "integrity": "sha512-TzX3ahoi9xbmaoT58smrBu7oa6dQXb/+PTNCslZyD/55tlJ/osofIMClzZsoo6buDFrg7e4DvVGkZqVgv6OLxw==",
+      "version": "1.3.4",
+      "resolved": "https://registry.npmjs.org/@types/node-forge/-/node-forge-1.3.4.tgz",
+      "integrity": "sha512-08scBQriFsBbm/CuBWOXRMD1RG7ydFW01EDR6vGX27nxcj6E/jGSCOLdICNd8ETwQlLFXVBVA854RX6Y7vPSrQ==",
       "dev": true,
       "dependencies": {
         "@types/node": "*"
@@ -11588,9 +14323,9 @@
       "dev": true
     },
     "node_modules/@types/react": {
-      "version": "16.14.42",
-      "resolved": "https://registry.npmjs.org/@types/react/-/react-16.14.42.tgz",
-      "integrity": "sha512-r6lbqQBJsQ5JJ0fp5I1+F3weosNhk7jOEcKeusIlCDYUK6kCpvIkYCamBNqGyS6WEztYlT8wmAVgblV0HxOFoA==",
+      "version": "16.14.45",
+      "resolved": "https://registry.npmjs.org/@types/react/-/react-16.14.45.tgz",
+      "integrity": "sha512-XFtKkY3yuPO5VJSE6Lru9yLkVQvYE+l6NbmLp6IWCg4jo5S8Ijbpke8wC9q4NmQ5pJErT8KKboG5eY7n5n718A==",
       "dev": true,
       "dependencies": {
         "@types/prop-types": "*",
@@ -11699,12 +14434,6 @@
       "integrity": "sha512-Q5vtl1W5ue16D+nIaW8JWebSSraJVlK+EthKn7e7UcD4KWsaSJ8BqGPXNaPghgtcn/fhvrN17Tv8ksUsQpiplw==",
       "dev": true
     },
-    "node_modules/@types/treeify": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@types/treeify/-/treeify-1.0.0.tgz",
-      "integrity": "sha512-ONpcZAEYlbPx4EtJwfTyCDQJGUpKf4sEcuySdCVjK5Fj/3vHp5HII1fqa1/+qrsLnpYELCQTfVW/awsGJePoIg==",
-      "dev": true
-    },
     "node_modules/@types/trusted-types": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.3.tgz",
@@ -11781,17 +14510,17 @@
       "dev": true
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.59.8.tgz",
-      "integrity": "sha512-JDMOmhXteJ4WVKOiHXGCoB96ADWg9q7efPWHRViT/f09bA8XOMLAVHHju3l0MkZnG1izaWXYmgvQcUjTRcpShQ==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.62.0.tgz",
+      "integrity": "sha512-TiZzBSJja/LbhNPvk6yc0JrX9XqhQ0hdh6M2svYfsHGejaKFIAGd9MQ+ERIMzLGlN/kZoYIgdxFV0PuljTKXag==",
       "dev": true,
       "dependencies": {
         "@eslint-community/regexpp": "^4.4.0",
-        "@typescript-eslint/scope-manager": "5.59.8",
-        "@typescript-eslint/type-utils": "5.59.8",
-        "@typescript-eslint/utils": "5.59.8",
+        "@typescript-eslint/scope-manager": "5.62.0",
+        "@typescript-eslint/type-utils": "5.62.0",
+        "@typescript-eslint/utils": "5.62.0",
         "debug": "^4.3.4",
-        "grapheme-splitter": "^1.0.4",
+        "graphemer": "^1.4.0",
         "ignore": "^5.2.0",
         "natural-compare-lite": "^1.4.0",
         "semver": "^7.3.7",
@@ -11815,13 +14544,13 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.59.8.tgz",
-      "integrity": "sha512-/w08ndCYI8gxGf+9zKf1vtx/16y8MHrZs5/tnjHhMLNSixuNcJavSX4wAiPf4aS5x41Es9YPCn44MIe4cxIlig==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.62.0.tgz",
+      "integrity": "sha512-VXuvVvZeQCQb5Zgf4HAxc04q5j+WrNAtNh9OwCsCgpKqESMTu3tF/jhZ3xG6T4NZwWl65Bg8KuS2uEvhSfLl0w==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "5.59.8",
-        "@typescript-eslint/visitor-keys": "5.59.8"
+        "@typescript-eslint/types": "5.62.0",
+        "@typescript-eslint/visitor-keys": "5.62.0"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -11832,13 +14561,13 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/type-utils": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.59.8.tgz",
-      "integrity": "sha512-+5M518uEIHFBy3FnyqZUF3BMP+AXnYn4oyH8RF012+e7/msMY98FhGL5SrN29NQ9xDgvqCgYnsOiKp1VjZ/fpA==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.62.0.tgz",
+      "integrity": "sha512-xsSQreu+VnfbqQpW5vnCJdq1Z3Q0U31qiWmRhr98ONQmcp/yhiPJFPq8MXiJVLiksmOKSjIldZzkebzHuCGzew==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "5.59.8",
-        "@typescript-eslint/utils": "5.59.8",
+        "@typescript-eslint/typescript-estree": "5.62.0",
+        "@typescript-eslint/utils": "5.62.0",
         "debug": "^4.3.4",
         "tsutils": "^3.21.0"
       },
@@ -11859,9 +14588,9 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.59.8.tgz",
-      "integrity": "sha512-+uWuOhBTj/L6awoWIg0BlWy0u9TyFpCHrAuQ5bNfxDaZ1Ppb3mx6tUigc74LHcbHpOHuOTOJrBoAnhdHdaea1w==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.62.0.tgz",
+      "integrity": "sha512-87NVngcbVXUahrRTqIK27gD2t5Cu1yuCXxbLcFtCzZGlfyVWWh8mLHkoxzjsB6DDNnvdL+fW8MiwPEJyGJQDgQ==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -11872,13 +14601,13 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.59.8.tgz",
-      "integrity": "sha512-Jy/lPSDJGNow14vYu6IrW790p7HIf/SOV1Bb6lZ7NUkLc2iB2Z9elESmsaUtLw8kVqogSbtLH9tut5GCX1RLDg==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.62.0.tgz",
+      "integrity": "sha512-CmcQ6uY7b9y694lKdRB8FEel7JbU/40iSAPomu++SjLMntB+2Leay2LO6i8VnJk58MtE9/nQSFIH6jpyRWyYzA==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "5.59.8",
-        "@typescript-eslint/visitor-keys": "5.59.8",
+        "@typescript-eslint/types": "5.62.0",
+        "@typescript-eslint/visitor-keys": "5.62.0",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -11899,17 +14628,17 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.59.8.tgz",
-      "integrity": "sha512-Tr65630KysnNn9f9G7ROF3w1b5/7f6QVCJ+WK9nhIocWmx9F+TmCAcglF26Vm7z8KCTwoKcNEBZrhlklla3CKg==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.62.0.tgz",
+      "integrity": "sha512-n8oxjeb5aIbPFEtmQxQYOLI0i9n5ySBEY/ZEHHZqKQSFnxio1rv6dthascc9dLuwrL0RC5mPCxB7vnAVGAYWAQ==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@types/json-schema": "^7.0.9",
         "@types/semver": "^7.3.12",
-        "@typescript-eslint/scope-manager": "5.59.8",
-        "@typescript-eslint/types": "5.59.8",
-        "@typescript-eslint/typescript-estree": "5.59.8",
+        "@typescript-eslint/scope-manager": "5.62.0",
+        "@typescript-eslint/types": "5.62.0",
+        "@typescript-eslint/typescript-estree": "5.62.0",
         "eslint-scope": "^5.1.1",
         "semver": "^7.3.7"
       },
@@ -11925,12 +14654,12 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.59.8.tgz",
-      "integrity": "sha512-pJhi2ms0x0xgloT7xYabil3SGGlojNNKjK/q6dB3Ey0uJLMjK2UDGJvHieiyJVW/7C3KI+Z4Q3pEHkm4ejA+xQ==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.62.0.tgz",
+      "integrity": "sha512-07ny+LHRzQXepkGg6w0mFY41fVUNBrL2Roj/++7V1txKugfjm/Ci/qSND03r2RhlJhJYMcTn9AhhSSqQp0Ysyw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "5.59.8",
+        "@typescript-eslint/types": "5.62.0",
         "eslint-visitor-keys": "^3.3.0"
       },
       "engines": {
@@ -12031,14 +14760,14 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.59.8.tgz",
-      "integrity": "sha512-AnR19RjJcpjoeGojmwZtCwBX/RidqDZtzcbG3xHrmz0aHHoOcbWnpDllenRDmDvsV0RQ6+tbb09/kyc+UT9Orw==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.62.0.tgz",
+      "integrity": "sha512-VlJEV0fOQ7BExOsHYAGrgbEiZoi8D+Bl2+f6V2RrXerRSylnp+ZBHmPvaIa8cz0Ajx7WO7Z5RqfgYg7ED1nRhA==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "5.59.8",
-        "@typescript-eslint/types": "5.59.8",
-        "@typescript-eslint/typescript-estree": "5.59.8",
+        "@typescript-eslint/scope-manager": "5.62.0",
+        "@typescript-eslint/types": "5.62.0",
+        "@typescript-eslint/typescript-estree": "5.62.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -12058,13 +14787,13 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.59.8.tgz",
-      "integrity": "sha512-/w08ndCYI8gxGf+9zKf1vtx/16y8MHrZs5/tnjHhMLNSixuNcJavSX4wAiPf4aS5x41Es9YPCn44MIe4cxIlig==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.62.0.tgz",
+      "integrity": "sha512-VXuvVvZeQCQb5Zgf4HAxc04q5j+WrNAtNh9OwCsCgpKqESMTu3tF/jhZ3xG6T4NZwWl65Bg8KuS2uEvhSfLl0w==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "5.59.8",
-        "@typescript-eslint/visitor-keys": "5.59.8"
+        "@typescript-eslint/types": "5.62.0",
+        "@typescript-eslint/visitor-keys": "5.62.0"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -12075,9 +14804,9 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.59.8.tgz",
-      "integrity": "sha512-+uWuOhBTj/L6awoWIg0BlWy0u9TyFpCHrAuQ5bNfxDaZ1Ppb3mx6tUigc74LHcbHpOHuOTOJrBoAnhdHdaea1w==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.62.0.tgz",
+      "integrity": "sha512-87NVngcbVXUahrRTqIK27gD2t5Cu1yuCXxbLcFtCzZGlfyVWWh8mLHkoxzjsB6DDNnvdL+fW8MiwPEJyGJQDgQ==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -12088,13 +14817,13 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.59.8.tgz",
-      "integrity": "sha512-Jy/lPSDJGNow14vYu6IrW790p7HIf/SOV1Bb6lZ7NUkLc2iB2Z9elESmsaUtLw8kVqogSbtLH9tut5GCX1RLDg==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.62.0.tgz",
+      "integrity": "sha512-CmcQ6uY7b9y694lKdRB8FEel7JbU/40iSAPomu++SjLMntB+2Leay2LO6i8VnJk58MtE9/nQSFIH6jpyRWyYzA==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "5.59.8",
-        "@typescript-eslint/visitor-keys": "5.59.8",
+        "@typescript-eslint/types": "5.62.0",
+        "@typescript-eslint/visitor-keys": "5.62.0",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -12115,12 +14844,12 @@
       }
     },
     "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "5.59.8",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.59.8.tgz",
-      "integrity": "sha512-pJhi2ms0x0xgloT7xYabil3SGGlojNNKjK/q6dB3Ey0uJLMjK2UDGJvHieiyJVW/7C3KI+Z4Q3pEHkm4ejA+xQ==",
+      "version": "5.62.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.62.0.tgz",
+      "integrity": "sha512-07ny+LHRzQXepkGg6w0mFY41fVUNBrL2Roj/++7V1txKugfjm/Ci/qSND03r2RhlJhJYMcTn9AhhSSqQp0Ysyw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "5.59.8",
+        "@typescript-eslint/types": "5.62.0",
         "eslint-visitor-keys": "^3.3.0"
       },
       "engines": {
@@ -12613,100 +15342,6 @@
       "integrity": "sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==",
       "dev": true
     },
-    "node_modules/@yarnpkg/core": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/@yarnpkg/core/-/core-2.4.0.tgz",
-      "integrity": "sha512-FYjcPNTfDfMKLFafQPt49EY28jnYC82Z2S7oMwLPUh144BL8v8YXzb4aCnFyi5nFC5h2kcrJfZh7+Pm/qvCqGw==",
-      "dev": true,
-      "dependencies": {
-        "@arcanis/slice-ansi": "^1.0.2",
-        "@types/semver": "^7.1.0",
-        "@types/treeify": "^1.0.0",
-        "@yarnpkg/fslib": "^2.4.0",
-        "@yarnpkg/json-proxy": "^2.1.0",
-        "@yarnpkg/libzip": "^2.2.1",
-        "@yarnpkg/parsers": "^2.3.0",
-        "@yarnpkg/pnp": "^2.3.2",
-        "@yarnpkg/shell": "^2.4.1",
-        "binjumper": "^0.1.4",
-        "camelcase": "^5.3.1",
-        "chalk": "^3.0.0",
-        "ci-info": "^2.0.0",
-        "clipanion": "^2.6.2",
-        "cross-spawn": "7.0.3",
-        "diff": "^4.0.1",
-        "globby": "^11.0.1",
-        "got": "^11.7.0",
-        "json-file-plus": "^3.3.1",
-        "lodash": "^4.17.15",
-        "micromatch": "^4.0.2",
-        "mkdirp": "^0.5.1",
-        "p-limit": "^2.2.0",
-        "pluralize": "^7.0.0",
-        "pretty-bytes": "^5.1.0",
-        "semver": "^7.1.2",
-        "stream-to-promise": "^2.2.0",
-        "tar-stream": "^2.0.1",
-        "treeify": "^1.1.0",
-        "tslib": "^1.13.0",
-        "tunnel": "^0.0.6"
-      },
-      "engines": {
-        "node": ">=10.19.0"
-      }
-    },
-    "node_modules/@yarnpkg/core/node_modules/chalk": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-3.0.0.tgz",
-      "integrity": "sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==",
-      "dev": true,
-      "dependencies": {
-        "ansi-styles": "^4.1.0",
-        "supports-color": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/@yarnpkg/core/node_modules/ci-info": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-2.0.0.tgz",
-      "integrity": "sha512-5tK7EtrZ0N+OLFMthtqOj4fI2Jeb88C4CAZPu25LDVUgXJ0A3Js4PMGqrn0JU1W0Mh1/Z8wZzYPxqUrXeBboCQ==",
-      "dev": true
-    },
-    "node_modules/@yarnpkg/core/node_modules/mkdirp": {
-      "version": "0.5.6",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
-      "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
-      "dev": true,
-      "dependencies": {
-        "minimist": "^1.2.6"
-      },
-      "bin": {
-        "mkdirp": "bin/cmd.js"
-      }
-    },
-    "node_modules/@yarnpkg/core/node_modules/p-limit": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz",
-      "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==",
-      "dev": true,
-      "dependencies": {
-        "p-try": "^2.0.0"
-      },
-      "engines": {
-        "node": ">=6"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/@yarnpkg/core/node_modules/tslib": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-      "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-      "dev": true
-    },
     "node_modules/@yarnpkg/esbuild-plugin-pnp": {
       "version": "3.0.0-rc.15",
       "resolved": "https://registry.npmjs.org/@yarnpkg/esbuild-plugin-pnp/-/esbuild-plugin-pnp-3.0.0-rc.15.tgz",
@@ -12741,25 +15376,6 @@
       "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
       "dev": true
     },
-    "node_modules/@yarnpkg/json-proxy": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/@yarnpkg/json-proxy/-/json-proxy-2.1.1.tgz",
-      "integrity": "sha512-meUiCAgCYpXTH1qJfqfz+dX013ohW9p2dKfwIzUYAFutH+lsz1eHPBIk72cuCV84adh9gX6j66ekBKH/bIhCQw==",
-      "dev": true,
-      "dependencies": {
-        "@yarnpkg/fslib": "^2.5.0",
-        "tslib": "^1.13.0"
-      },
-      "engines": {
-        "node": ">=12 <14 || 14.2 - 14.9 || >14.10.0"
-      }
-    },
-    "node_modules/@yarnpkg/json-proxy/node_modules/tslib": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-      "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-      "dev": true
-    },
     "node_modules/@yarnpkg/libzip": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/@yarnpkg/libzip/-/libzip-2.3.0.tgz",
@@ -12784,79 +15400,6 @@
       "resolved": "https://registry.npmjs.org/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz",
       "integrity": "sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ=="
     },
-    "node_modules/@yarnpkg/parsers": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/@yarnpkg/parsers/-/parsers-2.5.1.tgz",
-      "integrity": "sha512-KtYN6Ez3x753vPF9rETxNTPnPjeaHY11Exlpqb4eTII7WRlnGiZ5rvvQBau4R20Ik5KBv+vS3EJEcHyCunwzzw==",
-      "dev": true,
-      "dependencies": {
-        "js-yaml": "^3.10.0",
-        "tslib": "^1.13.0"
-      },
-      "engines": {
-        "node": ">=12 <14 || 14.2 - 14.9 || >14.10.0"
-      }
-    },
-    "node_modules/@yarnpkg/parsers/node_modules/tslib": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-      "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-      "dev": true
-    },
-    "node_modules/@yarnpkg/pnp": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/@yarnpkg/pnp/-/pnp-2.3.2.tgz",
-      "integrity": "sha512-JdwHu1WBCISqJEhIwx6Hbpe8MYsYbkGMxoxolkDiAeJ9IGEe08mQcbX1YmUDV1ozSWlm9JZE90nMylcDsXRFpA==",
-      "dev": true,
-      "dependencies": {
-        "@types/node": "^13.7.0",
-        "@yarnpkg/fslib": "^2.4.0",
-        "tslib": "^1.13.0"
-      },
-      "engines": {
-        "node": ">=10.19.0"
-      }
-    },
-    "node_modules/@yarnpkg/pnp/node_modules/@types/node": {
-      "version": "13.13.52",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-13.13.52.tgz",
-      "integrity": "sha512-s3nugnZumCC//n4moGGe6tkNMyYEdaDBitVjwPxXmR5lnMG5dHePinH2EdxkG3Rh1ghFHHixAG4NJhpJW1rthQ==",
-      "dev": true
-    },
-    "node_modules/@yarnpkg/pnp/node_modules/tslib": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-      "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-      "dev": true
-    },
-    "node_modules/@yarnpkg/shell": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/@yarnpkg/shell/-/shell-2.4.1.tgz",
-      "integrity": "sha512-oNNJkH8ZI5uwu0dMkJf737yMSY1WXn9gp55DqSA5wAOhKvV5DJTXFETxkVgBQhO6Bow9tMGSpvowTMD/oAW/9g==",
-      "dev": true,
-      "dependencies": {
-        "@yarnpkg/fslib": "^2.4.0",
-        "@yarnpkg/parsers": "^2.3.0",
-        "clipanion": "^2.6.2",
-        "cross-spawn": "7.0.3",
-        "fast-glob": "^3.2.2",
-        "micromatch": "^4.0.2",
-        "stream-buffers": "^3.0.2",
-        "tslib": "^1.13.0"
-      },
-      "bin": {
-        "shell": "lib/cli.js"
-      },
-      "engines": {
-        "node": ">=10.19.0"
-      }
-    },
-    "node_modules/@yarnpkg/shell/node_modules/tslib": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-      "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-      "dev": true
-    },
     "node_modules/7zip-bin": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/7zip-bin/-/7zip-bin-5.1.1.tgz",
@@ -13362,14 +15905,14 @@
       "dev": true
     },
     "node_modules/argon2": {
-      "version": "0.30.3",
-      "resolved": "https://registry.npmjs.org/argon2/-/argon2-0.30.3.tgz",
-      "integrity": "sha512-DoH/kv8c9127ueJSBxAVJXinW9+EuPA3EMUxoV2sAY1qDE5H9BjTyVF/aD2XyHqbqUWabgBkIfcP3ZZuGhbJdg==",
+      "version": "0.31.0",
+      "resolved": "https://registry.npmjs.org/argon2/-/argon2-0.31.0.tgz",
+      "integrity": "sha512-r56NWwlE3tjD/FIqL1T+V4Ka+Mb5yMF35w1YWHpwpEjeONXBUbxmjhWkWqY63mse8lpcZ+ZZIGpKL+s+qXhyfg==",
       "hasInstallScript": true,
       "dependencies": {
-        "@mapbox/node-pre-gyp": "^1.0.10",
+        "@mapbox/node-pre-gyp": "^1.0.11",
         "@phc/format": "^1.0.0",
-        "node-addon-api": "^5.0.0"
+        "node-addon-api": "^7.0.0"
       },
       "engines": {
         "node": ">=14.0.0"
@@ -13616,6 +16159,25 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/array.prototype.findlastindex": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/array.prototype.findlastindex/-/array.prototype.findlastindex-1.2.2.tgz",
+      "integrity": "sha512-tb5thFFlUcp7NdNF6/MpDk/1r/4awWG1FIz3YqDf+/zJSTezBb+/5WViH41obXULHVpDzoiCLpJ/ZO9YbJMsdw==",
+      "dev": true,
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4",
+        "es-shim-unscopables": "^1.0.0",
+        "get-intrinsic": "^1.1.3"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/array.prototype.flat": {
       "version": "1.3.1",
       "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.1.tgz",
@@ -13661,12 +16223,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/asap": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
-      "integrity": "sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==",
-      "dev": true
-    },
     "node_modules/asar": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/asar/-/asar-3.2.0.tgz",
@@ -13787,6 +16343,7 @@
       "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz",
       "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==",
       "dev": true,
+      "optional": true,
       "engines": {
         "node": ">=8"
       }
@@ -13886,9 +16443,9 @@
       }
     },
     "node_modules/autoprefixer": {
-      "version": "10.4.14",
-      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.14.tgz",
-      "integrity": "sha512-FQzyfOsTlwVzjHxKEqRIAdJx9niO6VCBCoEwax/VLSoQF29ggECcPuBqUMZ+u8jCZOPSy8b8/8KnuFbp0SaFZQ==",
+      "version": "10.4.15",
+      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.15.tgz",
+      "integrity": "sha512-KCuPB8ZCIqFdA4HwKXsvz7j6gvSDNhDP7WnUjBleRkKjPdvCmHFuQ77ocavI8FT6NdvlBnE2UFr2H4Mycn8Vew==",
       "dev": true,
       "funding": [
         {
@@ -13898,11 +16455,15 @@
         {
           "type": "tidelift",
           "url": "https://tidelift.com/funding/github/npm/autoprefixer"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
         }
       ],
       "dependencies": {
-        "browserslist": "^4.21.5",
-        "caniuse-lite": "^1.0.30001464",
+        "browserslist": "^4.21.10",
+        "caniuse-lite": "^1.0.30001520",
         "fraction.js": "^4.2.0",
         "normalize-range": "^0.1.2",
         "picocolors": "^1.0.0",
@@ -13918,6 +16479,38 @@
         "postcss": "^8.1.0"
       }
     },
+    "node_modules/autoprefixer/node_modules/browserslist": {
+      "version": "4.21.10",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.10.tgz",
+      "integrity": "sha512-bipEBdZfVH5/pwrvqc+Ub0kUPVfGUhlKxbvfD+z1BDnPEO/X98ruXGA1WP5ASpAFKan7Qr6j736IacbZQuAlKQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/browserslist"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/browserslist"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "dependencies": {
+        "caniuse-lite": "^1.0.30001517",
+        "electron-to-chromium": "^1.4.477",
+        "node-releases": "^2.0.13",
+        "update-browserslist-db": "^1.0.11"
+      },
+      "bin": {
+        "browserslist": "cli.js"
+      },
+      "engines": {
+        "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7"
+      }
+    },
     "node_modules/available-typed-arrays": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz",
@@ -14339,15 +16932,6 @@
         "file-uri-to-path": "1.0.0"
       }
     },
-    "node_modules/binjumper": {
-      "version": "0.1.4",
-      "resolved": "https://registry.npmjs.org/binjumper/-/binjumper-0.1.4.tgz",
-      "integrity": "sha512-Gdxhj+U295tIM6cO4bJO1jsvSjBVHNpj2o/OwW7pqDEtaqF6KdOxjtbo93jMMKAkP7+u09+bV8DhSqjIv4qR3w==",
-      "dev": true,
-      "engines": {
-        "node": ">=10.12.0"
-      }
-    },
     "node_modules/bl": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz",
@@ -14577,9 +17161,9 @@
       }
     },
     "node_modules/braintree-web": {
-      "version": "3.94.0",
-      "resolved": "https://registry.npmjs.org/braintree-web/-/braintree-web-3.94.0.tgz",
-      "integrity": "sha512-SRX+UjOA2CxOah4ns7XvkZAwrOsIqEfGYFQkZG0JR/uF+iVONTO7aCtnIrWHzFgrohTI0QPSNUXXHovaExIRNQ==",
+      "version": "3.96.1",
+      "resolved": "https://registry.npmjs.org/braintree-web/-/braintree-web-3.96.1.tgz",
+      "integrity": "sha512-e483TQkRmcO5zFH+pMGUokFWq5Q+Jyn9TmUIDofPpul1P+xOciwNqvekl/Ku6MsJBT1+kyH0cndBYMZVJpbrtg==",
       "dependencies": {
         "@braintree/asset-loader": "0.4.4",
         "@braintree/browser-detection": "1.14.0",
@@ -14591,23 +17175,23 @@
         "@braintree/wrap-promise": "2.1.0",
         "card-validator": "8.1.1",
         "credit-card-type": "9.1.0",
-        "framebus": "5.2.0",
+        "framebus": "5.2.1",
         "inject-stylesheet": "5.0.0",
         "promise-polyfill": "8.2.3",
         "restricted-input": "3.0.5"
       }
     },
     "node_modules/braintree-web-drop-in": {
-      "version": "1.38.0",
-      "resolved": "https://registry.npmjs.org/braintree-web-drop-in/-/braintree-web-drop-in-1.38.0.tgz",
-      "integrity": "sha512-fG7z+xutp1yddiTzfsdITxR8X+hvWBRhuw1o6AoTNfxGuh0k+cKX55qc2/XDjkZVQyRIClAclU2J20P1IEayBg==",
+      "version": "1.40.0",
+      "resolved": "https://registry.npmjs.org/braintree-web-drop-in/-/braintree-web-drop-in-1.40.0.tgz",
+      "integrity": "sha512-YrR+KitYu0X6+qkP2hvkjAolMJw3jKyd+Yppk+LZUFk1Bbfj7YayLjTQqLTyFT5MQmzpQKLYwbI75BBClPGc+Q==",
       "dependencies": {
         "@braintree/asset-loader": "0.4.4",
         "@braintree/browser-detection": "1.14.0",
         "@braintree/event-emitter": "0.4.1",
         "@braintree/uuid": "0.1.0",
         "@braintree/wrap-promise": "2.1.0",
-        "braintree-web": "3.94.0"
+        "braintree-web": "3.96.1"
       }
     },
     "node_modules/braintree-web/node_modules/promise-polyfill": {
@@ -14889,21 +17473,6 @@
         "semver": "^7.0.0"
       }
     },
-    "node_modules/bundle-name": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/bundle-name/-/bundle-name-3.0.0.tgz",
-      "integrity": "sha512-PKA4BeSvBpQKQ8iPOGCSiell+N8P+Tf1DlwqmYhpe2gAhKPHn8EYOxVT+ShuGmhg8lN8XiSlS80yiExKXrURlw==",
-      "dev": true,
-      "dependencies": {
-        "run-applescript": "^5.0.0"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/busboy": {
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz",
@@ -15096,9 +17665,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001519",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001519.tgz",
-      "integrity": "sha512-0QHgqR+Jv4bxHMp8kZ1Kn8CH55OikjKJ6JmKkZYP1F3D7w+lnFXF70nG5eNfsZS89jadi5Ywy5UCSKLAglIRkg==",
+      "version": "1.0.30001520",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001520.tgz",
+      "integrity": "sha512-tahF5O9EiiTzwTUqAeFjIZbn4Dnqxzz7ktrgGlMYNLH43Ul26IgTMH/zvL3DG0lZxBYnlT04axvInszUsZULdA==",
       "funding": [
         {
           "type": "opencollective",
@@ -15266,20 +17835,14 @@
       }
     },
     "node_modules/chromatic": {
-      "version": "6.18.0",
-      "resolved": "https://registry.npmjs.org/chromatic/-/chromatic-6.18.0.tgz",
-      "integrity": "sha512-Sj7xMFGQ6jSTBrsdgMMjSQAP2OMNogg4GXV4djf4kAp6Dp+pY4FwByIagvbtQRjC33kQVi592FS52vMBOBMEzw==",
+      "version": "6.22.0",
+      "resolved": "https://registry.npmjs.org/chromatic/-/chromatic-6.22.0.tgz",
+      "integrity": "sha512-PBZAhTzjQvx+B4nXmEgvySmR9+a8hgt7zuTT3NhC0BT1Wf08T6gjnl4bZR5Dg5V4PfCeQvP5uROPS7QFdzZeyA==",
       "dev": true,
-      "dependencies": {
-        "@discoveryjs/json-ext": "^0.5.7",
-        "@storybook/csf-tools": "^7.0.12",
-        "@types/webpack-env": "^1.17.0",
-        "snyk-nodejs-lockfile-parser": "^1.49.0"
-      },
       "bin": {
-        "chroma": "bin/main.cjs",
-        "chromatic": "bin/main.cjs",
-        "chromatic-cli": "bin/main.cjs"
+        "chroma": "dist/bin.js",
+        "chromatic": "dist/bin.js",
+        "chromatic-cli": "dist/bin.js"
       }
     },
     "node_modules/chrome-trace-event": {
@@ -15606,6 +18169,7 @@
       "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-2.1.0.tgz",
       "integrity": "sha512-n8fOixwDD6b/ObinzTrp1ZKFzbgvKZvuz/TvejnLn1aQfC6r52XEx85FmuC+3HI+JM7coBRXUvNqEU2PHVrHpg==",
       "dev": true,
+      "optional": true,
       "dependencies": {
         "slice-ansi": "^3.0.0",
         "string-width": "^4.2.0"
@@ -15625,12 +18189,6 @@
         "node": ">= 10"
       }
     },
-    "node_modules/clipanion": {
-      "version": "2.6.2",
-      "resolved": "https://registry.npmjs.org/clipanion/-/clipanion-2.6.2.tgz",
-      "integrity": "sha512-0tOHJNMF9+4R3qcbBL+4IxLErpaYSYvzs10aXuECDbZdJOuJHdagJMAqvLdeaUQTI/o2uSCDRpet6ywDiKOAYw==",
-      "dev": true
-    },
     "node_modules/cliui": {
       "version": "8.0.1",
       "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
@@ -15948,20 +18506,20 @@
       }
     },
     "node_modules/concurrently": {
-      "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/concurrently/-/concurrently-8.1.0.tgz",
-      "integrity": "sha512-0AB6eOAtaW/r/kX2lCdolaWtT191ICeuJjEJvI9hT3zbPFuZ/iZaJwMRKwbuwADome7OKxk73L7od+fsveZ7tA==",
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/concurrently/-/concurrently-8.2.0.tgz",
+      "integrity": "sha512-nnLMxO2LU492mTUj9qX/az/lESonSZu81UznYDoXtz1IQf996ixVqPAgHXwvHiHCAef/7S8HIK+fTFK7Ifk8YA==",
       "dev": true,
       "dependencies": {
         "chalk": "^4.1.2",
-        "date-fns": "^2.29.3",
+        "date-fns": "^2.30.0",
         "lodash": "^4.17.21",
-        "rxjs": "^7.8.0",
-        "shell-quote": "^1.8.0",
-        "spawn-command": "0.0.2-1",
+        "rxjs": "^7.8.1",
+        "shell-quote": "^1.8.1",
+        "spawn-command": "0.0.2",
         "supports-color": "^8.1.1",
         "tree-kill": "^1.2.2",
-        "yargs": "^17.7.1"
+        "yargs": "^17.7.2"
       },
       "bin": {
         "conc": "dist/bin/concurrently.js",
@@ -16271,9 +18829,9 @@
       }
     },
     "node_modules/core-js": {
-      "version": "3.30.2",
-      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.30.2.tgz",
-      "integrity": "sha512-uBJiDmwqsbJCWHAwjrx3cvjbMXP7xD72Dmsn5LOJpiRmE3WbBbN5rCqQ2Qh6Ek6/eOrjlWngEynBWo4VxerQhg==",
+      "version": "3.32.0",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.32.0.tgz",
+      "integrity": "sha512-rd4rYZNlF3WuoYuRIDEmbR/ga9CeuWX9U05umAvgrrZoHY4Z++cp/xwPQMvUpBB4Ag6J8KfD80G0zwCyaSxDww==",
       "hasInstallScript": true,
       "funding": {
         "type": "opencollective",
@@ -16863,24 +19421,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/default-browser": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/default-browser/-/default-browser-4.0.0.tgz",
-      "integrity": "sha512-wX5pXO1+BrhMkSbROFsyxUm0i/cJEScyNhA4PPxc41ICuv05ZZB/MX28s8aZx6xjmatvebIapF6hLEKEcpneUA==",
-      "dev": true,
-      "dependencies": {
-        "bundle-name": "^3.0.0",
-        "default-browser-id": "^3.0.0",
-        "execa": "^7.1.1",
-        "titleize": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=14.16"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/default-browser-id": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-3.0.0.tgz",
@@ -16897,116 +19437,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/default-browser/node_modules/execa": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/execa/-/execa-7.1.1.tgz",
-      "integrity": "sha512-wH0eMf/UXckdUYnO21+HDztteVv05rq2GXksxT4fCGeHkBhw1DROXh40wcjMcRqDOWE7iPJ4n3M7e2+YFP+76Q==",
-      "dev": true,
-      "dependencies": {
-        "cross-spawn": "^7.0.3",
-        "get-stream": "^6.0.1",
-        "human-signals": "^4.3.0",
-        "is-stream": "^3.0.0",
-        "merge-stream": "^2.0.0",
-        "npm-run-path": "^5.1.0",
-        "onetime": "^6.0.0",
-        "signal-exit": "^3.0.7",
-        "strip-final-newline": "^3.0.0"
-      },
-      "engines": {
-        "node": "^14.18.0 || ^16.14.0 || >=18.0.0"
-      },
-      "funding": {
-        "url": "https://github.com/sindresorhus/execa?sponsor=1"
-      }
-    },
-    "node_modules/default-browser/node_modules/human-signals": {
-      "version": "4.3.1",
-      "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-4.3.1.tgz",
-      "integrity": "sha512-nZXjEF2nbo7lIw3mgYjItAfgQXog3OjJogSbKa2CQIIvSGWcKgeJnQlNXip6NglNzYH45nSRiEVimMvYL8DDqQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=14.18.0"
-      }
-    },
-    "node_modules/default-browser/node_modules/is-stream": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-3.0.0.tgz",
-      "integrity": "sha512-LnQR4bZ9IADDRSkvpqMGvt/tEJWclzklNgSw48V5EAaAeDd6qGvN8ei6k5p0tvxSR171VmGyHuTiAOfxAbr8kA==",
-      "dev": true,
-      "engines": {
-        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/default-browser/node_modules/mimic-fn": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-4.0.0.tgz",
-      "integrity": "sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/default-browser/node_modules/npm-run-path": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.1.0.tgz",
-      "integrity": "sha512-sJOdmRGrY2sjNTRMbSvluQqg+8X7ZK61yvzBEIDhz4f8z1TZFYABsqjjCBd/0PUNE9M6QDgHJXQkGUEm7Q+l9Q==",
-      "dev": true,
-      "dependencies": {
-        "path-key": "^4.0.0"
-      },
-      "engines": {
-        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/default-browser/node_modules/onetime": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/onetime/-/onetime-6.0.0.tgz",
-      "integrity": "sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==",
-      "dev": true,
-      "dependencies": {
-        "mimic-fn": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/default-browser/node_modules/path-key": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz",
-      "integrity": "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/default-browser/node_modules/strip-final-newline": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz",
-      "integrity": "sha512-dOESqjYr96iWYylGObzd39EuNTa5VJxyvVAEm5Jnh7KGo75V43Hk1odPQkNDyXNmUR6k+gEiDVXnjB8HJ3crXw==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/default-compare": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/default-compare/-/default-compare-1.0.0.tgz",
@@ -17294,15 +19724,6 @@
       "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==",
       "dev": true
     },
-    "node_modules/diff": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
-      "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==",
-      "dev": true,
-      "engines": {
-        "node": ">=0.3.1"
-      }
-    },
     "node_modules/diff-sequences": {
       "version": "29.4.3",
       "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.4.3.tgz",
@@ -17690,49 +20111,87 @@
       }
     },
     "node_modules/editorconfig": {
-      "version": "0.15.3",
-      "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-0.15.3.tgz",
-      "integrity": "sha512-M9wIMFx96vq0R4F+gRpY3o2exzb8hEj/n9S8unZtHSvYjibBp/iMufSzvmOcV/laG0ZtuTVGtiJggPOSW2r93g==",
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz",
+      "integrity": "sha512-L9Qe08KWTlqYMVvMcTIvMAdl1cDUubzRNYL+WfA4bLDMHe4nemKkpmYzkznE1FwLKu0EEmy6obgQKzMJrg4x9Q==",
       "dev": true,
       "dependencies": {
-        "commander": "^2.19.0",
-        "lru-cache": "^4.1.5",
-        "semver": "^5.6.0",
-        "sigmund": "^1.0.1"
+        "@one-ini/wasm": "0.1.1",
+        "commander": "^10.0.0",
+        "minimatch": "9.0.1",
+        "semver": "^7.5.3"
       },
       "bin": {
         "editorconfig": "bin/editorconfig"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/editorconfig/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+      "dev": true,
+      "dependencies": {
+        "balanced-match": "^1.0.0"
       }
     },
     "node_modules/editorconfig/node_modules/commander": {
-      "version": "2.20.3",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
-      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
-      "dev": true
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
+      "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==",
+      "dev": true,
+      "engines": {
+        "node": ">=14"
+      }
     },
     "node_modules/editorconfig/node_modules/lru-cache": {
-      "version": "4.1.5",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.5.tgz",
-      "integrity": "sha512-sWZlbEP2OsHNkXrMl5GYk/jKk70MBng6UU4YI/qGDYbgf6YbP4EvmqISbXCoJiRKs+1bSpFHVgQxvJ17F2li5g==",
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
       "dev": true,
       "dependencies": {
-        "pseudomap": "^1.0.2",
-        "yallist": "^2.1.2"
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/editorconfig/node_modules/minimatch": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz",
+      "integrity": "sha512-0jWhJpD/MdhPXwPuiRkCbfYfSKp2qnn2eOc279qI7f+osl/l+prKSrvhg157zSYvx/1nmgn2NqdT6k2Z7zSH9w==",
+      "dev": true,
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
       }
     },
     "node_modules/editorconfig/node_modules/semver": {
-      "version": "5.7.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
-      "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+      "version": "7.5.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
+      "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
       "dev": true,
+      "dependencies": {
+        "lru-cache": "^6.0.0"
+      },
       "bin": {
-        "semver": "bin/semver"
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
       }
     },
     "node_modules/editorconfig/node_modules/yallist": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz",
-      "integrity": "sha512-ncTzHV7NvsQZkYe1DW7cbDLm0YpzHmZF5r/iyP3ZnQtMiJ+pjzisCiMNI+Sj+xQF5pXhSHxSB3uDbsBTzY/c2A==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
       "dev": true
     },
     "node_modules/ee-first": {
@@ -18428,27 +20887,27 @@
       }
     },
     "node_modules/eslint": {
-      "version": "8.42.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.42.0.tgz",
-      "integrity": "sha512-ulg9Ms6E1WPf67PHaEY4/6E2tEn5/f7FXGzr3t9cBMugOmf1INYvuUwwh1aXQN4MfJ6a5K2iNwP3w4AColvI9A==",
+      "version": "8.47.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.47.0.tgz",
+      "integrity": "sha512-spUQWrdPt+pRVP1TTJLmfRNJJHHZryFmptzcafwSvHsceV81djHOdnEeDmkdotZyLNjDhrOasNK8nikkoG1O8Q==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
-        "@eslint-community/regexpp": "^4.4.0",
-        "@eslint/eslintrc": "^2.0.3",
-        "@eslint/js": "8.42.0",
+        "@eslint-community/regexpp": "^4.6.1",
+        "@eslint/eslintrc": "^2.1.2",
+        "@eslint/js": "^8.47.0",
         "@humanwhocodes/config-array": "^0.11.10",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
-        "ajv": "^6.10.0",
+        "ajv": "^6.12.4",
         "chalk": "^4.0.0",
         "cross-spawn": "^7.0.2",
         "debug": "^4.3.2",
         "doctrine": "^3.0.0",
         "escape-string-regexp": "^4.0.0",
-        "eslint-scope": "^7.2.0",
-        "eslint-visitor-keys": "^3.4.1",
-        "espree": "^9.5.2",
+        "eslint-scope": "^7.2.2",
+        "eslint-visitor-keys": "^3.4.3",
+        "espree": "^9.6.1",
         "esquery": "^1.4.2",
         "esutils": "^2.0.2",
         "fast-deep-equal": "^3.1.3",
@@ -18458,7 +20917,6 @@
         "globals": "^13.19.0",
         "graphemer": "^1.4.0",
         "ignore": "^5.2.0",
-        "import-fresh": "^3.0.0",
         "imurmurhash": "^0.1.4",
         "is-glob": "^4.0.0",
         "is-path-inside": "^3.0.3",
@@ -18468,9 +20926,8 @@
         "lodash.merge": "^4.6.2",
         "minimatch": "^3.1.2",
         "natural-compare": "^1.4.0",
-        "optionator": "^0.9.1",
+        "optionator": "^0.9.3",
         "strip-ansi": "^6.0.1",
-        "strip-json-comments": "^3.1.0",
         "text-table": "^0.2.0"
       },
       "bin": {
@@ -18484,9 +20941,9 @@
       }
     },
     "node_modules/eslint-config-prettier": {
-      "version": "8.8.0",
-      "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.8.0.tgz",
-      "integrity": "sha512-wLbQiFre3tdGgpDv67NQKnJuTlcUVYHas3k+DZCc2U2BadthoEY4B7hLPvAxaqdyOGCzuLfii2fqGph10va7oA==",
+      "version": "8.10.0",
+      "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.10.0.tgz",
+      "integrity": "sha512-SM8AMJdeQqRYT9O9zguiruQZaN7+z+E4eAP9oiLNGKMtomwaB1E9dcgUD6ZAn/eQAb52USbvezbiljfZUhbJcg==",
       "dev": true,
       "bin": {
         "eslint-config-prettier": "bin/cli.js"
@@ -18531,19 +20988,18 @@
       }
     },
     "node_modules/eslint-import-resolver-typescript": {
-      "version": "3.5.5",
-      "resolved": "https://registry.npmjs.org/eslint-import-resolver-typescript/-/eslint-import-resolver-typescript-3.5.5.tgz",
-      "integrity": "sha512-TdJqPHs2lW5J9Zpe17DZNQuDnox4xo2o+0tE7Pggain9Rbc19ik8kFtXdxZ250FVx2kF4vlt2RSf4qlUpG7bhw==",
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/eslint-import-resolver-typescript/-/eslint-import-resolver-typescript-3.6.0.tgz",
+      "integrity": "sha512-QTHR9ddNnn35RTxlaEnx2gCxqFlF2SEN0SE2d17SqwyM7YOSI2GHWRYp5BiRkObTUNYPupC/3Fq2a0PpT+EKpg==",
       "dev": true,
       "dependencies": {
         "debug": "^4.3.4",
         "enhanced-resolve": "^5.12.0",
         "eslint-module-utils": "^2.7.4",
+        "fast-glob": "^3.3.1",
         "get-tsconfig": "^4.5.0",
-        "globby": "^13.1.3",
         "is-core-module": "^2.11.0",
-        "is-glob": "^4.0.3",
-        "synckit": "^0.8.5"
+        "is-glob": "^4.0.3"
       },
       "engines": {
         "node": "^14.18.0 || >=16.0.0"
@@ -18556,35 +21012,20 @@
         "eslint-plugin-import": "*"
       }
     },
-    "node_modules/eslint-import-resolver-typescript/node_modules/globby": {
-      "version": "13.1.4",
-      "resolved": "https://registry.npmjs.org/globby/-/globby-13.1.4.tgz",
-      "integrity": "sha512-iui/IiiW+QrJ1X1hKH5qwlMQyv34wJAYwH1vrf8b9kBA4sNiif3gKsMHa+BrdnOpEudWjpotfa7LrTzB1ERS/g==",
+    "node_modules/eslint-import-resolver-typescript/node_modules/fast-glob": {
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.1.tgz",
+      "integrity": "sha512-kNFPyjhh5cKjrUltxs+wFx+ZkbRaxxmZ+X0ZU31SOsxCEtP9VPgtq2teZw1DebupL5GmDaNQ6yKMMVcM41iqDg==",
       "dev": true,
       "dependencies": {
-        "dir-glob": "^3.0.1",
-        "fast-glob": "^3.2.11",
-        "ignore": "^5.2.0",
-        "merge2": "^1.4.1",
-        "slash": "^4.0.0"
+        "@nodelib/fs.stat": "^2.0.2",
+        "@nodelib/fs.walk": "^1.2.3",
+        "glob-parent": "^5.1.2",
+        "merge2": "^1.3.0",
+        "micromatch": "^4.0.4"
       },
       "engines": {
-        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/eslint-import-resolver-typescript/node_modules/slash": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz",
-      "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
+        "node": ">=8.6.0"
       }
     },
     "node_modules/eslint-module-utils": {
@@ -18614,26 +21055,29 @@
       }
     },
     "node_modules/eslint-plugin-import": {
-      "version": "2.27.5",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.27.5.tgz",
-      "integrity": "sha512-LmEt3GVofgiGuiE+ORpnvP+kAm3h6MLZJ4Q5HCyHADofsb4VzXFsRiWj3c0OFiV+3DWFh0qg3v9gcPlfc3zRow==",
+      "version": "2.28.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.28.0.tgz",
+      "integrity": "sha512-B8s/n+ZluN7sxj9eUf7/pRFERX0r5bnFA2dCaLHy2ZeaQEAz0k+ZZkFWRFHJAqxfxQDx6KLv9LeIki7cFdwW+Q==",
       "dev": true,
       "dependencies": {
         "array-includes": "^3.1.6",
+        "array.prototype.findlastindex": "^1.2.2",
         "array.prototype.flat": "^1.3.1",
         "array.prototype.flatmap": "^1.3.1",
         "debug": "^3.2.7",
         "doctrine": "^2.1.0",
         "eslint-import-resolver-node": "^0.3.7",
-        "eslint-module-utils": "^2.7.4",
+        "eslint-module-utils": "^2.8.0",
         "has": "^1.0.3",
-        "is-core-module": "^2.11.0",
+        "is-core-module": "^2.12.1",
         "is-glob": "^4.0.3",
         "minimatch": "^3.1.2",
+        "object.fromentries": "^2.0.6",
+        "object.groupby": "^1.0.0",
         "object.values": "^1.1.6",
-        "resolve": "^1.22.1",
-        "semver": "^6.3.0",
-        "tsconfig-paths": "^3.14.1"
+        "resolve": "^1.22.3",
+        "semver": "^6.3.1",
+        "tsconfig-paths": "^3.14.2"
       },
       "engines": {
         "node": ">=4"
@@ -18663,10 +21107,27 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/eslint-plugin-import/node_modules/resolve": {
+      "version": "1.22.4",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.4.tgz",
+      "integrity": "sha512-PXNdCiPqDqeUou+w1C2eTQbNfxKSuMxqTCuvlmmMsk1NWHL5fRrhY6Pl0qEYYc6+QqGClco1Qj8XnjPego4wfg==",
+      "dev": true,
+      "dependencies": {
+        "is-core-module": "^2.13.0",
+        "path-parse": "^1.0.7",
+        "supports-preserve-symlinks-flag": "^1.0.0"
+      },
+      "bin": {
+        "resolve": "bin/resolve"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/eslint-plugin-import/node_modules/semver": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
-      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
       "dev": true,
       "bin": {
         "semver": "bin/semver.js"
@@ -18738,9 +21199,9 @@
       }
     },
     "node_modules/eslint-plugin-tailwindcss": {
-      "version": "3.12.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-tailwindcss/-/eslint-plugin-tailwindcss-3.12.1.tgz",
-      "integrity": "sha512-LyIRV0rx6prTpJZsSCXSNJ34Yry3Nj9OJwvzh1xTsiG6+UCnAPW1Bx41s7vZzUDKMlwFgpUN9Me+NK12T4DHYg==",
+      "version": "3.13.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-tailwindcss/-/eslint-plugin-tailwindcss-3.13.0.tgz",
+      "integrity": "sha512-Fcep4KDRLWaK3KmkQbdyKHG0P4GdXFmXdDaweTIPcgOP60OOuWFbh1++dufRT28Q4zpKTKaHwTsXPJ4O/EjU2Q==",
       "dev": true,
       "dependencies": {
         "fast-glob": "^3.2.5",
@@ -18797,9 +21258,9 @@
       }
     },
     "node_modules/eslint-visitor-keys": {
-      "version": "3.4.1",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.1.tgz",
-      "integrity": "sha512-pZnmmLwYzf+kWaM/Qgrvpen51upAktaaiI01nsJD/Yr3lMOdNtq0cxkrrg16w64VtisN6okbs7Q8AfGqj4c9fA==",
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
+      "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -18830,6 +21291,22 @@
       "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
       "dev": true
     },
+    "node_modules/eslint/node_modules/eslint-scope": {
+      "version": "7.2.2",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz",
+      "integrity": "sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==",
+      "dev": true,
+      "dependencies": {
+        "esrecurse": "^4.3.0",
+        "estraverse": "^5.2.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
     "node_modules/eslint/node_modules/glob-parent": {
       "version": "6.0.2",
       "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
@@ -18888,12 +21365,12 @@
       }
     },
     "node_modules/espree": {
-      "version": "9.5.2",
-      "resolved": "https://registry.npmjs.org/espree/-/espree-9.5.2.tgz",
-      "integrity": "sha512-7OASN1Wma5fum5SrNhFMAMJxOUAbhyfQ8dQ//PJaJbNw0URTPWqIghHWt1MmAANKhHZIYOHruW4Kw4ruUWOdGw==",
+      "version": "9.6.1",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz",
+      "integrity": "sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==",
       "dev": true,
       "dependencies": {
-        "acorn": "^8.8.0",
+        "acorn": "^8.9.0",
         "acorn-jsx": "^5.3.2",
         "eslint-visitor-keys": "^3.4.1"
       },
@@ -18984,15 +21461,6 @@
         "es5-ext": "~0.10.14"
       }
     },
-    "node_modules/event-loop-spinner": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/event-loop-spinner/-/event-loop-spinner-2.2.0.tgz",
-      "integrity": "sha512-KB44sV4Mv7uLIkJHJ5qhiZe5um6th2g57nHQL/uqnPHKP2IswoTRWUteEXTJQL4gW++1zqWUni+H2hGkP51c9w==",
-      "dev": true,
-      "dependencies": {
-        "tslib": "^2.1.0"
-      }
-    },
     "node_modules/event-pubsub": {
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/event-pubsub/-/event-pubsub-4.3.0.tgz",
@@ -20410,9 +22878,9 @@
       }
     },
     "node_modules/framebus": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/framebus/-/framebus-5.2.0.tgz",
-      "integrity": "sha512-hIKt71vBVd/g0emUbuVg8HAeHEjxBwhAE87CKXvxPIy0sCoGWqBulB1k9lWBWUU6ZHXPs0xjXWMwUldWMiqD6A==",
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/framebus/-/framebus-5.2.1.tgz",
+      "integrity": "sha512-K6pw+M2wNBuOhEoFrmMbf1O+fm7PnNDIfA9y0KpAyQzXRIJ420szGgJ/dI2Ikz0XG+5VfspLqA72M6bXhuyKIQ==",
       "dependencies": {
         "@braintree/uuid": "^0.1.0"
       }
@@ -21307,12 +23775,6 @@
       "integrity": "sha512-8tLu60LgxF6XpdbK8OW3FA+IfTNBn1ZHGHKF4KQbEeSkajYw5PlYJcKluntgegDPTg8UkHjpet1T82vk6TQ68w==",
       "dev": true
     },
-    "node_modules/grapheme-splitter": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/grapheme-splitter/-/grapheme-splitter-1.0.4.tgz",
-      "integrity": "sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==",
-      "dev": true
-    },
     "node_modules/graphemer": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz",
@@ -21668,18 +24130,42 @@
       }
     },
     "node_modules/gulp-json-editor": {
-      "version": "2.5.6",
-      "resolved": "https://registry.npmjs.org/gulp-json-editor/-/gulp-json-editor-2.5.6.tgz",
-      "integrity": "sha512-66Xr6Q6m4mUNd0OOHflMB/RHgFNnLjlHgizOzUcx9CyMRymVZEM+/SpZcCDlvThBdXtQwXpdvtSepxVY/V6nQA==",
+      "version": "2.5.7",
+      "resolved": "https://registry.npmjs.org/gulp-json-editor/-/gulp-json-editor-2.5.7.tgz",
+      "integrity": "sha512-0Neuyv9tSt2QjjgEsQHmRnIKe+ofqhWShOYiSGHJWgzx49O3s2zwrsK3lcsNVqWIgtonKbVVOKUT0dYvJbQTUg==",
       "dev": true,
       "dependencies": {
-        "deepmerge": "^4.2.2",
-        "detect-indent": "^6.0.0",
-        "js-beautify": "^1.13.13",
-        "plugin-error": "^1.0.1",
+        "deepmerge": "^4.3.1",
+        "detect-indent": "^6.1.0",
+        "js-beautify": "^1.14.8",
+        "plugin-error": "^2.0.1",
         "through2": "^4.0.2"
       }
     },
+    "node_modules/gulp-json-editor/node_modules/ansi-colors": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-1.1.0.tgz",
+      "integrity": "sha512-SFKX67auSNoVR38N3L+nvsPjOE0bybKTYbkf5tRvushrAPQ9V75huw0ZxBkKVeRU9kqH3d6HA4xTckbwZ4ixmA==",
+      "dev": true,
+      "dependencies": {
+        "ansi-wrap": "^0.1.0"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/gulp-json-editor/node_modules/plugin-error": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/plugin-error/-/plugin-error-2.0.1.tgz",
+      "integrity": "sha512-zMakqvIDyY40xHOvzXka0kUvf40nYIuwRE8dWhti2WtjQZ31xAgBZBhxsK7vK3QbRXS1Xms/LO7B5cuAsfB2Gg==",
+      "dev": true,
+      "dependencies": {
+        "ansi-colors": "^1.0.1"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
     "node_modules/gulp-json-editor/node_modules/readable-stream": {
       "version": "3.6.2",
       "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
@@ -22159,9 +24645,9 @@
       "dev": true
     },
     "node_modules/html-webpack-plugin": {
-      "version": "5.5.1",
-      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.1.tgz",
-      "integrity": "sha512-cTUzZ1+NqjGEKjmVgZKLMdiFg3m9MdRXkZW2OEe69WYVi5ONLMmlnSZdXzGGMOq0C8jGDrL6EWyEDDUioHO/pA==",
+      "version": "5.5.3",
+      "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.3.tgz",
+      "integrity": "sha512-6YrDKTuqaP/TquFH7h4srYWsZx+x6k6+FbsTm0ziCwGHDP78Unr1r9F/H4+sGmMbX08GQcJ+K64x55b+7VM/jg==",
       "dev": true,
       "dependencies": {
         "@types/html-minifier-terser": "^6.0.0",
@@ -22774,9 +25260,9 @@
       "integrity": "sha512-GzncrJP8E/pavMQzoO93CXoYCfTttwVm2cX2TyXJdgtVE0cCvWSFCn1/uMsM6ZkEg7LUsOcKuamcLiGWlv2p9A=="
     },
     "node_modules/inquirer": {
-      "version": "8.2.5",
-      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.5.tgz",
-      "integrity": "sha512-QAgPDQMEgrDssk1XiwwHoOGYF9BAbUcc1+j+FhEvaOt8/cKRqyLn0U5qA6F74fGhTMGxf92pOvPBeh29jQJDTQ==",
+      "version": "8.2.6",
+      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.6.tgz",
+      "integrity": "sha512-M1WuAmb7pn9zdFRtQYk26ZBoY043Sse0wVDdk4Bppr+JOXyQYybdtvK+l9wUibhtjdjvtoiNy8tk+EgsYIUqKg==",
       "dependencies": {
         "ansi-escapes": "^4.2.1",
         "chalk": "^4.1.1",
@@ -22792,12 +25278,25 @@
         "string-width": "^4.1.0",
         "strip-ansi": "^6.0.0",
         "through": "^2.3.6",
-        "wrap-ansi": "^7.0.0"
+        "wrap-ansi": "^6.0.1"
       },
       "engines": {
         "node": ">=12.0.0"
       }
     },
+    "node_modules/inquirer/node_modules/wrap-ansi": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+      "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/inside": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/inside/-/inside-1.0.0.tgz",
@@ -22876,15 +25375,6 @@
         "node": ">= 0.10"
       }
     },
-    "node_modules/is": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/is/-/is-3.3.0.tgz",
-      "integrity": "sha512-nW24QBoPcFGGHJGUwnfpI7Yc5CdqWNdsyHQszVE/z2pKHXzh7FZ5GWhJqSyaQ9wMkQnsTx+kAI8bHlCX4tKdbg==",
-      "dev": true,
-      "engines": {
-        "node": "*"
-      }
-    },
     "node_modules/is-absolute": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/is-absolute/-/is-absolute-1.0.0.tgz",
@@ -23052,9 +25542,9 @@
       }
     },
     "node_modules/is-core-module": {
-      "version": "2.12.1",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.12.1.tgz",
-      "integrity": "sha512-Q4ZuBAe2FUsKtyQJoQHlvP8OvBERxO3jEmy1I7hcRXcJBGGHFh/aJBswbXuS9sgrDH2QUO8ilkwNPHvHMd8clg==",
+      "version": "2.13.0",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.0.tgz",
+      "integrity": "sha512-Z7dk6Qo8pOCp3l4tsX2C5ZVas4V+UxwQodwZhLopL91TX8UyyHEXafPcyoeeWuLrwzHcr3igO78wNLwHJHsMCQ==",
       "dev": true,
       "dependencies": {
         "has": "^1.0.3"
@@ -23228,39 +25718,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/is-inside-container": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-inside-container/-/is-inside-container-1.0.0.tgz",
-      "integrity": "sha512-KIYLCCJghfHZxqjYBE7rEy0OBuTd5xCHS7tHVgvCLkx7StIoaxwNW3hCALgEUjFfeRk+MG/Qxmp/vtETEF3tRA==",
-      "dev": true,
-      "dependencies": {
-        "is-docker": "^3.0.0"
-      },
-      "bin": {
-        "is-inside-container": "cli.js"
-      },
-      "engines": {
-        "node": ">=14.16"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/is-inside-container/node_modules/is-docker": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-3.0.0.tgz",
-      "integrity": "sha512-eljcgEDlEns/7AXFosB5K/2nCM4P7FQPkGc/DWLy5rmFEWvZayGrik1d9/QIY5nJ4f9YsVvBkA6kJpHn9rISdQ==",
-      "dev": true,
-      "bin": {
-        "is-docker": "cli.js"
-      },
-      "engines": {
-        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/is-interactive": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/is-interactive/-/is-interactive-1.0.0.tgz",
@@ -24401,9 +26858,9 @@
       }
     },
     "node_modules/jest-mock-extended": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/jest-mock-extended/-/jest-mock-extended-3.0.4.tgz",
-      "integrity": "sha512-2ynEZ7IEJNrhrgshklDMhrOdnmW4Nt+PhkyRqZxRgpwMo7JjmFWMzyp0+eSyk+H9KK1QjXI5xTZIw6x7cVDcRg==",
+      "version": "3.0.5",
+      "resolved": "https://registry.npmjs.org/jest-mock-extended/-/jest-mock-extended-3.0.5.tgz",
+      "integrity": "sha512-/eHdaNPUAXe7f65gHH5urc8SbRVWjYxBqmCgax2uqOBJy8UUcCBMN1upj1eZ8y/i+IqpyEm4Kq0VKss/GCCTdw==",
       "dev": true,
       "dependencies": {
         "ts-essentials": "^7.0.3"
@@ -24773,14 +27230,14 @@
       "integrity": "sha512-umpJ0/k8X0MvD1ds0P9SfowREz2LenHsQaxSohMZ5OMNEU2r0tf8pdeEFTHMFxWVxKNyU9rTtK3CWzUCTKJUeQ=="
     },
     "node_modules/js-beautify": {
-      "version": "1.14.7",
-      "resolved": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.14.7.tgz",
-      "integrity": "sha512-5SOX1KXPFKx+5f6ZrPsIPEY7NwKeQz47n3jm2i+XeHx9MoRsfQenlOP13FQhWvg8JRS0+XLO6XYUQ2GX+q+T9A==",
+      "version": "1.14.9",
+      "resolved": "https://registry.npmjs.org/js-beautify/-/js-beautify-1.14.9.tgz",
+      "integrity": "sha512-coM7xq1syLcMyuVGyToxcj2AlzhkDjmfklL8r0JgJ7A76wyGMpJ1oA35mr4APdYNO/o/4YY8H54NQIJzhMbhBg==",
       "dev": true,
       "dependencies": {
         "config-chain": "^1.1.13",
-        "editorconfig": "^0.15.3",
-        "glob": "^8.0.3",
+        "editorconfig": "^1.0.3",
+        "glob": "^8.1.0",
         "nopt": "^6.0.0"
       },
       "bin": {
@@ -24789,7 +27246,7 @@
         "js-beautify": "js/bin/js-beautify.js"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=12"
       }
     },
     "node_modules/js-beautify/node_modules/nopt": {
@@ -25004,22 +27461,6 @@
       "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==",
       "dev": true
     },
-    "node_modules/json-file-plus": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/json-file-plus/-/json-file-plus-3.3.1.tgz",
-      "integrity": "sha512-wo0q1UuiV5NsDPQDup1Km8IwEeqe+olr8tkWxeJq9Bjtcp7DZ0l+yrg28fSC3DEtrE311mhTZ54QGS6oiqnZEA==",
-      "dev": true,
-      "dependencies": {
-        "is": "^3.2.1",
-        "node.extend": "^2.0.0",
-        "object.assign": "^4.1.0",
-        "promiseback": "^2.0.2",
-        "safer-buffer": "^2.0.2"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      }
-    },
     "node_modules/json-parse-even-better-errors": {
       "version": "2.3.1",
       "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz",
@@ -25206,12 +27647,13 @@
       }
     },
     "node_modules/koa-bodyparser": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/koa-bodyparser/-/koa-bodyparser-4.4.0.tgz",
-      "integrity": "sha512-AXPY7wwKZUmbgb8VkTEUFoRNOlx6aWRJwEnQD+zfNf33/7KSAkN4Oo9BqlIk80D+5TvuqlhpQT5dPVcyxl5Zsw==",
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/koa-bodyparser/-/koa-bodyparser-4.4.1.tgz",
+      "integrity": "sha512-kBH3IYPMb+iAXnrxIhXnW+gXV8OTzCu8VPDqvcDHW9SQrbkHmqPQtiZwrltNmSq6/lpipHnT7k7PsjlVD7kK0w==",
       "dependencies": {
         "co-body": "^6.0.0",
-        "copy-to": "^2.0.1"
+        "copy-to": "^2.0.1",
+        "type-is": "^1.6.18"
       },
       "engines": {
         "node": ">=8.0.0"
@@ -25532,63 +27974,36 @@
       "dev": true
     },
     "node_modules/lint-staged": {
-      "version": "13.2.2",
-      "resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-13.2.2.tgz",
-      "integrity": "sha512-71gSwXKy649VrSU09s10uAT0rWCcY3aewhMaHyl2N84oBk4Xs9HgxvUp3AYu+bNsK4NrOYYxvSgg7FyGJ+jGcA==",
+      "version": "13.3.0",
+      "resolved": "https://registry.npmjs.org/lint-staged/-/lint-staged-13.3.0.tgz",
+      "integrity": "sha512-mPRtrYnipYYv1FEE134ufbWpeggNTo+O/UPzngoaKzbzHAthvR55am+8GfHTnqNRQVRRrYQLGW9ZyUoD7DsBHQ==",
       "dev": true,
       "dependencies": {
-        "chalk": "5.2.0",
-        "cli-truncate": "^3.1.0",
-        "commander": "^10.0.0",
-        "debug": "^4.3.4",
-        "execa": "^7.0.0",
+        "chalk": "5.3.0",
+        "commander": "11.0.0",
+        "debug": "4.3.4",
+        "execa": "7.2.0",
         "lilconfig": "2.1.0",
-        "listr2": "^5.0.7",
-        "micromatch": "^4.0.5",
-        "normalize-path": "^3.0.0",
-        "object-inspect": "^1.12.3",
-        "pidtree": "^0.6.0",
-        "string-argv": "^0.3.1",
-        "yaml": "^2.2.2"
+        "listr2": "6.6.1",
+        "micromatch": "4.0.5",
+        "pidtree": "0.6.0",
+        "string-argv": "0.3.2",
+        "yaml": "2.3.1"
       },
       "bin": {
         "lint-staged": "bin/lint-staged.js"
       },
       "engines": {
-        "node": "^14.13.1 || >=16.0.0"
+        "node": "^16.14.0 || >=18.0.0"
       },
       "funding": {
         "url": "https://opencollective.com/lint-staged"
       }
     },
-    "node_modules/lint-staged/node_modules/ansi-regex": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
-      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
-      }
-    },
-    "node_modules/lint-staged/node_modules/ansi-styles": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
-      "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
     "node_modules/lint-staged/node_modules/chalk": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.2.0.tgz",
-      "integrity": "sha512-ree3Gqw/nazQAPuJJEy+avdl7QfZMcUvmHIKgEZkGL+xOBzRvup5Hxo6LHuMceSxOabuJLJm5Yp/92R9eMmMvA==",
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.3.0.tgz",
+      "integrity": "sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==",
       "dev": true,
       "engines": {
         "node": "^12.17.0 || ^14.13 || >=16.0.0"
@@ -25597,41 +28012,19 @@
         "url": "https://github.com/chalk/chalk?sponsor=1"
       }
     },
-    "node_modules/lint-staged/node_modules/cli-truncate": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-3.1.0.tgz",
-      "integrity": "sha512-wfOBkjXteqSnI59oPcJkcPl/ZmwvMMOj340qUIY1SKZCv0B9Cf4D4fAucRkIKQmsIuYK3x1rrgU7MeGRruiuiA==",
-      "dev": true,
-      "dependencies": {
-        "slice-ansi": "^5.0.0",
-        "string-width": "^5.0.0"
-      },
-      "engines": {
-        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/lint-staged/node_modules/commander": {
-      "version": "10.0.1",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
-      "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==",
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-11.0.0.tgz",
+      "integrity": "sha512-9HMlXtt/BNoYr8ooyjjNRdIilOTkVJXB+GhxMTtOKwk0R4j4lS4NpjuqmRxroBfnfTSHQIHQB7wryHhXarNjmQ==",
       "dev": true,
       "engines": {
-        "node": ">=14"
+        "node": ">=16"
       }
     },
-    "node_modules/lint-staged/node_modules/emoji-regex": {
-      "version": "9.2.2",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
-      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
-      "dev": true
-    },
     "node_modules/lint-staged/node_modules/execa": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/execa/-/execa-7.1.1.tgz",
-      "integrity": "sha512-wH0eMf/UXckdUYnO21+HDztteVv05rq2GXksxT4fCGeHkBhw1DROXh40wcjMcRqDOWE7iPJ4n3M7e2+YFP+76Q==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/execa/-/execa-7.2.0.tgz",
+      "integrity": "sha512-UduyVP7TLB5IcAQl+OzLyLcS/l32W/GLg+AhHJ+ow40FOk2U3SAllPwR44v4vmdFwIWqpdwxxpQbF1n5ta9seA==",
       "dev": true,
       "dependencies": {
         "cross-spawn": "^7.0.3",
@@ -25660,18 +28053,6 @@
         "node": ">=14.18.0"
       }
     },
-    "node_modules/lint-staged/node_modules/is-fullwidth-code-point": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-4.0.0.tgz",
-      "integrity": "sha512-O4L094N2/dZ7xqVdrXhh9r1KODPJpFms8B5sGdJLPy664AgvXsreZUyCQQNItZRDlYug4xStLjNp/sz3HvBowQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/lint-staged/node_modules/is-stream": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-3.0.0.tgz",
@@ -25738,54 +28119,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/lint-staged/node_modules/slice-ansi": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-5.0.0.tgz",
-      "integrity": "sha512-FC+lgizVPfie0kkhqUScwRu1O/lF6NOgJmlCgK+/LYxDCTk8sGelYaHDhFcDN+Sn3Cv+3VSa4Byeo+IMCzpMgQ==",
-      "dev": true,
-      "dependencies": {
-        "ansi-styles": "^6.0.0",
-        "is-fullwidth-code-point": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/slice-ansi?sponsor=1"
-      }
-    },
-    "node_modules/lint-staged/node_modules/string-width": {
-      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
-      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
-      "dev": true,
-      "dependencies": {
-        "eastasianwidth": "^0.2.0",
-        "emoji-regex": "^9.2.2",
-        "strip-ansi": "^7.0.1"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/lint-staged/node_modules/strip-ansi": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.0.1.tgz",
-      "integrity": "sha512-cXNxvT8dFNRVfhVME3JAe98mkXDYN2O1l7jmcwMnOslDeESg1rF/OZMtK0nRAhiari1unG5cD4jG3rapUAkLbw==",
-      "dev": true,
-      "dependencies": {
-        "ansi-regex": "^6.0.1"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
-      }
-    },
     "node_modules/lint-staged/node_modules/strip-final-newline": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz",
@@ -25808,22 +28141,20 @@
       }
     },
     "node_modules/listr2": {
-      "version": "5.0.8",
-      "resolved": "https://registry.npmjs.org/listr2/-/listr2-5.0.8.tgz",
-      "integrity": "sha512-mC73LitKHj9w6v30nLNGPetZIlfpUniNSsxxrbaPcWOjDb92SHPzJPi/t+v1YC/lxKz/AJ9egOjww0qUuFxBpA==",
+      "version": "6.6.1",
+      "resolved": "https://registry.npmjs.org/listr2/-/listr2-6.6.1.tgz",
+      "integrity": "sha512-+rAXGHh0fkEWdXBmX+L6mmfmXmXvDGEKzkjxO+8mP3+nI/r/CWznVBvsibXdxda9Zz0OW2e2ikphN3OwCT/jSg==",
       "dev": true,
       "dependencies": {
-        "cli-truncate": "^2.1.0",
-        "colorette": "^2.0.19",
-        "log-update": "^4.0.0",
-        "p-map": "^4.0.0",
+        "cli-truncate": "^3.1.0",
+        "colorette": "^2.0.20",
+        "eventemitter3": "^5.0.1",
+        "log-update": "^5.0.1",
         "rfdc": "^1.3.0",
-        "rxjs": "^7.8.0",
-        "through": "^2.3.8",
-        "wrap-ansi": "^7.0.0"
+        "wrap-ansi": "^8.1.0"
       },
       "engines": {
-        "node": "^14.13.1 || >=16.0.0"
+        "node": ">=16.0.0"
       },
       "peerDependencies": {
         "enquirer": ">= 2.3.0 < 3"
@@ -25834,6 +28165,135 @@
         }
       }
     },
+    "node_modules/listr2/node_modules/ansi-regex": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
+      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
+      "dev": true,
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "node_modules/listr2/node_modules/ansi-styles": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
+      "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
+      "dev": true,
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/listr2/node_modules/cli-truncate": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-3.1.0.tgz",
+      "integrity": "sha512-wfOBkjXteqSnI59oPcJkcPl/ZmwvMMOj340qUIY1SKZCv0B9Cf4D4fAucRkIKQmsIuYK3x1rrgU7MeGRruiuiA==",
+      "dev": true,
+      "dependencies": {
+        "slice-ansi": "^5.0.0",
+        "string-width": "^5.0.0"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/listr2/node_modules/emoji-regex": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
+      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
+      "dev": true
+    },
+    "node_modules/listr2/node_modules/eventemitter3": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.1.tgz",
+      "integrity": "sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==",
+      "dev": true
+    },
+    "node_modules/listr2/node_modules/is-fullwidth-code-point": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-4.0.0.tgz",
+      "integrity": "sha512-O4L094N2/dZ7xqVdrXhh9r1KODPJpFms8B5sGdJLPy664AgvXsreZUyCQQNItZRDlYug4xStLjNp/sz3HvBowQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/listr2/node_modules/slice-ansi": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-5.0.0.tgz",
+      "integrity": "sha512-FC+lgizVPfie0kkhqUScwRu1O/lF6NOgJmlCgK+/LYxDCTk8sGelYaHDhFcDN+Sn3Cv+3VSa4Byeo+IMCzpMgQ==",
+      "dev": true,
+      "dependencies": {
+        "ansi-styles": "^6.0.0",
+        "is-fullwidth-code-point": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/slice-ansi?sponsor=1"
+      }
+    },
+    "node_modules/listr2/node_modules/string-width": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
+      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
+      "dev": true,
+      "dependencies": {
+        "eastasianwidth": "^0.2.0",
+        "emoji-regex": "^9.2.2",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/listr2/node_modules/strip-ansi": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
+      "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
+      "dev": true,
+      "dependencies": {
+        "ansi-regex": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
+    "node_modules/listr2/node_modules/wrap-ansi": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
+      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
+      "dev": true,
+      "dependencies": {
+        "ansi-styles": "^6.1.0",
+        "string-width": "^5.0.1",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
     "node_modules/lit": {
       "version": "2.8.0",
       "resolved": "https://registry.npmjs.org/lit/-/lit-2.8.0.tgz",
@@ -25952,24 +28412,6 @@
       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
       "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
     },
-    "node_modules/lodash.clone": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/lodash.clone/-/lodash.clone-4.5.0.tgz",
-      "integrity": "sha512-GhrVeweiTD6uTmmn5hV/lzgCQhccwReIVRLHp7LT4SopOjqEZ5BbX8b5WWEtAKasjmy8hR7ZPwsYlxRCku5odg==",
-      "dev": true
-    },
-    "node_modules/lodash.clonedeep": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz",
-      "integrity": "sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==",
-      "dev": true
-    },
-    "node_modules/lodash.constant": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/lodash.constant/-/lodash.constant-3.0.0.tgz",
-      "integrity": "sha512-X5XMrB+SdI1mFa81162NSTo/YNd23SLdLOLzcXTwS4inDZ5YCL8X67UFzZJAH4CqIa6R8cr56CShfA5K5MFiYQ==",
-      "dev": true
-    },
     "node_modules/lodash.debounce": {
       "version": "4.0.8",
       "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz",
@@ -25982,66 +28424,12 @@
       "integrity": "sha512-TM9YBvyC84ZxE3rgfefxUWiQKLilstD6k7PTGt6wfbtXF8ixIJLOL3VYyV/z+ZiPLsVxAsKAFVwWlWeb2Y8Yyw==",
       "dev": true
     },
-    "node_modules/lodash.filter": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/lodash.filter/-/lodash.filter-4.6.0.tgz",
-      "integrity": "sha512-pXYUy7PR8BCLwX5mgJ/aNtyOvuJTdZAo9EQFUvMIYugqmJxnrYaANvTbgndOzHSCSR0wnlBBfRXJL5SbWxo3FQ==",
-      "dev": true
-    },
-    "node_modules/lodash.flatmap": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/lodash.flatmap/-/lodash.flatmap-4.5.0.tgz",
-      "integrity": "sha512-/OcpcAGWlrZyoHGeHh3cAoa6nGdX6QYtmzNP84Jqol6UEQQ2gIaU3H+0eICcjcKGl0/XF8LWOujNn9lffsnaOg==",
-      "dev": true
-    },
-    "node_modules/lodash.foreach": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/lodash.foreach/-/lodash.foreach-4.5.0.tgz",
-      "integrity": "sha512-aEXTF4d+m05rVOAUG3z4vZZ4xVexLKZGF0lIxuHZ1Hplpk/3B6Z1+/ICICYRLm7c41Z2xiejbkCkJoTlypoXhQ==",
-      "dev": true
-    },
-    "node_modules/lodash.has": {
-      "version": "4.5.2",
-      "resolved": "https://registry.npmjs.org/lodash.has/-/lodash.has-4.5.2.tgz",
-      "integrity": "sha512-rnYUdIo6xRCJnQmbVFEwcxF144erlD+M3YcJUVesflU9paQaE8p+fJDcIQrlMYbxoANFL+AB9hZrzSBBk5PL+g==",
-      "dev": true
-    },
-    "node_modules/lodash.isempty": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/lodash.isempty/-/lodash.isempty-4.4.0.tgz",
-      "integrity": "sha512-oKMuF3xEeqDltrGMfDxAPGIVMSSRv8tbRSODbrs4KGsRRLEhrW8N8Rd4DRgB2+621hY8A8XwwrTVhXWpxFvMzg==",
-      "dev": true
-    },
     "node_modules/lodash.isequal": {
       "version": "4.5.0",
       "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
       "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==",
       "dev": true
     },
-    "node_modules/lodash.isfunction": {
-      "version": "3.0.9",
-      "resolved": "https://registry.npmjs.org/lodash.isfunction/-/lodash.isfunction-3.0.9.tgz",
-      "integrity": "sha512-AirXNj15uRIMMPihnkInB4i3NHeb4iBtNg9WRWuK2o31S+ePwwNmDPaTL3o7dTJ+VXNZim7rFs4rxN4YU1oUJw==",
-      "dev": true
-    },
-    "node_modules/lodash.isundefined": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/lodash.isundefined/-/lodash.isundefined-3.0.1.tgz",
-      "integrity": "sha512-MXB1is3s899/cD8jheYYE2V9qTHwKvt+npCwpD+1Sxm3Q3cECXCiYHjeHWXNwr6Q0SOBPrYUDxendrO6goVTEA==",
-      "dev": true
-    },
-    "node_modules/lodash.keys": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/lodash.keys/-/lodash.keys-4.2.0.tgz",
-      "integrity": "sha512-J79MkJcp7Df5mizHiVNpjoHXLi4HLjh9VLS/M7lQSGoQ+0oQ+lWEigREkqKyizPB1IawvQLLKY8mzEcm1tkyxQ==",
-      "dev": true
-    },
-    "node_modules/lodash.map": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/lodash.map/-/lodash.map-4.6.0.tgz",
-      "integrity": "sha512-worNHGKLDetmcEYDvh2stPCrrQRkP20E4l0iIS7F8EvzMqBBi7ltvFN5m1HvTf1P7Jk1txKhvFcmYsCr8O2F1Q==",
-      "dev": true
-    },
     "node_modules/lodash.memoize": {
       "version": "4.1.2",
       "resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz",
@@ -26054,42 +28442,6 @@
       "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==",
       "dev": true
     },
-    "node_modules/lodash.reduce": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/lodash.reduce/-/lodash.reduce-4.6.0.tgz",
-      "integrity": "sha512-6raRe2vxCYBhpBu+B+TtNGUzah+hQjVdu3E17wfusjyrXBka2nBS8OH/gjVZ5PvHOhWmIZTYri09Z6n/QfnNMw==",
-      "dev": true
-    },
-    "node_modules/lodash.size": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/lodash.size/-/lodash.size-4.2.0.tgz",
-      "integrity": "sha512-wbu3SF1XC5ijqm0piNxw59yCbuUf2kaShumYBLWUrcCvwh6C8odz6SY/wGVzCWTQTFL/1Ygbvqg2eLtspUVVAQ==",
-      "dev": true
-    },
-    "node_modules/lodash.topairs": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/lodash.topairs/-/lodash.topairs-4.3.0.tgz",
-      "integrity": "sha512-qrRMbykBSEGdOgQLJJqVSdPWMD7Q+GJJ5jMRfQYb+LTLsw3tYVIabnCzRqTJb2WTo17PG5gNzXuFaZgYH/9SAQ==",
-      "dev": true
-    },
-    "node_modules/lodash.transform": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/lodash.transform/-/lodash.transform-4.6.0.tgz",
-      "integrity": "sha512-LO37ZnhmBVx0GvOU/caQuipEh4GN82TcWv3yHlebGDgOxbxiwwzW5Pcx2AcvpIv2WmvmSMoC492yQFNhy/l/UQ==",
-      "dev": true
-    },
-    "node_modules/lodash.union": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/lodash.union/-/lodash.union-4.6.0.tgz",
-      "integrity": "sha512-c4pB2CdGrGdjMKYLA+XiRDO7Y0PRQbm/Gzg8qMj+QH+pFVAoTp5sBpO0odL3FjoPCGjK96p6qsP+yQoiLoOBcw==",
-      "dev": true
-    },
-    "node_modules/lodash.values": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/lodash.values/-/lodash.values-4.3.0.tgz",
-      "integrity": "sha512-r0RwvdCv8id9TUblb/O7rYPwVy6lerCbcawrfdo9iC/1t1wsNMJknO79WNBgwkH0hIeJ08jmvvESbFpNb4jH0Q==",
-      "dev": true
-    },
     "node_modules/log-symbols": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz",
@@ -26106,16 +28458,165 @@
       }
     },
     "node_modules/log-update": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/log-update/-/log-update-4.0.0.tgz",
-      "integrity": "sha512-9fkkDevMefjg0mmzWFBW8YkFP91OrizzkW3diF7CpG+S2EYdy4+TVfGwz1zeF8x7hCx1ovSPTOE9Ngib74qqUg==",
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/log-update/-/log-update-5.0.1.tgz",
+      "integrity": "sha512-5UtUDQ/6edw4ofyljDNcOVJQ4c7OjDro4h3y8e1GQL5iYElYclVHJ3zeWchylvMaKnDbDilC8irOVyexnA/Slw==",
       "dev": true,
       "dependencies": {
-        "ansi-escapes": "^4.3.0",
-        "cli-cursor": "^3.1.0",
-        "slice-ansi": "^4.0.0",
-        "wrap-ansi": "^6.2.0"
+        "ansi-escapes": "^5.0.0",
+        "cli-cursor": "^4.0.0",
+        "slice-ansi": "^5.0.0",
+        "strip-ansi": "^7.0.1",
+        "wrap-ansi": "^8.0.1"
       },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/log-update/node_modules/ansi-escapes": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-5.0.0.tgz",
+      "integrity": "sha512-5GFMVX8HqE/TB+FuBJGuO5XG0WrsA6ptUqoODaT/n9mmUaZFkqnBueB4leqGBCmrUHnCnC4PCZTCd0E7QQ83bA==",
+      "dev": true,
+      "dependencies": {
+        "type-fest": "^1.0.2"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/log-update/node_modules/ansi-regex": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
+      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
+      "dev": true,
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "node_modules/log-update/node_modules/ansi-styles": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
+      "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
+      "dev": true,
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/log-update/node_modules/cli-cursor": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-4.0.0.tgz",
+      "integrity": "sha512-VGtlMu3x/4DOtIUwEkRezxUZ2lBacNJCHash0N0WeZDBS+7Ux1dm3XWAgWYxLJFMMdOeXMHXorshEFhbMSGelg==",
+      "dev": true,
+      "dependencies": {
+        "restore-cursor": "^4.0.0"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/log-update/node_modules/emoji-regex": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
+      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
+      "dev": true
+    },
+    "node_modules/log-update/node_modules/is-fullwidth-code-point": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-4.0.0.tgz",
+      "integrity": "sha512-O4L094N2/dZ7xqVdrXhh9r1KODPJpFms8B5sGdJLPy664AgvXsreZUyCQQNItZRDlYug4xStLjNp/sz3HvBowQ==",
+      "dev": true,
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/log-update/node_modules/restore-cursor": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-4.0.0.tgz",
+      "integrity": "sha512-I9fPXU9geO9bHOt9pHHOhOkYerIMsmVaWB0rA2AI9ERh/+x/i7MV5HKBNrg+ljO5eoPVgCcnFuRjJ9uH6I/3eg==",
+      "dev": true,
+      "dependencies": {
+        "onetime": "^5.1.0",
+        "signal-exit": "^3.0.2"
+      },
+      "engines": {
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/log-update/node_modules/slice-ansi": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-5.0.0.tgz",
+      "integrity": "sha512-FC+lgizVPfie0kkhqUScwRu1O/lF6NOgJmlCgK+/LYxDCTk8sGelYaHDhFcDN+Sn3Cv+3VSa4Byeo+IMCzpMgQ==",
+      "dev": true,
+      "dependencies": {
+        "ansi-styles": "^6.0.0",
+        "is-fullwidth-code-point": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/slice-ansi?sponsor=1"
+      }
+    },
+    "node_modules/log-update/node_modules/string-width": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
+      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
+      "dev": true,
+      "dependencies": {
+        "eastasianwidth": "^0.2.0",
+        "emoji-regex": "^9.2.2",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/log-update/node_modules/strip-ansi": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
+      "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
+      "dev": true,
+      "dependencies": {
+        "ansi-regex": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
+    "node_modules/log-update/node_modules/type-fest": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-1.4.0.tgz",
+      "integrity": "sha512-yGSza74xk0UG8k+pLh5oeoYirvIiWo5t0/o3zHHAO2tRDiZcxWP7fywNlXhqb6/r6sWvwi+RsyQMWhVLe4BVuA==",
+      "dev": true,
       "engines": {
         "node": ">=10"
       },
@@ -26123,35 +28624,21 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/log-update/node_modules/slice-ansi": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz",
-      "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==",
+    "node_modules/log-update/node_modules/wrap-ansi": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
+      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
       "dev": true,
       "dependencies": {
-        "ansi-styles": "^4.0.0",
-        "astral-regex": "^2.0.0",
-        "is-fullwidth-code-point": "^3.0.0"
+        "ansi-styles": "^6.1.0",
+        "string-width": "^5.0.1",
+        "strip-ansi": "^7.0.1"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=12"
       },
       "funding": {
-        "url": "https://github.com/chalk/slice-ansi?sponsor=1"
-      }
-    },
-    "node_modules/log-update/node_modules/wrap-ansi": {
-      "version": "6.2.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
-      "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
-      "dev": true,
-      "dependencies": {
-        "ansi-styles": "^4.0.0",
-        "string-width": "^4.1.0",
-        "strip-ansi": "^6.0.0"
-      },
-      "engines": {
-        "node": ">=8"
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
       }
     },
     "node_modules/loglevel": {
@@ -28374,9 +30861,9 @@
       "dev": true
     },
     "node_modules/node-addon-api": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-5.1.0.tgz",
-      "integrity": "sha512-eh0GgfEkpnoWDq+VY8OyvYhFEzBk6jIYbRKdIlyTiAXIVJ8PyBaKb0rp7oDtoddbdoHWhq8wwr+XZ81F1rpNdA=="
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-7.0.0.tgz",
+      "integrity": "sha512-vgbBJTS4m5/KkE16t5Ly0WW9hz46swAstv0hYYwMtbG7AznRhNyfLRe8HZAiWIpcHzoO7HxhLuBQj9rJ/Ho0ZA=="
     },
     "node_modules/node-api-version": {
       "version": "0.1.4",
@@ -28400,9 +30887,9 @@
       }
     },
     "node_modules/node-fetch": {
-      "version": "2.6.11",
-      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.11.tgz",
-      "integrity": "sha512-4I6pdBY1EthSqDmJkiNk3JIT8cswwR9nfeW/cPdUagJYEQG7R95WRH74wpz7ma8Gh/9dI9FP+OU+0E4FvtA55w==",
+      "version": "2.6.12",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.12.tgz",
+      "integrity": "sha512-C/fGU2E8ToujUivIO0H+tpQ6HWo4eEmchoPIoXtxCrVghxdKq+QOHqEZW7tuP3KlV3bC8FRMO5nMCC7Zm1VP6g==",
       "dependencies": {
         "whatwg-url": "^5.0.0"
       },
@@ -28621,19 +31108,6 @@
       "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.13.tgz",
       "integrity": "sha512-uYr7J37ae/ORWdZeQ1xxMJe3NtdmqMC/JZK+geofDrkLUApKRHPd18/TxtBOJ4A0/+uUIliorNrfYV6s1b02eQ=="
     },
-    "node_modules/node.extend": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/node.extend/-/node.extend-2.0.2.tgz",
-      "integrity": "sha512-pDT4Dchl94/+kkgdwyS2PauDFjZG0Hk0IcHIB+LkW27HLDtdoeMxHTxZh39DYbPP8UflWXWj9JcdDozF+YDOpQ==",
-      "dev": true,
-      "dependencies": {
-        "has": "^1.0.3",
-        "is": "^3.2.1"
-      },
-      "engines": {
-        "node": ">=0.4.0"
-      }
-    },
     "node_modules/nopt": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz",
@@ -29141,6 +31615,35 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/object.fromentries": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.6.tgz",
+      "integrity": "sha512-VciD13dswC4j1Xt5394WR4MzmAQmlgN72phd/riNp9vtD7tp4QQWJ0R4wvclXcafgcYK8veHRed2W6XeGBvcfg==",
+      "dev": true,
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.1.4",
+        "es-abstract": "^1.20.4"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
+    "node_modules/object.groupby": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/object.groupby/-/object.groupby-1.0.0.tgz",
+      "integrity": "sha512-70MWG6NfRH9GnbZOikuhPPYzpUpof9iW2J9E4dW7FXTqPNb6rllE6u39SKwwiNh8lCwX3DDb5OgcKGiEBrTTyw==",
+      "dev": true,
+      "dependencies": {
+        "call-bind": "^1.0.2",
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.21.2",
+        "get-intrinsic": "^1.2.1"
+      }
+    },
     "node_modules/object.map": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/object.map/-/object.map-1.0.1.tgz",
@@ -29283,17 +31786,17 @@
       }
     },
     "node_modules/optionator": {
-      "version": "0.9.1",
-      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz",
-      "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==",
+      "version": "0.9.3",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.3.tgz",
+      "integrity": "sha512-JjCoypp+jKn1ttEFExxhetCKeJt9zhAgAve5FXHixTvFDW/5aEktX9bufBKLRRMdU7bNtpLfcGu94B3cdEJgjg==",
       "dev": true,
       "dependencies": {
+        "@aashutoshrathi/word-wrap": "^1.2.3",
         "deep-is": "^0.1.3",
         "fast-levenshtein": "^2.0.6",
         "levn": "^0.4.1",
         "prelude-ls": "^1.2.1",
-        "type-check": "^0.4.0",
-        "word-wrap": "^1.2.3"
+        "type-check": "^0.4.0"
       },
       "engines": {
         "node": ">= 0.8.0"
@@ -29466,12 +31969,6 @@
         "node": ">=6"
       }
     },
-    "node_modules/packageurl-js": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.0.2.tgz",
-      "integrity": "sha512-fWC4ZPxo80qlh3xN5FxfIoQD3phVY4+EyzTIqyksjhKNDmaicdpxSvkWwIrYTtv9C1/RcUN6pxaTwGmj2NzS6A==",
-      "dev": true
-    },
     "node_modules/pacote": {
       "version": "15.1.0",
       "resolved": "https://registry.npmjs.org/pacote/-/pacote-15.1.0.tgz",
@@ -30403,15 +32900,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/pluralize": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-7.0.0.tgz",
-      "integrity": "sha512-ARhBOdzS3e41FbkW/XWrTEtukqqLoK5+Z/4UeDaLuSW+39JPeFgs4gCGqsrJHVZX0fUrx//4OF0K1CUGwlIFow==",
-      "dev": true,
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/png-js": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/png-js/-/png-js-1.0.0.tgz",
@@ -30450,9 +32938,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.4.24",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz",
-      "integrity": "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==",
+      "version": "8.4.27",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.27.tgz",
+      "integrity": "sha512-gY/ACJtJPSmUFPDCHtX78+01fHa64FaU4zaaWfuh1MhGJISufJAH4cun6k/8fwsHYeK4UQmENQK+tRLCFJE8JQ==",
       "dev": true,
       "funding": [
         {
@@ -30552,14 +33040,13 @@
       }
     },
     "node_modules/postcss-loader": {
-      "version": "7.3.2",
-      "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-7.3.2.tgz",
-      "integrity": "sha512-c7qDlXErX6n0VT+LUsW+nwefVtTu3ORtVvK8EXuUIDcxo+b/euYqpuHlJAvePb0Af5e8uMjR/13e0lTuYifaig==",
+      "version": "7.3.3",
+      "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-7.3.3.tgz",
+      "integrity": "sha512-YgO/yhtevGO/vJePCQmTxiaEwER94LABZN0ZMT4A0vsak9TpO+RvKRs7EmJ8peIlB9xfXCsS7M8LjqncsUZ5HA==",
       "dev": true,
       "dependencies": {
-        "cosmiconfig": "^8.1.3",
+        "cosmiconfig": "^8.2.0",
         "jiti": "^1.18.2",
-        "klona": "^2.0.6",
         "semver": "^7.3.8"
       },
       "engines": {
@@ -30920,30 +33407,6 @@
         "node": ">=0.4.0"
       }
     },
-    "node_modules/promise": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/promise/-/promise-7.3.1.tgz",
-      "integrity": "sha512-nolQXZ/4L+bP/UGlkfaIujX9BKxGwmQ9OT4mOt5yvy8iK1h3wqTEJCijzGANTCCl9nWjY41juyAn2K3Q1hLLTg==",
-      "dev": true,
-      "dependencies": {
-        "asap": "~2.0.3"
-      }
-    },
-    "node_modules/promise-deferred": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/promise-deferred/-/promise-deferred-2.0.3.tgz",
-      "integrity": "sha512-n10XaoznCzLfyPFOlEE8iurezHpxrYzyjgq/1eW9Wk1gJwur/N7BdBmjJYJpqMeMcXK4wEbzo2EvZQcqjYcKUQ==",
-      "dev": true,
-      "dependencies": {
-        "promise": "^7.3.1"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/promise-inflight": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/promise-inflight/-/promise-inflight-1.0.1.tgz",
@@ -30968,22 +33431,6 @@
         "node": ">=10"
       }
     },
-    "node_modules/promiseback": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/promiseback/-/promiseback-2.0.3.tgz",
-      "integrity": "sha512-VZXdCwS0ppVNTIRfNsCvVwJAaP2b+pxQF7lM8DMWfmpNWyTxB6O5YNbzs+8z0ki/KIBHKHk308NTIl4kJUem3w==",
-      "dev": true,
-      "dependencies": {
-        "is-callable": "^1.1.5",
-        "promise-deferred": "^2.0.3"
-      },
-      "engines": {
-        "node": ">= 0.4"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/ljharb"
-      }
-    },
     "node_modules/prompts": {
       "version": "2.4.2",
       "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz",
@@ -31065,12 +33512,6 @@
       "dev": true,
       "optional": true
     },
-    "node_modules/pseudomap": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz",
-      "integrity": "sha512-b/YwNhb8lk1Zz2+bXXpS/LK9OisiZZ1SNsSLxN1x2OXVEhW2Ckr/7mWE5vrC1ZTiJlD9g19jWszTmJsB+oEpFQ==",
-      "dev": true
-    },
     "node_modules/psl": {
       "version": "1.9.0",
       "resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz",
@@ -31277,16 +33718,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/querystring": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz",
-      "integrity": "sha512-X/xY82scca2tau62i9mDyU9K+I+djTMUsvwf7xnUX5GLvVzgJybOJf4Y6o9Zx3oJK/LSXg5tTZBjwzqVPaPO2g==",
-      "deprecated": "The querystring API is considered Legacy. new code should use the URLSearchParams API instead.",
-      "dev": true,
-      "engines": {
-        "node": ">=0.4.x"
-      }
-    },
     "node_modules/querystringify": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz",
@@ -31925,9 +34356,9 @@
       }
     },
     "node_modules/recast": {
-      "version": "0.23.2",
-      "resolved": "https://registry.npmjs.org/recast/-/recast-0.23.2.tgz",
-      "integrity": "sha512-Qv6cPfVZyMOtPszK6PgW70pUgm7gPlFitAPf0Q69rlOA0zLw2XdDcNmPbVGYicFGT9O8I7TZ/0ryJD+6COvIPw==",
+      "version": "0.23.4",
+      "resolved": "https://registry.npmjs.org/recast/-/recast-0.23.4.tgz",
+      "integrity": "sha512-qtEDqIZGVcSZCHniWwZWbRy79Dc6Wp3kT/UmDA2RJKBPg7+7k51aQBZirHmUGn5uvHf2rg8DkjizrN26k61ATw==",
       "dev": true,
       "dependencies": {
         "assert": "^2.0.0",
@@ -32740,21 +35171,6 @@
       "resolved": "https://registry.npmjs.org/rrweb-cssom/-/rrweb-cssom-0.6.0.tgz",
       "integrity": "sha512-APM0Gt1KoXBz0iIkkdB/kfvGOwC4UuJFeG/c+yV7wSc7q96cG/kJ0HiYCnzivD9SB53cLV1MlHFNfOuPaadYSw=="
     },
-    "node_modules/run-applescript": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/run-applescript/-/run-applescript-5.0.0.tgz",
-      "integrity": "sha512-XcT5rBksx1QdIhlFOCtgZkB99ZEouFZ1E2Kc2LHqNW13U3/74YGdkQRmThTwxy4QIyookibDKYZOPqX//6BlAg==",
-      "dev": true,
-      "dependencies": {
-        "execa": "^5.0.0"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/run-async": {
       "version": "2.4.1",
       "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.4.1.tgz",
@@ -32887,9 +35303,9 @@
       }
     },
     "node_modules/sass": {
-      "version": "1.62.1",
-      "resolved": "https://registry.npmjs.org/sass/-/sass-1.62.1.tgz",
-      "integrity": "sha512-NHpxIzN29MXvWiuswfc1W3I0N8SXBd8UR26WntmDlRYf0bSADnwnOjsyMZ3lMezSlArD33Vs3YFhp7dWvL770A==",
+      "version": "1.65.1",
+      "resolved": "https://registry.npmjs.org/sass/-/sass-1.65.1.tgz",
+      "integrity": "sha512-9DINwtHmA41SEd36eVPQ9BJKpn7eKDQmUHmpI0y5Zv2Rcorrh0zS+cFrt050hdNbmmCNKTW3hV5mWfuegNRsEA==",
       "dev": true,
       "dependencies": {
         "chokidar": ">=3.0.0 <4.0.0",
@@ -32904,12 +35320,11 @@
       }
     },
     "node_modules/sass-loader": {
-      "version": "13.3.1",
-      "resolved": "https://registry.npmjs.org/sass-loader/-/sass-loader-13.3.1.tgz",
-      "integrity": "sha512-cBTxmgyVA1nXPvIK4brjJMXOMJ2v2YrQEuHqLw3LylGb3gsR6jAvdjHMcy/+JGTmmIF9SauTrLLR7bsWDMWqgg==",
+      "version": "13.3.2",
+      "resolved": "https://registry.npmjs.org/sass-loader/-/sass-loader-13.3.2.tgz",
+      "integrity": "sha512-CQbKl57kdEv+KDLquhC+gE3pXt74LEAzm+tzywcA0/aHZuub8wTErbjAoNI57rPUWRYRNC5WUnNl8eGJNbDdwg==",
       "dev": true,
       "dependencies": {
-        "klona": "^2.0.6",
         "neo-async": "^2.6.2"
       },
       "engines": {
@@ -33433,12 +35848,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/sigmund": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/sigmund/-/sigmund-1.0.1.tgz",
-      "integrity": "sha512-fCvEXfh6NWpm+YSuY2bpXb/VIihqWA6hLsgboC+0nl71Q7N7o2eaCW8mJa/NLvQhs6jpd3VZV4UiUQlV6+lc8g==",
-      "dev": true
-    },
     "node_modules/signal-exit": {
       "version": "3.0.7",
       "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
@@ -33608,6 +36017,7 @@
       "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-3.0.0.tgz",
       "integrity": "sha512-pSyv7bSTC7ig9Dcgbw9AuRNUb5k5V6oDudjZoMBSr13qpLBG7tB+zgCkARjq7xIUgdz5P1Qe8u+rSGdouOOIyQ==",
       "dev": true,
+      "optional": true,
       "dependencies": {
         "ansi-styles": "^4.0.0",
         "astral-regex": "^2.0.0",
@@ -33827,72 +36237,6 @@
         "node": ">=0.10.0"
       }
     },
-    "node_modules/snyk-config": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/snyk-config/-/snyk-config-5.1.0.tgz",
-      "integrity": "sha512-wqVMxUGqjjHX+MJrz0WHa/pJTDWU17aRv6cnI/6i7cq93J3TkkJZ8sjgvwCgP8cWX5wTHIlRuMV+IAd59K4X/g==",
-      "dev": true,
-      "dependencies": {
-        "async": "^3.2.0",
-        "debug": "^4.1.1",
-        "lodash.merge": "^4.6.2",
-        "minimist": "^1.2.5"
-      }
-    },
-    "node_modules/snyk-nodejs-lockfile-parser": {
-      "version": "1.51.0",
-      "resolved": "https://registry.npmjs.org/snyk-nodejs-lockfile-parser/-/snyk-nodejs-lockfile-parser-1.51.0.tgz",
-      "integrity": "sha512-uepLn2WELhgAVoYZ7QOt3nFwBVZvJAUfdDyebhb2Wqn5ftTthELzUp5/kCqxOXWoXBSg2KQIjI42U7SRq8gxLg==",
-      "dev": true,
-      "dependencies": {
-        "@snyk/dep-graph": "^2.3.0",
-        "@snyk/graphlib": "2.1.9-patch.3",
-        "@yarnpkg/core": "^2.4.0",
-        "@yarnpkg/lockfile": "^1.1.0",
-        "event-loop-spinner": "^2.0.0",
-        "js-yaml": "^4.1.0",
-        "lodash.clonedeep": "^4.5.0",
-        "lodash.flatmap": "^4.5.0",
-        "lodash.isempty": "^4.4.0",
-        "lodash.topairs": "^4.3.0",
-        "micromatch": "^4.0.5",
-        "p-map": "^4.0.0",
-        "semver": "^7.3.5",
-        "snyk-config": "^5.0.0",
-        "tslib": "^1.9.3",
-        "uuid": "^8.3.0"
-      },
-      "bin": {
-        "parse-nodejs-lockfile": "bin/index.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/snyk-nodejs-lockfile-parser/node_modules/argparse": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
-      "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
-      "dev": true
-    },
-    "node_modules/snyk-nodejs-lockfile-parser/node_modules/js-yaml": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
-      "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
-      "dev": true,
-      "dependencies": {
-        "argparse": "^2.0.1"
-      },
-      "bin": {
-        "js-yaml": "bin/js-yaml.js"
-      }
-    },
-    "node_modules/snyk-nodejs-lockfile-parser/node_modules/tslib": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz",
-      "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==",
-      "dev": true
-    },
     "node_modules/sockjs": {
       "version": "0.3.24",
       "resolved": "https://registry.npmjs.org/sockjs/-/sockjs-0.3.24.tgz",
@@ -34038,9 +36382,9 @@
       }
     },
     "node_modules/spawn-command": {
-      "version": "0.0.2-1",
-      "resolved": "https://registry.npmjs.org/spawn-command/-/spawn-command-0.0.2-1.tgz",
-      "integrity": "sha512-n98l9E2RMSJ9ON1AKisHzz7V42VDiBQGY6PB1BwRglz99wpVsSuGzQ+jOi6lFXBGVTCrRpltvjm+/XA+tpeJrg==",
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/spawn-command/-/spawn-command-0.0.2.tgz",
+      "integrity": "sha512-zC8zGoGkmc8J9ndvml8Xksr1Amk9qBujgbF0JAIWO7kXr43w0h/0GJNM/Vustixu+YE8N/MTrQ7N31FvHUACxQ==",
       "dev": true
     },
     "node_modules/spdx-correct": {
@@ -34571,12 +36915,12 @@
       "dev": true
     },
     "node_modules/storybook": {
-      "version": "7.2.2",
-      "resolved": "https://registry.npmjs.org/storybook/-/storybook-7.2.2.tgz",
-      "integrity": "sha512-JT4CtVagLi7B5CKFUX/ozRpW3X7z4ffdXaXr4g6uBQjPN8NmvQCCftVIntpiXPKIbQa+cqyOTCNiprGvFnQQfg==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/storybook/-/storybook-7.3.0.tgz",
+      "integrity": "sha512-v3kwokgNmEpmGFPsamE8vY3PYGkQ/fCbVmWeKmCam/GM0O05B3WOe5KamzopCCMnj62muqpb2OylD8TcIAWIsw==",
       "dev": true,
       "dependencies": {
-        "@storybook/cli": "7.2.2"
+        "@storybook/cli": "7.3.0"
       },
       "bin": {
         "sb": "index.js",
@@ -34587,15 +36931,6 @@
         "url": "https://opencollective.com/storybook"
       }
     },
-    "node_modules/stream-buffers": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/stream-buffers/-/stream-buffers-3.0.2.tgz",
-      "integrity": "sha512-DQi1h8VEBA/lURbSwFtEHnSTb9s2/pwLEaFuNhXwy1Dx3Sa0lOuYT2yNUr4/j2fs8oCAMANtrZ5OrPZtyVs3MQ==",
-      "dev": true,
-      "engines": {
-        "node": ">= 0.10.0"
-      }
-    },
     "node_modules/stream-combiner": {
       "version": "0.2.2",
       "resolved": "https://registry.npmjs.org/stream-combiner/-/stream-combiner-0.2.2.tgz",
@@ -34633,44 +36968,6 @@
       "integrity": "sha512-QsY0LbweYE5L+e+iBQgtkM5WUIf7+kCMA/m2VULv8rEEDDnlDPsPvOHH4nli6uaZOKQEt64u65h0l/eeZo7lCw==",
       "dev": true
     },
-    "node_modules/stream-to-array": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/stream-to-array/-/stream-to-array-2.3.0.tgz",
-      "integrity": "sha512-UsZtOYEn4tWU2RGLOXr/o/xjRBftZRlG3dEWoaHr8j4GuypJ3isitGbVyjQKAuMu+xbiop8q224TjiZWc4XTZA==",
-      "dev": true,
-      "dependencies": {
-        "any-promise": "^1.1.0"
-      }
-    },
-    "node_modules/stream-to-promise": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/stream-to-promise/-/stream-to-promise-2.2.0.tgz",
-      "integrity": "sha512-HAGUASw8NT0k8JvIVutB2Y/9iBk7gpgEyAudXwNJmZERdMITGdajOa4VJfD/kNiA3TppQpTP4J+CtcHwdzKBAw==",
-      "dev": true,
-      "dependencies": {
-        "any-promise": "~1.3.0",
-        "end-of-stream": "~1.1.0",
-        "stream-to-array": "~2.3.0"
-      }
-    },
-    "node_modules/stream-to-promise/node_modules/end-of-stream": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.1.0.tgz",
-      "integrity": "sha512-EoulkdKF/1xa92q25PbjuDcgJ9RDHYU2Rs3SCIvs2/dSQ3BpmxneNHmA/M7fe60M3PrV7nNGTTNbkK62l6vXiQ==",
-      "dev": true,
-      "dependencies": {
-        "once": "~1.3.0"
-      }
-    },
-    "node_modules/stream-to-promise/node_modules/once": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/once/-/once-1.3.3.tgz",
-      "integrity": "sha512-6vaNInhu+CHxtONf3zw3vq4SP2DOQhjBvIa3rNcG0+P7eKWlYH6Peu7rHizSloRU2EwMz6GraLieis9Ac9+p1w==",
-      "dev": true,
-      "dependencies": {
-        "wrappy": "1"
-      }
-    },
     "node_modules/streamfilter": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/streamfilter/-/streamfilter-3.0.0.tgz",
@@ -34890,9 +37187,9 @@
       }
     },
     "node_modules/sucrase": {
-      "version": "3.32.0",
-      "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.32.0.tgz",
-      "integrity": "sha512-ydQOU34rpSyj2TGyz4D2p8rbktIOZ8QY9s+DGLvFU1i5pWJE8vkpruCjGCMHsdXwnD7JDcS+noSwM/a7zyNFDQ==",
+      "version": "3.34.0",
+      "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.34.0.tgz",
+      "integrity": "sha512-70/LQEZ07TEcxiU2dz51FKaE6hCTWC6vr7FOk3Gr0U60C3shtAN+H+BFr9XlYe5xqf3RA8nrc+VIwzCfnxuXJw==",
       "dev": true,
       "dependencies": {
         "@jridgewell/gen-mapping": "^0.3.2",
@@ -35037,26 +37334,10 @@
       "integrity": "sha512-AsS729u2RHUfEra9xJrE39peJcc2stq2+poBXX8bcM08Y6g9j/i/PUzwNQqkaJde7Ntg1TO7bSREbR5sdosQ+g==",
       "dev": true
     },
-    "node_modules/synckit": {
-      "version": "0.8.5",
-      "resolved": "https://registry.npmjs.org/synckit/-/synckit-0.8.5.tgz",
-      "integrity": "sha512-L1dapNV6vu2s/4Sputv8xGsCdAVlb5nRDMFU/E27D44l5U6cw1g0dGd45uLc+OXjNMmF4ntiMdCimzcjFKQI8Q==",
-      "dev": true,
-      "dependencies": {
-        "@pkgr/utils": "^2.3.1",
-        "tslib": "^2.5.0"
-      },
-      "engines": {
-        "node": "^14.18.0 || >=16.0.0"
-      },
-      "funding": {
-        "url": "https://opencollective.com/unts"
-      }
-    },
     "node_modules/tailwindcss": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.2.tgz",
-      "integrity": "sha512-9jPkMiIBXvPc2KywkraqsUfbfj+dHDb+JPWtSJa9MLFdrPyazI7q6WX2sUrm7R9eVR7qqv3Pas7EvQFzxKnI6w==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.3.3.tgz",
+      "integrity": "sha512-A0KgSkef7eE4Mf+nKJ83i75TMyq8HqY3qmFIJSWy8bNt0v1lG7jUcpGpoTFxAwYcWOphcTBLPPJg+bDfhDf52w==",
       "dev": true,
       "dependencies": {
         "@alloc/quick-lru": "^5.2.0",
@@ -35079,7 +37360,6 @@
         "postcss-load-config": "^4.0.1",
         "postcss-nested": "^6.0.1",
         "postcss-selector-parser": "^6.0.11",
-        "postcss-value-parser": "^4.2.0",
         "resolve": "^1.22.2",
         "sucrase": "^3.32.0"
       },
@@ -35104,12 +37384,12 @@
       }
     },
     "node_modules/tailwindcss/node_modules/resolve": {
-      "version": "1.22.2",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.2.tgz",
-      "integrity": "sha512-Sb+mjNHOULsBv818T40qSPeRiuWLyaGMa5ewydRLFimneixmVy2zdivRl+AF6jaYPC8ERxGDmFSiqui6SfPd+g==",
+      "version": "1.22.4",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.4.tgz",
+      "integrity": "sha512-PXNdCiPqDqeUou+w1C2eTQbNfxKSuMxqTCuvlmmMsk1NWHL5fRrhY6Pl0qEYYc6+QqGClco1Qj8XnjPego4wfg==",
       "dev": true,
       "dependencies": {
-        "is-core-module": "^2.11.0",
+        "is-core-module": "^2.13.0",
         "path-parse": "^1.0.7",
         "supports-preserve-symlinks-flag": "^1.0.0"
       },
@@ -35664,33 +37944,21 @@
       "integrity": "sha512-AD5ih2NlSssTCwsMznbvwMZpJ1cbhkGd2uueNxzv2jDlEeZdU04JQfRnggJQ8DrcVBGjAsCKwFBbDlVNtEMlzw==",
       "dev": true
     },
-    "node_modules/titleize": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/titleize/-/titleize-3.0.0.tgz",
-      "integrity": "sha512-KxVu8EYHDPBdUYdKZdKtU2aj2XfEx9AfjXxE/Aj0vT06w2icA09Vus1rh6eSu1y01akYg6BjIK/hxyLJINoMLQ==",
-      "dev": true,
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/tldts": {
-      "version": "6.0.5",
-      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.0.5.tgz",
-      "integrity": "sha512-2JQhXcZbp8eh2Ka81yvu5WzBa7NPKhGhXHy+dz0grD7w3DjgK0CsryEwNjVs6i170VF4sZAkwP8pGb1q53wiiQ==",
+      "version": "6.0.14",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.0.14.tgz",
+      "integrity": "sha512-mYU7xwVGfiiC4lkWr4h3Q6U4kfAq3aWP1KsJZyRlVVeDQ3ZSBLmE20543dWSqI0U799PNzhpHObex5n60TeBGw==",
       "dependencies": {
-        "tldts-core": "^6.0.5"
+        "tldts-core": "^6.0.14"
       },
       "bin": {
         "tldts": "bin/cli.js"
       }
     },
     "node_modules/tldts-core": {
-      "version": "6.0.5",
-      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.0.5.tgz",
-      "integrity": "sha512-DBpylEmOYzU+x8oiJU6pULwr1WPIoW1YYXxf8K88N+mEtIB9QOSCsMj0KdARoJFS/rMDWRguB4dRKL0zqq6LWQ=="
+      "version": "6.0.14",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.0.14.tgz",
+      "integrity": "sha512-ESYhU/bgs6jiHlnl5h029f+0dB7EKRiTaxM/jHLZ6powScbmsgsrFcFjmyrjDgCvI/BRY79TEBBClmqLNEPyjQ=="
     },
     "node_modules/tmp": {
       "version": "0.0.33",
@@ -35929,15 +38197,6 @@
         "tree-kill": "cli.js"
       }
     },
-    "node_modules/treeify": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/treeify/-/treeify-1.1.0.tgz",
-      "integrity": "sha512-1m4RA7xVAJrSGrrXGs0L3YTwyvBs2S8PbRHaLZAkFw7JR8oIFwYtysxlBZhYIa7xSyiYJKZ3iGrrk55cGA3i9A==",
-      "dev": true,
-      "engines": {
-        "node": ">=0.6"
-      }
-    },
     "node_modules/trough": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/trough/-/trough-2.1.0.tgz",
@@ -35982,9 +38241,9 @@
       "dev": true
     },
     "node_modules/ts-jest": {
-      "version": "29.1.0",
-      "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.0.tgz",
-      "integrity": "sha512-ZhNr7Z4PcYa+JjMl62ir+zPiNJfXJN6E8hSLnaUKhOgqcn8vb3e537cpkd0FuAfRK3sR1LSqM1MOhliXNgOFPA==",
+      "version": "29.1.1",
+      "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.1.tgz",
+      "integrity": "sha512-D6xjnnbP17cC85nliwGiL+tpoKN0StpgE0TeOjXQTU6MVCfsB4v7aW05CgQ/1OywGb0x/oy9hHFnN+sczTiRaA==",
       "dev": true,
       "dependencies": {
         "bs-logger": "0.x",
@@ -35993,7 +38252,7 @@
         "json5": "^2.2.3",
         "lodash.memoize": "4.x",
         "make-error": "1.x",
-        "semver": "7.x",
+        "semver": "^7.5.3",
         "yargs-parser": "^21.0.1"
       },
       "bin": {
@@ -36024,10 +38283,43 @@
         }
       }
     },
+    "node_modules/ts-jest/node_modules/lru-cache": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
+      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
+      "dev": true,
+      "dependencies": {
+        "yallist": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/ts-jest/node_modules/semver": {
+      "version": "7.5.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
+      "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
+      "dev": true,
+      "dependencies": {
+        "lru-cache": "^6.0.0"
+      },
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/ts-jest/node_modules/yallist": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
+      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==",
+      "dev": true
+    },
     "node_modules/ts-loader": {
-      "version": "9.4.3",
-      "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.4.3.tgz",
-      "integrity": "sha512-n3hBnm6ozJYzwiwt5YRiJZkzktftRpMiBApHaJPoWLA+qetQBAXkHqCLM6nwSdRDimqVtA5ocIkcTRLMTt7yzA==",
+      "version": "9.4.4",
+      "resolved": "https://registry.npmjs.org/ts-loader/-/ts-loader-9.4.4.tgz",
+      "integrity": "sha512-MLukxDHBl8OJ5Dk3y69IsKVFRA/6MwzEqBgh+OXMPB/OD01KQuWPFd1WAQP8a5PeSCAxfnkhiuWqfmFJzJQt9w==",
       "dev": true,
       "dependencies": {
         "chalk": "^4.1.0",
@@ -36066,9 +38358,9 @@
       }
     },
     "node_modules/tsconfig-paths-webpack-plugin": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/tsconfig-paths-webpack-plugin/-/tsconfig-paths-webpack-plugin-4.0.1.tgz",
-      "integrity": "sha512-m5//KzLoKmqu2MVix+dgLKq70MnFi8YL8sdzQZ6DblmCdfuq/y3OqvJd5vMndg2KEVCOeNz8Es4WVZhYInteLw==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/tsconfig-paths-webpack-plugin/-/tsconfig-paths-webpack-plugin-4.1.0.tgz",
+      "integrity": "sha512-xWFISjviPydmtmgeUAuXp4N1fky+VCtfhOkDUFIv5ea7p4wuTomI4QTrXvFBX2S4jZsmyTSrStQl+E+4w+RzxA==",
       "dev": true,
       "dependencies": {
         "chalk": "^4.1.0",
@@ -36250,15 +38542,6 @@
         "encoding": "^0.1.13"
       }
     },
-    "node_modules/tunnel": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
-      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
-      "dev": true,
-      "engines": {
-        "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
-      }
-    },
     "node_modules/tunnel-agent": {
       "version": "0.6.0",
       "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
@@ -36823,13 +39106,13 @@
       "dev": true
     },
     "node_modules/url": {
-      "version": "0.11.0",
-      "resolved": "https://registry.npmjs.org/url/-/url-0.11.0.tgz",
-      "integrity": "sha512-kbailJa29QrtXnxgq+DdCEGlbTeYM2eJUxsz6vjZavrCYPMIFHMKQmSKYAIuUK2i7hgPm28a8piX5NTUtM/LKQ==",
+      "version": "0.11.1",
+      "resolved": "https://registry.npmjs.org/url/-/url-0.11.1.tgz",
+      "integrity": "sha512-rWS3H04/+mzzJkv0eZ7vEDGiQbgquI1fGfOad6zKvgYQi1SzMmhl7c/DdRGxhaWrVH6z0qWITo8rpnxK/RfEhA==",
       "dev": true,
       "dependencies": {
-        "punycode": "1.3.2",
-        "querystring": "0.2.0"
+        "punycode": "^1.4.1",
+        "qs": "^6.11.0"
       }
     },
     "node_modules/url-parse": {
@@ -36842,9 +39125,9 @@
       }
     },
     "node_modules/url/node_modules/punycode": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz",
-      "integrity": "sha512-RofWgt/7fL5wP1Y7fxE7/EmTLzQVnB0ycyibJ0OOHIlJqTNzglYFxVwETOcIoJqJmpDXJ9xImDv+Fq34F/d4Dw==",
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz",
+      "integrity": "sha512-jmYNElW7yvO7TV33CjSmvSiE2yco3bV2czu/OzDKdMNVZQWfxCblURLhf+47syQRBntjfLdd/H0egrzIG+oaFQ==",
       "dev": true
     },
     "node_modules/use": {
@@ -37298,9 +39581,9 @@
       }
     },
     "node_modules/webpack": {
-      "version": "5.85.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.85.0.tgz",
-      "integrity": "sha512-7gazTiYqwo5OSqwH1tigLDL2r3qDeP2dOKYgd+LlXpsUMqDTklg6tOghexqky0/+6QY38kb/R/uRPUleuL43zg==",
+      "version": "5.88.2",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.88.2.tgz",
+      "integrity": "sha512-JmcgNZ1iKj+aiR0OvTYtWQqJwq37Pf683dY9bVORwVbUrDhLhdn/PlO2sHsFHPkj7sHNQF3JwaAkp49V+Sq1tQ==",
       "dev": true,
       "dependencies": {
         "@types/eslint-scope": "^3.7.3",
@@ -37312,7 +39595,7 @@
         "acorn-import-assertions": "^1.9.0",
         "browserslist": "^4.14.5",
         "chrome-trace-event": "^1.0.2",
-        "enhanced-resolve": "^5.14.1",
+        "enhanced-resolve": "^5.15.0",
         "es-module-lexer": "^1.2.1",
         "eslint-scope": "5.1.1",
         "events": "^3.2.0",
@@ -37322,7 +39605,7 @@
         "loader-runner": "^4.2.0",
         "mime-types": "^2.1.27",
         "neo-async": "^2.6.2",
-        "schema-utils": "^3.1.2",
+        "schema-utils": "^3.2.0",
         "tapable": "^2.1.1",
         "terser-webpack-plugin": "^5.3.7",
         "watchpack": "^2.4.0",
@@ -37345,9 +39628,9 @@
       }
     },
     "node_modules/webpack-cli": {
-      "version": "5.1.3",
-      "resolved": "https://registry.npmjs.org/webpack-cli/-/webpack-cli-5.1.3.tgz",
-      "integrity": "sha512-MTuk7NUMvEHQUSXCpvUrF1q2p0FJS40dPFfqQvG3jTWcgv/8plBNz2Kv2HXZiLGPnfmSAA5uCtCILO1JBmmkfw==",
+      "version": "5.1.4",
+      "resolved": "https://registry.npmjs.org/webpack-cli/-/webpack-cli-5.1.4.tgz",
+      "integrity": "sha512-pIDJHIEI9LR0yxHXQ+Qh95k2EvXpWzZ5l+d+jIo+RdSm9MiHfzazIxwwni/p7+x4eJZuvG1AJwgC4TNQ7NRgsg==",
       "dev": true,
       "dependencies": {
         "@discoveryjs/json-ext": "^0.5.0",
@@ -37443,9 +39726,9 @@
       }
     },
     "node_modules/webpack-dev-server": {
-      "version": "4.15.0",
-      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.0.tgz",
-      "integrity": "sha512-HmNB5QeSl1KpulTBQ8UT4FPrByYyaLxpJoQ0+s7EvUrMc16m0ZS1sgb1XGqzmgCPk0c9y+aaXxn11tbLzuM7NQ==",
+      "version": "4.15.1",
+      "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.1.tgz",
+      "integrity": "sha512-5hbAst3h3C3L8w6W4P96L5vaV0PxSmJhxZvWKYIdgxOQm8pNZ5dEOmmSLBVpP85ReeyRt6AS1QJNyo/oFFPeVA==",
       "dev": true,
       "dependencies": {
         "@types/bonjour": "^3.5.9",
@@ -37454,7 +39737,7 @@
         "@types/serve-index": "^1.9.1",
         "@types/serve-static": "^1.13.10",
         "@types/sockjs": "^0.3.33",
-        "@types/ws": "^8.5.1",
+        "@types/ws": "^8.5.5",
         "ansi-html-community": "^0.0.8",
         "bonjour-service": "^1.0.11",
         "chokidar": "^3.5.3",
@@ -37501,6 +39784,15 @@
         }
       }
     },
+    "node_modules/webpack-dev-server/node_modules/@types/ws": {
+      "version": "8.5.5",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.5.5.tgz",
+      "integrity": "sha512-lwhs8hktwxSjf9UaZ9tG5M03PGogvFaH8gUgLNbN9HKIg0dvv6q+gkSuJ8HN4/VbyxkuLzCjlN7GquQ0gUJfIg==",
+      "dev": true,
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/webpack-dev-server/node_modules/glob": {
       "version": "7.2.3",
       "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
@@ -37522,9 +39814,9 @@
       }
     },
     "node_modules/webpack-dev-server/node_modules/ipaddr.js": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.0.1.tgz",
-      "integrity": "sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.1.0.tgz",
+      "integrity": "sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==",
       "dev": true,
       "engines": {
         "node": ">= 10"
@@ -37683,6 +39975,19 @@
         "ajv": "^6.9.1"
       }
     },
+    "node_modules/webpack/node_modules/enhanced-resolve": {
+      "version": "5.15.0",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.15.0.tgz",
+      "integrity": "sha512-LXYT42KJ7lpIKECr2mAXIaMldcNCh/7E0KBKOu4KSfkHmP+mZmSs+8V5gBAqisWBy0OO4W5Oyys0GO1Y8KtdKg==",
+      "dev": true,
+      "dependencies": {
+        "graceful-fs": "^4.2.4",
+        "tapable": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=10.13.0"
+      }
+    },
     "node_modules/webpack/node_modules/eslint-scope": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
@@ -37712,9 +40017,9 @@
       "dev": true
     },
     "node_modules/webpack/node_modules/schema-utils": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.1.2.tgz",
-      "integrity": "sha512-pvjEHOgWc9OWA/f/DE3ohBWTD6EleVLf7iFUkoSwAxttdBhB9QUebQgxER2kWueOvRJXPHNnyrvvh9eZINB8Eg==",
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz",
+      "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==",
       "dev": true,
       "dependencies": {
         "@types/json-schema": "^7.0.8",
@@ -37950,6 +40255,7 @@
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
       "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dev": true,
       "dependencies": {
         "ansi-styles": "^4.0.0",
         "string-width": "^4.1.0",
diff --git a/package.json b/package.json
index e7c4e59286d..db080801815 100644
--- a/package.json
+++ b/package.json
@@ -34,56 +34,56 @@
     "libs/*"
   ],
   "devDependencies": {
-    "@angular-devkit/build-angular": "15.2.8",
+    "@angular-devkit/build-angular": "15.2.9",
     "@angular-eslint/eslint-plugin": "15.2.1",
     "@angular-eslint/eslint-plugin-template": "15.2.1",
     "@angular-eslint/template-parser": "15.2.1",
-    "@angular/cli": "15.2.8",
+    "@angular/cli": "15.2.9",
     "@angular/compiler-cli": "15.2.9",
     "@angular/elements": "15.2.9",
     "@compodoc/compodoc": "1.1.21",
-    "@electron/notarize": "1.2.3",
+    "@electron/notarize": "1.2.4",
     "@electron/rebuild": "3.2.13",
     "@fluffy-spoon/substitute": "1.208.0",
-    "@ngtools/webpack": "15.2.8",
-    "@storybook/addon-a11y": "7.2.2",
-    "@storybook/addon-actions": "7.2.2",
+    "@ngtools/webpack": "15.2.9",
+    "@storybook/addon-a11y": "7.3.0",
+    "@storybook/addon-actions": "7.3.0",
     "@storybook/addon-designs": "7.0.4",
-    "@storybook/addon-essentials": "7.2.2",
-    "@storybook/addon-links": "7.2.2",
-    "@storybook/angular": "7.2.2",
+    "@storybook/addon-essentials": "7.3.0",
+    "@storybook/addon-links": "7.3.0",
+    "@storybook/angular": "7.3.0",
     "@types/argon2-browser": "1.18.1",
-    "@types/chrome": "0.0.237",
+    "@types/chrome": "0.0.243",
     "@types/duo_web_sdk": "2.7.1",
     "@types/firefox-webext-browser": "111.0.1",
     "@types/inquirer": "8.2.6",
-    "@types/jest": "29.5.2",
+    "@types/jest": "29.5.3",
     "@types/jquery": "3.5.16",
     "@types/jsdom": "21.1.1",
-    "@types/koa": "2.13.6",
+    "@types/koa": "2.13.8",
     "@types/koa__multer": "2.0.4",
     "@types/koa__router": "12.0.0",
     "@types/koa-bodyparser": "4.3.7",
     "@types/koa-json": "2.0.20",
     "@types/lowdb": "1.0.11",
     "@types/lunr": "2.3.4",
-    "@types/node": "18.16.16",
+    "@types/node": "18.17.5",
     "@types/node-fetch": "2.6.4",
-    "@types/node-forge": "1.3.2",
+    "@types/node-forge": "1.3.4",
     "@types/node-ipc": "9.2.0",
     "@types/papaparse": "5.3.7",
     "@types/proper-lockfile": "4.1.2",
-    "@types/react": "16.14.42",
+    "@types/react": "16.14.45",
     "@types/retry": "0.12.2",
     "@types/zxcvbn": "4.4.1",
-    "@typescript-eslint/eslint-plugin": "5.59.8",
-    "@typescript-eslint/parser": "5.59.8",
-    "autoprefixer": "10.4.14",
+    "@typescript-eslint/eslint-plugin": "5.62.0",
+    "@typescript-eslint/parser": "5.62.0",
+    "autoprefixer": "10.4.15",
     "base64-loader": "1.0.0",
     "buffer": "6.0.3",
-    "chromatic": "6.18.0",
+    "chromatic": "6.22.0",
     "clean-webpack-plugin": "4.0.0",
-    "concurrently": "8.1.0",
+    "concurrently": "8.2.0",
     "copy-webpack-plugin": "11.0.0",
     "cross-env": "7.0.3",
     "css-loader": "6.8.1",
@@ -94,33 +94,33 @@
     "electron-reload": "2.0.0-alpha.1",
     "electron-store": "8.1.0",
     "electron-updater": "5.3.0",
-    "eslint": "8.42.0",
-    "eslint-config-prettier": "8.8.0",
-    "eslint-import-resolver-typescript": "3.5.5",
-    "eslint-plugin-import": "2.27.5",
+    "eslint": "8.47.0",
+    "eslint-config-prettier": "8.10.0",
+    "eslint-import-resolver-typescript": "3.6.0",
+    "eslint-plugin-import": "2.28.0",
     "eslint-plugin-rxjs": "5.0.3",
     "eslint-plugin-rxjs-angular": "2.0.1",
     "eslint-plugin-storybook": "0.6.13",
-    "eslint-plugin-tailwindcss": "3.12.1",
+    "eslint-plugin-tailwindcss": "3.13.0",
     "gulp": "4.0.2",
     "gulp-filter": "7.0.0",
     "gulp-if": "3.0.0",
-    "gulp-json-editor": "2.5.6",
+    "gulp-json-editor": "2.5.7",
     "gulp-replace": "1.1.4",
     "gulp-zip": "5.1.0",
     "html-loader": "4.2.0",
     "html-webpack-injector": "1.1.4",
-    "html-webpack-plugin": "5.5.1",
+    "html-webpack-plugin": "5.5.3",
     "husky": "8.0.3",
     "jest-junit": "16.0.0",
-    "jest-mock-extended": "3.0.4",
+    "jest-mock-extended": "3.0.5",
     "jest-preset-angular": "13.1.1",
-    "lint-staged": "13.2.2",
+    "lint-staged": "13.3.0",
     "mini-css-extract-plugin": "2.7.6",
     "node-ipc": "9.2.1",
     "pkg": "5.8.1",
-    "postcss": "8.4.24",
-    "postcss-loader": "7.3.2",
+    "postcss": "8.4.27",
+    "postcss-loader": "7.3.3",
     "prettier": "2.8.8",
     "prettier-plugin-tailwindcss": "0.3.0",
     "process": "0.11.10",
@@ -129,22 +129,22 @@
     "regedit": "^3.0.3",
     "remark-gfm": "3.0.1",
     "rimraf": "5.0.1",
-    "sass": "1.62.1",
-    "sass-loader": "13.3.1",
-    "storybook": "7.2.2",
+    "sass": "1.65.1",
+    "sass-loader": "13.3.2",
+    "storybook": "7.3.0",
     "style-loader": "3.3.3",
-    "tailwindcss": "3.3.2",
-    "ts-jest": "29.1.0",
-    "ts-loader": "9.4.3",
-    "tsconfig-paths-webpack-plugin": "4.0.1",
+    "tailwindcss": "3.3.3",
+    "ts-jest": "29.1.1",
+    "ts-loader": "9.4.4",
+    "tsconfig-paths-webpack-plugin": "4.1.0",
     "type-fest": "2.19.0",
     "typescript": "4.9.5",
-    "url": "0.11.0",
+    "url": "0.11.1",
     "util": "0.12.5",
     "wait-on": "7.0.1",
-    "webpack": "5.85.0",
-    "webpack-cli": "5.1.3",
-    "webpack-dev-server": "4.15.0",
+    "webpack": "5.88.2",
+    "webpack-cli": "5.1.4",
+    "webpack-dev-server": "4.15.1",
     "webpack-node-externals": "3.0.0"
   },
   "dependencies": {
@@ -159,36 +159,36 @@
     "@angular/router": "15.2.9",
     "@koa/multer": "3.0.2",
     "@koa/router": "12.0.0",
-    "@microsoft/signalr": "6.0.16",
-    "@microsoft/signalr-protocol-msgpack": "6.0.16",
+    "@microsoft/signalr": "6.0.21",
+    "@microsoft/signalr-protocol-msgpack": "6.0.21",
     "@ng-select/ng-select": "10.0.4",
-    "argon2": "0.30.3",
+    "argon2": "0.31.0",
     "argon2-browser": "1.18.0",
     "big-integer": "1.6.51",
     "bootstrap": "4.6.0",
-    "braintree-web-drop-in": "1.38.0",
+    "braintree-web-drop-in": "1.40.0",
     "bufferutil": "4.0.7",
     "cbor-redux": "^0.4.0",
     "chalk": "4.1.2",
     "commander": "7.2.0",
-    "core-js": "3.30.2",
+    "core-js": "3.32.0",
     "date-input-polyfill": "2.14.0",
     "duo_web_sdk": "github:duosecurity/duo_web_sdk",
     "form-data": "4.0.0",
     "https-proxy-agent": "5.0.1",
-    "inquirer": "8.2.5",
+    "inquirer": "8.2.6",
     "jquery": "3.7.0",
     "jsdom": "22.1.0",
     "jszip": "3.10.1",
     "koa": "2.14.2",
-    "koa-bodyparser": "4.4.0",
+    "koa-bodyparser": "4.4.1",
     "koa-json": "2.0.2",
     "lowdb": "1.0.0",
     "lunr": "2.3.9",
     "multer": "1.4.5-lts.1",
     "ngx-infinite-scroll": "15.0.0",
     "ngx-toastr": "16.2.0",
-    "node-fetch": "2.6.11",
+    "node-fetch": "2.6.12",
     "node-forge": "1.3.1",
     "nord": "0.2.1",
     "open": "8.4.2",
@@ -199,7 +199,7 @@
     "qrious": "4.0.2",
     "rxjs": "7.8.1",
     "sweetalert2": "10.16.11",
-    "tldts": "6.0.5",
+    "tldts": "6.0.14",
     "utf-8-validate": "5.0.10",
     "zone.js": "0.12.0",
     "zxcvbn": "4.4.2"
@@ -212,7 +212,7 @@
     "replacestream": "4.0.3"
   },
   "resolutions": {
-    "@types/react": "16.14.42"
+    "@types/react": "16.14.45"
   },
   "lint-staged": {
     "*": "prettier --cache --ignore-unknown --write",
diff --git a/tailwind.config.js b/tailwind.config.js
index 4011729cf5a..f5770840dda 100644
--- a/tailwind.config.js
+++ b/tailwind.config.js
@@ -4,6 +4,7 @@ const config = require("./libs/components/tailwind.config.base");
 config.content = [
   "./libs/components/src/**/*.{html,ts,mdx}",
   "./libs/auth/src/**/*.{html,ts,mdx}",
+  "./libs/vault/src/**/*.{html,ts,mdx}",
   "./apps/web/src/**/*.{html,ts,mdx}",
   "./bitwarden_license/bit-web/src/**/*.{html,ts,mdx}",
   "./.storybook/preview.js",
diff --git a/tsconfig.eslint.json b/tsconfig.eslint.json
index 33037c385e2..1a435e93c37 100644
--- a/tsconfig.eslint.json
+++ b/tsconfig.eslint.json
@@ -20,7 +20,8 @@
       "@bitwarden/common/*": ["./libs/common/src/*"],
       "@bitwarden/components": ["./libs/components/src"],
       "@bitwarden/exporter/*": ["./libs/exporter/src/*"],
-      "@bitwarden/node/*": ["./libs/node/src/*"]
+      "@bitwarden/node/*": ["./libs/node/src/*"],
+      "@bitwarden/vault": ["./libs/vault/src"]
     },
     "plugins": [
       {
diff --git a/tsconfig.json b/tsconfig.json
index 41d92039705..d6e4db99f57 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -22,7 +22,8 @@
       "@bitwarden/exporter/*": ["./libs/exporter/src/*"],
       "@bitwarden/importer": ["./libs/importer/src"],
       "@bitwarden/node/*": ["./libs/node/src/*"],
-      "@bitwarden/web-vault/*": ["./apps/web/src/*"]
+      "@bitwarden/web-vault/*": ["./apps/web/src/*"],
+      "@bitwarden/vault": ["./libs/vault/src"]
     },
     "plugins": [
       {