diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 9502a9c404d..7d7fec2a5ea 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -134,9 +134,12 @@ libs/common/src/autofill @bitwarden/team-autofill-dev
 apps/desktop/macos/autofill-extension @bitwarden/team-autofill-dev
 apps/desktop/src/app/components/fido2placeholder.component.ts @bitwarden/team-autofill-dev
 apps/desktop/desktop_native/windows_plugin_authenticator @bitwarden/team-autofill-dev
+apps/desktop/desktop_native/autotype @bitwarden/team-autofill-dev
 # DuckDuckGo integration
 apps/desktop/native-messaging-test-runner @bitwarden/team-autofill-dev
 apps/desktop/src/services/duckduckgo-message-handler.service.ts @bitwarden/team-autofill-dev
+apps/desktop/src/services/encrypted-message-handler.service.ts @bitwarden/team-autofill-dev
+.github/workflows/alert-ddg-files-modified.yml @bitwarden/team-autofill-dev
 # SSH Agent
 apps/desktop/desktop_native/core/src/ssh_agent @bitwarden/team-autofill-dev @bitwarden/wg-ssh-keys
 
diff --git a/.github/workflows/alert-ddg-files-modified.yml b/.github/workflows/alert-ddg-files-modified.yml
new file mode 100644
index 00000000000..61bb7f1e8af
--- /dev/null
+++ b/.github/workflows/alert-ddg-files-modified.yml
@@ -0,0 +1,50 @@
+name: DDG File Change Monitor
+
+on:
+  pull_request:
+    branches: [ main ]
+    types: [ opened, synchronize ]
+
+jobs:
+  check-files:
+    name: Check files
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      with:
+        fetch-depth: 0
+
+    - name: Get changed files
+      id: changed-files
+      uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+      with:
+        list-files: shell
+        filters: |
+          monitored:
+            - 'apps/desktop/native-messaging-test-runner/**'
+            - 'apps/desktop/src/services/duckduckgo-message-handler.service.ts'
+            - 'apps/desktop/src/services/encrypted-message-handler.service.ts'
+
+    - name: Comment on PR if monitored files changed
+      if: steps.changed-files.outputs.monitored == 'true'
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      with:
+        script: |
+          const changedFiles = `${{ steps.changed-files.outputs.monitored_files }}`.split(' ').filter(file => file.trim() !== '');
+
+          const message = `⚠️🦆 **DuckDuckGo Integration files have been modified in this PR:**
+          
+          ${changedFiles.map(file => `- \`${file}\``).join('\n')}
+          
+          Please run the DuckDuckGo native messaging test runner from this branch using [these instructions](https://contributing.bitwarden.com/getting-started/clients/desktop/native-messaging-test-runner) and ensure it functions properly.`;
+          
+          github.rest.issues.createComment({
+            issue_number: context.issue.number,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+            body: message
+          });
diff --git a/.github/workflows/build-browser-target.yml b/.github/workflows/build-browser-target.yml
index a2ae48d419b..ef3beef4b8b 100644
--- a/.github/workflows/build-browser-target.yml
+++ b/.github/workflows/build-browser-target.yml
@@ -28,6 +28,8 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
 
   run-workflow:
     name: Build Browser
@@ -35,4 +37,7 @@ jobs:
     if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
     uses: ./.github/workflows/build-browser.yml
     secrets: inherit
+    permissions:
+      contents: read
+      id-token: write
 
diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml
index 40b03d9e753..bd7d70e8543 100644
--- a/.github/workflows/build-browser.yml
+++ b/.github/workflows/build-browser.yml
@@ -41,7 +41,8 @@ defaults:
   run:
     shell: bash
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   setup:
@@ -77,10 +78,8 @@ jobs:
 
       - name: Check secrets
         id: check-secrets
-        env:
-          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
         run: |
-          has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }}
+          has_secrets=${{ secrets.AZURE_CLIENT_ID != '' }}
           echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
 
 
@@ -302,6 +301,9 @@ jobs:
   build-safari:
     name: Build Safari
     runs-on: macos-13
+    permissions:
+      contents: read
+      id-token: write
     needs:
       - setup
       - locales-test
@@ -327,10 +329,19 @@ jobs:
           node --version
           npm --version
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-clients
+          secrets: "KEYCHAIN-PASSWORD"
 
       - name: Download Provisioning Profiles secrets
         env:
@@ -366,9 +377,12 @@ jobs:
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
             jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Set up keychain
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
@@ -440,6 +454,10 @@ jobs:
     name: Crowdin Push
     if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
     runs-on: ubuntu-22.04
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
     needs:
       - build
       - build-safari
@@ -449,10 +467,12 @@ jobs:
         with:
           ref: ${{  github.event.pull_request.head.sha }}
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -461,6 +481,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "crowdin-api-token"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Upload Sources
         uses: crowdin/github-action@f214c8723025f41fc55b2ad26e67b60b80b1885d # v2.7.1
         env:
@@ -478,6 +501,9 @@ jobs:
     name: Check for failures
     if: always()
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      id-token: write
     needs:
       - setup
       - locales-test
@@ -493,11 +519,13 @@ jobs:
           && contains(needs.*.result, 'failure')
         run: exit 1
 
-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
         if: failure()
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -507,6 +535,10 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "devops-alerts-slack-webhook-url"
 
+      - name: Log out from Azure
+        if: failure()
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Notify Slack on failure
         uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
         if: failure()
diff --git a/.github/workflows/build-cli-target.yml b/.github/workflows/build-cli-target.yml
index 6b493d4e6d9..54865ddaddd 100644
--- a/.github/workflows/build-cli-target.yml
+++ b/.github/workflows/build-cli-target.yml
@@ -28,6 +28,8 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
 
   run-workflow:
     name: Build CLI
@@ -35,4 +37,7 @@ jobs:
     if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
     uses: ./.github/workflows/build-cli.yml
     secrets: inherit
+    permissions:
+      contents: read
+      id-token: write
 
diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml
index ac314a4c33a..b31b22b926e 100644
--- a/.github/workflows/build-cli.yml
+++ b/.github/workflows/build-cli.yml
@@ -78,10 +78,8 @@ jobs:
 
       - name: Check secrets
         id: check-secrets
-        env:
-          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
         run: |
-          has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }}
+          has_secrets=${{ secrets.AZURE_CLIENT_ID != '' }}
           echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
 
 
@@ -108,6 +106,10 @@ jobs:
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
       _WIN_PKG_FETCH_VERSION: 20.11.1
       _WIN_PKG_VERSION: 3.5
+    permissions:
+      contents: read
+      id-token: write
+
     steps:
       - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -156,9 +158,11 @@ jobs:
 
       - name: Login to Azure
         if: ${{ matrix.os.base == 'mac' && needs.setup.outputs.has_secrets == 'true' }}
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Get certificates
         if: ${{ matrix.os.base == 'mac' && needs.setup.outputs.has_secrets == 'true' }}
@@ -168,10 +172,21 @@ jobs:
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
             jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
 
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        if: ${{ matrix.os.base == 'mac' && needs.setup.outputs.has_secrets == 'true' }}
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-clients
+          secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Set up keychain
         if: ${{ matrix.os.base == 'mac' && needs.setup.outputs.has_secrets == 'true' }}
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
@@ -199,13 +214,13 @@ jobs:
         run: |
           mkdir ~/private_keys
           cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
-          ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
+          ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
           EOF
 
       - name: Notarize app
         if: ${{ matrix.os.base == 'mac' && needs.setup.outputs.has_secrets == 'true' }}
         env:
-          APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
           APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
           APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
         run: |
@@ -261,6 +276,9 @@ jobs:
             { build_prefix: "bit", artifact_prefix: "", readable: "commercial license" }
           ]
     runs-on: windows-2022
+    permissions:
+      contents: read
+      id-token: write
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
@@ -344,11 +362,13 @@ jobs:
           ResourceHacker -open version-info.rc -save version-info.res -action compile
           ResourceHacker -open %WIN_PKG_BUILT% -save %WIN_PKG_BUILT% -action addoverwrite -resource version-info.res
 
-      - name: Login to Azure
+      - name: Log in to Azure
         if: ${{ needs.setup.outputs.has_secrets == 'true' }}
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -362,6 +382,10 @@ jobs:
             code-signing-client-secret,
             code-signing-cert-name"
 
+      - name: Log out from Azure
+        if: ${{ needs.setup.outputs.has_secrets == 'true' }}
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Install
         run: npm ci
         working-directory: ./
@@ -520,6 +544,9 @@ jobs:
     name: Check for failures
     if: always()
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      id-token: write
     needs:
       - setup
       - cli
@@ -534,11 +561,13 @@ jobs:
           && contains(needs.*.result, 'failure')
         run: exit 1
 
-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
         if: failure()
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -548,6 +577,10 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "devops-alerts-slack-webhook-url"
 
+      - name: Log out from Azure
+        if: failure()
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Notify Slack on failure
         uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
         if: failure()
diff --git a/.github/workflows/build-desktop-target.yml b/.github/workflows/build-desktop-target.yml
index fa21b3fe5d9..31ac819a3e6 100644
--- a/.github/workflows/build-desktop-target.yml
+++ b/.github/workflows/build-desktop-target.yml
@@ -28,6 +28,8 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
 
   run-workflow:
     name: Build Desktop
@@ -35,4 +37,7 @@ jobs:
     if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
     uses: ./.github/workflows/build-desktop.yml
     secrets: inherit
+    permissions:
+      contents: read
+      id-token: write
 
diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index a022fe7fd0f..366d439fb45 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -147,10 +147,8 @@ jobs:
 
       - name: Check secrets
         id: check-secrets
-        env:
-          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
         run: |
-          has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }}
+          has_secrets=${{ secrets.AZURE_CLIENT_ID != '' }}
           echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
 
   linux:
@@ -404,6 +402,9 @@ jobs:
     runs-on: windows-2022
     needs:
       - setup
+    permissions:
+        contents: read
+        id-token: write
     defaults:
       run:
         shell: pwsh
@@ -438,11 +439,13 @@ jobs:
           choco --version
           rustup show
 
-      - name: Login to Azure
+      - name: Log in to Azure
         if: ${{ needs.setup.outputs.has_secrets == 'true' }}
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -456,6 +459,10 @@ jobs:
             code-signing-client-secret,
             code-signing-cert-name"
 
+      - name: Log out from Azure
+        if: ${{ needs.setup.outputs.has_secrets == 'true' }}
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Install Node dependencies
         run: npm ci
         working-directory: ./
@@ -655,6 +662,9 @@ jobs:
     runs-on: macos-13
     needs:
       - setup
+    permissions:
+        contents: read
+        id-token: write
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
@@ -700,11 +710,21 @@ jobs:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
 
-      - name: Login to Azure
+      - name: Log in to Azure
         if: ${{ needs.setup.outputs.has_secrets == 'true' }}
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        if: ${{ needs.setup.outputs.has_secrets == 'true' }}
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-clients
+          secrets: "KEYCHAIN-PASSWORD"
 
       - name: Download Provisioning Profiles secrets
         if: ${{ needs.setup.outputs.has_secrets == 'true' }}
@@ -747,10 +767,14 @@ jobs:
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
             jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
 
+      - name: Log out from Azure
+        if: ${{ needs.setup.outputs.has_secrets == 'true' }}
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Set up keychain
         if: ${{ needs.setup.outputs.has_secrets == 'true' }}
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
@@ -850,6 +874,10 @@ jobs:
     if: ${{ needs.setup.outputs.has_secrets == 'true' }}
     uses: ./.github/workflows/build-browser.yml
     secrets: inherit
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
 
 
   macos-package-github:
@@ -860,6 +888,9 @@ jobs:
       - browser-build
       - macos-build
       - setup
+    permissions:
+        contents: read
+        id-token: write
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
@@ -905,10 +936,19 @@ jobs:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-clients
+          secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
 
       - name: Download Provisioning Profiles secrets
         env:
@@ -949,9 +989,12 @@ jobs:
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
             jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Set up keychain
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
@@ -1055,12 +1098,12 @@ jobs:
         run: |
           mkdir ~/private_keys
           cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
-          ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
+          ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
           EOF
 
       - name: Build application (dist)
         env:
-          APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
           APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
           APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
           CSC_FOR_PULL_REQUEST: true
@@ -1103,6 +1146,9 @@ jobs:
       - browser-build
       - macos-build
       - setup
+    permissions:
+        contents: read
+        id-token: write
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
@@ -1148,10 +1194,19 @@ jobs:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-clients
+          secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
 
       - name: Retrieve Slack secret
         id: retrieve-slack-secret
@@ -1199,9 +1254,12 @@ jobs:
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
             jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Set up keychain
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
@@ -1305,12 +1363,12 @@ jobs:
         run: |
           mkdir ~/private_keys
           cat << EOF > ~/private_keys/AuthKey_6TV9MKN3GP.p8
-          ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
+          ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
           EOF
 
       - name: Build application for App Store
         env:
-          APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
           APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
           APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_6TV9MKN3GP.p8
           CSC_FOR_PULL_REQUEST: true
@@ -1334,7 +1392,7 @@ jobs:
 
           cat << EOF > ~/secrets/appstoreconnect-fastlane.json
           {
-            "issuer_id": "${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}",
+            "issuer_id": "${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}",
             "key_id": "6TV9MKN3GP",
             "key": "$KEY_WITHOUT_NEWLINES"
           }
@@ -1346,7 +1404,7 @@ jobs:
           github.event_name != 'pull_request_target'
           && (inputs.testflight_distribute || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop')
         env:
-          APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
           APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP
           BRANCH: ${{ github.ref }}
         run: |
@@ -1396,6 +1454,10 @@ jobs:
       - windows
       - macos-package-github
       - macos-package-mas
+    permissions:
+        contents: write
+        pull-requests: write
+        id-token: write
     runs-on: ubuntu-22.04
     steps:
       - name: Check out repo
@@ -1403,10 +1465,12 @@ jobs:
         with:
           ref: ${{  github.event.pull_request.head.sha }}
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -1415,6 +1479,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "crowdin-api-token"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Upload Sources
         uses: crowdin/github-action@f214c8723025f41fc55b2ad26e67b60b80b1885d # v2.7.1
         env:
@@ -1442,6 +1509,9 @@ jobs:
       - macos-package-github
       - macos-package-mas
       - crowdin-push
+    permissions:
+        contents: read
+        id-token: write
     steps:
       - name: Check if any job failed
         if: |
@@ -1450,11 +1520,13 @@ jobs:
           && contains(needs.*.result, 'failure')
         run: exit 1
 
-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
         if: failure()
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -1464,6 +1536,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "devops-alerts-slack-webhook-url"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Notify Slack on failure
         uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
         if: failure()
@@ -1471,3 +1546,4 @@ jobs:
           SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
         with:
           status: ${{ job.status }}
+
diff --git a/.github/workflows/build-web-target.yml b/.github/workflows/build-web-target.yml
index ca10e6d46f2..b1055885400 100644
--- a/.github/workflows/build-web-target.yml
+++ b/.github/workflows/build-web-target.yml
@@ -27,6 +27,8 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
 
   run-workflow:
     name: Build Web
@@ -34,4 +36,8 @@ jobs:
     if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
     uses: ./.github/workflows/build-web.yml
     secrets: inherit
+    permissions:
+      contents: read
+      id-token: write
+      security-events: write
 
diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index 745376b46d8..b4163d161cf 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -51,7 +51,8 @@ env:
   _AZ_REGISTRY: bitwardenprod.azurecr.io
   _GITHUB_PR_REPO_NAME: ${{ github.event.pull_request.head.repo.full_name }}
 
-permissions: {}
+permissions:
+  contents: read
 
 jobs:
   setup:
@@ -80,10 +81,8 @@ jobs:
 
       - name: Check secrets
         id: check-secrets
-        env:
-          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
         run: |
-          has_secrets=${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL != '' }}
+          has_secrets=${{ secrets.AZURE_CLIENT_ID != '' }}
           echo "has_secrets=$has_secrets" >> $GITHUB_OUTPUT
 
 
@@ -204,11 +203,13 @@ jobs:
         uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
 
       ########## ACRs ##########
-      - name: Login to Prod Azure
+      - name: Log in to Azure
         if: ${{ needs.setup.outputs.has_secrets == 'true' }}
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Log into Prod container registry
         if: ${{ needs.setup.outputs.has_secrets == 'true' }}
@@ -328,11 +329,19 @@ jobs:
       - name: Log out of Docker
         run: docker logout $_AZ_REGISTRY
 
+      - name: Log out from Azure
+        if: ${{ needs.setup.outputs.has_secrets == 'true' }}
+        uses: bitwarden/gh-actions/azure-logout@main
+
 
   crowdin-push:
     name: Crowdin Push
     if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
     needs: build-containers
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
     runs-on: ubuntu-24.04
     steps:
       - name: Check out repo
@@ -340,10 +349,12 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -352,6 +363,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "crowdin-api-token"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Upload Sources
         uses: crowdin/github-action@f214c8723025f41fc55b2ad26e67b60b80b1885d # v2.7.1
         env:
@@ -370,11 +384,15 @@ jobs:
     if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/main'
     runs-on: ubuntu-24.04
     needs: build-containers
+    permissions:
+      id-token: write
     steps:
-      - name: Login to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve github PAT secrets
         id: retrieve-secret-pat
@@ -383,6 +401,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Trigger web vault deploy using GitHub Run ID
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
@@ -409,6 +430,8 @@ jobs:
       - build-containers
       - crowdin-push
       - trigger-web-vault-deploy
+    permissions:
+      id-token: write
     steps:
       - name: Check if any job failed
         if: |
@@ -417,11 +440,13 @@ jobs:
           && contains(needs.*.result, 'failure')
         run: exit 1
 
-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         if: failure()
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -431,6 +456,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "devops-alerts-slack-webhook-url"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Notify Slack on failure
         uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
         if: failure()
diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml
index 78733bc5a8b..4ee39305f84 100644
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@@ -15,6 +15,8 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
 
   chromatic:
     name: Chromatic
@@ -23,6 +25,7 @@ jobs:
     permissions:
       contents: read
       pull-requests: write
+      id-token: write
 
     steps:
       - name: Check out repo
@@ -30,13 +33,13 @@ jobs:
         with:
           ref: ${{  github.event.pull_request.head.sha }}
           fetch-depth: 0
-        
+
       - name: Get changed files
         id: get-changed-files-for-chromatic
         uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
         with:
           filters: |
-            storyFiles: 
+            storyFiles:
               - "apps/!(cli)/**"
               - "bitwarden_license/bit-web/src/app/**"
               - "libs/!(eslint)/**"
@@ -74,11 +77,28 @@ jobs:
         if: steps.get-changed-files-for-chromatic.outputs.storyFiles == 'true'
         run: npm run build-storybook:ci
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-clients
+          secrets: "CHROMATIC-PROJECT-TOKEN"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Publish to Chromatic
         uses: chromaui/action@e8cc4c31775280b175a3c440076c00d19a9014d7 # v11.28.2
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-          projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
+          projectToken: ${{ steps.get-kv-secrets.outputs.CHROMATIC-PROJECT-TOKEN }}
           storybookBuildDir: ./storybook-static
           exitOnceUploaded: true
           onlyChanged: true
diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml
index 2fc035ec038..0b891203855 100644
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@@ -10,6 +10,9 @@ jobs:
   crowdin-sync:
     name: Autosync
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      id-token: write
     strategy:
       fail-fast: false
       matrix:
@@ -21,22 +24,19 @@ jobs:
           - app_name: web
             crowdin_project_id: "308189"
     steps:
-      - name: Generate GH App token
-        uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
-        id: app-token
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
-      - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
-          token: ${{ steps.app-token.outputs.token }}
-
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -45,6 +45,21 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
+        id: app-token
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+
+      - name: Checkout repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+
       - name: Download translations
         uses: bitwarden/gh-actions/crowdin@main
         env:
diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml
index 1cde8dd636a..e21f7ae1e79 100644
--- a/.github/workflows/deploy-web.yml
+++ b/.github/workflows/deploy-web.yml
@@ -66,8 +66,9 @@ jobs:
       environment_url: ${{ steps.config.outputs.environment_url }}
       environment_name: ${{ steps.config.outputs.environment_name }}
       environment_artifact: ${{ steps.config.outputs.environment_artifact }}
-      azure_login_creds: ${{ steps.config.outputs.azure_login_creds }}
-      retrive_secrets_keyvault: ${{ steps.config.outputs.retrive_secrets_keyvault }}
+      azure_login_client_key_name: ${{ steps.config.outputs.azure_login_client_key_name }}
+      azure_login_subscription_id_key_name: ${{ steps.config.outputs.azure_login_subscription_id_key_name }}
+      retrieve_secrets_keyvault: ${{ steps.config.outputs.retrieve_secrets_keyvault }}
       sync_utility: ${{ steps.config.outputs.sync_utility }}
       sync_delete_destination_files: ${{ steps.config.outputs.sync_delete_destination_files }}
       slack_channel_name: ${{ steps.config.outputs.slack_channel_name }}
@@ -81,40 +82,45 @@ jobs:
 
           case ${{ inputs.environment }} in
             "USQA")
-              echo "azure_login_creds=AZURE_KV_US_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
-              echo "retrive_secrets_keyvault=bw-webvault-rlktusqa-kv" >> $GITHUB_OUTPUT
+              echo "azure_login_client_key_name=AZURE_CLIENT_ID_USQA" >> $GITHUB_OUTPUT
+              echo "azure_login_subscription_id_key_name=AZURE_SUBSCRIPTION_ID_USQA" >> $GITHUB_OUTPUT
+              echo "retrieve_secrets_keyvault=bw-webvault-rlktusqa-kv" >> $GITHUB_OUTPUT
               echo "environment_artifact=web-*-cloud-QA.zip" >> $GITHUB_OUTPUT
               echo "environment_name=Web Vault - US QA Cloud" >> $GITHUB_OUTPUT
               echo "environment_url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
               echo "slack_channel_name=alerts-deploy-qa"  >> $GITHUB_OUTPUT
               ;;
             "EUQA")
-              echo "azure_login_creds=AZURE_KV_EU_QA_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
-              echo "retrive_secrets_keyvault=webvaulteu-westeurope-qa" >> $GITHUB_OUTPUT
+              echo "azure_login_client_key_name=AZURE_CLIENT_ID_EUQA" >> $GITHUB_OUTPUT
+              echo "azure_login_subscription_id_key_name=AZURE_SUBSCRIPTION_ID_EUQA" >> $GITHUB_OUTPUT
+              echo "retrieve_secrets_keyvault=webvaulteu-westeurope-qa" >> $GITHUB_OUTPUT
               echo "environment_artifact=web-*-cloud-euqa.zip" >> $GITHUB_OUTPUT
               echo "environment_name=Web Vault - EU QA Cloud" >> $GITHUB_OUTPUT
               echo "environment_url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
               echo "slack_channel_name=alerts-deploy-qa"  >> $GITHUB_OUTPUT
               ;;
             "USPROD")
-              echo "azure_login_creds=AZURE_KV_US_PROD_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
-              echo "retrive_secrets_keyvault=bw-webvault-klrt-kv" >> $GITHUB_OUTPUT
+              echo "azure_login_client_key_name=AZURE_CLIENT_ID_USPROD" >> $GITHUB_OUTPUT
+              echo "azure_login_subscription_id_key_name=AZURE_SUBSCRIPTION_ID_USPROD" >> $GITHUB_OUTPUT
+              echo "retrieve_secrets_keyvault=bw-webvault-klrt-kv" >> $GITHUB_OUTPUT
               echo "environment_artifact=web-*-cloud-COMMERCIAL.zip" >> $GITHUB_OUTPUT
               echo "environment_name=Web Vault - US Production Cloud" >> $GITHUB_OUTPUT
               echo "environment_url=http://vault.bitwarden.com" >> $GITHUB_OUTPUT
               echo "slack_channel_name=alerts-deploy-prd"  >> $GITHUB_OUTPUT
               ;;
             "EUPROD")
-              echo "azure_login_creds=AZURE_KV_EU_PRD_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
-              echo "retrive_secrets_keyvault=webvault-westeurope-prod" >> $GITHUB_OUTPUT
+              echo "azure_login_client_key_name=AZURE_CLIENT_ID_EUPROD" >> $GITHUB_OUTPUT
+              echo "azure_login_subscription_id_key_name=AZURE_SUBSCRIPTION_ID_EUPROD" >> $GITHUB_OUTPUT
+              echo "retrieve_secrets_keyvault=webvault-westeurope-prod" >> $GITHUB_OUTPUT
               echo "environment_artifact=web-*-cloud-euprd.zip" >> $GITHUB_OUTPUT
               echo "environment_name=Web Vault - EU Production Cloud" >> $GITHUB_OUTPUT
               echo "environment_url=http://vault.bitwarden.eu" >> $GITHUB_OUTPUT
               echo "slack_channel_name=alerts-deploy-prd"  >> $GITHUB_OUTPUT
               ;;
             "USDEV")
-              echo "azure_login_creds=AZURE_KV_US_DEV_SERVICE_PRINCIPAL" >> $GITHUB_OUTPUT
-              echo "retrive_secrets_keyvault=webvault-eastus-dev" >> $GITHUB_OUTPUT
+              echo "azure_login_client_key_name=AZURE_CLIENT_ID_USDEV" >> $GITHUB_OUTPUT
+              echo "azure_login_subscription_id_key_name=AZURE_SUBSCRIPTION_ID_USDEV" >> $GITHUB_OUTPUT
+              echo "retrieve_secrets_keyvault=webvault-eastus-dev" >> $GITHUB_OUTPUT
               echo "environment_artifact=web-*-cloud-usdev.zip" >> $GITHUB_OUTPUT
               echo "environment_name=Web Vault - US Development Cloud" >> $GITHUB_OUTPUT
               echo "environment_url=http://vault.$ENV_NAME_LOWER.bitwarden.pw" >> $GITHUB_OUTPUT
@@ -180,6 +186,9 @@ jobs:
     name: Check if Web artifact is present
     runs-on: ubuntu-22.04
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     env:
       _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment_artifact }}
     outputs:
@@ -209,11 +218,13 @@ jobs:
           branch: ${{ inputs.branch-or-tag }}
           artifacts: ${{ env._ENVIRONMENT_ARTIFACT }}
 
-      - name: Login to Azure
+      - name: Log in to Azure
         if: ${{ steps.download-latest-artifacts.outcome == 'failure' }}
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets for Build trigger
         if: ${{ steps.download-latest-artifacts.outcome == 'failure' }}
@@ -223,6 +234,10 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
+      - name: Log out from Azure
+        if: ${{ steps.download-latest-artifacts.outcome == 'failure' }}
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: 'Trigger build web for missing branch/tag ${{ inputs.branch-or-tag }}'
         if: ${{ steps.download-latest-artifacts.outcome == 'failure' }}
         uses: convictional/trigger-workflow-and-wait@f69fa9eedd3c62a599220f4d5745230e237904be # v1.6.5
@@ -262,6 +277,8 @@ jobs:
       - artifact-check
     runs-on: ubuntu-22.04
     if: ${{ always() && ( contains( inputs.environment , 'QA' ) || contains( inputs.environment , 'DEV' ) ) }}
+    permissions:
+      id-token: write
     outputs:
       channel_id: ${{ steps.slack-message.outputs.channel_id }}
       ts: ${{ steps.slack-message.outputs.ts }}
@@ -277,7 +294,9 @@ jobs:
           event: 'start'
           commit-sha: ${{ needs.artifact-check.outputs.artifact_build_commit }}
           url: https://github.com/bitwarden/clients/actions/runs/${{ github.run_id }}
-          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
 
   update-summary:
     name: Display commit
@@ -302,6 +321,9 @@ jobs:
       _ENVIRONMENT_URL: ${{ needs.setup.outputs.environment_url }}
       _ENVIRONMENT_NAME: ${{ needs.setup.outputs.environment_name }}
       _ENVIRONMENT_ARTIFACT: ${{ needs.setup.outputs.environment_artifact }}
+    permissions:
+      id-token: write
+      deployments: write
     steps:
       - name: Create GitHub deployment
         uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
@@ -309,23 +331,25 @@ jobs:
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
           initial-status: 'in_progress'
-          environment_url: ${{ env._ENVIRONMENT_URL }}
+          environment-url: ${{ env._ENVIRONMENT_URL }}
           environment: ${{ env._ENVIRONMENT_NAME }}
           task: 'deploy'
           description: 'Deployment from branch/tag: ${{ inputs.branch-or-tag }}'
           ref: ${{ needs.artifact-check.outputs.artifact_build_commit }}
 
       - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets[needs.setup.outputs.azure_login_creds] }}
+          subscription_id: ${{ secrets[needs.setup.outputs.azure_login_subscription_id_key_name] }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets[needs.setup.outputs.azure_login_client_key_name] }}
 
       - name: Retrieve Storage Account connection string for az sync
         if: ${{ needs.setup.outputs.sync_utility == 'az-sync' }}
         id: retrieve-secrets-az-sync
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
-          keyvault: ${{ needs.setup.outputs.retrive_secrets_keyvault }}
+          keyvault: ${{ needs.setup.outputs.retrieve_secrets_keyvault }}
           secrets: "sa-bitwarden-web-vault-dev-key-temp"
 
       - name: Retrieve Storage Account name and SPN credentials for azcopy
@@ -333,9 +357,12 @@ jobs:
         id: retrieve-secrets-azcopy
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
-          keyvault: ${{ needs.setup.outputs.retrive_secrets_keyvault }}
+          keyvault: ${{ needs.setup.outputs.retrieve_secrets_keyvault }}
           secrets: "sa-bitwarden-web-vault-name,sp-bitwarden-web-vault-password,sp-bitwarden-web-vault-appid,sp-bitwarden-web-vault-tenant"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: 'Download latest cloud asset using GitHub Run ID: ${{ inputs.build-web-run-id }}'
         if: ${{ inputs.build-web-run-id }}
         uses: bitwarden/gh-actions/download-artifacts@main
@@ -397,7 +424,7 @@ jobs:
         uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
-          environment_url: ${{ env._ENVIRONMENT_URL }}
+          environment-url: ${{ env._ENVIRONMENT_URL }}
           state: 'success'
           deployment-id: ${{ steps.deployment.outputs.deployment_id }}
 
@@ -406,7 +433,7 @@ jobs:
         uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
-          environment_url: ${{ env._ENVIRONMENT_URL }}
+          environment-url: ${{ env._ENVIRONMENT_URL }}
           state: 'failure'
           deployment-id: ${{ steps.deployment.outputs.deployment_id }}
 
@@ -419,6 +446,8 @@ jobs:
       - notify-start
       - azure-deploy
       - artifact-check
+    permissions:
+      id-token: write
     steps:
       - name: Notify Slack with result
         uses: bitwarden/gh-actions/report-deployment-status-to-slack@main
@@ -431,4 +460,6 @@ jobs:
           url: https://github.com/bitwarden/clients/actions/runs/${{ github.run_id }}
           commit-sha: ${{ needs.artifact-check.outputs.artifact_build_commit }}
           update-ts: ${{ needs.notify-start.outputs.ts }}
-          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
diff --git a/.github/workflows/lint-crowdin-config.yml b/.github/workflows/lint-crowdin-config.yml
index adb5950e3a0..38a3ef59ea7 100644
--- a/.github/workflows/lint-crowdin-config.yml
+++ b/.github/workflows/lint-crowdin-config.yml
@@ -5,12 +5,14 @@ on:
     types: [opened, synchronize]
     paths:
       - '**/crowdin.yml'
-permissions: {}
 
 jobs:
   lint-crowdin-config:
     name: Lint Crowdin Config ${{ matrix.app.name }}
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+      id-token: write
     strategy:
       matrix:
         app: [
@@ -22,17 +24,25 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          fetch-depth: 1  
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+          fetch-depth: 1
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
       - name: Retrieve secrets
         id: retrieve-secrets
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
           keyvault: "bitwarden-ci"
           secrets: "crowdin-api-token"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Lint ${{ matrix.app.name }} config
         uses: crowdin/github-action@f214c8723025f41fc55b2ad26e67b60b80b1885d # v2.7.1
         env:
@@ -42,4 +52,4 @@ jobs:
         with:
           dryrun_action: true
           command: 'config lint'
-          command_args: '--verbose -c ${{ matrix.app.config_path }}'
\ No newline at end of file
+          command_args: '--verbose -c ${{ matrix.app.config_path }}'
diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index d758e6f11c9..efb0f541d70 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -48,6 +48,10 @@ jobs:
     defaults:
       run:
         working-directory: .
+    permissions:
+      contents: read
+      deployments: write
+
     steps:
       - name: Branch check
         if: ${{ inputs.publish_type != 'Dry Run' }}
@@ -86,6 +90,10 @@ jobs:
     name: Deploy Snap
     runs-on: ubuntu-22.04
     needs: setup
+    permissions:
+      contents: read
+      packages: read
+      id-token: write
     if: inputs.snap_publish
     env:
       _PKG_VERSION: ${{ needs.setup.outputs.release_version }}
@@ -93,10 +101,12 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -105,6 +115,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "snapcraft-store-token"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Install Snap
         uses: samuelmeuli/action-snapcraft@d33c176a9b784876d966f80fb1b461808edc0641  # v2.1.1
 
@@ -123,6 +136,10 @@ jobs:
     name: Deploy Choco
     runs-on: windows-2022
     needs: setup
+    permissions:
+      contents: read
+      packages: read
+      id-token: write
     if: inputs.choco_publish
     env:
       _PKG_VERSION: ${{ needs.setup.outputs.release_version }}
@@ -130,10 +147,12 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -142,6 +161,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "cli-choco-api-key"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Setup Chocolatey
         run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
         env:
@@ -163,6 +185,10 @@ jobs:
     name: Publish NPM
     runs-on: ubuntu-22.04
     needs: setup
+    permissions:
+      contents: read
+      packages: read
+      id-token: write
     if: inputs.npm_publish
     env:
       _PKG_VERSION: ${{ needs.setup.outputs.release_version }}
@@ -170,10 +196,12 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -182,6 +210,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "npm-api-key"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Download and set up artifact
         run: |
           mkdir -p build
@@ -210,6 +241,10 @@ jobs:
       - npm
       - snap
       - choco
+    permissions:
+      contents: read
+      deployments: write
+
     if: ${{ always() && inputs.publish_type != 'Dry Run' }}
     steps:
       - name: Check if any job failed
diff --git a/.github/workflows/publish-desktop.yml b/.github/workflows/publish-desktop.yml
index ae631165db9..aafc4d25ed4 100644
--- a/.github/workflows/publish-desktop.yml
+++ b/.github/workflows/publish-desktop.yml
@@ -42,6 +42,9 @@ jobs:
       release_channel: ${{ steps.release_channel.outputs.channel }}
       tag_name: ${{ steps.version.outputs.tag_name }}
       deployment_id: ${{ steps.deployment.outputs.deployment_id }}
+    permissions:
+      contents: read
+      deployments: write
     steps:
       - name: Branch check
         if: ${{ inputs.publish_type != 'Dry Run' }}
@@ -106,14 +109,21 @@ jobs:
     name: Electron blob publish
     runs-on: ubuntu-22.04
     needs: setup
+    permissions:
+      contents: read
+      packages: read
+      id-token: write
+      deployments: write
     env:
       _PKG_VERSION: ${{ needs.setup.outputs.release_version }}
       _RELEASE_TAG: ${{ needs.setup.outputs.tag_name }}
     steps:
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -124,6 +134,9 @@ jobs:
             aws-electron-access-key,
             aws-electron-bucket-name"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Create artifacts directory
         run: mkdir -p apps/desktop/artifacts
 
@@ -176,6 +189,9 @@ jobs:
     name: Deploy Snap
     runs-on: ubuntu-22.04
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     if: inputs.snap_publish
     env:
       _PKG_VERSION: ${{ needs.setup.outputs.release_version }}
@@ -184,10 +200,12 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -196,6 +214,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "snapcraft-store-token"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Install Snap
         uses: samuelmeuli/action-snapcraft@d33c176a9b784876d966f80fb1b461808edc0641 # v2.1.1
 
@@ -220,6 +241,9 @@ jobs:
     name: Deploy Choco
     runs-on: windows-2022
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     if: inputs.choco_publish
     env:
       _PKG_VERSION: ${{ needs.setup.outputs.release_version }}
@@ -233,10 +257,12 @@ jobs:
           dotnet --version
           dotnet nuget --version
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -245,6 +271,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "cli-choco-api-key"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Setup Chocolatey
         run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
         env:
@@ -271,6 +300,9 @@ jobs:
       - electron-blob
       - snap
       - choco
+    permissions:
+      contents: read
+      deployments: write
     if: ${{ always() && inputs.publish_type != 'Dry Run' }}
     steps:
       - name: Check if any job failed
diff --git a/.github/workflows/publish-web.yml b/.github/workflows/publish-web.yml
index 69b29086d36..a6f0f1be066 100644
--- a/.github/workflows/publish-web.yml
+++ b/.github/workflows/publish-web.yml
@@ -24,6 +24,8 @@ jobs:
     outputs:
       release_version: ${{ steps.version.outputs.version }}
       tag_version: ${{ steps.version.outputs.tag }}
+    permissions:
+      contents: read
     steps:
       - name: Checkout repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -52,6 +54,10 @@ jobs:
     name: Release self-host docker
     runs-on: ubuntu-22.04
     needs: setup
+    permissions:
+      id-token: write
+      contents: read
+      deployments: write
     env:
       _BRANCH_NAME: ${{ github.ref_name }}
       _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
@@ -69,10 +75,12 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       ########## ACR ##########
-      - name: Login to Azure - PROD Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Login to Azure ACR
         run: az acr login -n bitwardenprod
@@ -121,6 +129,9 @@ jobs:
             docker push $_AZ_REGISTRY/web-sh:latest
           fi
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Update deployment status to Success
         if: ${{ inputs.publish_type != 'Dry Run' && success() }}
         uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
@@ -147,11 +158,15 @@ jobs:
     runs-on: ubuntu-22.04
     needs:
       - setup
+    permissions:
+      id-token: write
     steps:
-      - name: Log in to Azure - CI subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve GitHub PAT secrets
         id: retrieve-secret-pat
@@ -160,6 +175,9 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Trigger self-host build
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
diff --git a/.github/workflows/release-desktop-beta.yml b/.github/workflows/release-desktop-beta.yml
index a5e374395d8..e3eb9090cb7 100644
--- a/.github/workflows/release-desktop-beta.yml
+++ b/.github/workflows/release-desktop-beta.yml
@@ -15,6 +15,8 @@ jobs:
   setup:
     name: Setup
     runs-on: ubuntu-22.04
+    permissions:
+      contents: write
     outputs:
       release_version: ${{ steps.version.outputs.version }}
       release_channel: ${{ steps.release_channel.outputs.channel }}
@@ -115,6 +117,8 @@ jobs:
     name: Linux Build
     runs-on: ubuntu-22.04
     needs: setup
+    permissions:
+      contents: read
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.release_version }}
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
@@ -204,6 +208,9 @@ jobs:
     name: Windows Build
     runs-on: windows-2022
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     defaults:
       run:
         shell: pwsh
@@ -237,10 +244,12 @@ jobs:
           npm --version
           choco --version
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -253,6 +262,9 @@ jobs:
             code-signing-client-secret,
             code-signing-cert-name"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Install Node dependencies
         run: npm ci
         working-directory: ./
@@ -394,6 +406,9 @@ jobs:
     name: MacOS Build
     runs-on: macos-13
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.release_version }}
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
@@ -438,6 +453,20 @@ jobs:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-clients
+          secrets: "KEYCHAIN-PASSWORD"
+
       - name: Download Provisioning Profiles secrets
         env:
           ACCOUNT_NAME: bitwardenci
@@ -472,9 +501,12 @@ jobs:
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
             jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Set up keychain
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
@@ -528,6 +560,10 @@ jobs:
     needs:
       - setup
       - macos-build
+    permissions:
+      contents: read
+      packages: read
+      id-token: write
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.release_version }}
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
@@ -572,10 +608,19 @@ jobs:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-clients
+          secrets: "KEYCHAIN-PASSWORD,APPLE-ID-USERNAME,APPLE-ID-PASSWORD"
 
       - name: Download Provisioning Profiles secrets
         env:
@@ -611,9 +656,12 @@ jobs:
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
             jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Set up keychain
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
@@ -702,8 +750,8 @@ jobs:
 
       - name: Build application (dist)
         env:
-          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
-          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          APPLE_ID_USERNAME: ${{ steps.get-kv-secrets.outputs.APPLE-ID-USERNAME }}
+          APPLE_ID_PASSWORD: ${{ steps.get-kv-secrets.outputs.APPLE-ID-PASSWORD }}
         run: npm run pack:mac
 
       - name: Upload .zip artifact
@@ -741,6 +789,10 @@ jobs:
     needs:
       - setup
       - macos-build
+    permissions:
+      contents: read
+      packages: read
+      id-token: write
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.release_version }}
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
@@ -785,6 +837,20 @@ jobs:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-clients
+          secrets: "KEYCHAIN-PASSWORD,APPLE-ID-USERNAME,APPLE-ID-PASSWORD"
+
       - name: Download Provisioning Profiles secrets
         env:
           ACCOUNT_NAME: bitwardenci
@@ -819,9 +885,12 @@ jobs:
           az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
             jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Set up keychain
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
@@ -911,8 +980,8 @@ jobs:
       - name: Build application for App Store
         run: npm run pack:mac:mas
         env:
-          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
-          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          APPLE_ID_USERNAME: ${{ steps.get-kv-secrets.outputs.APPLE-ID-USERNAME }}
+          APPLE_ID_PASSWORD: ${{ steps.get-kv-secrets.outputs.APPLE-ID-PASSWORD }}
 
       - name: Upload .pkg artifact
         uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
@@ -931,6 +1000,10 @@ jobs:
       - macos-build
       - macos-package-github
       - macos-package-mas
+    permissions:
+      contents: read
+      id-token: write
+      deployments: write
     steps:
       - name: Create GitHub deployment
         uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
@@ -942,10 +1015,12 @@ jobs:
           description: 'Deployment ${{ needs.setup.outputs.release_version }} to channel ${{ needs.setup.outputs.release_channel }} from branch ${{ needs.setup.outputs.branch_name }}'
           task: release
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -956,6 +1031,9 @@ jobs:
             aws-electron-access-key,
             aws-electron-bucket-name"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Download all artifacts
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
@@ -1008,6 +1086,8 @@ jobs:
       - macos-package-github
       - macos-package-mas
       - release
+    permissions:
+      contents: write
     steps:
       - name: Checkout repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
diff --git a/.github/workflows/repository-management.yml b/.github/workflows/repository-management.yml
index d91e0a12afd..ecb8e448a8a 100644
--- a/.github/workflows/repository-management.yml
+++ b/.github/workflows/repository-management.yml
@@ -36,7 +36,9 @@ on:
         description: "New version override (leave blank for automatic calculation, example: '2024.1.0')"
         required: false
         type: string
+
 permissions: {}
+
 jobs:
   setup:
     name: Setup
@@ -56,6 +58,7 @@ jobs:
           fi
 
           echo "branch=$BRANCH" >> $GITHUB_OUTPUT
+
   bump_version:
     name: Bump Version
     if: ${{ always() }}
@@ -66,6 +69,9 @@ jobs:
       version_cli: ${{ steps.set-final-version-output.outputs.version_cli }}
       version_desktop: ${{ steps.set-final-version-output.outputs.version_desktop }}
       version_web: ${{ steps.set-final-version-output.outputs.version_web }}
+    permissions:
+      id-token: write
+
     steps:
       - name: Validate version input format
         if: ${{ inputs.version_number_override != '' }}
@@ -73,12 +79,29 @@ jobs:
         with:
           version: ${{ inputs.version_number_override }}
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Generate GH App token
         uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
         id: app-token
         with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
 
       - name: Check out branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -400,6 +423,7 @@ jobs:
       - name: Push changes
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
         run: git push
+
   cut_branch:
     name: Cut branch
     if: ${{ needs.setup.outputs.branch == 'rc' }}
@@ -407,13 +431,33 @@ jobs:
       - setup
       - bump_version
     runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
+
     steps:
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Generate GH App token
         uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
         id: app-token
         with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
 
       - name: Check out target ref
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -435,4 +479,4 @@ jobs:
           BRANCH_NAME: ${{ needs.setup.outputs.branch }}
         run: |
           git switch --quiet --create $BRANCH_NAME
-          git push --quiet --set-upstream origin $BRANCH_NAME
\ No newline at end of file
+          git push --quiet --set-upstream origin $BRANCH_NAME
diff --git a/.github/workflows/retrieve-current-desktop-rollout.yml b/.github/workflows/retrieve-current-desktop-rollout.yml
index 2ab3072f566..c45453ed9d0 100644
--- a/.github/workflows/retrieve-current-desktop-rollout.yml
+++ b/.github/workflows/retrieve-current-desktop-rollout.yml
@@ -11,11 +11,15 @@ jobs:
   rollout:
     name: Retrieve Rollout Percentage
     runs-on: ubuntu-22.04
+    permissions:
+      id-token: write
     steps:
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -26,6 +30,9 @@ jobs:
             aws-electron-access-key,
             aws-electron-bucket-name"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Download channel update info files from S3
         env:
           AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
diff --git a/.github/workflows/staged-rollout-desktop.yml b/.github/workflows/staged-rollout-desktop.yml
index 4ec3af3be97..4adf81100bd 100644
--- a/.github/workflows/staged-rollout-desktop.yml
+++ b/.github/workflows/staged-rollout-desktop.yml
@@ -18,11 +18,15 @@ jobs:
   rollout:
     name: Update Rollout Percentage
     runs-on: ubuntu-22.04
+    permissions:
+      id-token: write
     steps:
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -33,6 +37,9 @@ jobs:
             aws-electron-access-key,
             aws-electron-bucket-name"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Download channel update info files from S3
         env:
           AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }}
diff --git a/.github/workflows/version-auto-bump.yml b/.github/workflows/version-auto-bump.yml
index e8bd1dde246..3cb5646886a 100644
--- a/.github/workflows/version-auto-bump.yml
+++ b/.github/workflows/version-auto-bump.yml
@@ -9,13 +9,33 @@ jobs:
   bump-version:
     name: Bump Desktop Version
     runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
+      contents: write
     steps:
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Generate GH App token
         uses: actions/create-github-app-token@30bf6253fa41bdc8d1501d202ad15287582246b4 # v2.0.3
         id: app-token
         with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
 
       - name: Check out target ref
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
diff --git a/apps/browser/src/_locales/ar/messages.json b/apps/browser/src/_locales/ar/messages.json
index 02734de942b..d7aef05ab92 100644
--- a/apps/browser/src/_locales/ar/messages.json
+++ b/apps/browser/src/_locales/ar/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "رمز الأمان"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "مثال."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "موافقة الجهاز مطلوبة. حدّد خيار الموافقة أدناه:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/az/messages.json b/apps/browser/src/_locales/az/messages.json
index 64fa77c8683..5e7bf056980 100644
--- a/apps/browser/src/_locales/az/messages.json
+++ b/apps/browser/src/_locales/az/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Güvənlik kodu"
   },
+  "cardNumber": {
+    "message": "kart nömrəsi"
+  },
   "ex": {
     "message": "məs."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Tələb göndərildi"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "$DEVICE$ cihazında $EMAIL$ üçün giriş tələbi təsdiqləndi",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Başqa bir cihazdan giriş cəhdinə rədd cavabı verdiniz. Bu siz idinizsə, cihazla yenidən giriş etməyə çalışın."
+  },
+  "device": {
+    "message": "Cihaz"
+  },
+  "loginStatus": {
+    "message": "Giriş statusu"
+  },
   "masterPasswordChanged": {
     "message": "Ana parol saxlanıldı"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Gələcək girişləri problemsiz etmək üçün bu cihazı xatırla"
   },
+  "manageDevices": {
+    "message": "Cihazları idarə et"
+  },
+  "currentSession": {
+    "message": "Hazırkı seans"
+  },
+  "mobile": {
+    "message": "Mobil",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Uzantı",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Masaüstü",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Veb seyf"
+  },
+  "webApp": {
+    "message": "Veb tətbiq"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Tələb gözlənir"
+  },
+  "firstLogin": {
+    "message": "İlk giriş"
+  },
+  "trusted": {
+    "message": "Güvənli"
+  },
+  "needsApproval": {
+    "message": "Təsdiq lazımdır"
+  },
+  "devices": {
+    "message": "Cihazlar"
+  },
+  "accessAttemptBy": {
+    "message": "$EMAIL$ ilə müraciət cəhdi",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Müraciəti təsdiqlə"
+  },
+  "denyAccess": {
+    "message": "Müraciətə rədd cavabı ver"
+  },
+  "time": {
+    "message": "Vaxt"
+  },
+  "deviceType": {
+    "message": "Cihaz növü"
+  },
+  "loginRequest": {
+    "message": "Giriş tələbi"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Bu tələb artıq yararsızdır."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Hesabınıza müraciət etməyə çalışırsınız?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "$DEVICE$ cihazında $EMAIL$ üçün giriş təsdiqləndi",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Başqa bir cihazdan giriş cəhdinə rədd cavabı verdiniz. Bu həqiqətən siz idinizsə, cihazla yenidən giriş etməyə çalışın."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Giriş tələbinin müddəti artıq bitib."
+  },
+  "justNow": {
+    "message": "İndicə"
+  },
+  "requestedXMinutesAgo": {
+    "message": "$MINUTES$ dəqiqə əvvəl tələb göndərildi",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Cihaz təsdiqi tələb olunur. Aşağıdan bir təsdiq variantı seçin:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Kopyala: $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Kopyala: $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/be/messages.json b/apps/browser/src/_locales/be/messages.json
index eb721e76850..a49899eaee0 100644
--- a/apps/browser/src/_locales/be/messages.json
+++ b/apps/browser/src/_locales/be/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Код бяспекі"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "напр."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Патрабуецца ўхваленне прылады. Выберыце параметры ўхвалення ніжэй:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/bg/messages.json b/apps/browser/src/_locales/bg/messages.json
index dad53b42e36..672e029a662 100644
--- a/apps/browser/src/_locales/bg/messages.json
+++ b/apps/browser/src/_locales/bg/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Код за сигурност"
   },
+  "cardNumber": {
+    "message": "номер на карта"
+  },
   "ex": {
     "message": "напр."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Заявката е изпратена"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Заявката за вписване за $EMAIL$ на $DEVICE$ е одобрена",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Вие отказахте опит за вписване от друго устройство. Ако това сте били Вие, опитайте да се впишете от устройството отново."
+  },
+  "device": {
+    "message": "Устройство"
+  },
+  "loginStatus": {
+    "message": "Състояние на вписването"
+  },
   "masterPasswordChanged": {
     "message": "Главната парола е запазена"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Запомняне на това устройство, така че в бъдеще вписването да бъде по-лесно"
   },
+  "manageDevices": {
+    "message": "Управление на устройствата"
+  },
+  "currentSession": {
+    "message": "Текуща сесия"
+  },
+  "mobile": {
+    "message": "Мобилно приложение",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Добавка за браузър",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Работен плот",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Трезор по уеб"
+  },
+  "webApp": {
+    "message": "Приложение по уеб"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Чакаща заявка"
+  },
+  "firstLogin": {
+    "message": "Първо вписване"
+  },
+  "trusted": {
+    "message": "Доверено"
+  },
+  "needsApproval": {
+    "message": "Изисква одобрение"
+  },
+  "devices": {
+    "message": "Устройства"
+  },
+  "accessAttemptBy": {
+    "message": "Опит за достъп от $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Разрешаване на достъпа"
+  },
+  "denyAccess": {
+    "message": "Отказване на достъпа"
+  },
+  "time": {
+    "message": "Време"
+  },
+  "deviceType": {
+    "message": "Вид устройство"
+  },
+  "loginRequest": {
+    "message": "Заявка за вписване"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Тази заявка вече не е активна."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Опитвате ли се да получите достъп до акаунта си?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Вписването за $EMAIL$ на $DEVICE$ е одобрено",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Вие отказахте опит за вписване от друго устройство. Ако това наистина сте били Вие, опитайте да се впишете от устройството отново."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Заявката за вписване вече е изтекла."
+  },
+  "justNow": {
+    "message": "Току-що"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Заявено преди $MINUTES$ минути",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Изисква се одобрение на устройството. Изберете начин за одобрение по-долу:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Копиране на $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Копиране на $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/bn/messages.json b/apps/browser/src/_locales/bn/messages.json
index d70378f146c..4e30612b9a6 100644
--- a/apps/browser/src/_locales/bn/messages.json
+++ b/apps/browser/src/_locales/bn/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "নিরাপত্তা কোড"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "উদাহরণ"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/bs/messages.json b/apps/browser/src/_locales/bs/messages.json
index afe20ff55ca..be64d0bade5 100644
--- a/apps/browser/src/_locales/bs/messages.json
+++ b/apps/browser/src/_locales/bs/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/ca/messages.json b/apps/browser/src/_locales/ca/messages.json
index 29859f03dd0..f6c40da1096 100644
--- a/apps/browser/src/_locales/ca/messages.json
+++ b/apps/browser/src/_locales/ca/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Codi de seguretat"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Sol·licitud enviada"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Cal l'aprovació del dispositiu. Seleccioneu una opció d'aprovació a continuació:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/cs/messages.json b/apps/browser/src/_locales/cs/messages.json
index 05135190fb4..4e0096a1520 100644
--- a/apps/browser/src/_locales/cs/messages.json
+++ b/apps/browser/src/_locales/cs/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Bezpečnostní kód"
   },
+  "cardNumber": {
+    "message": "číslo karty"
+  },
   "ex": {
     "message": "např."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Požadavek odeslán"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Požadavek na přihlášení byl schválen pro $EMAIL$ na $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Pokus o přihlášení byl zamítnut z jiného zařízení. Pokud jste to Vy, zkuste se znovu přihlásit do zařízení."
+  },
+  "device": {
+    "message": "Zařízení"
+  },
+  "loginStatus": {
+    "message": "Stav přihlášení"
+  },
   "masterPasswordChanged": {
     "message": "Hlavní heslo bylo uloženo"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Zapamatovat si toto zařízení pro bezproblémové budoucí přihlášení"
   },
+  "manageDevices": {
+    "message": "Spravovat zařízení"
+  },
+  "currentSession": {
+    "message": "Aktuální relace"
+  },
+  "mobile": {
+    "message": "Mobil",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Rozšíření",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Počítač",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Webový trezor"
+  },
+  "webApp": {
+    "message": "Webová aplikace"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Čekající požadavek"
+  },
+  "firstLogin": {
+    "message": "První přihlášení"
+  },
+  "trusted": {
+    "message": "Důvěryhodný"
+  },
+  "needsApproval": {
+    "message": "Vyžaduje schválení"
+  },
+  "devices": {
+    "message": "Zařízení"
+  },
+  "accessAttemptBy": {
+    "message": "Pokus o přístup z $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Potvrdit přístup"
+  },
+  "denyAccess": {
+    "message": "Zamítnout přístup"
+  },
+  "time": {
+    "message": "Čas"
+  },
+  "deviceType": {
+    "message": "Typ zařízení"
+  },
+  "loginRequest": {
+    "message": "Požadavek na přihlášení"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Tento požadavek již není platný."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Pokoušíte se získat přístup k Vašemu účtu?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Přihlášení bylo potvrzeno z $EMAIL$ pro $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Pokus o přihlášení byl zamítnut z jiného zařízení. Pokud jste to opravdu Vy, zkuste se znovu přihlásit do zařízení."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Požadavek na přihlášení již vypršel."
+  },
+  "justNow": {
+    "message": "Právě teď"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Požadováno před $MINUTES$ minutami",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Vyžaduje se schválení zařízení. Vyberte možnost schválení níže:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Kopírovat $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Kopírovat $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/cy/messages.json b/apps/browser/src/_locales/cy/messages.json
index c5cbbdd189c..1235b49dd2c 100644
--- a/apps/browser/src/_locales/cy/messages.json
+++ b/apps/browser/src/_locales/cy/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Cod diogelwch"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "engh."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/da/messages.json b/apps/browser/src/_locales/da/messages.json
index 5737ba66b8d..bc34810f97f 100644
--- a/apps/browser/src/_locales/da/messages.json
+++ b/apps/browser/src/_locales/da/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Sikkerhedskode"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "eks."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Husk denne enhed for at gøre fremtidige indlogninger gnidningsløse"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Enhedsgodkendelse kræves. Vælg en godkendelsesmulighed nedenfor:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/de/messages.json b/apps/browser/src/_locales/de/messages.json
index 352705ec281..2e3d9369c41 100644
--- a/apps/browser/src/_locales/de/messages.json
+++ b/apps/browser/src/_locales/de/messages.json
@@ -1174,10 +1174,10 @@
     "description": "Detailed error message shown when saving login details fails."
   },
   "changePasswordWarning": {
-    "message": "After changing your password, you will need to log in with your new password. Active sessions on other devices will be logged out within one hour."
+    "message": "Nachdem du dein Passwort geändert hast, musst du dich mit deinem neuen Passwort anmelden. Aktive Sitzungen auf anderen Geräten werden innerhalb einer Stunde abgemeldet."
   },
   "accountRecoveryUpdateMasterPasswordSubtitle": {
-    "message": "Change your master password to complete account recovery."
+    "message": "Ändere dein Master-Passwort, um die Kontowiederherstellung abzuschließen."
   },
   "enableChangedPasswordNotification": {
     "message": "Nach dem Aktualisieren bestehender Zugangsdaten fragen"
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Sicherheitscode"
   },
+  "cardNumber": {
+    "message": "Kartennummer"
+  },
   "ex": {
     "message": "Bsp."
   },
@@ -2926,7 +2929,7 @@
     "message": "Du musst deine E-Mail Adresse verifizieren, um diese Funktion nutzen zu können. Du kannst deine E-Mail im Web-Tresor verifizieren."
   },
   "masterPasswordSuccessfullySet": {
-    "message": "Master-Passwort erfolgreich eingerichtet"
+    "message": "Master-Passwort erfolgreich festgelegt"
   },
   "updatedMasterPassword": {
     "message": "Master-Passwort aktualisiert"
@@ -3460,8 +3463,30 @@
   "logInRequestSent": {
     "message": "Anfrage gesendet"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Anmeldeanfrage für $EMAIL$ auf $DEVICE$ genehmigt",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Du hast einen Anmeldeversuch von einem anderen Gerät abgelehnt. Wenn du das wirklich warst, versuche dich erneut mit dem Gerät anzumelden."
+  },
+  "device": {
+    "message": "Gerät"
+  },
+  "loginStatus": {
+    "message": "Anmeldestatus"
+  },
   "masterPasswordChanged": {
-    "message": "Master password saved"
+    "message": "Master-Passwort gespeichert"
   },
   "exposedMasterPassword": {
     "message": "Kompromittiertes Master-Passwort"
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Dieses Gerät merken, um zukünftige Anmeldungen reibungslos zu gestalten"
   },
+  "manageDevices": {
+    "message": "Geräte verwalten"
+  },
+  "currentSession": {
+    "message": "Aktuelle Sitzung"
+  },
+  "mobile": {
+    "message": "Mobile App",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Erweiterung",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web-Tresor"
+  },
+  "webApp": {
+    "message": "Web-App"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Anfrage ausstehend"
+  },
+  "firstLogin": {
+    "message": "Erste Anmeldung"
+  },
+  "trusted": {
+    "message": "Vertrauenswürdig"
+  },
+  "needsApproval": {
+    "message": "Benötigt Genehmigung"
+  },
+  "devices": {
+    "message": "Geräte"
+  },
+  "accessAttemptBy": {
+    "message": "Zugriffsversuch von $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Zugriff bestätigen"
+  },
+  "denyAccess": {
+    "message": "Zugriff ablehnen"
+  },
+  "time": {
+    "message": "Zeit"
+  },
+  "deviceType": {
+    "message": "Gerätetyp"
+  },
+  "loginRequest": {
+    "message": "Anmeldungsanfrage"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Diese Anfrage ist nicht mehr gültig."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Versuchst du auf dein Konto zuzugreifen?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Anmeldung von $EMAIL$ auf $DEVICE$ bestätigt",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Du hast einen Anmeldeversuch von einem anderen Gerät abgelehnt. Wenn du das wirklich warst, versuche dich erneut mit dem Gerät anzumelden."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Anmeldeanfrage ist bereits abgelaufen."
+  },
+  "justNow": {
+    "message": "Gerade eben"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Vor $MINUTES$ Minuten angefordert",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Geräte-Genehmigung erforderlich. Wähle unten eine Genehmigungsoption aus:"
   },
@@ -3578,10 +3710,10 @@
     "message": "Admin-Genehmigung anfragen"
   },
   "unableToCompleteLogin": {
-    "message": "Unable to complete login"
+    "message": "Anmeldung kann nicht abgeschlossen werden"
   },
   "loginOnTrustedDeviceOrAskAdminToAssignPassword": {
-    "message": "You need to log in on a trusted device or ask your administrator to assign you a password."
+    "message": "Du musst dich auf einem vertrauenswürdigen Gerät anmelden oder deinem Administrator bitten, dir ein Passwort zuzuweisen."
   },
   "ssoIdentifierRequired": {
     "message": "SSO-Kennung der Organisation erforderlich."
@@ -4263,23 +4395,23 @@
     "description": "Label indicating the most common import formats"
   },
   "uriMatchDefaultStrategyHint": {
-    "message": "URI match detection is how Bitwarden identifies autofill suggestions.",
+    "message": "Die URI-Übereinstimmungserkennung ist die Methode, mit der Bitwarden Auto-Ausfüllen-Vorschläge erkennt.",
     "description": "Explains to the user that URI match detection determines how Bitwarden suggests autofill options, and clarifies that this default strategy applies when no specific match detection is set for a login item."
   },
   "regExAdvancedOptionWarning": {
-    "message": "\"Regular expression\" is an advanced option with increased risk of exposing credentials.",
+    "message": "\"Regulärer Ausdruck\" ist eine erweiterte Option mit erhöhtem Risiko der Kompromittierung von Zugangsdaten.",
     "description": "Content for dialog which warns a user when selecting 'regular expression' matching strategy as a cipher match strategy"
   },
   "startsWithAdvancedOptionWarning": {
-    "message": "\"Starts with\" is an advanced option with increased risk of exposing credentials.",
+    "message": "\"Beginnt mit\" ist eine erweiterte Option mit erhöhtem Risiko der Kompromittierung von Zugangsdaten.",
     "description": "Content for dialog which warns a user when selecting 'starts with' matching strategy as a cipher match strategy"
   },
   "uriMatchWarningDialogLink": {
-    "message": "More about match detection",
+    "message": "Mehr über die Übereinstimmungs-Erkennung",
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
-    "message": "Advanced options",
+    "message": "Erweiterte Optionen",
     "description": "Advanced option placeholder for uri option component"
   },
   "confirmContinueToBrowserSettingsTitle": {
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "$FIELD$, $VALUE$ kopieren",
+  "copyFieldCipherName": {
+    "message": "$FIELD$, $CIPHERNAME$ kopieren",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/el/messages.json b/apps/browser/src/_locales/el/messages.json
index 960de6670d5..014d17b74c8 100644
--- a/apps/browser/src/_locales/el/messages.json
+++ b/apps/browser/src/_locales/el/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Κωδικός ασφαλείας"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "πχ."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Απομνημόνευση αυτής της συσκευής για την αυτόματες συνδέσεις στο μέλλον"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Απαιτείται έγκριση συσκευής. Επιλέξτε μια επιλογή έγκρισης παρακάτω:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/en_GB/messages.json b/apps/browser/src/_locales/en_GB/messages.json
index aab61eca30e..a17a48e95b8 100644
--- a/apps/browser/src/_locales/en_GB/messages.json
+++ b/apps/browser/src/_locales/en_GB/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "e.g."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/en_IN/messages.json b/apps/browser/src/_locales/en_IN/messages.json
index eaf11a04e57..9f383c2f0e3 100644
--- a/apps/browser/src/_locales/en_IN/messages.json
+++ b/apps/browser/src/_locales/en_IN/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "e.g."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/es/messages.json b/apps/browser/src/_locales/es/messages.json
index 724d07f4404..35a28528f49 100644
--- a/apps/browser/src/_locales/es/messages.json
+++ b/apps/browser/src/_locales/es/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Código de seguridad"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ej."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Solicitud enviada"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Se requiere aprobación del dispositivo. Seleccione una opción de aprobación a continuación:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copiar $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/et/messages.json b/apps/browser/src/_locales/et/messages.json
index 99e7b72a524..daadcbf00e9 100644
--- a/apps/browser/src/_locales/et/messages.json
+++ b/apps/browser/src/_locales/et/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Turvakood"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "nt."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Nõutav on seadme kinnitamine. Vali kinnitamise meetod alt:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/eu/messages.json b/apps/browser/src/_locales/eu/messages.json
index 393f922463e..e5f836fcaae 100644
--- a/apps/browser/src/_locales/eu/messages.json
+++ b/apps/browser/src/_locales/eu/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Segurtasun-kodea"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "adib."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/fa/messages.json b/apps/browser/src/_locales/fa/messages.json
index fb9380d5317..e551e96f74a 100644
--- a/apps/browser/src/_locales/fa/messages.json
+++ b/apps/browser/src/_locales/fa/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "کد امنیتی"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "مثال."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "درخواست ارسال شد"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "این دستگاه را به خاطر بسپار تا ورودهای بعدی بدون مشکل انجام شود"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "تأیید دستگاه لازم است. یک روش تأیید انتخاب کنید:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "کپی $FIELD$، $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/fi/messages.json b/apps/browser/src/_locales/fi/messages.json
index 85c47f2733b..22f2046bae3 100644
--- a/apps/browser/src/_locales/fi/messages.json
+++ b/apps/browser/src/_locales/fi/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Turvakoodi (CVC/CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "esim."
   },
@@ -2214,7 +2217,7 @@
     "message": "Käytä tätä salasanaa"
   },
   "useThisPassphrase": {
-    "message": "Use this passphrase"
+    "message": "Käytä tätä salalausetta"
   },
   "useThisUsername": {
     "message": "Käytä tätä käyttäjätunnusta"
@@ -2531,7 +2534,7 @@
     "message": "Vaihda"
   },
   "changePassword": {
-    "message": "Change password",
+    "message": "Vaihda salasana",
     "description": "Change password button for browser at risk notification on login."
   },
   "changeButtonTitle": {
@@ -3460,8 +3463,30 @@
   "logInRequestSent": {
     "message": "Pyyntö lähetetty"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
-    "message": "Master password saved"
+    "message": "Pääsalasana tallennettiin"
   },
   "exposedMasterPassword": {
     "message": "Paljastunut pääsalasana"
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Muista tämä laite tehdäksesi tulevista kirjautumisista saumattomia"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Laitehyväksyntä vaaditaan. Valitse hyväksyntätapa alta:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Kopioi $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/fil/messages.json b/apps/browser/src/_locales/fil/messages.json
index 4e3f94cb474..88610d6874c 100644
--- a/apps/browser/src/_locales/fil/messages.json
+++ b/apps/browser/src/_locales/fil/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Kodigo ng Seguridad"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/fr/messages.json b/apps/browser/src/_locales/fr/messages.json
index efcc28ddcea..680a19f33cc 100644
--- a/apps/browser/src/_locales/fr/messages.json
+++ b/apps/browser/src/_locales/fr/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Code de sécurité"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Demande envoyée"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Mémorisez cet appareil pour faciliter les futures connexions"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "L'approbation de l'appareil est requise. Sélectionnez une option d'approbation ci-dessous :"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copier $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/gl/messages.json b/apps/browser/src/_locales/gl/messages.json
index 71841239698..559d0ca82b3 100644
--- a/apps/browser/src/_locales/gl/messages.json
+++ b/apps/browser/src/_locales/gl/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Código de seguridade"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Lembrar este dispositivo para futuros inicios de sesión imperceptibles"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Aprobación de dispositivo requirida. Selecciona unha das seguintes opcións:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/he/messages.json b/apps/browser/src/_locales/he/messages.json
index b9a0a3dada4..e4d959785bf 100644
--- a/apps/browser/src/_locales/he/messages.json
+++ b/apps/browser/src/_locales/he/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "קוד אבטחה"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "לדוגמא"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "בקשה נשלחה"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "זכור מכשיר זה כדי להפוך כניסות עתידיות לחלקות"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "נדרש אישור מכשיר. בחר אפשרות אישור למטה:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "העתק $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/hi/messages.json b/apps/browser/src/_locales/hi/messages.json
index 74fc419d7f1..4fd2652d786 100644
--- a/apps/browser/src/_locales/hi/messages.json
+++ b/apps/browser/src/_locales/hi/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security Code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/hr/messages.json b/apps/browser/src/_locales/hr/messages.json
index 6434a09bcfb..07c3e20cd18 100644
--- a/apps/browser/src/_locales/hr/messages.json
+++ b/apps/browser/src/_locales/hr/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Sigurnosni kôd"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "npr."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Zahtjev poslan"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Glavna lozinka promijenjena"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Zapamti ovaj uređaj kako bi buduće prijave bile brže"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Potrebno je odobriti uređaj. Odaberi metodu odobravanja:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Kopiraj $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/hu/messages.json b/apps/browser/src/_locales/hu/messages.json
index 5391b266a93..b77d613da51 100644
--- a/apps/browser/src/_locales/hu/messages.json
+++ b/apps/browser/src/_locales/hu/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Biztonsági Kód"
   },
+  "cardNumber": {
+    "message": "kártya szám"
+  },
   "ex": {
     "message": "példa:"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "A kérés elküldésre került."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "A bejelentkezési kérelem jóváhagyásra került: $EMAIL$ - $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Megtagadásra került egy bejelentkezési kísérletet egy másik eszközről. Ha valóban mi voltunk, próbáljunk meg újra bejelentkezni az eszközzel."
+  },
+  "device": {
+    "message": "Eszköz"
+  },
+  "loginStatus": {
+    "message": "Bejelentkezési állapot"
+  },
   "masterPasswordChanged": {
     "message": "A mesterjelszó mentésre került."
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Emlékezés az eszközre, hogy zökkenőmentes legyen a jövőbeni bejelentkezés"
   },
+  "manageDevices": {
+    "message": "Eszközök kezelése"
+  },
+  "currentSession": {
+    "message": "Jelenlegi munkamenet"
+  },
+  "mobile": {
+    "message": "Mobil",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Kiterjesztés",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Asztali",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Webes széf"
+  },
+  "webApp": {
+    "message": "Webalkalmazás"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Függőben lévő kérelem"
+  },
+  "firstLogin": {
+    "message": "Első bejelentkezés"
+  },
+  "trusted": {
+    "message": "Megbízható"
+  },
+  "needsApproval": {
+    "message": "Jóváhagyást igényel"
+  },
+  "devices": {
+    "message": "Eszközök"
+  },
+  "accessAttemptBy": {
+    "message": "Bejelentkezési kísérlet $EMAIL$ segítségével",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Hozzáférés megerősítése"
+  },
+  "denyAccess": {
+    "message": "Hozzáférés megtagadása"
+  },
+  "time": {
+    "message": "Időpont"
+  },
+  "deviceType": {
+    "message": "Eszköz típus"
+  },
+  "loginRequest": {
+    "message": "Bejelentkezés kérés"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "A kérés a továbbiakban már nem érvényes."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "A fiókhoz próbálunk hozzáférni?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "A bejelelentketés $EMAIL$ email címmel megerősítésre került $DEVICE$ eszközön.",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Megtagadásra került egy bejelentkezési kísérletet egy másik eszközről. Ha valóban mi voltunk, próbáljunk meg újra bejelentkezni az eszközzel."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "A bejelentkezési kérés már lejárt."
+  },
+  "justNow": {
+    "message": "Éppen most"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Kérve $MINUTES$ perccel ezelőtt",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Az eszköz jóváhagyása szükséges. Válasszunk egy jóváhagyási lehetőséget lentebb:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "$FIELD$, $VALUE$ másolása",
+  "copyFieldCipherName": {
+    "message": "$FIELD$, $CIPHERNAME$ másolása",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/id/messages.json b/apps/browser/src/_locales/id/messages.json
index dc1ec15cede..07e094e10bd 100644
--- a/apps/browser/src/_locales/id/messages.json
+++ b/apps/browser/src/_locales/id/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Kode Keamanan"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "mis."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Permintaan terkirim"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Ingat perangkat ini untuk membuat login berikutnya lebih lancar"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Persetujuan perangkat diperlukan. Pilih sebuah pilihan persetujuan berikut:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Salin $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/it/messages.json b/apps/browser/src/_locales/it/messages.json
index f4829ecabec..167cc51c0b1 100644
--- a/apps/browser/src/_locales/it/messages.json
+++ b/apps/browser/src/_locales/it/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Codice di sicurezza"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "es."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Richiesta inviata"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Ricorda questo dispositivo per rendere immediati i futuri accessi"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Approvazione del dispositivo obbligatoria. Seleziona un'opzione di approvazione:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copia $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/ja/messages.json b/apps/browser/src/_locales/ja/messages.json
index 783a9ff0eb1..49d22bd065f 100644
--- a/apps/browser/src/_locales/ja/messages.json
+++ b/apps/browser/src/_locales/ja/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "セキュリティコード"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "例:"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "リクエストが送信されました"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "このデバイスを記憶して今後のログインをシームレスにする"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "デバイスの承認が必要です。以下から承認オプションを選択してください:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "$FIELD$ 「$VALUE$」 をコピー",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/ka/messages.json b/apps/browser/src/_locales/ka/messages.json
index efbf97e9a92..1e75805638c 100644
--- a/apps/browser/src/_locales/ka/messages.json
+++ b/apps/browser/src/_locales/ka/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/km/messages.json b/apps/browser/src/_locales/km/messages.json
index ecc7da63e79..9a6d9a4d316 100644
--- a/apps/browser/src/_locales/km/messages.json
+++ b/apps/browser/src/_locales/km/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/kn/messages.json b/apps/browser/src/_locales/kn/messages.json
index d4e4498a322..c7a821de19b 100644
--- a/apps/browser/src/_locales/kn/messages.json
+++ b/apps/browser/src/_locales/kn/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "ಭದ್ರತಾ ಕೋಡ್ "
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ಉದಾಹರಣೆ"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/ko/messages.json b/apps/browser/src/_locales/ko/messages.json
index d5eba5ccbd8..730d3eeda61 100644
--- a/apps/browser/src/_locales/ko/messages.json
+++ b/apps/browser/src/_locales/ko/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "보안 코드"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "예)"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "향후 로그인을 원활하게 하기 위해 이 기기 기억하기"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "기기 승인이 필요합니다. 아래에서 승인 옵션을 선택하세요:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/lt/messages.json b/apps/browser/src/_locales/lt/messages.json
index 33f3b0f0ed6..29815c9de82 100644
--- a/apps/browser/src/_locales/lt/messages.json
+++ b/apps/browser/src/_locales/lt/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Apsaugos kodas"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "pvz."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Įrenginio patvirtinimas reikalingas. Pasirink patvirtinimo būdą toliau:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/lv/messages.json b/apps/browser/src/_locales/lv/messages.json
index 2235baef2ab..ba43b1e5f44 100644
--- a/apps/browser/src/_locales/lv/messages.json
+++ b/apps/browser/src/_locales/lv/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Drošības kods"
   },
+  "cardNumber": {
+    "message": "kartes numurs"
+  },
   "ex": {
     "message": "piem."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Pieprasījums nosūtīts"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "$EMAIL$ pieteikšanās pieprasījums apstiprināts $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Tu noraidīji pieteikšanās mēģinājumu no citas ierīces. Ja tas biji Tu, mēģini pieteikties no ierīces vēlreiz!"
+  },
+  "device": {
+    "message": "Ierīce"
+  },
+  "loginStatus": {
+    "message": "Pieteikšanās stāvoklis"
+  },
   "masterPasswordChanged": {
     "message": "Galvenā parole saglabāta"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Atcerēties šo ierīci, lai nākotnes pieteikšanos padarītu plūdenāku"
   },
+  "manageDevices": {
+    "message": "Pārvaldīt ierīces"
+  },
+  "currentSession": {
+    "message": "Pašreizējā sesija"
+  },
+  "mobile": {
+    "message": "Tālrunis",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Paplašinājums",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Darbvirsma",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Tīmekļa glabātava"
+  },
+  "webApp": {
+    "message": "Tīmekļa lietotne"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Pieprasījums gaida uz apstrādi"
+  },
+  "firstLogin": {
+    "message": "Pirmā pieteikšanās"
+  },
+  "trusted": {
+    "message": "Uzticama"
+  },
+  "needsApproval": {
+    "message": "Nepieciešams apstiprinājums"
+  },
+  "devices": {
+    "message": "Ierīces"
+  },
+  "accessAttemptBy": {
+    "message": "$EMAIL$ piekļuves mēģinājums",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Apstiprināt piekļuvi"
+  },
+  "denyAccess": {
+    "message": "Noraidīt piekļuvi"
+  },
+  "time": {
+    "message": "Laiks"
+  },
+  "deviceType": {
+    "message": "Ierīces veids"
+  },
+  "loginRequest": {
+    "message": "Pieteikšanās pieprasījums"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Šis pieprasījums vairs nav derīgs."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Vai mēģini piekļūt savam kontam?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "$EMAIL$ pieteikšanās apstiprināta ierīcē $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Tu noraidīji pieteikšanās mēģinājumu no citas ierīces. Ja tas tiešām biji Tu, mēģini pieteikties no ierīces vēlreiz!"
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Pieteikšanās pieprasījuma derīgums jau ir beidzies."
+  },
+  "justNow": {
+    "message": "Tikko"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Pieprasīts pirms $MINUTES$ minūtēm",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Nepieciešams ierīces apstiprinājums. Zemāk jāatlasa apstiprinājuma iespēja:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Ievietot starpliktuvē $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Ievietot starpliktuvē $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/ml/messages.json b/apps/browser/src/_locales/ml/messages.json
index 7c0050906b0..a39fe07b2c6 100644
--- a/apps/browser/src/_locales/ml/messages.json
+++ b/apps/browser/src/_locales/ml/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "സുരക്ഷാ കോഡ്"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ഉദാഹരണം."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/mr/messages.json b/apps/browser/src/_locales/mr/messages.json
index feb3377a2f1..c79b8b322a7 100644
--- a/apps/browser/src/_locales/mr/messages.json
+++ b/apps/browser/src/_locales/mr/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/my/messages.json b/apps/browser/src/_locales/my/messages.json
index ecc7da63e79..9a6d9a4d316 100644
--- a/apps/browser/src/_locales/my/messages.json
+++ b/apps/browser/src/_locales/my/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/nb/messages.json b/apps/browser/src/_locales/nb/messages.json
index 59a8ca94c9d..01353cac5e0 100644
--- a/apps/browser/src/_locales/nb/messages.json
+++ b/apps/browser/src/_locales/nb/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Sikkerhetskode"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "f.eks."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Forespørsel sendt"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Kopier $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/ne/messages.json b/apps/browser/src/_locales/ne/messages.json
index ecc7da63e79..9a6d9a4d316 100644
--- a/apps/browser/src/_locales/ne/messages.json
+++ b/apps/browser/src/_locales/ne/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/nl/messages.json b/apps/browser/src/_locales/nl/messages.json
index 71134c7a33b..b5220861652 100644
--- a/apps/browser/src/_locales/nl/messages.json
+++ b/apps/browser/src/_locales/nl/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Beveiligingscode"
   },
+  "cardNumber": {
+    "message": "kaartnummer"
+  },
   "ex": {
     "message": "bijv."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Verzoek verzonden"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Inloggen voor $EMAIL$ goedgekeurd op $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Je hebt een inlogpoging vanaf een ander apparaat geweigerd. Als je dit toch echt zelf was, probeer dan opnieuw in te loggen met het apparaat."
+  },
+  "device": {
+    "message": "Apparaat"
+  },
+  "loginStatus": {
+    "message": "Loginstatus"
+  },
   "masterPasswordChanged": {
     "message": "Hoofdwachtwoord gewijzigd"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Onthoud dit apparaat om in het vervolg naadloos in te loggen"
   },
+  "manageDevices": {
+    "message": "Apparaten beheren"
+  },
+  "currentSession": {
+    "message": "Huidige sessie"
+  },
+  "mobile": {
+    "message": "Mobiel",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extensie",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Webkluis"
+  },
+  "webApp": {
+    "message": "Web-app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Verzoek in behandeling"
+  },
+  "firstLogin": {
+    "message": "Eerst inloggen"
+  },
+  "trusted": {
+    "message": "Vertrouwd"
+  },
+  "needsApproval": {
+    "message": "Heeft goedkeuring nodig"
+  },
+  "devices": {
+    "message": "Apparaten"
+  },
+  "accessAttemptBy": {
+    "message": "Inlogpoging door $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Toegang bevestigen"
+  },
+  "denyAccess": {
+    "message": "Toegang weigeren"
+  },
+  "time": {
+    "message": "Tijd"
+  },
+  "deviceType": {
+    "message": "Apparaattype"
+  },
+  "loginRequest": {
+    "message": "Log-inverzoek"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Dit verzoek is niet langer geldig."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Probeer je toegang te krijgen tot je account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Inloggen voor $EMAIL$ bevestigd op $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Je hebt een inlogpoging vanaf een ander apparaat geweigerd. Als je dit toch echt zelf was, probeer dan opnieuw in te loggen met het apparaat."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Inlogverzoek is al verlopen."
+  },
+  "justNow": {
+    "message": "Zojuist"
+  },
+  "requestedXMinutesAgo": {
+    "message": "$MINUTES$ minuten geleden aangevraagd",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Apparaattoestemming vereist. Kies een goedkeuringsoptie hieronder:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "$FIELD$, $VALUE$ kopiëren",
+  "copyFieldCipherName": {
+    "message": "$FIELD$, $CIPHERNAME$ kopiëren",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/nn/messages.json b/apps/browser/src/_locales/nn/messages.json
index ecc7da63e79..9a6d9a4d316 100644
--- a/apps/browser/src/_locales/nn/messages.json
+++ b/apps/browser/src/_locales/nn/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/or/messages.json b/apps/browser/src/_locales/or/messages.json
index ecc7da63e79..9a6d9a4d316 100644
--- a/apps/browser/src/_locales/or/messages.json
+++ b/apps/browser/src/_locales/or/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/pl/messages.json b/apps/browser/src/_locales/pl/messages.json
index b4b62d7968c..aa8ab76d543 100644
--- a/apps/browser/src/_locales/pl/messages.json
+++ b/apps/browser/src/_locales/pl/messages.json
@@ -659,7 +659,7 @@
     "message": "Zweryfikuj tożsamość"
   },
   "weDontRecognizeThisDevice": {
-    "message": "Nie rozpoznajemy tego urządzenia. Wpisz kod wysłany na Twój e-mail, aby zweryfikować tożsamość."
+    "message": "Nie rozpoznajemy tego urządzenia. Wpisz kod wysłany na adres e-mail, aby zweryfikować swoją tożsamość."
   },
   "continueLoggingIn": {
     "message": "Kontynuuj logowanie"
@@ -1213,17 +1213,17 @@
     "message": "Pokaż opcje w menu kontekstowym"
   },
   "contextMenuItemDesc": {
-    "message": "Użyj drugiego kliknięcia, aby uzyskać dostęp do generowania haseł i pasujących danych logowania do witryny."
+    "message": "Użyj drugiego kliknięcia, aby uzyskać dostęp do generatora hasła i pasujących danych logowania."
   },
   "contextMenuItemDescAlt": {
-    "message": "Użyj drugiego kliknięcia, aby uzyskać dostęp do generowania haseł i pasujących danych logowania do witryny. Dotyczy wszystkich zalogowanych kont."
+    "message": "Użyj drugiego kliknięcia, aby uzyskać dostęp do generatora hasła i pasujących danych logowania. Dotyczy wszystkich zalogowanych kont."
   },
   "defaultUriMatchDetection": {
     "message": "Domyślne wykrywanie dopasowania",
     "description": "Default URI match detection for autofill."
   },
   "defaultUriMatchDetectionDesc": {
-    "message": "Wybierz domyślny sposób wykrywania dopasowania adresów dla czynności takich jak autouzupełnianie."
+    "message": "Wybierz domyślne wykrywanie dopasowania dla autouzupełniania."
   },
   "theme": {
     "message": "Motyw"
@@ -1252,7 +1252,7 @@
     "message": "Format pliku"
   },
   "fileEncryptedExportWarningDesc": {
-    "message": "Plik będzie chroniony hasłem, które będzie wymagane do odszyfrowania pliku."
+    "message": "Plik zostanie zaszyfrowany hasłem."
   },
   "filePassword": {
     "message": "Hasło pliku"
@@ -1296,7 +1296,7 @@
     "message": "Klucze szyfrowania konta są unikalne dla każdego użytkownika Bitwarden, więc nie możesz zaimportować zaszyfrowanego pliku eksportu na inne konto."
   },
   "exportMasterPassword": {
-    "message": "Wpisz hasło główne, aby wyeksportować dane z sejfu."
+    "message": "Wpisz hasło główne, aby wyeksportować dane sejfu."
   },
   "shared": {
     "message": "Udostępnione"
@@ -1372,7 +1372,7 @@
     "message": "Funkcja jest niedostępna"
   },
   "legacyEncryptionUnsupported": {
-    "message": "Starsze szyfrowanie nie jest już obsługiwane. Skontaktuj się z pomocą techniczną, aby odzyskać swoje konto."
+    "message": "Starsze szyfrowanie nie jest już obsługiwane. Skontaktuj się z pomocą techniczną, aby odzyskać konto."
   },
   "premiumMembership": {
     "message": "Konto premium"
@@ -1490,7 +1490,7 @@
     "message": "Użyj kodu odzyskiwania"
   },
   "insertU2f": {
-    "message": "Włóż klucz bezpieczeństwa do portu USB komputera. Jeśli klucz posiada przycisk, dotknij go."
+    "message": "Włóż klucz bezpieczeństwa do portu USB urządzenia. Jeśli klucz ma przycisk, dotknij go."
   },
   "openInNewTab": {
     "message": "Otwórz w nowej karcie"
@@ -1502,7 +1502,7 @@
     "message": "Odczytaj klucz bezpieczeństwa"
   },
   "awaitingSecurityKeyInteraction": {
-    "message": "Oczekiwanie na interakcję z kluczem bezpieczeństwa..."
+    "message": "Oczekiwanie na klucz bezpieczeństwa..."
   },
   "loginUnavailable": {
     "message": "Logowanie jest niedostępne"
@@ -1550,7 +1550,7 @@
     "message": "FIDO2 WebAuthn"
   },
   "webAuthnDesc": {
-    "message": "Użyj dowolnego klucza bezpieczeństwa WebAuthn, aby uzyskać dostęp do swojego konta."
+    "message": "Użyj dowolnego klucza bezpieczeństwa WebAuthn, aby uzyskać dostęp do konta."
   },
   "emailTitle": {
     "message": "Adres e-mail"
@@ -1606,7 +1606,7 @@
     "message": "Sugestie autouzupełniania"
   },
   "autofillSpotlightTitle": {
-    "message": "Łatwe znajdowanie sugestii autouzupełniania"
+    "message": "Łatwe wyszukiwanie sugestii autouzupełniania"
   },
   "autofillSpotlightDesc": {
     "message": "Wyłącz ustawienia autouzupełniania swojej przeglądarki, aby nie kolidowały z Bitwarden."
@@ -1639,7 +1639,7 @@
     "message": "Dotyczy wszystkich zalogowanych kont."
   },
   "turnOffBrowserBuiltInPasswordManagerSettings": {
-    "message": "Wyłącz wbudowany w przeglądarkę menedżer haseł, aby uniknąć konfliktów."
+    "message": "Wyłącz menedżer haseł przeglądarki, aby uniknąć konfliktów."
   },
   "turnOffBrowserBuiltInPasswordManagerSettingsLink": {
     "message": "Edytuj ustawienia przeglądarki."
@@ -1761,10 +1761,10 @@
     "message": "Pokaż ikony stron internetowych"
   },
   "faviconDesc": {
-    "message": "Pokaż rozpoznawalny obraz obok danych logowania."
+    "message": "Pokaż rozpoznawalną ikonę obok danych logowania."
   },
   "faviconDescAlt": {
-    "message": "Pokaż rozpoznawalny obraz obok danych logowania. Dotyczy wszystkich zalogowanych kont."
+    "message": "Pokaż rozpoznawalną ikonę obok danych logowania. Dotyczy wszystkich zalogowanych kont."
   },
   "enableBadgeCounter": {
     "message": "Pokaż licznik na ikonie"
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Kod zabezpieczający"
   },
+  "cardNumber": {
+    "message": "numer karty"
+  },
   "ex": {
     "message": "np."
   },
@@ -1977,7 +1980,7 @@
     "message": "Kolekcje"
   },
   "nCollections": {
-    "message": "Kolekcje: $COUNT$",
+    "message": "Kolekcje ($COUNT$)",
     "placeholders": {
       "count": {
         "content": "$1",
@@ -2646,13 +2649,13 @@
     "description": "Description of the update in Bitwarden slide on the at-risk password page carousel"
   },
   "updateInBitwardenSlideImgAltPeriod": {
-    "message": "Ilustracja powiadomienia Bitwardena, skłaniająca użytkownika do zaktualizowania danych logowania."
+    "message": "Ilustracja powiadomienia Bitwarden, zachęcająca użytkownika do zaktualizowania danych logowania."
   },
   "turnOnAutofill": {
     "message": "Włącz autouzupełnianie"
   },
   "turnedOnAutofill": {
-    "message": "Włączono autouzupełnianie"
+    "message": "Autouzupełnianie zostało włączone"
   },
   "dismiss": {
     "message": "Odrzuć"
@@ -2902,7 +2905,7 @@
     "message": "Data i czas usunięcia są wymagane."
   },
   "dateParsingError": {
-    "message": "Wystąpił błąd podczas zapisywania daty usunięcia i wygaśnięcia."
+    "message": "Wystąpił błąd podczas zapisywania dat usunięcia i wygaśnięcia."
   },
   "hideYourEmail": {
     "message": "Ukryj mój adres e-mail przed odbiorcami."
@@ -3136,7 +3139,7 @@
     "message": "Błąd odszyfrowywania"
   },
   "couldNotDecryptVaultItemsBelow": {
-    "message": "Bitwarden nie mógł odszyfrować elementów sejfu wymienionych poniżej."
+    "message": "Bitwarden nie mógł odszyfrować poniższych elementów sejfu."
   },
   "contactCSToAvoidDataLossPart1": {
     "message": "Skontaktuj się z działem obsługi klienta,",
@@ -3449,7 +3452,7 @@
     "message": "Powiadomienie zostało wysłane na urządzenie"
   },
   "youWillBeNotifiedOnceTheRequestIsApproved": {
-    "message": "Zostaniesz powiadomiony po zatwierdzeniu prośby"
+    "message": "Zostaniesz powiadomiony po potwierdzeniu"
   },
   "needAnotherOptionV1": {
     "message": "Potrzebujesz innej opcji?"
@@ -3458,7 +3461,29 @@
     "message": "Logowanie rozpoczęte"
   },
   "logInRequestSent": {
-    "message": "Żądanie wysłane"
+    "message": "Prośba została wysłana"
+  },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Logowanie potwierdzone dla $EMAIL$ na $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Odrzucono próby logowania z innego urządzenia. Jeśli to naprawdę Ty, spróbuj ponownie zalogować się za pomocą urządzenia."
+  },
+  "device": {
+    "message": "Urządzenie"
+  },
+  "loginStatus": {
+    "message": "Status zalogowania"
   },
   "masterPasswordChanged": {
     "message": "Hasło główne zostało zapisane"
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Zapamiętaj to urządzenie, aby przyszłe logowania były bezproblemowe"
   },
+  "manageDevices": {
+    "message": "Zarządzaj urządzeniami"
+  },
+  "currentSession": {
+    "message": "Obecna sesja"
+  },
+  "mobile": {
+    "message": "Telefon",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Rozszerzenie",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Komputer",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Sejf internetowy"
+  },
+  "webApp": {
+    "message": "Aplikacja internetowa"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Zapytanie oczekuje"
+  },
+  "firstLogin": {
+    "message": "Pierwsze logowanie"
+  },
+  "trusted": {
+    "message": "Zaufane"
+  },
+  "needsApproval": {
+    "message": "Wymagane potwierdzenie"
+  },
+  "devices": {
+    "message": "Urządzenia"
+  },
+  "accessAttemptBy": {
+    "message": "Próba dostępu przez $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Potwierdź dostęp"
+  },
+  "denyAccess": {
+    "message": "Odmów dostępu"
+  },
+  "time": {
+    "message": "Czas"
+  },
+  "deviceType": {
+    "message": "Rodzaj urządzenia"
+  },
+  "loginRequest": {
+    "message": "Żądanie logowania"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Prośba nie jest już ważna."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Czy próbujesz uzyskać dostęp do swojego konta?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Logowanie potwierdzone dla $EMAIL$ na $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Odrzucono próby logowania z innego urządzenia. Jeśli to naprawdę Ty, spróbuj ponownie zalogować się za pomocą urządzenia."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Prośba logowania wygasła."
+  },
+  "justNow": {
+    "message": "Teraz"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Poproszono $MINUTES$ min temu",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Wymagane zatwierdzenie urządzenia. Wybierz opcję zatwierdzenia poniżej:"
   },
@@ -3563,19 +3695,19 @@
     "message": "Wymagane zatwierdzenie urządzenia"
   },
   "selectAnApprovalOptionBelow": {
-    "message": "Wybierz opcję zatwierdzenia poniżej"
+    "message": "Wybierz opcję potwierdzenia"
   },
   "rememberThisDevice": {
     "message": "Zapamiętaj urządzenie"
   },
   "uncheckIfPublicDevice": {
-    "message": "Odznacz, jeśli używasz publicznego urządzenia"
+    "message": "Wyłącz na obcych urządzeniach"
   },
   "approveFromYourOtherDevice": {
-    "message": "Zatwierdź z innego twojego urządzenia"
+    "message": "Potwierdź za pomocą innego urządzenia"
   },
   "requestAdminApproval": {
-    "message": "Poproś administratora o zatwierdzenie"
+    "message": "Poproś administratora o potwierdzenie"
   },
   "unableToCompleteLogin": {
     "message": "Nie można ukończyć logowania"
@@ -3624,10 +3756,10 @@
     "message": "Konto zostało utworzone!"
   },
   "adminApprovalRequested": {
-    "message": "Poproszono administratora o zatwierdzenie"
+    "message": "Poproszono administratora o potwierdzenie"
   },
   "adminApprovalRequestSentToAdmins": {
-    "message": "Twoja prośba została wysłana do Twojego administratora."
+    "message": "Prośba została wysłana do administratora."
   },
   "troubleLoggingIn": {
     "message": "Problem z logowaniem?"
@@ -4307,7 +4439,7 @@
     "description": "Body content for dialog which asks if the user wants to proceed to the browser's keyboard shortcut settings page"
   },
   "overrideDefaultBrowserAutofillTitle": {
-    "message": "Czy ustawić Bitwarden jako domyślny menadżer haseł?",
+    "message": "Ustawić Bitwarden jako domyślny menadżer haseł?",
     "description": "Dialog title facilitating the ability to override a chrome browser's default autofill behavior"
   },
   "overrideDefaultBrowserAutofillDescription": {
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Kopiuj $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Kopiuj $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
@@ -5455,7 +5587,7 @@
     "message": "Nie masz uprawnień do przeglądania tej strony. Spróbuj zalogować się na inne konto."
   },
   "wasmNotSupported": {
-    "message": "Zestaw WebAssembly nie jest obsługiwany w przeglądarce lub nie jest włączony. Do korzystania z aplikacji Bitwarden wymagany jest zestaw WebAssembre.",
+    "message": "WebAssembly nie jest obsługiwany w przeglądarce lub jest wyłączony. WebAssembly jest wymagany do korzystania z aplikacji Bitwarden.",
     "description": "'WebAssembly' is a technical term and should not be translated."
   }
 }
diff --git a/apps/browser/src/_locales/pt_BR/messages.json b/apps/browser/src/_locales/pt_BR/messages.json
index 4d0e4148782..7d5509a628b 100644
--- a/apps/browser/src/_locales/pt_BR/messages.json
+++ b/apps/browser/src/_locales/pt_BR/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Código de Segurança"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Pedido enviado"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Lembrar deste dispositivo para permanecer conectado"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Aprovação do dispositivo necessária. Selecione uma opção de aprovação abaixo:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copiar $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/pt_PT/messages.json b/apps/browser/src/_locales/pt_PT/messages.json
index 8f06014b6b2..1e77e1c3035 100644
--- a/apps/browser/src/_locales/pt_PT/messages.json
+++ b/apps/browser/src/_locales/pt_PT/messages.json
@@ -450,7 +450,7 @@
     "message": "Gera automaticamente palavras-passe fortes e únicas para as suas credenciais."
   },
   "bitWebVaultApp": {
-    "message": "Aplicação Web Bitwarden"
+    "message": "Aplicação web Bitwarden"
   },
   "importItems": {
     "message": "Importar itens"
@@ -653,7 +653,7 @@
     "message": "Classificar a extensão"
   },
   "browserNotSupportClipboard": {
-    "message": "O seu navegador Web não suporta a cópia fácil da área de transferência. Em vez disso, copie manualmente."
+    "message": "O seu navegador web não suporta a cópia fácil da área de transferência. Em vez disso, copie manualmente."
   },
   "verifyYourIdentity": {
     "message": "Verifique a sua identidade"
@@ -929,7 +929,7 @@
     "message": "Torne a sua conta mais segura configurando a verificação de dois passos na aplicação Web Bitwarden."
   },
   "twoStepLoginConfirmationTitle": {
-    "message": "Continuar para a aplicação Web?"
+    "message": "Continuar para a aplicação web?"
   },
   "editedFolder": {
     "message": "Pasta guardada"
@@ -1584,7 +1584,7 @@
     "message": "URL do servidor da API"
   },
   "webVaultUrl": {
-    "message": "URL do servidor do cofre Web"
+    "message": "URL do servidor do cofre web"
   },
   "identityUrl": {
     "message": "URL do servidor de identidade"
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Código de segurança"
   },
+  "cardNumber": {
+    "message": "número do cartão"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Pedido enviado"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Pedido de início de sessão aprovado para $EMAIL$ no $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Recusou uma tentativa de início de sessão de outro dispositivo. Se foi realmente o caso, tente iniciar sessão com o dispositivo novamente."
+  },
+  "device": {
+    "message": "Dispositivo"
+  },
+  "loginStatus": {
+    "message": "Estado do início de sessão"
+  },
   "masterPasswordChanged": {
     "message": "Palavra-passe mestra guardada"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Memorizar este dispositivo para facilitar futuros inícios de sessão"
   },
+  "manageDevices": {
+    "message": "Gerir dispositivos"
+  },
+  "currentSession": {
+    "message": "Sessão atual"
+  },
+  "mobile": {
+    "message": "Móvel",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extensão",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Computador",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Cofre web"
+  },
+  "webApp": {
+    "message": "Aplicação web"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Pedido pendente"
+  },
+  "firstLogin": {
+    "message": "Primeiro início de sessão"
+  },
+  "trusted": {
+    "message": "Confiável"
+  },
+  "needsApproval": {
+    "message": "Precisa de aprovação"
+  },
+  "devices": {
+    "message": "Dispositivos"
+  },
+  "accessAttemptBy": {
+    "message": "Tentativa de acesso por $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirmar acesso"
+  },
+  "denyAccess": {
+    "message": "Recusar acesso"
+  },
+  "time": {
+    "message": "Hora"
+  },
+  "deviceType": {
+    "message": "Tipo de dispositivo"
+  },
+  "loginRequest": {
+    "message": "Pedido de início de sessão"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Este pedido já não é válido."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Está a tentar aceder à sua conta?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Início de sessão confirmado para $EMAIL$ no $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Recusou uma tentativa de início de sessão de outro dispositivo. Se foi realmente o caso, tente iniciar sessão com o dispositivo novamente."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "O pedido de início de sessão já expirou."
+  },
+  "justNow": {
+    "message": "Agora mesmo"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Pedido há $MINUTES$ minutos",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "É necessária a aprovação do dispositivo. Selecione uma opção de aprovação abaixo:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copiar $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copiar $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/ro/messages.json b/apps/browser/src/_locales/ro/messages.json
index 02fc0054e73..7f54640af25 100644
--- a/apps/browser/src/_locales/ro/messages.json
+++ b/apps/browser/src/_locales/ro/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Cod de securitate"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Este necesară aprobarea dispozitivului. Selectați o opțiune de autorizare de mai jos:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/ru/messages.json b/apps/browser/src/_locales/ru/messages.json
index 2c9aa0f4d45..db236cbfcc8 100644
--- a/apps/browser/src/_locales/ru/messages.json
+++ b/apps/browser/src/_locales/ru/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Код безопасности"
   },
+  "cardNumber": {
+    "message": "номер карты"
+  },
   "ex": {
     "message": "напр."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Запрос отправлен"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Запрос входа для $EMAIL$ на $DEVICE$ одобрен",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Вы отклонили попытку авторизации с другого устройства. Если это были вы, попробуйте авторизоваться с этого устройства еще раз."
+  },
+  "device": {
+    "message": "Устройство"
+  },
+  "loginStatus": {
+    "message": "Статус авторизации"
+  },
   "masterPasswordChanged": {
     "message": "Мастер-пароль сохранен"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Запомнить это устройство, чтобы в будущем авторизовываться быстрее"
   },
+  "manageDevices": {
+    "message": "Управление устройствами"
+  },
+  "currentSession": {
+    "message": "Текущая сессия"
+  },
+  "mobile": {
+    "message": "Мобильный",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Расширение",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Компьютер",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Веб-хранилище"
+  },
+  "webApp": {
+    "message": "Веб-приложение"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Запрос в ожидании"
+  },
+  "firstLogin": {
+    "message": "Первый вход"
+  },
+  "trusted": {
+    "message": "Доверенный"
+  },
+  "needsApproval": {
+    "message": "Требуется одобрение"
+  },
+  "devices": {
+    "message": "Устройства"
+  },
+  "accessAttemptBy": {
+    "message": "Попытка доступа $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Подтвердить доступ"
+  },
+  "denyAccess": {
+    "message": "Отказать в доступе"
+  },
+  "time": {
+    "message": "Время"
+  },
+  "deviceType": {
+    "message": "Тип устройства"
+  },
+  "loginRequest": {
+    "message": "Запрос на вход"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Этот запрос больше не действителен."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Вы пытаетесь получить доступ к своему аккаунту?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Вход подтвержден для $EMAIL$ на $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Вы отклонили попытку авторизации с другого устройства. Если это действительно были вы, попробуйте авторизоваться с этого устройства еще раз."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Запрос на вход истек."
+  },
+  "justNow": {
+    "message": "Только что"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Запрошено $MINUTES$ минут назад",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Требуется одобрение устройства. Выберите вариант ниже:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Скопировать $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Копировать $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/si/messages.json b/apps/browser/src/_locales/si/messages.json
index aa88e12ba39..13e6c2522bf 100644
--- a/apps/browser/src/_locales/si/messages.json
+++ b/apps/browser/src/_locales/si/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "ආරක්ෂක කේතය"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "හිටපු."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/sk/messages.json b/apps/browser/src/_locales/sk/messages.json
index 356617ea25c..e98c643edb9 100644
--- a/apps/browser/src/_locales/sk/messages.json
+++ b/apps/browser/src/_locales/sk/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Bezpečnostný kód"
   },
+  "cardNumber": {
+    "message": "číslo karty"
+  },
   "ex": {
     "message": "napr."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Požiadavka bola odoslaná"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Potvrdené prihlásenie pre $EMAIL$ na $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Odmietli ste pokus o prihlásenie z iného zariadenia. Ak ste to boli vy, skúste sa prihlásiť pomocou zariadenia znova."
+  },
+  "device": {
+    "message": "Zariadenie"
+  },
+  "loginStatus": {
+    "message": "Stav prihlásenia"
+  },
   "masterPasswordChanged": {
     "message": "Hlavné heslo uložené"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Zapamätať si toto zariadenie, pre budúce bezproblémové prihlásenie"
   },
+  "manageDevices": {
+    "message": "Spravovať zariadenia"
+  },
+  "currentSession": {
+    "message": "Aktuálna relácia"
+  },
+  "mobile": {
+    "message": "Mobil",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Rozšírenie",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Počítač",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Webový trezor"
+  },
+  "webApp": {
+    "message": "Webová aplikácia"
+  },
+  "cli": {
+    "message": "Príkazový riadok (CLI)"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Žiadosť čaká na spracovanie"
+  },
+  "firstLogin": {
+    "message": "Prvé prihlásenie"
+  },
+  "trusted": {
+    "message": "Dôveryhodné"
+  },
+  "needsApproval": {
+    "message": "Potrebuje súhlas"
+  },
+  "devices": {
+    "message": "Zariadenia"
+  },
+  "accessAttemptBy": {
+    "message": "Pokus o prístup z $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Potvrdiť prístup"
+  },
+  "denyAccess": {
+    "message": "Zamietnuť prístup"
+  },
+  "time": {
+    "message": "Čas"
+  },
+  "deviceType": {
+    "message": "Typ zariadenia"
+  },
+  "loginRequest": {
+    "message": "Žiadosť o prihlásenie"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Táto žiadosť už nie je platná."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Snažíte sa získať prístup k svojmu účtu?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Potvrdené prihlásenie pre $EMAIL$ na $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Odmietli ste pokus o prihlásenie z iného zariadenia. Ak ste to boli naozaj vy, skúste sa prihlásiť pomocou zariadenia znova."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Platnosť žiadosti o prihlásenie už vypršala."
+  },
+  "justNow": {
+    "message": "Práve teraz"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Vyžiadané pred $MINUTES$ min.",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Vyžaduje sa schválenie zariadenia. Vyberte možnosť schválenia nižšie:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Kopírovať $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Kopírovať $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/sl/messages.json b/apps/browser/src/_locales/sl/messages.json
index 72f058254e4..397b7be54e8 100644
--- a/apps/browser/src/_locales/sl/messages.json
+++ b/apps/browser/src/_locales/sl/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Varnostna koda"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "npr."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/sr/messages.json b/apps/browser/src/_locales/sr/messages.json
index 4ac75bde569..f68d0b97447 100644
--- a/apps/browser/src/_locales/sr/messages.json
+++ b/apps/browser/src/_locales/sr/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Сигурносни код"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "нпр."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Захтев је послат"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Главна лозинка сачувана"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Запамтити овај уређај да би будуће пријаве биле беспрекорне"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Потребно је одобрење уређаја. Изаберите опцију одобрења испод:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Копирај $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/sv/messages.json b/apps/browser/src/_locales/sv/messages.json
index ff20cdd2ed9..cbfc3e478f5 100644
--- a/apps/browser/src/_locales/sv/messages.json
+++ b/apps/browser/src/_locales/sv/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Säkerhetskod"
   },
+  "cardNumber": {
+    "message": "kortnummer"
+  },
   "ex": {
     "message": "t. ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Begäran skickad"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Inloggningsbegäran godkänd för $EMAIL$ på $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Du nekade ett inloggningsförsök från en annan enhet. Om det var du, försök att logga in med enheten igen."
+  },
+  "device": {
+    "message": "Enhet"
+  },
+  "loginStatus": {
+    "message": "Inloggningsstatus"
+  },
   "masterPasswordChanged": {
     "message": "Huvudlösenordet sparades"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Kom ihåg den här enheten för att göra framtida inloggningar smidiga"
   },
+  "manageDevices": {
+    "message": "Hantera enheter"
+  },
+  "currentSession": {
+    "message": "Aktuell session"
+  },
+  "mobile": {
+    "message": "Mobil",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Tillägg",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Skrivbord",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Webbvalv"
+  },
+  "webApp": {
+    "message": "Webbapp"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Förfrågning väntar"
+  },
+  "firstLogin": {
+    "message": "Första inloggningen"
+  },
+  "trusted": {
+    "message": "Betrodd"
+  },
+  "needsApproval": {
+    "message": "Kräver godkännande"
+  },
+  "devices": {
+    "message": "Enheter"
+  },
+  "accessAttemptBy": {
+    "message": "Åtkomstförsök av $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Bekräfta åtkomst"
+  },
+  "denyAccess": {
+    "message": "Neka åtkomst"
+  },
+  "time": {
+    "message": "Tid"
+  },
+  "deviceType": {
+    "message": "Enhetstyp"
+  },
+  "loginRequest": {
+    "message": "Begäran om inloggning"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Denna begäran är inte längre giltig."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Försöker du komma åt ditt konto?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Inloggning bekräftad för $EMAIL$ på $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Du har avvisat ett inloggningsförsök från en annan enhet. Om det verkligen var du, försök logga in med enheten igen."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Inloggningsbegäran har redan gått ut."
+  },
+  "justNow": {
+    "message": "Just nu"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Begärdes för $MINUTES$ minuter sedan",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Godkännande av enhet krävs. Välj ett alternativ för godkännande nedan:"
   },
@@ -4075,10 +4207,10 @@
     "message": "Inloggad!"
   },
   "passkeyNotCopied": {
-    "message": "Lösennyckeln kommer inte kopieras"
+    "message": "Inloggningsnyckeln kommer inte kopieras"
   },
   "passkeyNotCopiedAlert": {
-    "message": "Lösennyckeln kommer inte att kopieras till det klonade objektet. Vill du fortsätta klona det här objektet?"
+    "message": "Inloggningsnyckeln kommer inte att kopieras till det klonade objektet. Vill du fortsätta klona det här objektet?"
   },
   "passkeyFeatureIsNotImplementedForAccountsWithoutMasterPassword": {
     "message": "Verifiering krävs av den initierande webbplatsen. Denna funktion är ännu inte implementerad för konton utan huvudlösenord."
@@ -4087,7 +4219,7 @@
     "message": "Logga in med nyckel?"
   },
   "passkeyAlreadyExists": {
-    "message": "En lösennyckel finns redan för detta program."
+    "message": "En inloggningsnyckel finns redan för detta program."
   },
   "noPasskeysFoundForThisApplication": {
     "message": "Inga lösennycklar hittades för detta program."
@@ -4111,25 +4243,25 @@
     "message": "Spara nyckel som ny inloggning"
   },
   "chooseCipherForPasskeySave": {
-    "message": "Välj en inloggning som du vill spara nyckeln till"
+    "message": "Välj en inloggning som du vill spara inloggningsnyckeln till"
   },
   "chooseCipherForPasskeyAuth": {
-    "message": "Välj en lösenordskod att logga in med"
+    "message": "Välj en inloggningsnyckel att logga in med"
   },
   "passkeyItem": {
-    "message": "Lösennyckelobjekt"
+    "message": "Inloggningsnyckelsobjekt"
   },
   "overwritePasskey": {
-    "message": "Skriv över lösennyckel?"
+    "message": "Skriv över inloggningsnyckel?"
   },
   "overwritePasskeyAlert": {
-    "message": "Detta objekt innehåller redan en lösennyckel. Är du säker på att du vill skriva över nuvarande lösennyckeln?"
+    "message": "Detta objekt innehåller redan en inloggningsnyckel. Är du säker på att du vill skriva över nuvarande inloggningsnyckel?"
   },
   "featureNotSupported": {
     "message": "Funktionen stöds ännu inte"
   },
   "yourPasskeyIsLocked": {
-    "message": "Autentisering krävs för att använda lösennyckel. Verifiera din identitet för att fortsätta."
+    "message": "Autentisering krävs för att använda inloggningsnyckel. Verifiera din identitet för att fortsätta."
   },
   "multifactorAuthenticationCancelled": {
     "message": "Flerfaktorsautentisering avbruten"
@@ -4354,10 +4486,10 @@
     "message": "Lyckades"
   },
   "removePasskey": {
-    "message": "Ta bort passkey"
+    "message": "Ta bort inloggningsnyckel"
   },
   "passkeyRemoved": {
-    "message": "Passkey borttagen"
+    "message": "Inloggningsnyckel borttagen"
   },
   "autofillSuggestions": {
     "message": "Förslag för autofyll"
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Kopiera $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Kopiera $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/te/messages.json b/apps/browser/src/_locales/te/messages.json
index ecc7da63e79..9a6d9a4d316 100644
--- a/apps/browser/src/_locales/te/messages.json
+++ b/apps/browser/src/_locales/te/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/th/messages.json b/apps/browser/src/_locales/th/messages.json
index c085b7557e0..49515eb1c64 100644
--- a/apps/browser/src/_locales/th/messages.json
+++ b/apps/browser/src/_locales/th/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Security Code"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "ex."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Request sent"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Remember this device to make future logins seamless"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/tr/messages.json b/apps/browser/src/_locales/tr/messages.json
index 5dae8dfcdc4..cd7c8d3f0b6 100644
--- a/apps/browser/src/_locales/tr/messages.json
+++ b/apps/browser/src/_locales/tr/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Güvenlik kodu"
   },
+  "cardNumber": {
+    "message": "kart numarası"
+  },
   "ex": {
     "message": "örn."
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "İstek gönderildi"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "$DEVICE$ cihazında $EMAIL$ girişi onaylandı",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Başka bir cihazdan giriş isteğini reddettiniz. Yanlışlıkla yaptıysanız aynı cihazdan yeniden giriş yapmayı deneyin."
+  },
+  "device": {
+    "message": "Cihaz"
+  },
+  "loginStatus": {
+    "message": "Oturum açma durumu"
+  },
   "masterPasswordChanged": {
     "message": "Ana parola kaydedildi"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Sonraki girişleri kolaylaştırmak için bu cihazı hatırla"
   },
+  "manageDevices": {
+    "message": "Cihazları yönet"
+  },
+  "currentSession": {
+    "message": "Geçerli oturum"
+  },
+  "mobile": {
+    "message": "Mobil",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Uzantı",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Masaüstü",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web kasası"
+  },
+  "webApp": {
+    "message": "Web uygulaması"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "İstek bekliyor"
+  },
+  "firstLogin": {
+    "message": "İlk giriş"
+  },
+  "trusted": {
+    "message": "Güvenilen"
+  },
+  "needsApproval": {
+    "message": "Onay gerekiyor"
+  },
+  "devices": {
+    "message": "Cihazlar"
+  },
+  "accessAttemptBy": {
+    "message": "$EMAIL$ erişim denemesi",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Erişimi onayla"
+  },
+  "denyAccess": {
+    "message": "Erişimi reddet"
+  },
+  "time": {
+    "message": "Tarih"
+  },
+  "deviceType": {
+    "message": "Cihaz türü"
+  },
+  "loginRequest": {
+    "message": "Giriş isteği"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Bu istek artık geçerli değil."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Hesabınıza erişmeye mi çalışıyorsunuz?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "$DEVICE$ cihazında $EMAIL$ girişi onaylandı",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Başka bir cihazdan giriş isteğini reddettiniz. Yanlışlıkla yaptıysanız aynı cihazdan yeniden giriş yapmayı deneyin."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Giriş isteğinin süresi doldu."
+  },
+  "justNow": {
+    "message": "Az önce"
+  },
+  "requestedXMinutesAgo": {
+    "message": "$MINUTES$ dakika önce istendi",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Cihaz onayı gerekiyor. Lütfen onay yönteminizi seçin:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Kopyala: $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Kopyala: $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/uk/messages.json b/apps/browser/src/_locales/uk/messages.json
index 3d25e982642..083d89fbd12 100644
--- a/apps/browser/src/_locales/uk/messages.json
+++ b/apps/browser/src/_locales/uk/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Код безпеки"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "зразок"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Запит надіслано"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Головний пароль збережено"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Запам'ятайте цей пристрій, щоб спростити майбутні входи в систему"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Необхідне підтвердження пристрою. Виберіть варіант підтвердження нижче:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Копіювати $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/vi/messages.json b/apps/browser/src/_locales/vi/messages.json
index e2752827221..b5de1c2981c 100644
--- a/apps/browser/src/_locales/vi/messages.json
+++ b/apps/browser/src/_locales/vi/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "Mã bảo mật"
   },
+  "cardNumber": {
+    "message": "số thẻ"
+  },
   "ex": {
     "message": "Ví dụ:"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "Đã gửi yêu cầu"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Đã phê duyệt yêu cầu đăng nhập cho $EMAIL$ trên $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Bạn đã từ chối một lần đăng nhập từ thiết bị khác. Nếu đó là bạn, hãy thử đăng nhập lại bằng thiết bị đó."
+  },
+  "device": {
+    "message": "Thiết bị"
+  },
+  "loginStatus": {
+    "message": "Trạng thái đăng nhập"
+  },
   "masterPasswordChanged": {
     "message": "Đã lưu mật khẩu chính"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "Nhớ thiết bị này để đăng nhập dễ dàng trong tương lai"
   },
+  "manageDevices": {
+    "message": "Quản lý thiết bị"
+  },
+  "currentSession": {
+    "message": "Phiên hiện tại"
+  },
+  "mobile": {
+    "message": "Di động",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Tiện ích mở rộng",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Máy tính",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Kho web"
+  },
+  "webApp": {
+    "message": "Ứng dụng web"
+  },
+  "cli": {
+    "message": "Giao diện dòng lệnh (CLI)"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Yêu cầu đang chờ xử lý"
+  },
+  "firstLogin": {
+    "message": "Đăng nhập lần đầu"
+  },
+  "trusted": {
+    "message": "Tin tưởng"
+  },
+  "needsApproval": {
+    "message": "Cần phê duyệt"
+  },
+  "devices": {
+    "message": "Thiết bị"
+  },
+  "accessAttemptBy": {
+    "message": "Cố gắng truy cập bởi $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Xác nhận truy cập"
+  },
+  "denyAccess": {
+    "message": "Từ chối truy cập"
+  },
+  "time": {
+    "message": "Thời gian"
+  },
+  "deviceType": {
+    "message": "Loại thiết bị"
+  },
+  "loginRequest": {
+    "message": "Yêu cầu đăng nhập"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "Yêu cầu này không còn hiệu lực."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Bạn đang cố gắng truy cập tài khoản của mình?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Đã xác nhận đăng nhập cho $EMAIL$ trên $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "Bạn đã từ chối một lần đăng nhập từ thiết bị khác. Nếu thực sự là bạn, hãy thử đăng nhập lại bằng thiết bị đó."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Yêu cầu đăng nhập đã hết hạn."
+  },
+  "justNow": {
+    "message": "Vừa xong"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Đã yêu cầu $MINUTES$ phút trước",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "Yêu cầu phê duyệt thiết bị. Chọn một tuỳ chọn phê duyệt bên dưới:"
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Sao chép $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Sao chép $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/zh_CN/messages.json b/apps/browser/src/_locales/zh_CN/messages.json
index 9ee8fd5a48f..f44265425e9 100644
--- a/apps/browser/src/_locales/zh_CN/messages.json
+++ b/apps/browser/src/_locales/zh_CN/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "安全码"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "例如"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "请求已发送"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "设备"
+  },
+  "loginStatus": {
+    "message": "登录状态"
+  },
   "masterPasswordChanged": {
     "message": "主密码已保存"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "记住此设备以便将来无缝登录"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "此请求已失效。"
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "您正在尝试访问您的账户吗？"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "已确认 $EMAIL$ 在 $DEVICE$ 上的登录",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "您拒绝了另一台设备的登录尝试。如果真的是您，请尝试再次使用该设备登录。"
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "登录请求已过期。"
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "需要设备批准。请在下面选择一个批准选项："
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "复制 $FIELD$，$VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/_locales/zh_TW/messages.json b/apps/browser/src/_locales/zh_TW/messages.json
index 7403ad53705..b41b9271c75 100644
--- a/apps/browser/src/_locales/zh_TW/messages.json
+++ b/apps/browser/src/_locales/zh_TW/messages.json
@@ -1829,6 +1829,9 @@
   "securityCode": {
     "message": "安全代碼"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "ex": {
     "message": "例如"
   },
@@ -3460,6 +3463,28 @@
   "logInRequestSent": {
     "message": "已傳送請求"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
+  "device": {
+    "message": "Device"
+  },
+  "loginStatus": {
+    "message": "Login status"
+  },
   "masterPasswordChanged": {
     "message": "Master password saved"
   },
@@ -3556,6 +3581,113 @@
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
     "message": "記住此裝置來讓未來的登入體驗更簡易"
   },
+  "manageDevices": {
+    "message": "Manage devices"
+  },
+  "currentSession": {
+    "message": "Current session"
+  },
+  "mobile": {
+    "message": "Mobile",
+    "description": "Mobile app"
+  },
+  "extension": {
+    "message": "Extension",
+    "description": "Browser extension/addon"
+  },
+  "desktop": {
+    "message": "Desktop",
+    "description": "Desktop app"
+  },
+  "webVault": {
+    "message": "Web vault"
+  },
+  "webApp": {
+    "message": "Web app"
+  },
+  "cli": {
+    "message": "CLI"
+  },
+  "sdk": {
+    "message": "SDK",
+    "description": "Software Development Kit"
+  },
+  "requestPending": {
+    "message": "Request pending"
+  },
+  "firstLogin": {
+    "message": "First login"
+  },
+  "trusted": {
+    "message": "Trusted"
+  },
+  "needsApproval": {
+    "message": "Needs approval"
+  },
+  "devices": {
+    "message": "Devices"
+  },
+  "accessAttemptBy": {
+    "message": "Access attempt by $EMAIL$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      }
+    }
+  },
+  "confirmAccess": {
+    "message": "Confirm access"
+  },
+  "denyAccess": {
+    "message": "Deny access"
+  },
+  "time": {
+    "message": "Time"
+  },
+  "deviceType": {
+    "message": "Device Type"
+  },
+  "loginRequest": {
+    "message": "Login request"
+  },
+  "thisRequestIsNoLongerValid": {
+    "message": "This request is no longer valid."
+  },
+  "areYouTryingToAccessYourAccount": {
+    "message": "Are you trying to access your account?"
+  },
+  "logInConfirmedForEmailOnDevice": {
+    "message": "Login confirmed for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "iOS"
+      }
+    }
+  },
+  "youDeniedALogInAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
+  },
+  "loginRequestHasAlreadyExpired": {
+    "message": "Login request has already expired."
+  },
+  "justNow": {
+    "message": "Just now"
+  },
+  "requestedXMinutesAgo": {
+    "message": "Requested $MINUTES$ minutes ago",
+    "placeholders": {
+      "minutes": {
+        "content": "$1",
+        "example": "5"
+      }
+    }
+  },
   "deviceApprovalRequired": {
     "message": "裝置需要取得核准。請在下面選擇一個核准選項："
   },
@@ -4465,17 +4597,17 @@
       }
     }
   },
-  "copyFieldValue": {
-    "message": "Copy $FIELD$, $VALUE$",
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
     "description": "Title for a button that copies a field value to the clipboard.",
     "placeholders": {
       "field": {
         "content": "$1",
         "example": "Username"
       },
-      "value": {
+      "ciphername": {
         "content": "$2",
-        "example": "Foo"
+        "example": "Login Item"
       }
     }
   },
diff --git a/apps/browser/src/platform/services/local-backed-session-storage.service.ts b/apps/browser/src/platform/services/local-backed-session-storage.service.ts
index ee5a53b0ad2..978b993fa4d 100644
--- a/apps/browser/src/platform/services/local-backed-session-storage.service.ts
+++ b/apps/browser/src/platform/services/local-backed-session-storage.service.ts
@@ -118,14 +118,14 @@ export class LocalBackedSessionStorageService
       return null;
     }
 
-    const valueJson = await this.encryptService.decryptString(new EncString(local), encKey);
-    if (valueJson == null) {
+    try {
+      const valueJson = await this.encryptService.decryptString(new EncString(local), encKey);
+      return JSON.parse(valueJson);
+    } catch {
       // error with decryption, value is lost, delete state and start over
       await this.localStorage.remove(this.sessionStorageKey(key));
       return null;
     }
-
-    return JSON.parse(valueJson);
   }
 
   private async updateLocalSessionValue(key: string, value: unknown): Promise<void> {
diff --git a/apps/browser/src/popup/app-routing.module.ts b/apps/browser/src/popup/app-routing.module.ts
index 9e55cfce2ce..52a60d9c23d 100644
--- a/apps/browser/src/popup/app-routing.module.ts
+++ b/apps/browser/src/popup/app-routing.module.ts
@@ -268,7 +268,7 @@ const routes: Routes = [
   {
     path: "device-management",
     component: ExtensionDeviceManagementComponent,
-    canActivate: [authGuard],
+    canActivate: [canAccessFeature(FeatureFlag.PM14938_BrowserExtensionLoginApproval), authGuard],
     data: { elevation: 1 } satisfies RouteDataProperties,
   },
   {
diff --git a/apps/browser/src/vault/popup/services/vault-popup-list-filters.service.ts b/apps/browser/src/vault/popup/services/vault-popup-list-filters.service.ts
index 9db5811d75c..7af6fb5f212 100644
--- a/apps/browser/src/vault/popup/services/vault-popup-list-filters.service.ts
+++ b/apps/browser/src/vault/popup/services/vault-popup-list-filters.service.ts
@@ -237,7 +237,7 @@ export class VaultPopupListFiltersService {
               return false;
             }
 
-            if (filters.collection && !cipher.collectionIds?.includes(filters.collection.id)) {
+            if (filters.collection && !cipher.collectionIds?.includes(filters.collection.id!)) {
               return false;
             }
 
diff --git a/apps/browser/store/locales/sv/copy.resx b/apps/browser/store/locales/sv/copy.resx
index d03c7fc808d..c37095ec167 100644
--- a/apps/browser/store/locales/sv/copy.resx
+++ b/apps/browser/store/locales/sv/copy.resx
@@ -165,7 +165,7 @@ Applikationer för flera plattformar
 Säkra och dela känslig data i ditt Bitwarden Vault från vilken webbläsare, mobil enhet eller stationärt operativsystem som helst, och mycket mer.
 
 Bitwarden säkrar mer än bara lösenord
-End-to-end krypterade lösningar för hantering av referenser från Bitwarden gör det möjligt för organisationer att säkra allt, inklusive utvecklarhemligheter och passkey-upplevelser. Besök Bitwarden.com för att lära dig mer om Bitwarden Secrets Manager och Bitwarden Passwordless.dev!
+End-to-end krypterade lösningar för hantering av referenser från Bitwarden gör det möjligt för organisationer att säkra allt, inklusive utvecklarhemligheter och upplevelser med inloggningsnycklar. Besök Bitwarden.com för att lära dig mer om Bitwarden Secrets Manager och Bitwarden Passwordless.dev!
 </value>
   </data>
   <data name="AssetTitle" xml:space="preserve">
diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index 4c514016675..70814c74106 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -349,6 +349,14 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
 
+[[package]]
+name = "autotype"
+version = "0.0.0"
+dependencies = [
+ "windows 0.61.1",
+ "windows-core 0.61.0",
+]
+
 [[package]]
 name = "backtrace"
 version = "0.3.75"
@@ -912,6 +920,7 @@ name = "desktop_napi"
 version = "0.0.0"
 dependencies = [
  "anyhow",
+ "autotype",
  "base64",
  "desktop_core",
  "hex",
@@ -3677,7 +3686,7 @@ dependencies = [
  "windows-implement 0.60.0",
  "windows-interface 0.59.1",
  "windows-link",
- "windows-result 0.3.2",
+ "windows-result 0.3.4",
  "windows-strings",
 ]
 
@@ -3737,9 +3746,9 @@ dependencies = [
 
 [[package]]
 name = "windows-link"
-version = "0.1.1"
+version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38"
+checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"
 
 [[package]]
 name = "windows-numerics"
@@ -3753,12 +3762,12 @@ dependencies = [
 
 [[package]]
 name = "windows-registry"
-version = "0.5.1"
+version = "0.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad1da3e436dc7653dfdf3da67332e22bff09bb0e28b0239e1624499c7830842e"
+checksum = "5b8a9ed28765efc97bbc954883f4e6796c33a06546ebafacbabee9696967499e"
 dependencies = [
  "windows-link",
- "windows-result 0.3.2",
+ "windows-result 0.3.4",
  "windows-strings",
 ]
 
@@ -3773,18 +3782,18 @@ dependencies = [
 
 [[package]]
 name = "windows-result"
-version = "0.3.2"
+version = "0.3.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c64fd11a4fd95df68efcfee5f44a294fe71b8bc6a91993e2791938abcc712252"
+checksum = "56f42bd332cc6c8eac5af113fc0c1fd6a8fd2aa08a0119358686e5160d0586c6"
 dependencies = [
  "windows-link",
 ]
 
 [[package]]
 name = "windows-strings"
-version = "0.4.0"
+version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a2ba9642430ee452d5a7aa78d72907ebe8cfda358e8cb7918a2050581322f97"
+checksum = "56e6c93f3a0c3b36176cb1327a4958a0353d5d166c2a35cb268ace15e91d3b57"
 dependencies = [
  "windows-link",
 ]
diff --git a/apps/desktop/desktop_native/Cargo.toml b/apps/desktop/desktop_native/Cargo.toml
index 8e12dded52c..21835c61585 100644
--- a/apps/desktop/desktop_native/Cargo.toml
+++ b/apps/desktop/desktop_native/Cargo.toml
@@ -1,6 +1,6 @@
 [workspace]
 resolver = "2"
-members = ["napi", "core", "proxy", "macos_provider", "windows_plugin_authenticator"]
+members = ["napi", "core", "proxy", "macos_provider", "windows_plugin_authenticator", "autotype"]
 
 [workspace.package]
 version = "0.0.0"
@@ -60,7 +60,7 @@ widestring = "=1.2.0"
 windows = "=0.61.1"
 windows-core = "=0.61.0"
 windows-future = "=0.2.0"
-windows-registry = "=0.5.1"
+windows-registry = "=0.5.3"
 zbus = "=5.5.0"
 zbus_polkit = "=5.0.0"
 zeroizing-alloc = "=0.1.0"
diff --git a/apps/desktop/desktop_native/autotype/Cargo.toml b/apps/desktop/desktop_native/autotype/Cargo.toml
new file mode 100644
index 00000000000..c8267c3e2ea
--- /dev/null
+++ b/apps/desktop/desktop_native/autotype/Cargo.toml
@@ -0,0 +1,10 @@
+[package]
+name = "autotype"
+version.workspace = true
+license.workspace = true
+edition.workspace = true
+publish.workspace = true
+
+[target.'cfg(windows)'.dependencies]
+windows = { workspace = true, features = ["Win32_UI_Input_KeyboardAndMouse", "Win32_UI_WindowsAndMessaging"] }
+windows-core = { workspace = true }
diff --git a/apps/desktop/desktop_native/autotype/src/lib.rs b/apps/desktop/desktop_native/autotype/src/lib.rs
new file mode 100644
index 00000000000..e3083422eb2
--- /dev/null
+++ b/apps/desktop/desktop_native/autotype/src/lib.rs
@@ -0,0 +1,12 @@
+#[cfg_attr(target_os = "linux", path = "linux.rs")]
+#[cfg_attr(target_os = "macos", path = "macos.rs")]
+#[cfg_attr(target_os = "windows", path = "windows.rs")]
+mod windowing;
+
+/// Gets the title bar string for the foreground window.
+///
+/// TODO: The error handling will be improved in a future PR: PM-23615
+#[allow(clippy::result_unit_err)]
+pub fn get_foreground_window_title() -> std::result::Result<String, ()> {
+    windowing::get_foreground_window_title()
+}
diff --git a/apps/desktop/desktop_native/autotype/src/linux.rs b/apps/desktop/desktop_native/autotype/src/linux.rs
new file mode 100644
index 00000000000..aa06da21a49
--- /dev/null
+++ b/apps/desktop/desktop_native/autotype/src/linux.rs
@@ -0,0 +1,3 @@
+pub fn get_foreground_window_title() -> std::result::Result<String, ()> {
+    todo!("Bitwarden does not yet support Linux autotype");
+}
diff --git a/apps/desktop/desktop_native/autotype/src/macos.rs b/apps/desktop/desktop_native/autotype/src/macos.rs
new file mode 100644
index 00000000000..12a4ca08d3e
--- /dev/null
+++ b/apps/desktop/desktop_native/autotype/src/macos.rs
@@ -0,0 +1,3 @@
+pub fn get_foreground_window_title() -> std::result::Result<String, ()> {
+    todo!("Bitwarden does not yet support Mac OS autotype");
+}
diff --git a/apps/desktop/desktop_native/autotype/src/windows.rs b/apps/desktop/desktop_native/autotype/src/windows.rs
new file mode 100644
index 00000000000..d86d5dd35ae
--- /dev/null
+++ b/apps/desktop/desktop_native/autotype/src/windows.rs
@@ -0,0 +1,75 @@
+use std::ffi::OsString;
+use std::os::windows::ffi::OsStringExt;
+
+use windows::Win32::Foundation::HWND;
+use windows::Win32::UI::WindowsAndMessaging::{
+    GetForegroundWindow, GetWindowTextLengthW, GetWindowTextW,
+};
+
+/// Gets the title bar string for the foreground window.
+pub fn get_foreground_window_title() -> std::result::Result<String, ()> {
+    let Ok(window_handle) = get_foreground_window() else {
+        return Err(());
+    };
+    let Ok(Some(window_title)) = get_window_title(window_handle) else {
+        return Err(());
+    };
+
+    Ok(window_title)
+}
+
+/// Gets the foreground window handle.
+///
+/// https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-getforegroundwindow
+fn get_foreground_window() -> Result<HWND, ()> {
+    let foreground_window_handle = unsafe { GetForegroundWindow() };
+
+    if foreground_window_handle.is_invalid() {
+        return Err(());
+    }
+
+    Ok(foreground_window_handle)
+}
+
+/// Gets the length of the window title bar text.
+///
+/// TODO: Future improvement is to use GetLastError for better error handling
+///
+/// https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-getwindowtextlengthw
+fn get_window_title_length(window_handle: HWND) -> Result<usize, ()> {
+    if window_handle.is_invalid() {
+        return Err(());
+    }
+
+    match usize::try_from(unsafe { GetWindowTextLengthW(window_handle) }) {
+        Ok(length) => Ok(length),
+        Err(_) => Err(()),
+    }
+}
+
+/// Gets the window title bar title.
+///
+/// TODO: Future improvement is to use GetLastError for better error handling
+///
+/// https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-getwindowtextw
+fn get_window_title(window_handle: HWND) -> Result<Option<String>, ()> {
+    if window_handle.is_invalid() {
+        return Err(());
+    }
+
+    let window_title_length = get_window_title_length(window_handle)?;
+    if window_title_length == 0 {
+        return Ok(None);
+    }
+
+    let mut buffer: Vec<u16> = vec![0; window_title_length + 1]; // add extra space for the null character
+
+    let window_title_length = unsafe { GetWindowTextW(window_handle, &mut buffer) };
+    if window_title_length == 0 {
+        return Ok(None);
+    }
+
+    let window_title = OsString::from_wide(&buffer);
+
+    Ok(Some(window_title.to_string_lossy().into_owned()))
+}
diff --git a/apps/desktop/desktop_native/core/src/biometric/mod.rs b/apps/desktop/desktop_native/core/src/biometric/mod.rs
index 79be43b1bfc..e4d51f5da9a 100644
--- a/apps/desktop/desktop_native/core/src/biometric/mod.rs
+++ b/apps/desktop/desktop_native/core/src/biometric/mod.rs
@@ -83,3 +83,93 @@ impl KeyMaterial {
         Ok(Sha256::digest(self.digest_material()))
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::biometric::{decrypt, encrypt, KeyMaterial};
+    use crate::crypto::CipherString;
+    use base64::{engine::general_purpose::STANDARD as base64_engine, Engine};
+    use std::str::FromStr;
+
+    fn key_material() -> KeyMaterial {
+        KeyMaterial {
+            os_key_part_b64: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned(),
+            client_key_part_b64: Some("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned()),
+        }
+    }
+
+    #[test]
+    fn test_encrypt() {
+        let key_material = key_material();
+        let iv_b64 = "l9fhDUP/wDJcKwmEzcb/3w==".to_owned();
+        let secret = encrypt("secret", &key_material, &iv_b64)
+            .unwrap()
+            .parse::<CipherString>()
+            .unwrap();
+
+        match secret {
+            CipherString::AesCbc256_B64 { iv, data: _ } => {
+                assert_eq!(iv_b64, base64_engine.encode(iv));
+            }
+            _ => panic!("Invalid cipher string"),
+        }
+    }
+
+    #[test]
+    fn test_decrypt() {
+        let secret =
+            CipherString::from_str("0.l9fhDUP/wDJcKwmEzcb/3w==|uP4LcqoCCj5FxBDP77NV6Q==").unwrap(); // output from test_encrypt
+        let key_material = key_material();
+        assert_eq!(decrypt(&secret, &key_material).unwrap(), "secret")
+    }
+
+    #[test]
+    fn key_material_produces_valid_key() {
+        let result = key_material().derive_key().unwrap();
+        assert_eq!(result.len(), 32);
+    }
+
+    #[test]
+    fn key_material_uses_os_part() {
+        let mut key_material = key_material();
+        let result = key_material.derive_key().unwrap();
+        key_material.os_key_part_b64 = "BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned();
+        let result2 = key_material.derive_key().unwrap();
+        assert_ne!(result, result2);
+    }
+
+    #[test]
+    fn key_material_uses_client_part() {
+        let mut key_material = key_material();
+        let result = key_material.derive_key().unwrap();
+        key_material.client_key_part_b64 =
+            Some("BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned());
+        let result2 = key_material.derive_key().unwrap();
+        assert_ne!(result, result2);
+    }
+
+    #[test]
+    fn key_material_produces_consistent_os_only_key() {
+        let mut key_material = key_material();
+        key_material.client_key_part_b64 = None;
+        let result = key_material.derive_key().unwrap();
+        assert_eq!(
+            result,
+            [
+                81, 100, 62, 172, 151, 119, 182, 58, 123, 38, 129, 116, 209, 253, 66, 118, 218,
+                237, 236, 155, 201, 234, 11, 198, 229, 171, 246, 144, 71, 188, 84, 246
+            ]
+            .into()
+        );
+    }
+
+    #[test]
+    fn key_material_produces_unique_os_only_key() {
+        let mut key_material = key_material();
+        key_material.client_key_part_b64 = None;
+        let result = key_material.derive_key().unwrap();
+        key_material.os_key_part_b64 = "BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned();
+        let result2 = key_material.derive_key().unwrap();
+        assert_ne!(result, result2);
+    }
+}
diff --git a/apps/desktop/desktop_native/core/src/biometric/windows.rs b/apps/desktop/desktop_native/core/src/biometric/windows.rs
index 4c2e2c8ae25..99bec132edb 100644
--- a/apps/desktop/desktop_native/core/src/biometric/windows.rs
+++ b/apps/desktop/desktop_native/core/src/biometric/windows.rs
@@ -1,22 +1,18 @@
-use std::{
-    ffi::c_void,
-    str::FromStr,
-    sync::{atomic::AtomicBool, Arc},
-};
+use std::{ffi::c_void, str::FromStr};
 
 use anyhow::{anyhow, Result};
 use base64::{engine::general_purpose::STANDARD as base64_engine, Engine};
 use rand::RngCore;
 use sha2::{Digest, Sha256};
 use windows::{
-    core::{factory, h, HSTRING},
-    Security::{
-        Credentials::{
-            KeyCredentialCreationOption, KeyCredentialManager, KeyCredentialStatus, UI::*,
-        },
-        Cryptography::CryptographicBuffer,
+    core::{factory, HSTRING},
+    Security::Credentials::UI::{
+        UserConsentVerificationResult, UserConsentVerifier, UserConsentVerifierAvailability,
+    },
+    Win32::{
+        Foundation::HWND, System::WinRT::IUserConsentVerifierInterop,
+        UI::WindowsAndMessaging::GetForegroundWindow,
     },
-    Win32::{Foundation::HWND, System::WinRT::IUserConsentVerifierInterop},
 };
 use windows_future::IAsyncOperation;
 
@@ -25,10 +21,7 @@ use crate::{
     crypto::CipherString,
 };
 
-use super::{
-    decrypt, encrypt,
-    windows_focus::{focus_security_prompt, set_focus},
-};
+use super::{decrypt, encrypt, windows_focus::set_focus};
 
 /// The Windows OS implementation of the biometric trait.
 pub struct Biometric {}
@@ -44,9 +37,15 @@ impl super::BiometricTrait for Biometric {
         //  should set the window to the foreground and focus it.
         set_focus(window);
 
+        // Windows Hello prompt must be in foreground, focused, otherwise the face or fingerprint
+        //  unlock will not work. We get the current foreground window, which will either be the
+        //  Bitwarden desktop app or the browser extension.
+        let foreground_window = unsafe { GetForegroundWindow() };
+
         let interop = factory::<UserConsentVerifier, IUserConsentVerifierInterop>()?;
-        let operation: IAsyncOperation<UserConsentVerificationResult> =
-            unsafe { interop.RequestVerificationForWindowAsync(window, &HSTRING::from(message))? };
+        let operation: IAsyncOperation<UserConsentVerificationResult> = unsafe {
+            interop.RequestVerificationForWindowAsync(foreground_window, &HSTRING::from(message))?
+        };
         let result = operation.get()?;
 
         match result {
@@ -65,14 +64,6 @@ impl super::BiometricTrait for Biometric {
         }
     }
 
-    /// Derive the symmetric encryption key from the Windows Hello signature.
-    ///
-    /// This works by signing a static challenge string with Windows Hello protected key store. The
-    /// signed challenge is then hashed using SHA-256 and used as the symmetric encryption key for the
-    /// Windows Hello protected keys.
-    ///
-    /// Windows will only sign the challenge if the user has successfully authenticated with Windows,
-    /// ensuring user presence.
     fn derive_key_material(challenge_str: Option<&str>) -> Result<OsDerivedKey> {
         let challenge: [u8; 16] = match challenge_str {
             Some(challenge_str) => base64_engine
@@ -81,51 +72,10 @@ impl super::BiometricTrait for Biometric {
                 .map_err(|e: Vec<_>| anyhow!("Expect length {}, got {}", 16, e.len()))?,
             None => random_challenge(),
         };
-        let bitwarden = h!("Bitwarden");
 
-        let result = KeyCredentialManager::RequestCreateAsync(
-            bitwarden,
-            KeyCredentialCreationOption::FailIfExists,
-        )?
-        .get()?;
-
-        let result = match result.Status()? {
-            KeyCredentialStatus::CredentialAlreadyExists => {
-                KeyCredentialManager::OpenAsync(bitwarden)?.get()?
-            }
-            KeyCredentialStatus::Success => result,
-            _ => return Err(anyhow!("Failed to create key credential")),
-        };
-
-        let challenge_buffer = CryptographicBuffer::CreateFromByteArray(&challenge)?;
-        let async_operation = result.Credential()?.RequestSignAsync(&challenge_buffer)?;
-        focus_security_prompt();
-
-        let done = Arc::new(AtomicBool::new(false));
-        let done_clone = done.clone();
-        let _ = std::thread::spawn(move || loop {
-            if !done_clone.load(std::sync::atomic::Ordering::Relaxed) {
-                focus_security_prompt();
-                std::thread::sleep(std::time::Duration::from_millis(500));
-            } else {
-                break;
-            }
-        });
-
-        let signature = async_operation.get();
-        done.store(true, std::sync::atomic::Ordering::Relaxed);
-        let signature = signature?;
-
-        if signature.Status()? != KeyCredentialStatus::Success {
-            return Err(anyhow!("Failed to sign data"));
-        }
-
-        let signature_buffer = signature.Result()?;
-        let mut signature_value =
-            windows::core::Array::<u8>::with_len(signature_buffer.Length().unwrap() as usize);
-        CryptographicBuffer::CopyToByteArray(&signature_buffer, &mut signature_value)?;
-
-        let key = Sha256::digest(&*signature_value);
+        // Uses a key derived from the iv. This key is not intended to add any security
+        // but only a place-holder
+        let key = Sha256::digest(challenge);
         let key_b64 = base64_engine.encode(key);
         let iv_b64 = base64_engine.encode(challenge);
         Ok(OsDerivedKey { key_b64, iv_b64 })
@@ -182,10 +132,9 @@ fn random_challenge() -> [u8; 16] {
 mod tests {
     use super::*;
 
-    use crate::biometric::{encrypt, BiometricTrait};
+    use crate::biometric::BiometricTrait;
 
     #[test]
-    #[cfg(feature = "manual_test")]
     fn test_derive_key_material() {
         let iv_input = "l9fhDUP/wDJcKwmEzcb/3w==";
         let result = <Biometric as BiometricTrait>::derive_key_material(Some(iv_input)).unwrap();
@@ -195,7 +144,6 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "manual_test")]
     fn test_derive_key_material_no_iv() {
         let result = <Biometric as BiometricTrait>::derive_key_material(None).unwrap();
         let key = base64_engine.decode(result.key_b64).unwrap();
@@ -221,38 +169,8 @@ mod tests {
         assert!(<Biometric as BiometricTrait>::available().await.unwrap())
     }
 
-    #[test]
-    fn test_encrypt() {
-        let key_material = KeyMaterial {
-            os_key_part_b64: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned(),
-            client_key_part_b64: Some("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned()),
-        };
-        let iv_b64 = "l9fhDUP/wDJcKwmEzcb/3w==".to_owned();
-        let secret = encrypt("secret", &key_material, &iv_b64)
-            .unwrap()
-            .parse::<CipherString>()
-            .unwrap();
-
-        match secret {
-            CipherString::AesCbc256_B64 { iv, data: _ } => {
-                assert_eq!(iv_b64, base64_engine.encode(iv));
-            }
-            _ => panic!("Invalid cipher string"),
-        }
-    }
-
-    #[test]
-    fn test_decrypt() {
-        let secret =
-            CipherString::from_str("0.l9fhDUP/wDJcKwmEzcb/3w==|uP4LcqoCCj5FxBDP77NV6Q==").unwrap(); // output from test_encrypt
-        let key_material = KeyMaterial {
-            os_key_part_b64: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned(),
-            client_key_part_b64: Some("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned()),
-        };
-        assert_eq!(decrypt(&secret, &key_material).unwrap(), "secret")
-    }
-
     #[tokio::test]
+    #[cfg(feature = "manual_test")]
     async fn get_biometric_secret_requires_key() {
         let result = <Biometric as BiometricTrait>::get_biometric_secret("", "", None).await;
         assert!(result.is_err());
@@ -263,6 +181,7 @@ mod tests {
     }
 
     #[tokio::test]
+    #[cfg(feature = "manual_test")]
     async fn get_biometric_secret_handles_unencrypted_secret() {
         let test = "test";
         let secret = "password";
@@ -284,6 +203,7 @@ mod tests {
     }
 
     #[tokio::test]
+    #[cfg(feature = "manual_test")]
     async fn get_biometric_secret_handles_encrypted_secret() {
         let test = "test";
         let secret =
@@ -316,61 +236,4 @@ mod tests {
             "Key material is required for Windows Hello protected keys"
         );
     }
-
-    fn key_material() -> KeyMaterial {
-        KeyMaterial {
-            os_key_part_b64: "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned(),
-            client_key_part_b64: Some("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned()),
-        }
-    }
-
-    #[test]
-    fn key_material_produces_valid_key() {
-        let result = key_material().derive_key().unwrap();
-        assert_eq!(result.len(), 32);
-    }
-
-    #[test]
-    fn key_material_uses_os_part() {
-        let mut key_material = key_material();
-        let result = key_material.derive_key().unwrap();
-        key_material.os_key_part_b64 = "BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned();
-        let result2 = key_material.derive_key().unwrap();
-        assert_ne!(result, result2);
-    }
-
-    #[test]
-    fn key_material_uses_client_part() {
-        let mut key_material = key_material();
-        let result = key_material.derive_key().unwrap();
-        key_material.client_key_part_b64 =
-            Some("BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned());
-        let result2 = key_material.derive_key().unwrap();
-        assert_ne!(result, result2);
-    }
-
-    #[test]
-    fn key_material_produces_consistent_os_only_key() {
-        let mut key_material = key_material();
-        key_material.client_key_part_b64 = None;
-        let result = key_material.derive_key().unwrap();
-        assert_eq!(
-            result,
-            [
-                81, 100, 62, 172, 151, 119, 182, 58, 123, 38, 129, 116, 209, 253, 66, 118, 218,
-                237, 236, 155, 201, 234, 11, 198, 229, 171, 246, 144, 71, 188, 84, 246
-            ]
-            .into()
-        );
-    }
-
-    #[test]
-    fn key_material_produces_unique_os_only_key() {
-        let mut key_material = key_material();
-        key_material.client_key_part_b64 = None;
-        let result = key_material.derive_key().unwrap();
-        key_material.os_key_part_b64 = "BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=".to_owned();
-        let result2 = key_material.derive_key().unwrap();
-        assert_ne!(result, result2);
-    }
 }
diff --git a/apps/desktop/desktop_native/napi/Cargo.toml b/apps/desktop/desktop_native/napi/Cargo.toml
index 669f166e748..20b56395801 100644
--- a/apps/desktop/desktop_native/napi/Cargo.toml
+++ b/apps/desktop/desktop_native/napi/Cargo.toml
@@ -14,6 +14,7 @@ default = []
 manual_test = []
 
 [dependencies]
+autotype = { path = "../autotype" }
 base64 = { workspace = true }
 hex = { workspace = true }
 anyhow = { workspace = true }
diff --git a/apps/desktop/desktop_native/napi/index.d.ts b/apps/desktop/desktop_native/napi/index.d.ts
index 6ee460a8065..f554fdb12e8 100644
--- a/apps/desktop/desktop_native/napi/index.d.ts
+++ b/apps/desktop/desktop_native/napi/index.d.ts
@@ -208,3 +208,6 @@ export declare namespace logging {
   }
   export function initNapiLog(jsLogFn: (err: Error | null, arg0: LogLevel, arg1: string) => any): void
 }
+export declare namespace autotype {
+  export function getForegroundWindowTitle(): string
+}
diff --git a/apps/desktop/desktop_native/napi/src/lib.rs b/apps/desktop/desktop_native/napi/src/lib.rs
index 784bfb72086..aa271b335ad 100644
--- a/apps/desktop/desktop_native/napi/src/lib.rs
+++ b/apps/desktop/desktop_native/napi/src/lib.rs
@@ -865,3 +865,15 @@ pub mod logging {
         fn flush(&self) {}
     }
 }
+
+#[napi]
+pub mod autotype {
+    #[napi]
+    pub fn get_foreground_window_title() -> napi::Result<String, napi::Status> {
+        autotype::get_foreground_window_title().map_err(|_| {
+            napi::Error::from_reason(
+                "Autotype Error: faild to get foreground window title".to_string(),
+            )
+        })
+    }
+}
diff --git a/apps/desktop/package.json b/apps/desktop/package.json
index 005b823253f..2ab88fed621 100644
--- a/apps/desktop/package.json
+++ b/apps/desktop/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@bitwarden/desktop",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2025.7.1",
+  "version": "2025.7.0",
   "keywords": [
     "bitwarden",
     "password",
diff --git a/apps/desktop/src/app/accounts/settings.component.html b/apps/desktop/src/app/accounts/settings.component.html
index 46cd323b071..473cfa73f1d 100644
--- a/apps/desktop/src/app/accounts/settings.component.html
+++ b/apps/desktop/src/app/accounts/settings.component.html
@@ -126,13 +126,13 @@
                     {{ biometricText | i18n }}
                   </label>
                 </div>
-                <small class="help-block" *ngIf="this.form.value.biometric && !this.isLinux">{{
-                  additionalBiometricSettingsText | i18n
+                <small class="help-block" *ngIf="this.form.value.biometric && this.isMac">{{
+                  "additionalTouchIdSettings" | i18n
                 }}</small>
               </div>
               <div
                 class="form-group"
-                *ngIf="supportsBiometric && this.form.value.biometric && !this.isLinux"
+                *ngIf="supportsBiometric && this.form.value.biometric && this.isMac"
               >
                 <div class="checkbox form-group-child">
                   <label for="autoPromptBiometrics">
@@ -142,7 +142,7 @@
                       formControlName="autoPromptBiometrics"
                       (change)="updateAutoPromptBiometrics()"
                     />
-                    {{ autoPromptBiometricsText | i18n }}
+                    {{ "autoPromptTouchId" | i18n }}
                   </label>
                 </div>
               </div>
@@ -152,7 +152,7 @@
                   supportsBiometric &&
                   this.form.value.biometric &&
                   (userHasMasterPassword || (this.form.value.pin && userHasPinSet)) &&
-                  this.isWindows
+                  false
                 "
               >
                 <div class="checkbox form-group-child">
@@ -170,9 +170,6 @@
                     }
                   </label>
                 </div>
-                <small class="help-block form-group-child" *ngIf="isWindows">{{
-                  "recommendedForSecurity" | i18n
-                }}</small>
               </div>
             </ng-container>
           </div>
diff --git a/apps/desktop/src/app/accounts/settings.component.spec.ts b/apps/desktop/src/app/accounts/settings.component.spec.ts
index 16ada3fbc07..819438eaa3b 100644
--- a/apps/desktop/src/app/accounts/settings.component.spec.ts
+++ b/apps/desktop/src/app/accounts/settings.component.spec.ts
@@ -271,74 +271,46 @@ describe("SettingsComponent", () => {
       vaultTimeoutSettingsService.isBiometricLockSet.mockResolvedValue(true);
     });
 
-    it("require password or pin on app start message when RemoveUnlockWithPin policy is disabled and pin set and windows desktop", async () => {
-      const policy = new Policy();
-      policy.type = PolicyType.RemoveUnlockWithPin;
-      policy.enabled = false;
-      policyService.policiesByType$.mockReturnValue(of([policy]));
-      platformUtilsService.getDevice.mockReturnValue(DeviceType.WindowsDesktop);
-      i18nService.t.mockImplementation((id: string) => {
-        if (id === "requirePasswordOnStart") {
-          return "Require password or pin on app start";
-        } else if (id === "requirePasswordWithoutPinOnStart") {
-          return "Require password on app start";
-        }
-        return "";
+    describe("windows desktop", () => {
+      beforeEach(() => {
+        platformUtilsService.getDevice.mockReturnValue(DeviceType.WindowsDesktop);
+
+        // Recreate component to apply the correct device
+        fixture = TestBed.createComponent(SettingsComponent);
+        component = fixture.componentInstance;
       });
-      pinServiceAbstraction.isPinSet.mockResolvedValue(true);
 
-      await component.ngOnInit();
-      fixture.detectChanges();
+      it("require password or pin on app start not visible when RemoveUnlockWithPin policy is disabled and pin set and windows desktop", async () => {
+        const policy = new Policy();
+        policy.type = PolicyType.RemoveUnlockWithPin;
+        policy.enabled = false;
+        policyService.policiesByType$.mockReturnValue(of([policy]));
+        pinServiceAbstraction.isPinSet.mockResolvedValue(true);
 
-      const requirePasswordOnStartLabelElement = fixture.debugElement.query(
-        By.css("label[for='requirePasswordOnStart']"),
-      );
-      expect(requirePasswordOnStartLabelElement).not.toBeNull();
-      expect(requirePasswordOnStartLabelElement.children).toHaveLength(1);
-      expect(requirePasswordOnStartLabelElement.children[0].name).toBe("input");
-      expect(requirePasswordOnStartLabelElement.children[0].attributes).toMatchObject({
-        id: "requirePasswordOnStart",
-        type: "checkbox",
+        await component.ngOnInit();
+        fixture.detectChanges();
+
+        const requirePasswordOnStartLabelElement = fixture.debugElement.query(
+          By.css("label[for='requirePasswordOnStart']"),
+        );
+        expect(requirePasswordOnStartLabelElement).toBeNull();
       });
-      const textNodes = requirePasswordOnStartLabelElement.childNodes
-        .filter((node) => node.nativeNode.nodeType === Node.TEXT_NODE)
-        .map((node) => node.nativeNode.wholeText?.trim());
-      expect(textNodes).toContain("Require password or pin on app start");
-    });
 
-    it("require password on app start message when RemoveUnlockWithPin policy is enabled and pin set and windows desktop", async () => {
-      const policy = new Policy();
-      policy.type = PolicyType.RemoveUnlockWithPin;
-      policy.enabled = true;
-      policyService.policiesByType$.mockReturnValue(of([policy]));
-      platformUtilsService.getDevice.mockReturnValue(DeviceType.WindowsDesktop);
-      i18nService.t.mockImplementation((id: string) => {
-        if (id === "requirePasswordOnStart") {
-          return "Require password or pin on app start";
-        } else if (id === "requirePasswordWithoutPinOnStart") {
-          return "Require password on app start";
-        }
-        return "";
+      it("require password on app start not visible when RemoveUnlockWithPin policy is enabled and pin set and windows desktop", async () => {
+        const policy = new Policy();
+        policy.type = PolicyType.RemoveUnlockWithPin;
+        policy.enabled = true;
+        policyService.policiesByType$.mockReturnValue(of([policy]));
+        pinServiceAbstraction.isPinSet.mockResolvedValue(true);
+
+        await component.ngOnInit();
+        fixture.detectChanges();
+
+        const requirePasswordOnStartLabelElement = fixture.debugElement.query(
+          By.css("label[for='requirePasswordOnStart']"),
+        );
+        expect(requirePasswordOnStartLabelElement).toBeNull();
       });
-      pinServiceAbstraction.isPinSet.mockResolvedValue(true);
-
-      await component.ngOnInit();
-      fixture.detectChanges();
-
-      const requirePasswordOnStartLabelElement = fixture.debugElement.query(
-        By.css("label[for='requirePasswordOnStart']"),
-      );
-      expect(requirePasswordOnStartLabelElement).not.toBeNull();
-      expect(requirePasswordOnStartLabelElement.children).toHaveLength(1);
-      expect(requirePasswordOnStartLabelElement.children[0].name).toBe("input");
-      expect(requirePasswordOnStartLabelElement.children[0].attributes).toMatchObject({
-        id: "requirePasswordOnStart",
-        type: "checkbox",
-      });
-      const textNodes = requirePasswordOnStartLabelElement.childNodes
-        .filter((node) => node.nativeNode.nodeType === Node.TEXT_NODE)
-        .map((node) => node.nativeNode.wholeText?.trim());
-      expect(textNodes).toContain("Require password on app start");
     });
   });
 
diff --git a/apps/desktop/src/app/accounts/settings.component.ts b/apps/desktop/src/app/accounts/settings.component.ts
index 74f02f8b619..bbe5fb60719 100644
--- a/apps/desktop/src/app/accounts/settings.component.ts
+++ b/apps/desktop/src/app/accounts/settings.component.ts
@@ -78,6 +78,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
   showOpenAtLoginOption = false;
   isWindows: boolean;
   isLinux: boolean;
+  isMac: boolean;
 
   enableTrayText: string;
   enableTrayDescText: string;
@@ -170,31 +171,33 @@ export class SettingsComponent implements OnInit, OnDestroy {
     private configService: ConfigService,
     private validationService: ValidationService,
   ) {
-    const isMac = this.platformUtilsService.getDevice() === DeviceType.MacOsDesktop;
+    this.isMac = this.platformUtilsService.getDevice() === DeviceType.MacOsDesktop;
+    this.isLinux = this.platformUtilsService.getDevice() === DeviceType.LinuxDesktop;
+    this.isWindows = this.platformUtilsService.getDevice() === DeviceType.WindowsDesktop;
 
     // Workaround to avoid ghosting trays https://github.com/electron/electron/issues/17622
     this.requireEnableTray = this.platformUtilsService.getDevice() === DeviceType.LinuxDesktop;
 
-    const trayKey = isMac ? "enableMenuBar" : "enableTray";
+    const trayKey = this.isMac ? "enableMenuBar" : "enableTray";
     this.enableTrayText = this.i18nService.t(trayKey);
     this.enableTrayDescText = this.i18nService.t(trayKey + "Desc");
 
-    const minToTrayKey = isMac ? "enableMinToMenuBar" : "enableMinToTray";
+    const minToTrayKey = this.isMac ? "enableMinToMenuBar" : "enableMinToTray";
     this.enableMinToTrayText = this.i18nService.t(minToTrayKey);
     this.enableMinToTrayDescText = this.i18nService.t(minToTrayKey + "Desc");
 
-    const closeToTrayKey = isMac ? "enableCloseToMenuBar" : "enableCloseToTray";
+    const closeToTrayKey = this.isMac ? "enableCloseToMenuBar" : "enableCloseToTray";
     this.enableCloseToTrayText = this.i18nService.t(closeToTrayKey);
     this.enableCloseToTrayDescText = this.i18nService.t(closeToTrayKey + "Desc");
 
-    const startToTrayKey = isMac ? "startToMenuBar" : "startToTray";
+    const startToTrayKey = this.isMac ? "startToMenuBar" : "startToTray";
     this.startToTrayText = this.i18nService.t(startToTrayKey);
     this.startToTrayDescText = this.i18nService.t(startToTrayKey + "Desc");
 
     this.showOpenAtLoginOption = !ipc.platform.isWindowsStore;
 
     // DuckDuckGo browser is only for macos initially
-    this.showDuckDuckGoIntegrationOption = isMac;
+    this.showDuckDuckGoIntegrationOption = this.isMac;
 
     const localeOptions: any[] = [];
     this.i18nService.supportedTranslationLocales.forEach((locale) => {
@@ -239,7 +242,6 @@ export class SettingsComponent implements OnInit, OnDestroy {
   async ngOnInit() {
     this.vaultTimeoutOptions = await this.generateVaultTimeoutOptions();
     const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
-    this.isLinux = (await this.platformUtilsService.getDevice()) === DeviceType.LinuxDesktop;
 
     // Autotype is for Windows initially
     const isWindows = this.platformUtilsService.getDevice() === DeviceType.WindowsDesktop;
@@ -250,8 +252,6 @@ export class SettingsComponent implements OnInit, OnDestroy {
 
     this.userHasMasterPassword = await this.userVerificationService.hasMasterPassword();
 
-    this.isWindows = this.platformUtilsService.getDevice() === DeviceType.WindowsDesktop;
-
     this.currentUserEmail = activeAccount.email;
     this.currentUserId = activeAccount.id;
 
@@ -911,28 +911,4 @@ export class SettingsComponent implements OnInit, OnDestroy {
         throw new Error("Unsupported platform");
     }
   }
-
-  get autoPromptBiometricsText() {
-    switch (this.platformUtilsService.getDevice()) {
-      case DeviceType.MacOsDesktop:
-        return "autoPromptTouchId";
-      case DeviceType.WindowsDesktop:
-        return "autoPromptWindowsHello";
-      case DeviceType.LinuxDesktop:
-        return "autoPromptPolkit";
-      default:
-        throw new Error("Unsupported platform");
-    }
-  }
-
-  get additionalBiometricSettingsText() {
-    switch (this.platformUtilsService.getDevice()) {
-      case DeviceType.MacOsDesktop:
-        return "additionalTouchIdSettings";
-      case DeviceType.WindowsDesktop:
-        return "additionalWindowsHelloSettings";
-      default:
-        throw new Error("Unsupported platform");
-    }
-  }
 }
diff --git a/apps/desktop/src/autofill/main/main-desktop-autotype.service.ts b/apps/desktop/src/autofill/main/main-desktop-autotype.service.ts
index 7de34da5aaf..e0871f86f8c 100644
--- a/apps/desktop/src/autofill/main/main-desktop-autotype.service.ts
+++ b/apps/desktop/src/autofill/main/main-desktop-autotype.service.ts
@@ -1,3 +1,5 @@
+import { autotype } from "@bitwarden/desktop-napi";
+
 import { DesktopAutotypeService } from "../services/desktop-autotype.service";
 
 export class MainDesktopAutotypeService {
@@ -17,6 +19,10 @@ export class MainDesktopAutotypeService {
   private enableAutotype() {
     // eslint-disable-next-line no-console
     console.log("Enabling Autotype...");
+
+    const result = autotype.getForegroundWindowTitle();
+    // eslint-disable-next-line no-console
+    console.log("Window Title: " + result);
   }
 
   // TODO: this will call into desktop native code
diff --git a/apps/desktop/src/key-management/biometrics/os-biometrics-linux.service.ts b/apps/desktop/src/key-management/biometrics/os-biometrics-linux.service.ts
index c310f337182..26a8e949f38 100644
--- a/apps/desktop/src/key-management/biometrics/os-biometrics-linux.service.ts
+++ b/apps/desktop/src/key-management/biometrics/os-biometrics-linux.service.ts
@@ -34,6 +34,7 @@ const policyFileName = "com.bitwarden.Bitwarden.policy";
 const policyPath = "/usr/share/polkit-1/actions/";
 
 const SERVICE = "Bitwarden_biometric";
+
 function getLookupKeyForUser(userId: UserId): string {
   return `${userId}_user_biometric`;
 }
@@ -45,16 +46,18 @@ export default class OsBiometricsServiceLinux implements OsBiometricService {
     private cryptoFunctionService: CryptoFunctionService,
     private logService: LogService,
   ) {}
+
   private _iv: string | null = null;
   // Use getKeyMaterial helper instead of direct access
   private _osKeyHalf: string | null = null;
   private clientKeyHalves = new Map<UserId, Uint8Array | null>();
 
   async setBiometricKey(userId: UserId, key: SymmetricCryptoKey): Promise<void> {
-    const clientKeyPartB64 = Utils.fromBufferToB64(
-      await this.getOrCreateBiometricEncryptionClientKeyHalf(userId, key),
-    );
-    const storageDetails = await this.getStorageDetails({ clientKeyHalfB64: clientKeyPartB64 });
+    const clientKeyHalf = await this.getOrCreateBiometricEncryptionClientKeyHalf(userId, key);
+
+    const storageDetails = await this.getStorageDetails({
+      clientKeyHalfB64: clientKeyHalf ? Utils.fromBufferToB64(clientKeyHalf) : undefined,
+    });
     await biometrics.setBiometricSecret(
       SERVICE,
       getLookupKeyForUser(userId),
@@ -63,6 +66,7 @@ export default class OsBiometricsServiceLinux implements OsBiometricService {
       storageDetails.ivB64,
     );
   }
+
   async deleteBiometricKey(userId: UserId): Promise<void> {
     try {
       await passwords.deletePassword(SERVICE, getLookupKeyForUser(userId));
@@ -91,11 +95,15 @@ export default class OsBiometricsServiceLinux implements OsBiometricService {
     if (value == null || value == "") {
       return null;
     } else {
-      const clientKeyHalf = this.clientKeyHalves.get(userId);
-      const clientKeyPartB64 = Utils.fromBufferToB64(clientKeyHalf);
+      let clientKeyPartB64: string | null = null;
+      if (this.clientKeyHalves.has(userId)) {
+        clientKeyPartB64 = Utils.fromBufferToB64(this.clientKeyHalves.get(userId)!);
+      }
       const encValue = new EncString(value);
       this.setIv(encValue.iv);
-      const storageDetails = await this.getStorageDetails({ clientKeyHalfB64: clientKeyPartB64 });
+      const storageDetails = await this.getStorageDetails({
+        clientKeyHalfB64: clientKeyPartB64 ?? undefined,
+      });
       const storedValue = await biometrics.getBiometricSecret(
         SERVICE,
         getLookupKeyForUser(userId),
@@ -169,7 +177,6 @@ export default class OsBiometricsServiceLinux implements OsBiometricService {
   }): Promise<{ key_material: biometrics.KeyMaterial; ivB64: string }> {
     if (this._osKeyHalf == null) {
       const keyMaterial = await biometrics.deriveKeyMaterial(this._iv);
-      // osKeyHalf is based on the iv and in contrast to windows is not locked behind user verification!
       this._osKeyHalf = keyMaterial.keyB64;
       this._iv = keyMaterial.ivB64;
     }
@@ -209,8 +216,8 @@ export default class OsBiometricsServiceLinux implements OsBiometricService {
     }
     if (clientKeyHalf == null) {
       // Set a key half if it doesn't exist
-      const keyBytes = await this.cryptoFunctionService.randomBytes(32);
-      const encKey = await this.encryptService.encryptBytes(keyBytes, key);
+      clientKeyHalf = await this.cryptoFunctionService.randomBytes(32);
+      const encKey = await this.encryptService.encryptBytes(clientKeyHalf, key);
       await this.biometricStateService.setEncryptedClientKeyHalf(encKey, userId);
     }
 
diff --git a/apps/desktop/src/key-management/biometrics/os-biometrics-windows.service.spec.ts b/apps/desktop/src/key-management/biometrics/os-biometrics-windows.service.spec.ts
index 674d97bf696..f301efc70e7 100644
--- a/apps/desktop/src/key-management/biometrics/os-biometrics-windows.service.spec.ts
+++ b/apps/desktop/src/key-management/biometrics/os-biometrics-windows.service.spec.ts
@@ -1,51 +1,65 @@
+import { randomBytes } from "node:crypto";
+
+import { BrowserWindow } from "electron";
 import { mock } from "jest-mock-extended";
 
 import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { UserId } from "@bitwarden/common/types/guid";
-import { passwords } from "@bitwarden/desktop-napi";
+import { biometrics, passwords } from "@bitwarden/desktop-napi";
 import { BiometricsStatus, BiometricStateService } from "@bitwarden/key-management";
 
 import { WindowMain } from "../../main/window.main";
 
 import OsBiometricsServiceWindows from "./os-biometrics-windows.service";
 
-jest.mock("@bitwarden/desktop-napi", () => ({
-  biometrics: {
-    available: jest.fn(),
-    setBiometricSecret: jest.fn(),
-    getBiometricSecret: jest.fn(),
-    deleteBiometricSecret: jest.fn(),
-    prompt: jest.fn(),
-    deriveKeyMaterial: jest.fn(),
-  },
-  passwords: {
-    getPassword: jest.fn(),
-    deletePassword: jest.fn(),
-    isAvailable: jest.fn(),
-    PASSWORD_NOT_FOUND: "Password not found",
-  },
-}));
+import OsDerivedKey = biometrics.OsDerivedKey;
+
+jest.mock("@bitwarden/desktop-napi", () => {
+  return {
+    biometrics: {
+      available: jest.fn().mockResolvedValue(true),
+      getBiometricSecret: jest.fn().mockResolvedValue(""),
+      setBiometricSecret: jest.fn().mockResolvedValue(""),
+      deleteBiometricSecret: jest.fn(),
+      deriveKeyMaterial: jest.fn().mockResolvedValue({
+        keyB64: "",
+        ivB64: "",
+      }),
+      prompt: jest.fn().mockResolvedValue(true),
+    },
+    passwords: {
+      getPassword: jest.fn().mockResolvedValue(null),
+      deletePassword: jest.fn().mockImplementation(() => {}),
+      isAvailable: jest.fn(),
+      PASSWORD_NOT_FOUND: "Password not found",
+    },
+  };
+});
+
+describe("OsBiometricsServiceWindows", function () {
+  const i18nService = mock<I18nService>();
+  const windowMain = mock<WindowMain>();
+  const browserWindow = mock<BrowserWindow>();
+  const encryptionService: EncryptService = mock<EncryptService>();
+  const cryptoFunctionService: CryptoFunctionService = mock<CryptoFunctionService>();
+  const biometricStateService: BiometricStateService = mock<BiometricStateService>();
+  const logService = mock<LogService>();
 
-describe("OsBiometricsServiceWindows", () => {
   let service: OsBiometricsServiceWindows;
-  let i18nService: I18nService;
-  let windowMain: WindowMain;
-  let logService: LogService;
-  let biometricStateService: BiometricStateService;
 
-  const mockUserId = "test-user-id" as UserId;
+  const key = new SymmetricCryptoKey(new Uint8Array(64));
+  const userId = "test-user-id" as UserId;
+  const serviceKey = "Bitwarden_biometric";
+  const storageKey = `${userId}_user_biometric`;
 
   beforeEach(() => {
-    i18nService = mock<I18nService>();
-    windowMain = mock<WindowMain>();
-    logService = mock<LogService>();
-    biometricStateService = mock<BiometricStateService>();
-    const encryptionService = mock<EncryptService>();
-    const cryptoFunctionService = mock<CryptoFunctionService>();
+    windowMain.win = browserWindow;
+
     service = new OsBiometricsServiceWindows(
       i18nService,
       windowMain,
@@ -62,20 +76,13 @@ describe("OsBiometricsServiceWindows", () => {
 
   describe("getBiometricsFirstUnlockStatusForUser", () => {
     const userId = "test-user-id" as UserId;
-    it("should return Available when requirePasswordOnRestart is false", async () => {
-      biometricStateService.getRequirePasswordOnStart = jest.fn().mockResolvedValue(false);
-      const result = await service.getBiometricsFirstUnlockStatusForUser(userId);
-      expect(result).toBe(BiometricsStatus.Available);
-    });
-    it("should return Available when requirePasswordOnRestart is true and client key half is set", async () => {
-      biometricStateService.getRequirePasswordOnStart = jest.fn().mockResolvedValue(true);
+    it("should return Available when client key half is set", async () => {
       (service as any).clientKeyHalves = new Map<string, Uint8Array>();
       (service as any).clientKeyHalves.set(userId, new Uint8Array([1, 2, 3, 4]));
       const result = await service.getBiometricsFirstUnlockStatusForUser(userId);
       expect(result).toBe(BiometricsStatus.Available);
     });
-    it("should return UnlockNeeded when requirePasswordOnRestart is true and client key half is not set", async () => {
-      biometricStateService.getRequirePasswordOnStart = jest.fn().mockResolvedValue(true);
+    it("should return UnlockNeeded when client key half is not set", async () => {
       (service as any).clientKeyHalves = new Map<string, Uint8Array>();
       const result = await service.getBiometricsFirstUnlockStatusForUser(userId);
       expect(result).toBe(BiometricsStatus.UnlockNeeded);
@@ -83,32 +90,7 @@ describe("OsBiometricsServiceWindows", () => {
   });
 
   describe("getOrCreateBiometricEncryptionClientKeyHalf", () => {
-    const userId = "test-user-id" as UserId;
-    const key = new SymmetricCryptoKey(new Uint8Array(64));
-    let encryptionService: EncryptService;
-    let cryptoFunctionService: CryptoFunctionService;
-
-    beforeEach(() => {
-      encryptionService = mock<EncryptService>();
-      cryptoFunctionService = mock<CryptoFunctionService>();
-      service = new OsBiometricsServiceWindows(
-        mock<I18nService>(),
-        windowMain,
-        mock<LogService>(),
-        biometricStateService,
-        encryptionService,
-        cryptoFunctionService,
-      );
-    });
-
-    it("should return null if getRequirePasswordOnRestart is false", async () => {
-      biometricStateService.getRequirePasswordOnStart = jest.fn().mockResolvedValue(false);
-      const result = await service.getOrCreateBiometricEncryptionClientKeyHalf(userId, key);
-      expect(result).toBeNull();
-    });
-
     it("should return cached key half if already present", async () => {
-      biometricStateService.getRequirePasswordOnStart = jest.fn().mockResolvedValue(true);
       const cachedKeyHalf = new Uint8Array([10, 20, 30]);
       (service as any).clientKeyHalves.set(userId.toString(), cachedKeyHalf);
       const result = await service.getOrCreateBiometricEncryptionClientKeyHalf(userId, key);
@@ -116,7 +98,6 @@ describe("OsBiometricsServiceWindows", () => {
     });
 
     it("should decrypt and return existing encrypted client key half", async () => {
-      biometricStateService.getRequirePasswordOnStart = jest.fn().mockResolvedValue(true);
       biometricStateService.getEncryptedClientKeyHalf = jest
         .fn()
         .mockResolvedValue(new Uint8Array([1, 2, 3]));
@@ -132,7 +113,6 @@ describe("OsBiometricsServiceWindows", () => {
     });
 
     it("should generate, encrypt, store, and cache a new key half if none exists", async () => {
-      biometricStateService.getRequirePasswordOnStart = jest.fn().mockResolvedValue(true);
       biometricStateService.getEncryptedClientKeyHalf = jest.fn().mockResolvedValue(null);
       const randomBytes = new Uint8Array([7, 8, 9]);
       cryptoFunctionService.randomBytes = jest.fn().mockResolvedValue(randomBytes);
@@ -148,101 +128,251 @@ describe("OsBiometricsServiceWindows", () => {
         encrypted,
         userId,
       );
-      expect(result).toBeNull();
-      expect((service as any).clientKeyHalves.get(userId.toString())).toBeNull();
+      expect(result).toEqual(randomBytes);
+      expect((service as any).clientKeyHalves.get(userId.toString())).toEqual(randomBytes);
     });
   });
 
+  describe("supportsBiometrics", () => {
+    it("should return true if biometrics are available", async () => {
+      biometrics.available = jest.fn().mockResolvedValue(true);
+
+      const result = await service.supportsBiometrics();
+
+      expect(result).toBe(true);
+    });
+
+    it("should return false if biometrics are not available", async () => {
+      biometrics.available = jest.fn().mockResolvedValue(false);
+
+      const result = await service.supportsBiometrics();
+
+      expect(result).toBe(false);
+    });
+  });
+
+  describe("getBiometricKey", () => {
+    beforeEach(() => {
+      biometrics.prompt = jest.fn().mockResolvedValue(true);
+    });
+
+    it("should return null when unsuccessfully authenticated biometrics", async () => {
+      biometrics.prompt = jest.fn().mockResolvedValue(false);
+
+      const result = await service.getBiometricKey(userId);
+
+      expect(result).toBeNull();
+    });
+
+    it.each([null, undefined, ""])(
+      "should throw error when no biometric key is found '%s'",
+      async (password) => {
+        passwords.getPassword = jest.fn().mockResolvedValue(password);
+
+        await expect(service.getBiometricKey(userId)).rejects.toThrow(
+          "Biometric key not found for user",
+        );
+
+        expect(passwords.getPassword).toHaveBeenCalledWith(serviceKey, storageKey);
+      },
+    );
+
+    it.each([[false], [true]])(
+      "should return the biometricKey and setBiometricSecret called if password is not encrypted and cached clientKeyHalves is %s",
+      async (haveClientKeyHalves) => {
+        const clientKeyHalveBytes = new Uint8Array([1, 2, 3]);
+        if (haveClientKeyHalves) {
+          service["clientKeyHalves"].set(userId, clientKeyHalveBytes);
+        }
+        const biometricKey = key.toBase64();
+        passwords.getPassword = jest.fn().mockResolvedValue(biometricKey);
+        biometrics.deriveKeyMaterial = jest.fn().mockResolvedValue({
+          keyB64: "testKeyB64",
+          ivB64: "testIvB64",
+        } satisfies OsDerivedKey);
+
+        const result = await service.getBiometricKey(userId);
+
+        expect(result.toBase64()).toBe(biometricKey);
+        expect(passwords.getPassword).toHaveBeenCalledWith(serviceKey, storageKey);
+        expect(biometrics.setBiometricSecret).toHaveBeenCalledWith(
+          serviceKey,
+          storageKey,
+          biometricKey,
+          {
+            osKeyPartB64: "testKeyB64",
+            clientKeyPartB64: haveClientKeyHalves
+              ? Utils.fromBufferToB64(clientKeyHalveBytes)
+              : undefined,
+          },
+          "testIvB64",
+        );
+      },
+    );
+
+    it.each([[false], [true]])(
+      "should return the biometricKey if password is encrypted and cached clientKeyHalves is %s",
+      async (haveClientKeyHalves) => {
+        const clientKeyHalveBytes = new Uint8Array([1, 2, 3]);
+        if (haveClientKeyHalves) {
+          service["clientKeyHalves"].set(userId, clientKeyHalveBytes);
+        }
+        const biometricKey = key.toBase64();
+        const biometricKeyEncrypted = "2.testId|data|mac";
+        passwords.getPassword = jest.fn().mockResolvedValue(biometricKeyEncrypted);
+        biometrics.getBiometricSecret = jest.fn().mockResolvedValue(biometricKey);
+        biometrics.deriveKeyMaterial = jest.fn().mockResolvedValue({
+          keyB64: "testKeyB64",
+          ivB64: "testIvB64",
+        } satisfies OsDerivedKey);
+
+        const result = await service.getBiometricKey(userId);
+
+        expect(result.toBase64()).toBe(biometricKey);
+        expect(passwords.getPassword).toHaveBeenCalledWith(serviceKey, storageKey);
+        expect(biometrics.setBiometricSecret).not.toHaveBeenCalled();
+        expect(biometrics.getBiometricSecret).toHaveBeenCalledWith(serviceKey, storageKey, {
+          osKeyPartB64: "testKeyB64",
+          clientKeyPartB64: haveClientKeyHalves
+            ? Utils.fromBufferToB64(clientKeyHalveBytes)
+            : undefined,
+        });
+      },
+    );
+  });
+
   describe("deleteBiometricKey", () => {
     const serviceName = "Bitwarden_biometric";
     const keyName = "test-user-id_user_biometric";
-    const witnessKeyName = "test-user-id_user_biometric_witness";
 
     it("should delete biometric key successfully", async () => {
-      await service.deleteBiometricKey(mockUserId);
+      await service.deleteBiometricKey(userId);
 
       expect(passwords.deletePassword).toHaveBeenCalledWith(serviceName, keyName);
-      expect(passwords.deletePassword).toHaveBeenCalledWith(serviceName, witnessKeyName);
     });
 
-    it.each([
-      [false, false],
-      [false, true],
-      [true, false],
-    ])(
-      "should not throw error if key found: %s and witness key found: %s",
-      async (keyFound, witnessKeyFound) => {
-        passwords.deletePassword = jest.fn().mockImplementation((_, account) => {
-          if (account === keyName) {
-            if (!keyFound) {
-              throw new Error(passwords.PASSWORD_NOT_FOUND);
-            }
-            return Promise.resolve();
-          }
-          if (account === witnessKeyName) {
-            if (!witnessKeyFound) {
-              throw new Error(passwords.PASSWORD_NOT_FOUND);
-            }
-            return Promise.resolve();
-          }
-          throw new Error("Unexpected key");
-        });
+    it.each([[false], [true]])("should not throw error if key found: %s", async (keyFound) => {
+      if (!keyFound) {
+        passwords.deletePassword = jest
+          .fn()
+          .mockRejectedValue(new Error(passwords.PASSWORD_NOT_FOUND));
+      }
 
-        await service.deleteBiometricKey(mockUserId);
+      await service.deleteBiometricKey(userId);
 
-        expect(passwords.deletePassword).toHaveBeenCalledWith(serviceName, keyName);
-        expect(passwords.deletePassword).toHaveBeenCalledWith(serviceName, witnessKeyName);
-        if (!keyFound) {
-          expect(logService.debug).toHaveBeenCalledWith(
-            "[OsBiometricService] Biometric key %s not found for service %s.",
-            keyName,
-            serviceName,
-          );
-        }
-        if (!witnessKeyFound) {
-          expect(logService.debug).toHaveBeenCalledWith(
-            "[OsBiometricService] Biometric witness key %s not found for service %s.",
-            witnessKeyName,
-            serviceName,
-          );
-        }
-      },
-    );
+      expect(passwords.deletePassword).toHaveBeenCalledWith(serviceName, keyName);
+      if (!keyFound) {
+        expect(logService.debug).toHaveBeenCalledWith(
+          "[OsBiometricService] Biometric key %s not found for service %s.",
+          keyName,
+          serviceName,
+        );
+      }
+    });
 
     it("should throw error when deletePassword for key throws unexpected errors", async () => {
       const error = new Error("Unexpected error");
-      passwords.deletePassword = jest.fn().mockImplementation((_, account) => {
-        if (account === keyName) {
-          throw error;
-        }
-        if (account === witnessKeyName) {
-          return Promise.resolve();
-        }
-        throw new Error("Unexpected key");
-      });
+      passwords.deletePassword = jest.fn().mockRejectedValue(error);
 
-      await expect(service.deleteBiometricKey(mockUserId)).rejects.toThrow(error);
+      await expect(service.deleteBiometricKey(userId)).rejects.toThrow(error);
 
       expect(passwords.deletePassword).toHaveBeenCalledWith(serviceName, keyName);
-      expect(passwords.deletePassword).not.toHaveBeenCalledWith(serviceName, witnessKeyName);
+    });
+  });
+
+  describe("authenticateBiometric", () => {
+    const hwnd = randomBytes(32).buffer;
+    const consentMessage = "Test Windows Hello Consent Message";
+
+    beforeEach(() => {
+      windowMain.win.getNativeWindowHandle = jest.fn().mockReturnValue(hwnd);
+      i18nService.t.mockReturnValue(consentMessage);
     });
 
-    it("should throw error when deletePassword for witness key throws unexpected errors", async () => {
-      const error = new Error("Unexpected error");
-      passwords.deletePassword = jest.fn().mockImplementation((_, account) => {
-        if (account === keyName) {
-          return Promise.resolve();
-        }
-        if (account === witnessKeyName) {
-          throw error;
-        }
-        throw new Error("Unexpected key");
-      });
+    it("should return true when biometric authentication is successful", async () => {
+      const result = await service.authenticateBiometric();
 
-      await expect(service.deleteBiometricKey(mockUserId)).rejects.toThrow(error);
+      expect(result).toBe(true);
+      expect(biometrics.prompt).toHaveBeenCalledWith(hwnd, consentMessage);
+    });
 
-      expect(passwords.deletePassword).toHaveBeenCalledWith(serviceName, keyName);
-      expect(passwords.deletePassword).toHaveBeenCalledWith(serviceName, witnessKeyName);
+    it("should return false when biometric authentication fails", async () => {
+      biometrics.prompt = jest.fn().mockResolvedValue(false);
+
+      const result = await service.authenticateBiometric();
+
+      expect(result).toBe(false);
+      expect(biometrics.prompt).toHaveBeenCalledWith(hwnd, consentMessage);
+    });
+  });
+
+  describe("getStorageDetails", () => {
+    it.each([
+      ["testClientKeyHalfB64", "testIvB64"],
+      [undefined, "testIvB64"],
+      ["testClientKeyHalfB64", null],
+      [undefined, null],
+    ])(
+      "should derive key material and ivB64 and return it when os key half not saved yet",
+      async (clientKeyHalfB64, ivB64) => {
+        service["setIv"](ivB64);
+
+        const derivedKeyMaterial = {
+          keyB64: "derivedKeyB64",
+          ivB64: "derivedIvB64",
+        };
+        biometrics.deriveKeyMaterial = jest.fn().mockResolvedValue(derivedKeyMaterial);
+
+        const result = await service["getStorageDetails"]({ clientKeyHalfB64 });
+
+        expect(result).toEqual({
+          key_material: {
+            osKeyPartB64: derivedKeyMaterial.keyB64,
+            clientKeyPartB64: clientKeyHalfB64,
+          },
+          ivB64: derivedKeyMaterial.ivB64,
+        });
+        expect(biometrics.deriveKeyMaterial).toHaveBeenCalledWith(ivB64);
+        expect(service["_osKeyHalf"]).toEqual(derivedKeyMaterial.keyB64);
+        expect(service["_iv"]).toEqual(derivedKeyMaterial.ivB64);
+      },
+    );
+
+    it("should throw an error when deriving key material and returned iv is null", async () => {
+      service["setIv"]("testIvB64");
+
+      const derivedKeyMaterial = {
+        keyB64: "derivedKeyB64",
+        ivB64: null as string | undefined | null,
+      };
+      biometrics.deriveKeyMaterial = jest.fn().mockResolvedValue(derivedKeyMaterial);
+
+      await expect(
+        service["getStorageDetails"]({ clientKeyHalfB64: "testClientKeyHalfB64" }),
+      ).rejects.toThrow("Initialization Vector is null");
+
+      expect(biometrics.deriveKeyMaterial).toHaveBeenCalledWith("testIvB64");
+    });
+  });
+
+  describe("setIv", () => {
+    it("should set the iv and reset the osKeyHalf", () => {
+      const iv = "testIv";
+      service["_osKeyHalf"] = "testOsKeyHalf";
+
+      service["setIv"](iv);
+
+      expect(service["_iv"]).toBe(iv);
+      expect(service["_osKeyHalf"]).toBeNull();
+    });
+
+    it("should set the iv to null when iv is undefined and reset the osKeyHalf", () => {
+      service["_osKeyHalf"] = "testOsKeyHalf";
+
+      service["setIv"](undefined);
+
+      expect(service["_iv"]).toBeNull();
+      expect(service["_osKeyHalf"]).toBeNull();
     });
   });
 });
diff --git a/apps/desktop/src/key-management/biometrics/os-biometrics-windows.service.ts b/apps/desktop/src/key-management/biometrics/os-biometrics-windows.service.ts
index 65abced1526..897304c9f61 100644
--- a/apps/desktop/src/key-management/biometrics/os-biometrics-windows.service.ts
+++ b/apps/desktop/src/key-management/biometrics/os-biometrics-windows.service.ts
@@ -3,7 +3,6 @@ import { EncryptService } from "@bitwarden/common/key-management/crypto/abstract
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { EncryptionType } from "@bitwarden/common/platform/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { UserId } from "@bitwarden/common/types/guid";
@@ -14,10 +13,8 @@ import { WindowMain } from "../../main/window.main";
 
 import { OsBiometricService } from "./os-biometrics.service";
 
-const KEY_WITNESS_SUFFIX = "_witness";
-const WITNESS_VALUE = "known key";
-
 const SERVICE = "Bitwarden_biometric";
+
 function getLookupKeyForUser(userId: UserId): string {
   return `${userId}_user_biometric`;
 }
@@ -43,18 +40,25 @@ export default class OsBiometricsServiceWindows implements OsBiometricService {
   }
 
   async getBiometricKey(userId: UserId): Promise<SymmetricCryptoKey | null> {
-    const value = await passwords.getPassword(SERVICE, getLookupKeyForUser(userId));
-    let clientKeyHalfB64: string | null = null;
-    if (this.clientKeyHalves.has(userId)) {
-      clientKeyHalfB64 = Utils.fromBufferToB64(this.clientKeyHalves.get(userId));
+    const success = await this.authenticateBiometric();
+    if (!success) {
+      return null;
     }
 
+    const value = await passwords.getPassword(SERVICE, getLookupKeyForUser(userId));
     if (value == null || value == "") {
-      return null;
-    } else if (!EncString.isSerializedEncString(value)) {
+      throw new Error("Biometric key not found for user");
+    }
+
+    let clientKeyHalfB64: string | null = null;
+    if (this.clientKeyHalves.has(userId)) {
+      clientKeyHalfB64 = Utils.fromBufferToB64(this.clientKeyHalves.get(userId)!);
+    }
+
+    if (!EncString.isSerializedEncString(value)) {
       // Update to format encrypted with client key half
       const storageDetails = await this.getStorageDetails({
-        clientKeyHalfB64: clientKeyHalfB64,
+        clientKeyHalfB64: clientKeyHalfB64 ?? undefined,
       });
 
       await biometrics.setBiometricSecret(
@@ -69,7 +73,7 @@ export default class OsBiometricsServiceWindows implements OsBiometricService {
       const encValue = new EncString(value);
       this.setIv(encValue.iv);
       const storageDetails = await this.getStorageDetails({
-        clientKeyHalfB64: clientKeyHalfB64,
+        clientKeyHalfB64: clientKeyHalfB64 ?? undefined,
       });
       return SymmetricCryptoKey.fromString(
         await biometrics.getBiometricSecret(
@@ -84,35 +88,16 @@ export default class OsBiometricsServiceWindows implements OsBiometricService {
   async setBiometricKey(userId: UserId, key: SymmetricCryptoKey): Promise<void> {
     const clientKeyHalf = await this.getOrCreateBiometricEncryptionClientKeyHalf(userId, key);
 
-    if (
-      await this.valueUpToDate({
-        value: key,
-        clientKeyPartB64: Utils.fromBufferToB64(clientKeyHalf),
-        service: SERVICE,
-        storageKey: getLookupKeyForUser(userId),
-      })
-    ) {
-      return;
-    }
-
     const storageDetails = await this.getStorageDetails({
       clientKeyHalfB64: Utils.fromBufferToB64(clientKeyHalf),
     });
-    const storedValue = await biometrics.setBiometricSecret(
+    await biometrics.setBiometricSecret(
       SERVICE,
       getLookupKeyForUser(userId),
       key.toBase64(),
       storageDetails.key_material,
       storageDetails.ivB64,
     );
-    const parsedStoredValue = new EncString(storedValue);
-    await this.storeValueWitness(
-      key,
-      parsedStoredValue,
-      SERVICE,
-      getLookupKeyForUser(userId),
-      Utils.fromBufferToB64(clientKeyHalf),
-    );
   }
 
   async deleteBiometricKey(userId: UserId): Promise<void> {
@@ -129,21 +114,11 @@ export default class OsBiometricsServiceWindows implements OsBiometricService {
         throw e;
       }
     }
-    try {
-      await passwords.deletePassword(SERVICE, getLookupKeyForUser(userId) + KEY_WITNESS_SUFFIX);
-    } catch (e) {
-      if (e instanceof Error && e.message === passwords.PASSWORD_NOT_FOUND) {
-        this.logService.debug(
-          "[OsBiometricService] Biometric witness key %s not found for service %s.",
-          getLookupKeyForUser(userId) + KEY_WITNESS_SUFFIX,
-          SERVICE,
-        );
-      } else {
-        throw e;
-      }
-    }
   }
 
+  /**
+   * Prompts Windows Hello
+   */
   async authenticateBiometric(): Promise<boolean> {
     const hwnd = this.windowMain.win.getNativeWindowHandle();
     return await biometrics.prompt(hwnd, this.i18nService.t("windowsHelloConsentMessage"));
@@ -155,7 +130,6 @@ export default class OsBiometricsServiceWindows implements OsBiometricService {
     clientKeyHalfB64: string | undefined;
   }): Promise<{ key_material: biometrics.KeyMaterial; ivB64: string }> {
     if (this._osKeyHalf == null) {
-      // Prompts Windows Hello
       const keyMaterial = await biometrics.deriveKeyMaterial(this._iv);
       this._osKeyHalf = keyMaterial.keyB64;
       this._iv = keyMaterial.ivB64;
@@ -187,118 +161,6 @@ export default class OsBiometricsServiceWindows implements OsBiometricService {
     this._osKeyHalf = null;
   }
 
-  /**
-   * Stores a witness key alongside the encrypted value. This is used to determine if the value is up to date.
-   *
-   * @param unencryptedValue The key to store
-   * @param encryptedValue The encrypted value of the key to store. Used to sync IV of the witness key with the stored key.
-   * @param service The service to store the witness key under
-   * @param storageKey The key to store the witness key under. The witness key will be stored under storageKey + {@link KEY_WITNESS_SUFFIX}
-   * @returns
-   */
-  private async storeValueWitness(
-    unencryptedValue: SymmetricCryptoKey,
-    encryptedValue: EncString,
-    service: string,
-    storageKey: string,
-    clientKeyPartB64: string | undefined,
-  ) {
-    if (encryptedValue.iv == null) {
-      return;
-    }
-
-    const storageDetails = {
-      keyMaterial: this.witnessKeyMaterial(unencryptedValue, clientKeyPartB64),
-      ivB64: encryptedValue.iv,
-    };
-    await biometrics.setBiometricSecret(
-      service,
-      storageKey + KEY_WITNESS_SUFFIX,
-      WITNESS_VALUE,
-      storageDetails.keyMaterial,
-      storageDetails.ivB64,
-    );
-  }
-
-  /**
-   * Uses a witness key stored alongside the encrypted value to determine if the value is up to date.
-   * @param value The value being validated
-   * @param service The service the value is stored under
-   * @param storageKey The key the value is stored under. The witness key will be stored under storageKey + {@link KEY_WITNESS_SUFFIX}
-   * @returns Boolean indicating if the value is up to date.
-   */
-  // Uses a witness key stored alongside the encrypted value to determine if the value is up to date.
-  private async valueUpToDate({
-    value,
-    clientKeyPartB64,
-    service,
-    storageKey,
-  }: {
-    value: SymmetricCryptoKey;
-    clientKeyPartB64: string | undefined;
-    service: string;
-    storageKey: string;
-  }): Promise<boolean> {
-    const witnessKeyMaterial = this.witnessKeyMaterial(value, clientKeyPartB64);
-    if (witnessKeyMaterial == null) {
-      return false;
-    }
-
-    let witness = null;
-    try {
-      witness = await biometrics.getBiometricSecret(
-        service,
-        storageKey + KEY_WITNESS_SUFFIX,
-        witnessKeyMaterial,
-      );
-    } catch (e) {
-      if (e instanceof Error && e.message === passwords.PASSWORD_NOT_FOUND) {
-        this.logService.debug(
-          "[OsBiometricService] Biometric witness key %s not found for service %s, value is not up to date.",
-          storageKey + KEY_WITNESS_SUFFIX,
-          service,
-        );
-      } else {
-        this.logService.error(
-          "[OsBiometricService] Error retrieving witness key, assuming value is not up to date.",
-          e,
-        );
-      }
-      return false;
-    }
-
-    if (witness === WITNESS_VALUE) {
-      return true;
-    }
-
-    return false;
-  }
-
-  /** Derives a witness key from a symmetric key being stored for biometric protection */
-  private witnessKeyMaterial(
-    symmetricKey: SymmetricCryptoKey,
-    clientKeyPartB64: string | undefined,
-  ): biometrics.KeyMaterial {
-    let key = null;
-    const innerKey = symmetricKey.inner();
-    if (innerKey.type === EncryptionType.AesCbc256_HmacSha256_B64) {
-      key = Utils.fromBufferToB64(innerKey.authenticationKey);
-    } else {
-      key = Utils.fromBufferToB64(innerKey.encryptionKey);
-    }
-
-    const result = {
-      osKeyPartB64: key,
-      clientKeyPartB64,
-    };
-
-    // napi-rs fails to convert null values
-    if (result.clientKeyPartB64 == null) {
-      delete result.clientKeyPartB64;
-    }
-    return result;
-  }
-
   async needsSetup() {
     return false;
   }
@@ -312,14 +174,9 @@ export default class OsBiometricsServiceWindows implements OsBiometricService {
   async getOrCreateBiometricEncryptionClientKeyHalf(
     userId: UserId,
     key: SymmetricCryptoKey,
-  ): Promise<Uint8Array | null> {
-    const requireClientKeyHalf = await this.biometricStateService.getRequirePasswordOnStart(userId);
-    if (!requireClientKeyHalf) {
-      return null;
-    }
-
+  ): Promise<Uint8Array> {
     if (this.clientKeyHalves.has(userId)) {
-      return this.clientKeyHalves.get(userId);
+      return this.clientKeyHalves.get(userId)!;
     }
 
     // Retrieve existing key half if it exists
@@ -331,8 +188,8 @@ export default class OsBiometricsServiceWindows implements OsBiometricService {
     }
     if (clientKeyHalf == null) {
       // Set a key half if it doesn't exist
-      const keyBytes = await this.cryptoFunctionService.randomBytes(32);
-      const encKey = await this.encryptService.encryptBytes(keyBytes, key);
+      clientKeyHalf = await this.cryptoFunctionService.randomBytes(32);
+      const encKey = await this.encryptService.encryptBytes(clientKeyHalf, key);
       await this.biometricStateService.setEncryptedClientKeyHalf(encKey, userId);
     }
 
@@ -342,11 +199,6 @@ export default class OsBiometricsServiceWindows implements OsBiometricService {
   }
 
   async getBiometricsFirstUnlockStatusForUser(userId: UserId): Promise<BiometricsStatus> {
-    const requireClientKeyHalf = await this.biometricStateService.getRequirePasswordOnStart(userId);
-    if (!requireClientKeyHalf) {
-      return BiometricsStatus.Available;
-    }
-
     if (this.clientKeyHalves.has(userId)) {
       return BiometricsStatus.Available;
     } else {
diff --git a/apps/desktop/src/locales/af/messages.json b/apps/desktop/src/locales/af/messages.json
index 68f389a40a0..3e539e48eb9 100644
--- a/apps/desktop/src/locales/af/messages.json
+++ b/apps/desktop/src/locales/af/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopieer bevestigingskode (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Lengte"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopieer Sekureiteitskode",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premie-lidmaatskap"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/ar/messages.json b/apps/desktop/src/locales/ar/messages.json
index 7b2e220fa48..26aaf141dd2 100644
--- a/apps/desktop/src/locales/ar/messages.json
+++ b/apps/desktop/src/locales/ar/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "نسخ رمز التحقق (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "الطول"
   },
@@ -1425,6 +1439,9 @@
     "message": "نسخ رمز الأمان",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "العضوية المميزة"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/az/messages.json b/apps/desktop/src/locales/az/messages.json
index 6d6ce16b126..b04f3204a15 100644
--- a/apps/desktop/src/locales/az/messages.json
+++ b/apps/desktop/src/locales/az/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Doğrulama kodunu kopyala (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Kopyala: $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Uzunluq"
   },
@@ -1425,6 +1439,9 @@
     "message": "Güvənlik kodunu kopyala",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "kart nömrəsi"
+  },
   "premiumMembership": {
     "message": "Premium üzvlük"
   },
@@ -3567,11 +3584,11 @@
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
-    "message": "Advanced options",
+    "message": "Qabaqcıl seçimlər",
     "description": "Advanced option placeholder for uri option component"
   },
   "warningCapitalized": {
-    "message": "Warning",
+    "message": "Xəbərdarlıq",
     "description": "Warning (should maintain locale-relevant capitalization)"
   },
   "success": {
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Avto-yazma qısayolunu fəallaşdır"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden, giriş yerlərini doğrulamır, qısayolu istifadə etməzdən əvvəl doğru pəncərədə və xanada olduğunuza əmin olun."
   }
 }
diff --git a/apps/desktop/src/locales/be/messages.json b/apps/desktop/src/locales/be/messages.json
index ae3c8a0cc60..f4b58c89cac 100644
--- a/apps/desktop/src/locales/be/messages.json
+++ b/apps/desktop/src/locales/be/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Скапіяваць праверачны код (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Даўжыня"
   },
@@ -1425,6 +1439,9 @@
     "message": "Скапіяваць код бяспекі",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Прэміяльны статус"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/bg/messages.json b/apps/desktop/src/locales/bg/messages.json
index c67e1dfe829..92ee97ba16a 100644
--- a/apps/desktop/src/locales/bg/messages.json
+++ b/apps/desktop/src/locales/bg/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Код за потвърждаване (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Копиране на $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Дължина"
   },
@@ -1425,6 +1439,9 @@
     "message": "Копиране на кода за сигурност",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "номер на карта"
+  },
   "premiumMembership": {
     "message": "Платен абонамент"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Включване на клавишната комбинация за автоматично попълване"
+  },
+  "enableAutotypeDescription": {
+    "message": "Битуорден не проверява местата за въвеждане, така че се уверете, че сте в правилния прозорец, преди да ползвате клавишната комбинация."
   }
 }
diff --git a/apps/desktop/src/locales/bn/messages.json b/apps/desktop/src/locales/bn/messages.json
index 6f5ac9de909..4a39428590e 100644
--- a/apps/desktop/src/locales/bn/messages.json
+++ b/apps/desktop/src/locales/bn/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "দৈর্ঘ্য"
   },
@@ -1425,6 +1439,9 @@
     "message": "সুরক্ষা কোড অনুলিপিত করুন",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "প্রিমিয়াম সদস্যতা"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/bs/messages.json b/apps/desktop/src/locales/bs/messages.json
index 4600780eda5..5be68fe816f 100644
--- a/apps/desktop/src/locales/bs/messages.json
+++ b/apps/desktop/src/locales/bs/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopira Verifikacioni kod (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Dužina"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopirajte sigurnosni kod",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium članstvo"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/ca/messages.json b/apps/desktop/src/locales/ca/messages.json
index a28b3b3c6d4..6534c0eef02 100644
--- a/apps/desktop/src/locales/ca/messages.json
+++ b/apps/desktop/src/locales/ca/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copia codi de verificació (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Longitud"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copia el codi de seguretat",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Subscripció Premium"
   },
@@ -2197,7 +2214,7 @@
     "message": "Identification"
   },
   "contactInfo": {
-    "message": "Contact information"
+    "message": "Informació de contacte"
   },
   "allSends": {
     "message": "Tots els Send",
@@ -2363,10 +2380,10 @@
     "message": "Autenticar WebAuthn"
   },
   "readSecurityKey": {
-    "message": "Read security key"
+    "message": "Llegeix clau de seguretat"
   },
   "awaitingSecurityKeyInteraction": {
-    "message": "Awaiting security key interaction..."
+    "message": "S'està esperant la interacció amb la clau de seguretat..."
   },
   "hideEmail": {
     "message": "Amagueu la meua adreça de correu electrònic als destinataris."
@@ -2408,16 +2425,16 @@
     "message": "La vostra contrasenya mestra no compleix una o més de les polítiques de l'organització. Per accedir a la caixa forta, heu d'actualitzar-la ara. Si continueu, es tancarà la sessió actual i us demanarà que torneu a iniciar-la. Les sessions en altres dispositius poden continuar romanent actives fins a una hora."
   },
   "changePasswordWarning": {
-    "message": "After changing your password, you will need to log in with your new password. Active sessions on other devices will be logged out within one hour."
+    "message": "En canviar la teva contrasenya, cal iniciar la sessió amb la nova contrasenya. Les sessions actives en altres dispositius es tancaran en una hora."
   },
   "accountRecoveryUpdateMasterPasswordSubtitle": {
-    "message": "Change your master password to complete account recovery."
+    "message": "Canvia la contrasenya mestra per completar el recobrament del compte."
   },
   "updateMasterPasswordSubtitle": {
-    "message": "Your master password does not meet this organization’s requirements. Change your master password to continue."
+    "message": "La contrasenya mestra no s'ajusta als requisits de l'organització. Canvia't la contrasenya mestra per continuar."
   },
   "tdeDisabledMasterPasswordRequired": {
-    "message": "Your organization has disabled trusted device encryption. Please set a master password to access your vault."
+    "message": "La teva organització ha desactivat l'encriptació de dispositius fiables. Fixa una contrasenya mestra per accedir a la teva caixa forta."
   },
   "tryAgain": {
     "message": "Torneu-ho a provar"
@@ -2462,7 +2479,7 @@
     "message": "Minuts"
   },
   "vaultTimeoutPolicyInEffect1": {
-    "message": "$HOURS$ hour(s) and $MINUTES$ minute(s) maximum.",
+    "message": "$HOURS$ hora(es) i $MINUTES$ minut(s) màxim.",
     "placeholders": {
       "hours": {
         "content": "$1",
@@ -2528,13 +2545,13 @@
     "message": "S'ha suprimit la contrasenya mestra."
   },
   "removeMasterPasswordForOrganizationUserKeyConnector": {
-    "message": "A master password is no longer required for members of the following organization. Please confirm the domain below with your organization administrator."
+    "message": "Ja no cal contrasenya mestra per als membres de la següent organització. Confirma'n el domini a sota amb l'administrador de la teva organització."
   },
   "organizationName": {
     "message": "Nom de l'organització"
   },
   "keyConnectorDomain": {
-    "message": "Key Connector domain"
+    "message": "Domini del Connector de claus"
   },
   "leaveOrganization": {
     "message": "Abandona l'organització"
@@ -2597,7 +2614,7 @@
     }
   },
   "exportingIndividualVaultWithAttachmentsDescription": {
-    "message": "Only the individual vault items including attachments associated with $EMAIL$ will be exported. Organization vault items will not be included",
+    "message": "Només els objectes individuals de la caixa forta, inclosos adjunts associats amb $EMAIL$, seran exportats. Els objectes de la caixa forta de l'organització no hi seran inclosos",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -2723,7 +2740,7 @@
     "message": "Utilitzeu aquesta contrasenya"
   },
   "useThisPassphrase": {
-    "message": "Use this passphrase"
+    "message": "Empra aquesta frase de pas"
   },
   "useThisUsername": {
     "message": "Utilitzeu aquest nom d'usuari"
@@ -2760,7 +2777,7 @@
     "description": "Labels the domain name email forwarder service option"
   },
   "forwarderDomainNameHint": {
-    "message": "Choose a domain that is supported by the selected service",
+    "message": "Tria un domini admès pel servei seleccionat",
     "description": "Guidance provided for email forwarding services that support multiple email domains."
   },
   "forwarderError": {
@@ -2792,7 +2809,7 @@
     }
   },
   "forwaderInvalidToken": {
-    "message": "Invalid $SERVICENAME$ API token",
+    "message": "API token de $SERVICENAME$ invàlid",
     "description": "Displayed when the user's API token is empty or rejected by the forwarding service.",
     "placeholders": {
       "servicename": {
@@ -2802,7 +2819,7 @@
     }
   },
   "forwaderInvalidTokenWithMessage": {
-    "message": "Invalid $SERVICENAME$ API token: $ERRORMESSAGE$",
+    "message": "API token de $SERVICENAME$ invàlid: $ERRORMESSAGE$",
     "description": "Displayed when the user's API token is rejected by the forwarding service with an error message.",
     "placeholders": {
       "servicename": {
@@ -2816,7 +2833,7 @@
     }
   },
   "forwaderInvalidOperation": {
-    "message": "$SERVICENAME$ refused your request. Please contact your service provider for assistance.",
+    "message": "$SERVICENAME$ t'ha rebutjat la petició. Contacta amb el teu proveïdor de serveis per assistència.",
     "description": "Displayed when the user is forbidden from using the API by the forwarding service.",
     "placeholders": {
       "servicename": {
@@ -2826,7 +2843,7 @@
     }
   },
   "forwaderInvalidOperationWithMessage": {
-    "message": "$SERVICENAME$ refused your request: $ERRORMESSAGE$",
+    "message": "$SERVICENAME$ us ha rebutjat la petició: $ERRORMESSAGE$",
     "description": "Displayed when the user is forbidden from using the API by the forwarding service with an error message.",
     "placeholders": {
       "servicename": {
@@ -2840,7 +2857,7 @@
     }
   },
   "forwarderNoAccountId": {
-    "message": "Unable to obtain $SERVICENAME$ masked email account ID.",
+    "message": "No es pot obtenir l'ID de compte de correu electrònic emmascarat de $SERVICENAME$.",
     "description": "Displayed when the forwarding service fails to return an account ID.",
     "placeholders": {
       "servicename": {
@@ -2850,7 +2867,7 @@
     }
   },
   "forwarderNoDomain": {
-    "message": "Invalid $SERVICENAME$ domain.",
+    "message": "Domini de $SERVICENAME$ invàlid.",
     "description": "Displayed when the domain is empty or domain authorization failed at the forwarding service.",
     "placeholders": {
       "servicename": {
@@ -2860,7 +2877,7 @@
     }
   },
   "forwarderNoUrl": {
-    "message": "Invalid $SERVICENAME$ url.",
+    "message": "Url de $SERVICENAME$ invàlid.",
     "description": "Displayed when the url of the forwarding service wasn't supplied.",
     "placeholders": {
       "servicename": {
@@ -2870,7 +2887,7 @@
     }
   },
   "forwarderUnknownError": {
-    "message": "Unknown $SERVICENAME$ error occurred.",
+    "message": "Hi ha hagut un error desconegut amb $SERVICENAME$.",
     "description": "Displayed when the forwarding service failed due to an unknown error.",
     "placeholders": {
       "servicename": {
@@ -2880,7 +2897,7 @@
     }
   },
   "forwarderUnknownForwarder": {
-    "message": "Unknown forwarder: '$SERVICENAME$'.",
+    "message": "Remitent desconegut: «$SERVICENAME$».",
     "description": "Displayed when the forwarding service is not supported.",
     "placeholders": {
       "servicename": {
@@ -2948,13 +2965,13 @@
     "message": "S'ha enviat una notificació al vostre dispositiu"
   },
   "notificationSentDevicePart1": {
-    "message": "Unlock Bitwarden on your device or on the "
+    "message": "Desbloqueja Bitwarden en el teu dispositiu o en el "
   },
   "notificationSentDeviceAnchor": {
     "message": "aplicació web"
   },
   "notificationSentDevicePart2": {
-    "message": "Make sure the Fingerprint phrase matches the one below before approving."
+    "message": "Assegura't que la frase d'empremta digital encaixa amb la d'aquí sota abans d'aprovar-la."
   },
   "needAnotherOptionV1": {
     "message": "Necessiteu una altra opció?"
@@ -2985,7 +3002,7 @@
     "description": "'Character count' describes a feature that displays a number next to each character of the password."
   },
   "areYouTryingToAccessYourAccount": {
-    "message": "Are you trying to access your account?"
+    "message": "Intentes accedir al teu compte?"
   },
   "accessAttemptBy": {
     "message": "Intent d'inici de sessió per $EMAIL$",
@@ -3046,7 +3063,7 @@
     "message": "Aquesta sol·licitud ja no és vàlida."
   },
   "confirmAccessAttempt": {
-    "message": "Confirm access attempt for $EMAIL$",
+    "message": "Confirma l'intent d'accés de $EMAIL$",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -3058,7 +3075,7 @@
     "message": "S'ha sol·licitat inici de sessió"
   },
   "accountAccessRequested": {
-    "message": "Account access requested"
+    "message": "Accés al compte demanat"
   },
   "creatingAccountOn": {
     "message": "Creant compte en"
@@ -3106,10 +3123,10 @@
     "message": "Accedint a"
   },
   "accessTokenUnableToBeDecrypted": {
-    "message": "You have been logged out because your access token could not be decrypted. Please log in again to resolve this issue."
+    "message": "Se t'ha tancat la sessió perquè el teu token d'accés no es podia desxifrar. Torna a iniciar la sessió per resoldre aquest problema."
   },
   "refreshTokenSecureStorageRetrievalFailure": {
-    "message": "You have been logged out because your refresh token could not be retrieved. Please log in again to resolve this issue."
+    "message": "Se t'ha tancat la sessió perquè el teu token d'actualització no es podia recuperar. Torna a iniciar la sessió per resoldre aquest problema."
   },
   "masterPasswordHint": {
     "message": "La contrasenya mestra no es pot recuperar si la oblideu!"
@@ -3130,16 +3147,16 @@
     "message": "Actualització de configuració recomanada"
   },
   "rememberThisDeviceToMakeFutureLoginsSeamless": {
-    "message": "Remember this device to make future logins seamless"
+    "message": "Recorda aquest dispositiu per futurs inicis de sessió sense interrupcions"
   },
   "deviceApprovalRequired": {
     "message": "Cal l'aprovació del dispositiu. Seleccioneu una opció d'aprovació a continuació:"
   },
   "deviceApprovalRequiredV2": {
-    "message": "Device approval required"
+    "message": "Cal aprovació del dispositiu"
   },
   "selectAnApprovalOptionBelow": {
-    "message": "Select an approval option below"
+    "message": "Tria una opció d'aprovació a sota"
   },
   "rememberThisDevice": {
     "message": "Recorda aquest dispositiu"
@@ -3154,10 +3171,10 @@
     "message": "Sol·liciteu l'aprovació de l'administrador"
   },
   "unableToCompleteLogin": {
-    "message": "Unable to complete login"
+    "message": "No s'ha pogut finalitzar l'inici de sessió"
   },
   "loginOnTrustedDeviceOrAskAdminToAssignPassword": {
-    "message": "You need to log in on a trusted device or ask your administrator to assign you a password."
+    "message": "Cal iniciar sessió en un dispositiu de confiança o demanar al teu administrador que t'assigni una contrasenya."
   },
   "region": {
     "message": "Regió"
@@ -3194,34 +3211,34 @@
     "message": "Falta el correu electrònic de l'usuari"
   },
   "activeUserEmailNotFoundLoggingYouOut": {
-    "message": "Active user email not found. Logging you out."
+    "message": "No s'ha trobat el correu electrònic de l'usuari actiu. Se't tancarà la sessió."
   },
   "deviceTrusted": {
     "message": "Dispositiu de confiança"
   },
   "trustOrganization": {
-    "message": "Trust organization"
+    "message": "Confia en l'organització"
   },
   "trust": {
     "message": "Confiar"
   },
   "doNotTrust": {
-    "message": "Do not trust"
+    "message": "No hi confiïs"
   },
   "organizationNotTrusted": {
-    "message": "Organization is not trusted"
+    "message": "L'organització no és de confiança"
   },
   "emergencyAccessTrustWarning": {
-    "message": "For the security of your account, only confirm if you have granted emergency access to this user and their fingerprint matches what is displayed in their account"
+    "message": "Per la seguretat del teu compte, confirma només si tens garantit l'accés a aquest usuari i la seva empremta coincideix amb el que es mostra al seu compte"
   },
   "orgTrustWarning": {
-    "message": "For the security of your account, only proceed if you are a member of this organization, have account recovery enabled, and the fingerprint displayed below matches the organization's fingerprint."
+    "message": "Per la seguretat del teu compte, confirma només si ets un membre d'aquesta organització, tens un compte de recuperació activat i l'empremta de sota coincideix amb la de l'organització."
   },
   "orgTrustWarning1": {
-    "message": "This organization has an Enterprise policy that will enroll you in account recovery. Enrollment will allow organization administrators to change your password. Only proceed if you recognize this organization and the fingerprint phrase displayed below matches the organization's fingerprint."
+    "message": "Aquesta organització té una política d'Empresa que t'inscriurà com a compte de recuperació. La inscripció permetrà als administradors de l'organització canviar la teva contrasenya. Continua només si coneixes l'organització i la frase d'empremta digital mostrada a sota coincideix amb l'empremta de l'organització."
   },
   "trustUser": {
-    "message": "Trust user"
+    "message": "Confia en l'usuari"
   },
   "inputRequired": {
     "message": "L'entrada és obligatòria."
@@ -3388,13 +3405,13 @@
     "message": "Es requereix l'inici de sessió en dos passos de DUO al vostre compte."
   },
   "duoTwoFactorRequiredPageSubtitle": {
-    "message": "Duo two-step login is required for your account. Follow the steps below to finish logging in."
+    "message": "Cal l'inici de sessió en dos passos de Duo al vostre compte. Seguiu els passos de sota per finalitzar l'inici de sessió."
   },
   "followTheStepsBelowToFinishLoggingIn": {
-    "message": "Follow the steps below to finish logging in."
+    "message": "Seguiu els passos de sota per finalitzar l'inici de sessió."
   },
   "followTheStepsBelowToFinishLoggingInWithSecurityKey": {
-    "message": "Follow the steps below to finish logging in with your security key."
+    "message": "Seguiu els passos de sota per finalitzar l'inici de sessió amb la clau de seguretat."
   },
   "launchDuo": {
     "message": "Inicia Duo al navegador"
@@ -3551,27 +3568,27 @@
     "description": "Label indicating the most common import formats"
   },
   "uriMatchDefaultStrategyHint": {
-    "message": "URI match detection is how Bitwarden identifies autofill suggestions.",
+    "message": "Bitwarden empra la detecció de coincidències URI pels suggeriments d'autoemplenament.",
     "description": "Explains to the user that URI match detection determines how Bitwarden suggests autofill options, and clarifies that this default strategy applies when no specific match detection is set for a login item."
   },
   "regExAdvancedOptionWarning": {
-    "message": "\"Regular expression\" is an advanced option with increased risk of exposing credentials.",
+    "message": "«Expressió regular» és una opció avançada amb més risc d'exposar credencials.",
     "description": "Content for dialog which warns a user when selecting 'regular expression' matching strategy as a cipher match strategy"
   },
   "startsWithAdvancedOptionWarning": {
-    "message": "\"Starts with\" is an advanced option with increased risk of exposing credentials.",
+    "message": "«Comença amb» és una opció avançada amb més risc d'exposar credencials.",
     "description": "Content for dialog which warns a user when selecting 'starts with' matching strategy as a cipher match strategy"
   },
   "uriMatchWarningDialogLink": {
-    "message": "More about match detection",
+    "message": "Més sobre la detecció de coincidències",
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
-    "message": "Advanced options",
+    "message": "Opcions avançades",
     "description": "Advanced option placeholder for uri option component"
   },
   "warningCapitalized": {
-    "message": "Warning",
+    "message": "Advertència",
     "description": "Warning (should maintain locale-relevant capitalization)"
   },
   "success": {
@@ -3642,33 +3659,33 @@
     "message": "Sends de text"
   },
   "ssoError": {
-    "message": "No free ports could be found for the sso login."
+    "message": "No s'ha trobat cap port lliure per a l'inici de sessió sso."
   },
   "securePasswordGenerated": {
-    "message": "Secure password generated! Don't forget to also update your password on the website."
+    "message": "Contrasenya segura generada! No us oblideu d'actualitzar-vos la contrasenya al web."
   },
   "useGeneratorHelpTextPartOne": {
-    "message": "Use the generator",
+    "message": "Feu servir el generador",
     "description": "This will be used as part of a larger sentence, broken up to include the generator icon. The full sentence will read 'Use the generator [GENERATOR_ICON] to create a strong unique password'"
   },
   "useGeneratorHelpTextPartTwo": {
-    "message": "to create a strong unique password",
+    "message": "per crear una contrasenya única forta",
     "description": "This will be used as part of a larger sentence, broken up to include the generator icon. The full sentence will read 'Use the generator [GENERATOR_ICON] to create a strong unique password'"
   },
   "biometricsStatusHelptextUnlockNeeded": {
-    "message": "Biometric unlock is unavailable because PIN or password unlock is required first."
+    "message": "El desbloqueig per dades biomètriques no està disponible perquè cal primer desbloquejar el PIN o la contrasenya."
   },
   "biometricsStatusHelptextHardwareUnavailable": {
-    "message": "Biometric unlock is currently unavailable."
+    "message": "El desbloqueig per dades biomètriques no està disponible ara."
   },
   "biometricsStatusHelptextAutoSetupNeeded": {
-    "message": "Biometric unlock is unavailable due to misconfigured system files."
+    "message": "El desbloqueig per dades biomètriques no està disponible per uns fitxers del sistema mal configurats."
   },
   "biometricsStatusHelptextManualSetupNeeded": {
-    "message": "Biometric unlock is unavailable due to misconfigured system files."
+    "message": "El desbloqueig per dades biomètriques no està disponible per uns fitxers del sistema mal configurats."
   },
   "biometricsStatusHelptextNotEnabledLocally": {
-    "message": "Biometric unlock is unavailable because it is not enabled for $EMAIL$ in the Bitwarden desktop app.",
+    "message": "El desbloqueig per dades biomètriques no està disponible perquè no s'ha activat per a $EMAIL$ a l'app d'escriptori de Bitwarden.",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -3677,7 +3694,7 @@
     }
   },
   "biometricsStatusHelptextUnavailableReasonUnknown": {
-    "message": "Biometric unlock is currently unavailable for an unknown reason."
+    "message": "El desbloqueig per dades biomètriques no està disponible ara per motius desconeguts."
   },
   "itemDetails": {
     "message": "Detalls de l'element"
@@ -3707,19 +3724,19 @@
     "message": "Denega"
   },
   "sshkeyApprovalTitle": {
-    "message": "Confirm SSH key usage"
+    "message": "Confirma l'ús de la clau SSH"
   },
   "agentForwardingWarningTitle": {
-    "message": "Warning: Agent Forwarding"
+    "message": "Advertència: Reenviament de l'Agent"
   },
   "agentForwardingWarningText": {
-    "message": "This request comes from a remote device that you are logged into"
+    "message": "Aquesta petició ve d'un dispositiu remot on teniu iniciada la sessió"
   },
   "sshkeyApprovalMessageInfix": {
-    "message": "is requesting access to"
+    "message": "sol·licita accés a"
   },
   "sshkeyApprovalMessageSuffix": {
-    "message": "in order to"
+    "message": "per"
   },
   "sshActionLogin": {
     "message": "authenticate to a server"
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/cs/messages.json b/apps/desktop/src/locales/cs/messages.json
index 8c725808a98..a21f9b9258e 100644
--- a/apps/desktop/src/locales/cs/messages.json
+++ b/apps/desktop/src/locales/cs/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopírovat ověřovací kód (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Kopírovat $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Délka"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopírovat bezpečnostní kód",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "číslo karty"
+  },
   "premiumMembership": {
     "message": "Prémiové členství"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Povolit zkratku automatického psaní"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden neověřuje umístění vstupu. Před použitím zkratky se ujistěte, že jste ve správném okně a poli."
   }
 }
diff --git a/apps/desktop/src/locales/cy/messages.json b/apps/desktop/src/locales/cy/messages.json
index 3b3afba9415..e3db70bf152 100644
--- a/apps/desktop/src/locales/cy/messages.json
+++ b/apps/desktop/src/locales/cy/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/da/messages.json b/apps/desktop/src/locales/da/messages.json
index cf60c7a04cb..47df4e98b3f 100644
--- a/apps/desktop/src/locales/da/messages.json
+++ b/apps/desktop/src/locales/da/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopiér bekræftelseskode (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Længde"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopiér bekræftelseskode",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium-medlemskab"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/de/messages.json b/apps/desktop/src/locales/de/messages.json
index 6e2b172b97c..1f60be15374 100644
--- a/apps/desktop/src/locales/de/messages.json
+++ b/apps/desktop/src/locales/de/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Verifizierungscode (TOTP) kopieren"
   },
+  "copyFieldCipherName": {
+    "message": "$FIELD$, $CIPHERNAME$ kopieren",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Länge"
   },
@@ -1425,6 +1439,9 @@
     "message": "Sicherheitscode kopieren",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "Kartennummer"
+  },
   "premiumMembership": {
     "message": "Premium-Mitgliedschaft"
   },
@@ -2408,13 +2425,13 @@
     "message": "Dein Master-Passwort entspricht nicht einer oder mehreren Richtlinien deiner Organisation. Um auf den Tresor zugreifen zu können, musst du dein Master-Passwort jetzt aktualisieren. Wenn du fortfährst, wirst du von deiner aktuellen Sitzung abgemeldet und musst dich erneut anmelden. Aktive Sitzungen auf anderen Geräten können noch bis zu einer Stunde lang aktiv bleiben."
   },
   "changePasswordWarning": {
-    "message": "After changing your password, you will need to log in with your new password. Active sessions on other devices will be logged out within one hour."
+    "message": "Nachdem du dein Passwort geändert hast, musst du dich mit deinem neuen Passwort anmelden. Aktive Sitzungen auf anderen Geräten werden innerhalb einer Stunde abgemeldet."
   },
   "accountRecoveryUpdateMasterPasswordSubtitle": {
-    "message": "Change your master password to complete account recovery."
+    "message": "Ändere dein Master-Passwort, um die Kontowiederherstellung abzuschließen."
   },
   "updateMasterPasswordSubtitle": {
-    "message": "Your master password does not meet this organization’s requirements. Change your master password to continue."
+    "message": "Dein Master-Passwort entspricht nicht den Anforderungen dieser Organisation. Ändere dein Master-Passwort, um fortzufahren."
   },
   "tdeDisabledMasterPasswordRequired": {
     "message": "Deine Organisation hat die vertrauenswürdige Geräteverschlüsselung deaktiviert. Bitte lege ein Master-Passwort fest, um auf deinen Tresor zuzugreifen."
@@ -3154,10 +3171,10 @@
     "message": "Admin-Genehmigung anfragen"
   },
   "unableToCompleteLogin": {
-    "message": "Unable to complete login"
+    "message": "Anmeldung kann nicht abgeschlossen werden"
   },
   "loginOnTrustedDeviceOrAskAdminToAssignPassword": {
-    "message": "You need to log in on a trusted device or ask your administrator to assign you a password."
+    "message": "Du musst dich auf einem vertrauenswürdigen Gerät anmelden oder deinem Administrator bitten, dir ein Passwort zuzuweisen."
   },
   "region": {
     "message": "Region"
@@ -3551,27 +3568,27 @@
     "description": "Label indicating the most common import formats"
   },
   "uriMatchDefaultStrategyHint": {
-    "message": "URI match detection is how Bitwarden identifies autofill suggestions.",
+    "message": "Die URI-Übereinstimmungserkennung ist die Methode, mit der Bitwarden Auto-Ausfüllen-Vorschläge erkennt.",
     "description": "Explains to the user that URI match detection determines how Bitwarden suggests autofill options, and clarifies that this default strategy applies when no specific match detection is set for a login item."
   },
   "regExAdvancedOptionWarning": {
-    "message": "\"Regular expression\" is an advanced option with increased risk of exposing credentials.",
+    "message": "\"Regulärer Ausdruck\" ist eine erweiterte Option mit erhöhtem Risiko der Kompromittierung von Zugangsdaten.",
     "description": "Content for dialog which warns a user when selecting 'regular expression' matching strategy as a cipher match strategy"
   },
   "startsWithAdvancedOptionWarning": {
-    "message": "\"Starts with\" is an advanced option with increased risk of exposing credentials.",
+    "message": "\"Beginnt mit\" ist eine erweiterte Option mit erhöhtem Risiko der Kompromittierung von Zugangsdaten.",
     "description": "Content for dialog which warns a user when selecting 'starts with' matching strategy as a cipher match strategy"
   },
   "uriMatchWarningDialogLink": {
-    "message": "More about match detection",
+    "message": "Mehr über die Übereinstimmungs-Erkennung",
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
-    "message": "Advanced options",
+    "message": "Erweiterte Optionen",
     "description": "Advanced option placeholder for uri option component"
   },
   "warningCapitalized": {
-    "message": "Warning",
+    "message": "Warnung",
     "description": "Warning (should maintain locale-relevant capitalization)"
   },
   "success": {
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Auto-Schreiben Tastenkombination aktivieren"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden überprüft die Eingabestellen nicht. Vergewissere dich, dass du dich im richtigen Fenster und Feld befindest, bevor du die Tastenkombination verwendest."
   }
 }
diff --git a/apps/desktop/src/locales/el/messages.json b/apps/desktop/src/locales/el/messages.json
index 239351d406d..2f2a3cf914c 100644
--- a/apps/desktop/src/locales/el/messages.json
+++ b/apps/desktop/src/locales/el/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Αντιγραφή κωδικού επαλήθευσης (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Μήκος"
   },
@@ -1425,6 +1439,9 @@
     "message": "Αντιγραφή κωδικού ασφαλείας",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Συνδρομή Premium"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/en/messages.json b/apps/desktop/src/locales/en/messages.json
index 1ad0dcf308f..e5e6dcb2882 100644
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -1813,9 +1813,6 @@
   "unlockWithWindowsHello": {
     "message": "Unlock with Windows Hello"
   },
-  "additionalWindowsHelloSettings": {
-    "message": "Additional Windows Hello settings"
-  },
   "unlockWithPolkit": {
     "message": "Unlock with system authentication"
   },
@@ -1831,12 +1828,6 @@
   "touchIdConsentMessage": {
     "message": "unlock your vault"
   },
-  "autoPromptWindowsHello": {
-    "message": "Ask for Windows Hello on app start"
-  },
-  "autoPromptPolkit": {
-    "message": "Ask for system authentication on launch"
-  },
   "autoPromptTouchId": {
     "message": "Ask for Touch ID on app start"
   },
@@ -1846,9 +1837,6 @@
   "requirePasswordWithoutPinOnStart": {
     "message": "Require password on app start"
   },
-  "recommendedForSecurity": {
-    "message": "Recommended for security."
-  },
   "lockWithMasterPassOnRestart1": {
     "message": "Lock with master password on restart"
   },
diff --git a/apps/desktop/src/locales/en_GB/messages.json b/apps/desktop/src/locales/en_GB/messages.json
index 57ada476677..f73e373d825 100644
--- a/apps/desktop/src/locales/en_GB/messages.json
+++ b/apps/desktop/src/locales/en_GB/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/en_IN/messages.json b/apps/desktop/src/locales/en_IN/messages.json
index 6c9d211bf13..ee0e0dc276f 100644
--- a/apps/desktop/src/locales/en_IN/messages.json
+++ b/apps/desktop/src/locales/en_IN/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy Verification Code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/eo/messages.json b/apps/desktop/src/locales/eo/messages.json
index 26e6aefb83c..5bfde4d51c0 100644
--- a/apps/desktop/src/locales/eo/messages.json
+++ b/apps/desktop/src/locales/eo/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopii la kontrolan kodon (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Longo"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopii sekurigan kodon",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/es/messages.json b/apps/desktop/src/locales/es/messages.json
index eb02eca59ba..f839e9c8634 100644
--- a/apps/desktop/src/locales/es/messages.json
+++ b/apps/desktop/src/locales/es/messages.json
@@ -190,7 +190,7 @@
     "message": "Clave pública"
   },
   "sshFingerprint": {
-    "message": "Fingerprint"
+    "message": "Huella digital"
   },
   "sshKeyAlgorithm": {
     "message": "Tipo de clave"
@@ -229,7 +229,7 @@
     "message": "Por favor, desbloquea tu caja fuerte para aprobar la solicitud de clave SSH."
   },
   "sshAgentUnlockTimeout": {
-    "message": "SSH key request timed out."
+    "message": "La solicitud de clave SSH ha expirado."
   },
   "enableSshAgent": {
     "message": "Habilitar agente SSH"
@@ -244,7 +244,7 @@
     "message": "Solicitar autorización al usar el agente SSH"
   },
   "sshAgentPromptBehaviorDesc": {
-    "message": "Choose how to handle SSH-agent authorization requests."
+    "message": "Elige como gestionar las solicitudes de autorización del agente SSH."
   },
   "sshAgentPromptBehaviorHelp": {
     "message": "Recordar autorizaciones SSH"
@@ -467,7 +467,7 @@
     "message": "Use checkboxes if you'd like to autofill a form's checkbox, like a remember email"
   },
   "linkedHelpText": {
-    "message": "Use a linked field when you are experiencing autofill issues for a specific website."
+    "message": "Usa un campo enlazado cuando estés experimentando problemas de autocompletado para un sitio web específico."
   },
   "linkedLabelHelpText": {
     "message": "Enter the the field's html id, name, aria-label, or placeholder."
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copiar código de verificación (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Longitud"
   },
@@ -1022,7 +1036,7 @@
     "message": "Tiempo de autenticación agotado"
   },
   "authenticationSessionTimedOut": {
-    "message": "The authentication session timed out. Please restart the login process."
+    "message": "La sesión de autenticación ha expirado. Por favor, inicia de nuevo el proceso de inicio de sesión."
   },
   "selfHostBaseUrl": {
     "message": "URL del servidor autoalojado",
@@ -1425,6 +1439,9 @@
     "message": "Copiar código de seguridad",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Membresía Premium"
   },
@@ -2393,7 +2410,7 @@
     "message": "Esta acción está protegida. Para continuar, vuelva a introducir su contraseña maestra para verificar su identidad."
   },
   "masterPasswordSuccessfullySet": {
-    "message": "Master password successfully set"
+    "message": "Contraseña maestra establecida correctamente"
   },
   "updatedMasterPassword": {
     "message": "Contraseña maestra actualizada"
@@ -2408,13 +2425,13 @@
     "message": "Tu contraseña maestra no cumple con una o más de las políticas de tu organización. Para acceder a la caja fuerte, debes actualizar tu contraseña maestra ahora. Proceder te desconectará de tu sesión actual, requiriendo que vuelva a iniciar sesión. Las sesiones activas en otros dispositivos pueden seguir estando activas durante hasta una hora."
   },
   "changePasswordWarning": {
-    "message": "After changing your password, you will need to log in with your new password. Active sessions on other devices will be logged out within one hour."
+    "message": "Tras cambiar tu contraseña tendrás que iniciar sesión con tu nueva contraseña. Las sesiones activas en otros dispositivos se cerrarán en una hora."
   },
   "accountRecoveryUpdateMasterPasswordSubtitle": {
-    "message": "Change your master password to complete account recovery."
+    "message": "Cambia tu contraseña maestra para completar la recuperación de la cuenta."
   },
   "updateMasterPasswordSubtitle": {
-    "message": "Your master password does not meet this organization’s requirements. Change your master password to continue."
+    "message": "Tu contraseña maestra no cumple con los requisitos de esta organización. Cambia tu contraseña maestra para continuar."
   },
   "tdeDisabledMasterPasswordRequired": {
     "message": "Your organization has disabled trusted device encryption. Please set a master password to access your vault."
@@ -2528,7 +2545,7 @@
     "message": "Contraseña maestra eliminada."
   },
   "removeMasterPasswordForOrganizationUserKeyConnector": {
-    "message": "A master password is no longer required for members of the following organization. Please confirm the domain below with your organization administrator."
+    "message": "Ya no es necesaria una contraseña maestra para los miembros de la siguiente organización. Por favor, confirma el dominio que aparece a continuación con el administrador de tu organización."
   },
   "organizationName": {
     "message": "Nombre de la organización"
@@ -2597,7 +2614,7 @@
     }
   },
   "exportingIndividualVaultWithAttachmentsDescription": {
-    "message": "Only the individual vault items including attachments associated with $EMAIL$ will be exported. Organization vault items will not be included",
+    "message": "Solo los elementos individuales de la caja fuerte, incluyendo adjuntos asociados a $EMAIL$, serán exportados. Los elementos de la caja fuerte de la organización no se incluirán",
     "placeholders": {
       "email": {
         "content": "$1",
@@ -2954,7 +2971,7 @@
     "message": "aplicación web"
   },
   "notificationSentDevicePart2": {
-    "message": "Make sure the Fingerprint phrase matches the one below before approving."
+    "message": "Asegúrate de que la frase de la Huella digital coincide con la siguiente antes de aprobar."
   },
   "needAnotherOptionV1": {
     "message": "¿Necesitas otra opción?"
@@ -3154,10 +3171,10 @@
     "message": "Solicitar aprobación del administrador"
   },
   "unableToCompleteLogin": {
-    "message": "Unable to complete login"
+    "message": "No se puede completar el inicio de sesión"
   },
   "loginOnTrustedDeviceOrAskAdminToAssignPassword": {
-    "message": "You need to log in on a trusted device or ask your administrator to assign you a password."
+    "message": "Necesitas iniciar sesión en un dispositivo de confianza o pedir a tu administrador que te asigne una contraseña."
   },
   "region": {
     "message": "Región"
@@ -3212,10 +3229,10 @@
     "message": "La organización no es de confianza"
   },
   "emergencyAccessTrustWarning": {
-    "message": "For the security of your account, only confirm if you have granted emergency access to this user and their fingerprint matches what is displayed in their account"
+    "message": "Por la seguridad de tu cuenta, confirma únicamente si has otorgado acceso de emergencia a este usuario y que su huella digital coincida con la mostrada en su cuenta"
   },
   "orgTrustWarning": {
-    "message": "For the security of your account, only proceed if you are a member of this organization, have account recovery enabled, and the fingerprint displayed below matches the organization's fingerprint."
+    "message": "Por la seguridad de tu cuenta, procede únicamente si eres un miembro de esta organización, tienes la recuperación de la cuenta activada y la huella digital mostrada a continuación coincide con la huella digital de la organización."
   },
   "orgTrustWarning1": {
     "message": "This organization has an Enterprise policy that will enroll you in account recovery. Enrollment will allow organization administrators to change your password. Only proceed if you recognize this organization and the fingerprint phrase displayed below matches the organization's fingerprint."
@@ -3567,11 +3584,11 @@
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
-    "message": "Advanced options",
+    "message": "Opciones avanzadas",
     "description": "Advanced option placeholder for uri option component"
   },
   "warningCapitalized": {
-    "message": "Warning",
+    "message": "Advertencia",
     "description": "Warning (should maintain locale-relevant capitalization)"
   },
   "success": {
@@ -3764,7 +3781,7 @@
     "message": "Actualización de la extensión requerida"
   },
   "updateBrowserOrDisableFingerprintDialogMessage": {
-    "message": "The browser extension you are using is out of date. Please update it or disable browser integration fingerprint validation in the desktop app settings."
+    "message": "La extensión del navegador que estás utilizando está desactualizada. Por favor, actualízala o desactiva la integración del navegador de la validación de la huella digital en los ajustes de la aplicación de escritorio."
   },
   "changeAtRiskPassword": {
     "message": "Cambiar contraseña en riesgo"
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Activar atajo de autoescritura"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden no valida las ubicaciones de entrada, asegúrate de que estás en la ventana y en el capo correctos antes de usar el atajo."
   }
 }
diff --git a/apps/desktop/src/locales/et/messages.json b/apps/desktop/src/locales/et/messages.json
index 4b848d9ef5c..be7628d2d34 100644
--- a/apps/desktop/src/locales/et/messages.json
+++ b/apps/desktop/src/locales/et/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopeeri Kinnituskood (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Pikkus"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopeeri turvakood",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Preemium versioon"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/eu/messages.json b/apps/desktop/src/locales/eu/messages.json
index aae6880294d..0c4b2f4d836 100644
--- a/apps/desktop/src/locales/eu/messages.json
+++ b/apps/desktop/src/locales/eu/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopiatu egiaztatze-kodea (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Luzera"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopiatu segurtasun-kodea",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium bazkidea"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/fa/messages.json b/apps/desktop/src/locales/fa/messages.json
index 4b9696887be..8aefda20bf4 100644
--- a/apps/desktop/src/locales/fa/messages.json
+++ b/apps/desktop/src/locales/fa/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "کپی کد تأیید (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "طول"
   },
@@ -1425,6 +1439,9 @@
     "message": "کپی کد امنیتی",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "عضویت پرمیوم"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/fi/messages.json b/apps/desktop/src/locales/fi/messages.json
index 6c13f322aca..b334bc61ece 100644
--- a/apps/desktop/src/locales/fi/messages.json
+++ b/apps/desktop/src/locales/fi/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopioi todennuskoodi (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Pituus"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopioi turvakoodi",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium-jäsenyys"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/fil/messages.json b/apps/desktop/src/locales/fil/messages.json
index cfa39fd71f3..723d324bf70 100644
--- a/apps/desktop/src/locales/fil/messages.json
+++ b/apps/desktop/src/locales/fil/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopyahin ang verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Kahabaan"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopyahin ang code ng seguridad",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Pagiging miyembro ng premium"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/fr/messages.json b/apps/desktop/src/locales/fr/messages.json
index 387c25ec44c..b06308b2906 100644
--- a/apps/desktop/src/locales/fr/messages.json
+++ b/apps/desktop/src/locales/fr/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copier le code de vérification (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Longueur"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copier le code de sécurité",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Adhésion Premium"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/gl/messages.json b/apps/desktop/src/locales/gl/messages.json
index 304d07ee3cd..3d240ff77e8 100644
--- a/apps/desktop/src/locales/gl/messages.json
+++ b/apps/desktop/src/locales/gl/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/he/messages.json b/apps/desktop/src/locales/he/messages.json
index 11a736eeaaa..5b76be7fff3 100644
--- a/apps/desktop/src/locales/he/messages.json
+++ b/apps/desktop/src/locales/he/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "העתקת קוד אימות (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "אורך"
   },
@@ -1425,6 +1439,9 @@
     "message": "העתק קוד אבטחה",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "חברות פרימיום"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "הפעלת קיצור הקלדה אוטומטית"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden לא מאמת את מקומות הקלט, נא לוודא שזה החלון והשדה הנכונים בטרם שימוש בקיצור הדרך."
   }
 }
diff --git a/apps/desktop/src/locales/hi/messages.json b/apps/desktop/src/locales/hi/messages.json
index 3d3a2c4d701..77b416118c9 100644
--- a/apps/desktop/src/locales/hi/messages.json
+++ b/apps/desktop/src/locales/hi/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/hr/messages.json b/apps/desktop/src/locales/hr/messages.json
index 699e4ad347d..b86e57a4811 100644
--- a/apps/desktop/src/locales/hr/messages.json
+++ b/apps/desktop/src/locales/hr/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopiraj kôd za provjeru (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Duljina"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopiraj kontrolni broj",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium članstvo"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/hu/messages.json b/apps/desktop/src/locales/hu/messages.json
index cd30ee6edaa..0f5e14596d7 100644
--- a/apps/desktop/src/locales/hu/messages.json
+++ b/apps/desktop/src/locales/hu/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Ellenőrző kód másolása (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "$FIELD$, $CIPHERNAME$ másolása",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Hossz"
   },
@@ -1425,6 +1439,9 @@
     "message": "Biztonsági kód másolása",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "kártya szám"
+  },
   "premiumMembership": {
     "message": "Prémium tagság"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Automatikus típusú parancsikon engedélyezése"
+  },
+  "enableAutotypeDescription": {
+    "message": "A Bitwarden nem érvényesíti a beviteli helyeket, győződjünk meg róla, hogy a megfelelő ablakban és mezőben vagyunk, mielőtt a parancsikont használnánk."
   }
 }
diff --git a/apps/desktop/src/locales/id/messages.json b/apps/desktop/src/locales/id/messages.json
index 0634ad80722..f4627f805e0 100644
--- a/apps/desktop/src/locales/id/messages.json
+++ b/apps/desktop/src/locales/id/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Salin Kode Verifikasi (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Panjang"
   },
@@ -1425,6 +1439,9 @@
     "message": "Salin Kode Keamanan",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Keanggotaan Premium"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/it/messages.json b/apps/desktop/src/locales/it/messages.json
index 0476024f926..b89b25a745c 100644
--- a/apps/desktop/src/locales/it/messages.json
+++ b/apps/desktop/src/locales/it/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copia codice di verifica (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Lunghezza"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copia codice di sicurezza",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Abbonamento Premium"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/ja/messages.json b/apps/desktop/src/locales/ja/messages.json
index 7b8eddc693b..19a91367567 100644
--- a/apps/desktop/src/locales/ja/messages.json
+++ b/apps/desktop/src/locales/ja/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "認証コード (TOTP) をコピー"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "長さ"
   },
@@ -1425,6 +1439,9 @@
     "message": "セキュリティコードのコピー",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "プレミアム会員"
   },
@@ -3680,25 +3697,25 @@
     "message": "生体認証によるロック解除は、不明な理由により現在利用できません。"
   },
   "itemDetails": {
-    "message": "Item details"
+    "message": "アイテムの詳細"
   },
   "itemName": {
-    "message": "Item name"
+    "message": "アイテム名"
   },
   "loginCredentials": {
-    "message": "Login credentials"
+    "message": "ログイン資格情報"
   },
   "additionalOptions": {
-    "message": "Additional options"
+    "message": "追加のオプション"
   },
   "itemHistory": {
-    "message": "Item history"
+    "message": "アイテムの履歴"
   },
   "lastEdited": {
-    "message": "Last edited"
+    "message": "直近の編集"
   },
   "upload": {
-    "message": "Upload"
+    "message": "アップロード"
   },
   "authorize": {
     "message": "認可"
@@ -3782,10 +3799,10 @@
     "message": "移動"
   },
   "newFolder": {
-    "message": "New folder"
+    "message": "新しいフォルダー"
   },
   "folderName": {
-    "message": "Folder Name"
+    "message": "フォルダー名"
   },
   "folderHintText": {
     "message": "Nest a folder by adding the parent folder's name followed by a “/”. Example: Social/Forums"
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/ka/messages.json b/apps/desktop/src/locales/ka/messages.json
index 7b98da76026..5f9d2fe17b3 100644
--- a/apps/desktop/src/locales/ka/messages.json
+++ b/apps/desktop/src/locales/ka/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "სიგრძე"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/km/messages.json b/apps/desktop/src/locales/km/messages.json
index 304d07ee3cd..3d240ff77e8 100644
--- a/apps/desktop/src/locales/km/messages.json
+++ b/apps/desktop/src/locales/km/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/kn/messages.json b/apps/desktop/src/locales/kn/messages.json
index 8a1798ce386..b7664ad90bf 100644
--- a/apps/desktop/src/locales/kn/messages.json
+++ b/apps/desktop/src/locales/kn/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "ನಕಲಿಸಿ ಪರಿಶೀಲನೆ ಕೋಡ್ (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "ಉದ್ದ"
   },
@@ -1425,6 +1439,9 @@
     "message": "ಭದ್ರತಾ ಕೋಡ್ ಅನ್ನು ನಕಲಿಸಿ",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "ಪ್ರೀಮಿಯಂ ಸದಸ್ಯತ್ವ"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/ko/messages.json b/apps/desktop/src/locales/ko/messages.json
index 9127f4f76a9..ca23d5107c7 100644
--- a/apps/desktop/src/locales/ko/messages.json
+++ b/apps/desktop/src/locales/ko/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "인증 코드 (TOTP) 복사"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "길이"
   },
@@ -1425,6 +1439,9 @@
     "message": "보안 코드 복사",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "프리미엄 멤버십"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/lt/messages.json b/apps/desktop/src/locales/lt/messages.json
index 84e5a9d36a6..99c63ab4dab 100644
--- a/apps/desktop/src/locales/lt/messages.json
+++ b/apps/desktop/src/locales/lt/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopijuoti patvirtinimo kodą (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Ilgis"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopijuoti saugos kodą",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium narystė"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/lv/messages.json b/apps/desktop/src/locales/lv/messages.json
index d1bf2382e58..0849bf29b45 100644
--- a/apps/desktop/src/locales/lv/messages.json
+++ b/apps/desktop/src/locales/lv/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Ievietot Apliecinājuma kodu (TOTP) starpliktuvē"
   },
+  "copyFieldCipherName": {
+    "message": "Ievietot starpliktuvē $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Garums"
   },
@@ -1425,6 +1439,9 @@
     "message": "Ievietot drošības kodu starpliktuvē",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "kartes numurs"
+  },
   "premiumMembership": {
     "message": "Premium dalība"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Iespējot automātiskās ievades saīsni"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden nepārbauda ievades atrašanās vietas, jāpārliecinās, ka atrodies pareizajā logā un laukā, pirms saīsnes izmantošanas."
   }
 }
diff --git a/apps/desktop/src/locales/me/messages.json b/apps/desktop/src/locales/me/messages.json
index 98794eed175..0929250c06f 100644
--- a/apps/desktop/src/locales/me/messages.json
+++ b/apps/desktop/src/locales/me/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Iskopiraj Verifikacioni Kod (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Dužina"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopiraj siguronosni kod",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premijum članstvo"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/ml/messages.json b/apps/desktop/src/locales/ml/messages.json
index 9cb27605db5..a77ab04c0aa 100644
--- a/apps/desktop/src/locales/ml/messages.json
+++ b/apps/desktop/src/locales/ml/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "ദൈര്‍ഘ്യം"
   },
@@ -1425,6 +1439,9 @@
     "message": "സുരക്ഷാ കോഡ് പകർത്തുക",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "പ്രീമിയം അംഗത്വം"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/mr/messages.json b/apps/desktop/src/locales/mr/messages.json
index 304d07ee3cd..3d240ff77e8 100644
--- a/apps/desktop/src/locales/mr/messages.json
+++ b/apps/desktop/src/locales/mr/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/my/messages.json b/apps/desktop/src/locales/my/messages.json
index 4629ba25d93..b09ea6cdbf2 100644
--- a/apps/desktop/src/locales/my/messages.json
+++ b/apps/desktop/src/locales/my/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/nb/messages.json b/apps/desktop/src/locales/nb/messages.json
index 53125c8e290..dfa381fc3d0 100644
--- a/apps/desktop/src/locales/nb/messages.json
+++ b/apps/desktop/src/locales/nb/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopier verifiseringskode (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Lengde"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopier sikkerhetskoden",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium-medlemskap"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/ne/messages.json b/apps/desktop/src/locales/ne/messages.json
index 8ea29998406..56ccc79775c 100644
--- a/apps/desktop/src/locales/ne/messages.json
+++ b/apps/desktop/src/locales/ne/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "प्रमाणीकरण कोड (TOTP) प्रतिलिपि गर्नुहोस्"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "लम्बाइ"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/nl/messages.json b/apps/desktop/src/locales/nl/messages.json
index 90669dd1c93..5301982ecdc 100644
--- a/apps/desktop/src/locales/nl/messages.json
+++ b/apps/desktop/src/locales/nl/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Verificatiecode kopiëren (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "$FIELD$, $CIPHERNAME$ kopiëren",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Lengte"
   },
@@ -1425,6 +1439,9 @@
     "message": "Beveiligingscode kopiëren",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "kaartnummer"
+  },
   "premiumMembership": {
     "message": "Premium-abonnement"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Snelkoppeling autotype inschakelen"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden valideert de invoerlocaties niet, zorg ervoor dat je je in het juiste venster en veld bevindt voordat je de snelkoppeling gebruikt."
   }
 }
diff --git a/apps/desktop/src/locales/nn/messages.json b/apps/desktop/src/locales/nn/messages.json
index af6a64710a7..4c86afccbeb 100644
--- a/apps/desktop/src/locales/nn/messages.json
+++ b/apps/desktop/src/locales/nn/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopier verifiseringskoden (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Lengd"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopier tryggleikskode",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium-tinging"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/or/messages.json b/apps/desktop/src/locales/or/messages.json
index 3ce27e673b7..6db35fd307e 100644
--- a/apps/desktop/src/locales/or/messages.json
+++ b/apps/desktop/src/locales/or/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/pl/messages.json b/apps/desktop/src/locales/pl/messages.json
index b09bc908c47..9852c85554a 100644
--- a/apps/desktop/src/locales/pl/messages.json
+++ b/apps/desktop/src/locales/pl/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopiuj kod weryfikacyjny (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Długość"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopiuj kod zabezpieczający",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Konto Premium"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/pt_BR/messages.json b/apps/desktop/src/locales/pt_BR/messages.json
index ab65e0a4912..5e570920f55 100644
--- a/apps/desktop/src/locales/pt_BR/messages.json
+++ b/apps/desktop/src/locales/pt_BR/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copiar Código de Verificação (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Comprimento"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copiar Código de Segurança",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Assinatura Premium"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/pt_PT/messages.json b/apps/desktop/src/locales/pt_PT/messages.json
index 2b5d7e00f61..d3764bad580 100644
--- a/apps/desktop/src/locales/pt_PT/messages.json
+++ b/apps/desktop/src/locales/pt_PT/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copiar código de verificação (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copiar $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Comprimento"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copiar código de segurança",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "número do cartão"
+  },
   "premiumMembership": {
     "message": "Subscrição Premium"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Ativar o atalho de introdução automática"
+  },
+  "enableAutotypeDescription": {
+    "message": "O Bitwarden não valida a introdução de localizações. Certifique-se de que está na janela e no campo corretos antes de utilizar o atalho."
   }
 }
diff --git a/apps/desktop/src/locales/ro/messages.json b/apps/desktop/src/locales/ro/messages.json
index e3608836d26..41a92900d63 100644
--- a/apps/desktop/src/locales/ro/messages.json
+++ b/apps/desktop/src/locales/ro/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copiere cod de verificare (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Lungime"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copiere cod de securitate",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Abonament Premium"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/ru/messages.json b/apps/desktop/src/locales/ru/messages.json
index 8991d3dacb0..b87ffc3cbcd 100644
--- a/apps/desktop/src/locales/ru/messages.json
+++ b/apps/desktop/src/locales/ru/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Скопировать код подтверждения (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Копировать $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Длина"
   },
@@ -1425,6 +1439,9 @@
     "message": "Скопировать код безопасности",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "номер карты"
+  },
   "premiumMembership": {
     "message": "Премиум"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Включить автоввод ярлыка"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden не проверяет местоположение ввода, поэтому, прежде чем использовать ярлык, убедитесь, что вы находитесь в нужном окне и поле."
   }
 }
diff --git a/apps/desktop/src/locales/si/messages.json b/apps/desktop/src/locales/si/messages.json
index b50d0252f61..5567654af99 100644
--- a/apps/desktop/src/locales/si/messages.json
+++ b/apps/desktop/src/locales/si/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/sk/messages.json b/apps/desktop/src/locales/sk/messages.json
index 383e35f2826..49651fbcb7e 100644
--- a/apps/desktop/src/locales/sk/messages.json
+++ b/apps/desktop/src/locales/sk/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopírovať overovací kód (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Kopírovať $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Dĺžka"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopírovať bezpečnostný kód",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "číslo karty"
+  },
   "premiumMembership": {
     "message": "Prémiové členstvo"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Povoliť skratku automatického písania"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden neoveruje miesto stupu, pred použitím skratky sa uistite, že ste v správnom okne a poli."
   }
 }
diff --git a/apps/desktop/src/locales/sl/messages.json b/apps/desktop/src/locales/sl/messages.json
index db25a4623ee..23bbae2d523 100644
--- a/apps/desktop/src/locales/sl/messages.json
+++ b/apps/desktop/src/locales/sl/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopiraj verifikacijsko kodo (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Dolžina"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopiraj varnostno kodo",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium članstvo"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/sr/messages.json b/apps/desktop/src/locales/sr/messages.json
index 514276fb136..c69b4ca8340 100644
--- a/apps/desktop/src/locales/sr/messages.json
+++ b/apps/desktop/src/locales/sr/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Копирај потврдни код (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Дужина"
   },
@@ -1425,6 +1439,9 @@
     "message": "Копирај сигурносни код",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Премијум чланство"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/sv/messages.json b/apps/desktop/src/locales/sv/messages.json
index 20140cb7ae0..54fb7f1f643 100644
--- a/apps/desktop/src/locales/sv/messages.json
+++ b/apps/desktop/src/locales/sv/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Kopiera verifieringskod (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Kopiera $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Längd"
   },
@@ -1425,6 +1439,9 @@
     "message": "Kopiera säkerhetskod",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "kortnummer"
+  },
   "premiumMembership": {
     "message": "Premium-medlemskap"
   },
@@ -1489,7 +1506,7 @@
     "message": "Lösenordshistorik"
   },
   "generatorHistory": {
-    "message": "Generatorns historia"
+    "message": "Generatorns historik"
   },
   "clearGeneratorHistoryTitle": {
     "message": "Rensa generatorhistorik"
@@ -3333,10 +3350,10 @@
     "message": "Nyckel"
   },
   "passkeyNotCopied": {
-    "message": "Nyckeln kommer inte att kopieras"
+    "message": "Inloggningsnyckeln kommer inte att kopieras"
   },
   "passkeyNotCopiedAlert": {
-    "message": "Nyckeln kommer inte att kopieras till det klonade objektet. Vill du klona det här objektet?"
+    "message": "Inloggningsnyckeln kommer inte att kopieras till det klonade objektet. Vill du klona det här objektet?"
   },
   "aliasDomain": {
     "message": "Aliasdomän"
@@ -3587,10 +3604,10 @@
     "message": "Inaktivera hårdvaruacceleration och starta om"
   },
   "removePasskey": {
-    "message": "Ta bort nyckel"
+    "message": "Ta bort inloggningsnyckel"
   },
   "passkeyRemoved": {
-    "message": "Nyckel borttagen"
+    "message": "Inloggningsnyckel borttagen"
   },
   "errorAssigningTargetCollection": {
     "message": "Fel vid tilldelning av målsamling."
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Aktivera genväg för automatisk inmatning"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden validerar inte inmatningsplatser, så se till att du är i rätt fönster och fält innan du använder genvägen."
   }
 }
diff --git a/apps/desktop/src/locales/te/messages.json b/apps/desktop/src/locales/te/messages.json
index 304d07ee3cd..3d240ff77e8 100644
--- a/apps/desktop/src/locales/te/messages.json
+++ b/apps/desktop/src/locales/te/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Copy verification code (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Length"
   },
@@ -1425,6 +1439,9 @@
     "message": "Copy security code",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/th/messages.json b/apps/desktop/src/locales/th/messages.json
index 678346257f2..031c9bb6364 100644
--- a/apps/desktop/src/locales/th/messages.json
+++ b/apps/desktop/src/locales/th/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "คัดลอกรหัสยืนยัน (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "ความยาว"
   },
@@ -1425,6 +1439,9 @@
     "message": "คัดลอกรหัสรักษาความปลอดภัย",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Premium Membership"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/tr/messages.json b/apps/desktop/src/locales/tr/messages.json
index 255f03025d0..b95c585c28f 100644
--- a/apps/desktop/src/locales/tr/messages.json
+++ b/apps/desktop/src/locales/tr/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Doğrulama kodunu kopyala (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Kopyala: $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Uzunluk"
   },
@@ -1425,6 +1439,9 @@
     "message": "Güvenlik kodunu kopyala",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "kart numarası"
+  },
   "premiumMembership": {
     "message": "Premium üyelik"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/uk/messages.json b/apps/desktop/src/locales/uk/messages.json
index 649b3af622f..724959446d6 100644
--- a/apps/desktop/src/locales/uk/messages.json
+++ b/apps/desktop/src/locales/uk/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Копіювати код підтвердження (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Довжина"
   },
@@ -1425,6 +1439,9 @@
     "message": "Копіювати код безпеки",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
   "premiumMembership": {
     "message": "Преміум статус"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/locales/vi/messages.json b/apps/desktop/src/locales/vi/messages.json
index 42246285f80..d0ff3cca7bc 100644
--- a/apps/desktop/src/locales/vi/messages.json
+++ b/apps/desktop/src/locales/vi/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "Sao chép mã xác thực (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Sao chép $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "Độ dài"
   },
@@ -1425,6 +1439,9 @@
     "message": "Sao chép mã bảo mật",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "số thẻ"
+  },
   "premiumMembership": {
     "message": "Thành viên Cao Cấp"
   },
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Bật phím tắt tự động điền"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden không kiểm tra vị trí nhập liệu, hãy đảm bảo bạn đang ở trong đúng cửa sổ và trường nhập liệu trước khi dùng phím tắt."
   }
 }
diff --git a/apps/desktop/src/locales/zh_CN/messages.json b/apps/desktop/src/locales/zh_CN/messages.json
index 75d8925c4f7..c0bb7e0f0d3 100644
--- a/apps/desktop/src/locales/zh_CN/messages.json
+++ b/apps/desktop/src/locales/zh_CN/messages.json
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "复制验证码 (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "复制 $FIELD$、$CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "长度"
   },
@@ -1425,6 +1439,9 @@
     "message": "复制安全码",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "卡号"
+  },
   "premiumMembership": {
     "message": "高级会员"
   },
@@ -3154,7 +3171,7 @@
     "message": "请求管理员批准"
   },
   "unableToCompleteLogin": {
-    "message": "Unable to complete login"
+    "message": "无法完成登录"
   },
   "loginOnTrustedDeviceOrAskAdminToAssignPassword": {
     "message": "You need to log in on a trusted device or ask your administrator to assign you a password."
@@ -3563,7 +3580,7 @@
     "description": "Content for dialog which warns a user when selecting 'starts with' matching strategy as a cipher match strategy"
   },
   "uriMatchWarningDialogLink": {
-    "message": "More about match detection",
+    "message": "更多关于匹配检测",
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "启用自动类型快捷方式"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden 不验证输入位置，请确保您在使用快捷键之前在正确的窗口和字段中。"
   }
 }
diff --git a/apps/desktop/src/locales/zh_TW/messages.json b/apps/desktop/src/locales/zh_TW/messages.json
index 88762ea9260..c2253c56760 100644
--- a/apps/desktop/src/locales/zh_TW/messages.json
+++ b/apps/desktop/src/locales/zh_TW/messages.json
@@ -24,7 +24,7 @@
     "message": "身分"
   },
   "typeNote": {
-    "message": "Note"
+    "message": "備註"
   },
   "typeSecureNote": {
     "message": "安全筆記"
@@ -241,22 +241,22 @@
     "message": "SSH代理是一個針對開發者的服務，它能夠直接從 Bitwarden 密碼庫簽發SSH請求。"
   },
   "sshAgentPromptBehavior": {
-    "message": "Ask for authorization when using SSH agent"
+    "message": "使用 SSH 代理程式時要求授權"
   },
   "sshAgentPromptBehaviorDesc": {
-    "message": "Choose how to handle SSH-agent authorization requests."
+    "message": "選擇如何處理 SSH 代理程式的授權要求。"
   },
   "sshAgentPromptBehaviorHelp": {
-    "message": "Remember SSH authorizations"
+    "message": "記住 SSH 授權"
   },
   "sshAgentPromptBehaviorAlways": {
-    "message": "Always"
+    "message": "總是"
   },
   "sshAgentPromptBehaviorNever": {
-    "message": "Never"
+    "message": "永不"
   },
   "sshAgentPromptBehaviorRememberUntilLock": {
-    "message": "Remember until vault is locked"
+    "message": "記住直到密碼庫鎖定為止"
   },
   "premiumRequired": {
     "message": "需要進階會員資格"
@@ -409,16 +409,16 @@
     "message": "驗證器金鑰 (TOTP)"
   },
   "authenticatorKey": {
-    "message": "Authenticator key"
+    "message": "驗證器金鑰"
   },
   "autofillOptions": {
-    "message": "Autofill options"
+    "message": "自動填入選項"
   },
   "websiteUri": {
-    "message": "Website (URI)"
+    "message": "網站 (URI)"
   },
   "websiteUriCount": {
-    "message": "Website (URI) $COUNT$",
+    "message": "網站 (URI) $COUNT$ 個",
     "description": "Label for an input field that contains a website URI. The input field is part of a list of fields, and the count indicates the position of the field in the list.",
     "placeholders": {
       "count": {
@@ -428,43 +428,43 @@
     }
   },
   "websiteAdded": {
-    "message": "Website added"
+    "message": "已新增網站"
   },
   "addWebsite": {
-    "message": "Add website"
+    "message": "新增網站"
   },
   "deleteWebsite": {
-    "message": "Delete website"
+    "message": "刪除網站"
   },
   "owner": {
-    "message": "Owner"
+    "message": "擁有者"
   },
   "addField": {
-    "message": "Add field"
+    "message": "新增欄位"
   },
   "editField": {
-    "message": "Edit field"
+    "message": "編輯欄位"
   },
   "permanentlyDeleteAttachmentConfirmation": {
-    "message": "Are you sure you want to permanently delete this attachment?"
+    "message": "你確定要永久刪除此附件嗎？"
   },
   "fieldType": {
-    "message": "Field type"
+    "message": "欄位類別"
   },
   "fieldLabel": {
-    "message": "Field label"
+    "message": "欄位標籤"
   },
   "add": {
-    "message": "Add"
+    "message": "新增"
   },
   "textHelpText": {
-    "message": "Use text fields for data like security questions"
+    "message": "像安全問題之類的資料 請使用文本框"
   },
   "hiddenHelpText": {
-    "message": "Use hidden fields for sensitive data like a password"
+    "message": "敏感資料 如同密碼 使用隱藏字段"
   },
   "checkBoxHelpText": {
-    "message": "Use checkboxes if you'd like to autofill a form's checkbox, like a remember email"
+    "message": "如果您想自動填充表單的復選框，例如「記住電子郵件」，請使用復選框"
   },
   "linkedHelpText": {
     "message": "Use a linked field when you are experiencing autofill issues for a specific website."
@@ -572,6 +572,20 @@
   "copyVerificationCodeTotp": {
     "message": "複製驗證碼 (TOTP)"
   },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "length": {
     "message": "長度"
   },
@@ -734,10 +748,10 @@
     "message": "Enter the code sent to your email"
   },
   "enterTheCodeFromYourAuthenticatorApp": {
-    "message": "Enter the code from your authenticator app"
+    "message": "請輸入您驗證器應用程式中的代碼"
   },
   "pressYourYubiKeyToAuthenticate": {
-    "message": "Press your YubiKey to authenticate"
+    "message": "請輕觸您的 YubiKey 以進行驗證"
   },
   "logInWithPasskey": {
     "message": "以通行密鑰 (passkey) 登入"
@@ -792,7 +806,7 @@
     "message": "主密碼提示"
   },
   "passwordStrengthScore": {
-    "message": "Password strength score $SCORE$",
+    "message": "密碼強度分數 $SCORE$",
     "placeholders": {
       "score": {
         "content": "$1",
@@ -907,7 +921,7 @@
     "message": "驗證已被取消或時間過長。請再試一次。"
   },
   "openInNewTab": {
-    "message": "Open in new tab"
+    "message": "在新分頁開啟"
   },
   "invalidVerificationCode": {
     "message": "無效的驗證碼"
@@ -925,14 +939,14 @@
     }
   },
   "dontAskAgainOnThisDeviceFor30Days": {
-    "message": "Don't ask again on this device for 30 days"
+    "message": "30 天內不要再於這部裝置上詢問"
   },
   "selectAnotherMethod": {
-    "message": "Select another method",
+    "message": "選擇其他方法",
     "description": "Select another two-step login method"
   },
   "useYourRecoveryCode": {
-    "message": "Use your recovery code"
+    "message": "使用您的復原碼"
   },
   "insertU2f": {
     "message": "將您的安全鑰匙插入電腦的 USB 連接埠，然後觸摸其按鈕（如有的話）。"
@@ -965,13 +979,13 @@
     "description": "'Duo Security' and 'Duo Mobile' are product names and should not be translated."
   },
   "verifyYourIdentity": {
-    "message": "Verify your Identity"
+    "message": "驗證您的身分"
   },
   "weDontRecognizeThisDevice": {
-    "message": "We don't recognize this device. Enter the code sent to your email to verify your identity."
+    "message": "我們無法辨識這部裝置。請輸入傳送到您電子郵件的驗證碼，以驗證您的身分。"
   },
   "continueLoggingIn": {
-    "message": "Continue logging in"
+    "message": "繼續登入"
   },
   "webAuthnTitle": {
     "message": "FIDO2 WebAuthn"
@@ -998,7 +1012,7 @@
     "message": "兩步驟登入選項"
   },
   "selectTwoStepLoginMethod": {
-    "message": "Select two-step login method"
+    "message": "選取兩步驟登入方式"
   },
   "selfHostedEnvironment": {
     "message": "自我裝載環境"
@@ -1056,7 +1070,7 @@
     "message": "否"
   },
   "location": {
-    "message": "Location"
+    "message": "位置"
   },
   "overwritePassword": {
     "message": "覆寫密碼"
@@ -1425,6 +1439,9 @@
     "message": "複製安全代碼",
     "description": "Copy credit card security code (CVV)"
   },
+  "cardNumber": {
+    "message": "信用卡號碼"
+  },
   "premiumMembership": {
     "message": "進階會員"
   },
@@ -1717,10 +1734,10 @@
     "message": "帳戶已限制"
   },
   "restrictCardTypeImport": {
-    "message": "Cannot import card item types"
+    "message": "無法匯入卡片項目類別"
   },
   "restrictCardTypeImportDesc": {
-    "message": "A policy set by 1 or more organizations prevents you from importing cards to your vaults."
+    "message": "由於一或多個組織設有政策，您無法匯入卡片至您的保險庫。"
   },
   "filePasswordAndConfirmFilePasswordDoNotMatch": {
     "message": "「檔案密碼」與「確認檔案密碼」不一致。"
@@ -3997,5 +4014,11 @@
         }
       }
     }
+  },
+  "enableAutotype": {
+    "message": "Enable autotype shortcut"
+  },
+  "enableAutotypeDescription": {
+    "message": "Bitwarden does not validate input locations, be sure you are in the right window and field before using the shortcut."
   }
 }
diff --git a/apps/desktop/src/main.ts b/apps/desktop/src/main.ts
index 8c92131617a..9b5aa0b31e9 100644
--- a/apps/desktop/src/main.ts
+++ b/apps/desktop/src/main.ts
@@ -12,6 +12,7 @@ import { AccountServiceImplementation } from "@bitwarden/common/auth/services/ac
 import { ClientType } from "@bitwarden/common/enums";
 import { EncryptServiceImplementation } from "@bitwarden/common/key-management/crypto/services/encrypt.service.implementation";
 import { RegionConfig } from "@bitwarden/common/platform/abstractions/environment.service";
+import { SdkLoadService } from "@bitwarden/common/platform/abstractions/sdk/sdk-load.service";
 import { Message, MessageSender } from "@bitwarden/common/platform/messaging";
 // eslint-disable-next-line no-restricted-imports -- For dependency creation
 import { SubjectMessageSender } from "@bitwarden/common/platform/messaging/internal";
@@ -58,6 +59,7 @@ import { EphemeralValueStorageService } from "./platform/services/ephemeral-valu
 import { I18nMainService } from "./platform/services/i18n.main.service";
 import { SSOLocalhostCallbackService } from "./platform/services/sso-localhost-callback.service";
 import { ElectronMainMessagingService } from "./services/electron-main-messaging.service";
+import { MainSdkLoadService } from "./services/main-sdk-load-service";
 import { isMacAppStore } from "./utils";
 
 export class Main {
@@ -88,6 +90,7 @@ export class Main {
   desktopAutofillSettingsService: DesktopAutofillSettingsService;
   versionMain: VersionMain;
   sshAgentService: MainSshAgentService;
+  sdkLoadService: SdkLoadService;
   mainDesktopAutotypeService: MainDesktopAutotypeService;
 
   constructor() {
@@ -144,6 +147,8 @@ export class Main {
 
     this.i18nService = new I18nMainService("en", "./locales/", globalStateProvider);
 
+    this.sdkLoadService = new MainSdkLoadService();
+
     this.mainCryptoFunctionService = new NodeCryptoFunctionService();
 
     const stateEventRegistrarService = new StateEventRegistrarService(
@@ -196,6 +201,16 @@ export class Main {
       this.logService,
       true,
     );
+
+    this.windowMain = new WindowMain(
+      biometricStateService,
+      this.logService,
+      this.storageService,
+      this.desktopSettingsService,
+      (arg) => this.processDeepLink(arg),
+      (win) => this.trayMain.setupWindowListeners(win),
+    );
+
     this.biometricsService = new MainBiometricsService(
       this.i18nService,
       this.windowMain,
@@ -206,14 +221,6 @@ export class Main {
       this.mainCryptoFunctionService,
     );
 
-    this.windowMain = new WindowMain(
-      biometricStateService,
-      this.logService,
-      this.storageService,
-      this.desktopSettingsService,
-      (arg) => this.processDeepLink(arg),
-      (win) => this.trayMain.setupWindowListeners(win),
-    );
     this.messagingMain = new MessagingMain(this, this.desktopSettingsService);
     this.updaterMain = new UpdaterMain(this.i18nService, this.windowMain);
 
@@ -386,6 +393,8 @@ export class Main {
         this.windowMain.win.on("minimize", () => {
           this.messagingService.send("windowHidden");
         });
+
+        await this.sdkLoadService.loadAndInit();
       },
       (e: any) => {
         this.logService.error("Error while running migrations:", e);
diff --git a/apps/desktop/src/package-lock.json b/apps/desktop/src/package-lock.json
index 2cc106d07b0..01872408a10 100644
--- a/apps/desktop/src/package-lock.json
+++ b/apps/desktop/src/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/desktop",
-  "version": "2025.7.1",
+  "version": "2025.7.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
diff --git a/apps/desktop/src/package.json b/apps/desktop/src/package.json
index 8457cb23f74..0128692f3b4 100644
--- a/apps/desktop/src/package.json
+++ b/apps/desktop/src/package.json
@@ -2,7 +2,7 @@
   "name": "@bitwarden/desktop",
   "productName": "Bitwarden",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2025.7.1",
+  "version": "2025.7.0",
   "author": "Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)",
   "homepage": "https://bitwarden.com",
   "license": "GPL-3.0",
diff --git a/apps/desktop/src/scss/base.scss b/apps/desktop/src/scss/base.scss
index 494e91529ee..a95d82dacd4 100644
--- a/apps/desktop/src/scss/base.scss
+++ b/apps/desktop/src/scss/base.scss
@@ -66,7 +66,7 @@ a {
   }
 }
 
-input:not(bit-form-field input),
+input:not(bit-form-field input, input[bitcheckbox]),
 select,
 textarea:not(bit-form-field textarea) {
   @include themify($themes) {
diff --git a/apps/desktop/src/services/main-sdk-load-service.ts b/apps/desktop/src/services/main-sdk-load-service.ts
new file mode 100644
index 00000000000..847505f68fe
--- /dev/null
+++ b/apps/desktop/src/services/main-sdk-load-service.ts
@@ -0,0 +1,9 @@
+import { SdkLoadService } from "@bitwarden/common/platform/abstractions/sdk/sdk-load.service";
+import * as sdk from "@bitwarden/sdk-internal";
+
+export class MainSdkLoadService extends SdkLoadService {
+  async load(): Promise<void> {
+    const module = await import("@bitwarden/sdk-internal/bitwarden_wasm_internal_bg.wasm");
+    (sdk as any).init(module);
+  }
+}
diff --git a/apps/desktop/tsconfig.json b/apps/desktop/tsconfig.json
index 7db3e84e451..70a59ad164c 100644
--- a/apps/desktop/tsconfig.json
+++ b/apps/desktop/tsconfig.json
@@ -3,5 +3,6 @@
   "angularCompilerOptions": {
     "strictTemplates": true
   },
-  "include": ["src", "../../libs/common/src/key-management/crypto/services/encrypt.worker.ts"]
+  "include": ["src", "../../libs/common/src/key-management/crypto/services/encrypt.worker.ts"],
+  "exclude": ["src/**/*.spec.ts"]
 }
diff --git a/apps/desktop/webpack.main.js b/apps/desktop/webpack.main.js
index 25a68d8c867..166fba95d52 100644
--- a/apps/desktop/webpack.main.js
+++ b/apps/desktop/webpack.main.js
@@ -65,6 +65,9 @@ const main = {
       },
     ],
   },
+  experiments: {
+    asyncWebAssembly: true,
+  },
   plugins: [
     new CopyWebpackPlugin({
       patterns: [
diff --git a/apps/web/src/app/admin-console/organizations/collections/vault-header/vault-header.component.html b/apps/web/src/app/admin-console/organizations/collections/vault-header/vault-header.component.html
index dc5d4c7929e..50d34227b56 100644
--- a/apps/web/src/app/admin-console/organizations/collections/vault-header/vault-header.component.html
+++ b/apps/web/src/app/admin-console/organizations/collections/vault-header/vault-header.component.html
@@ -25,62 +25,67 @@
   </bit-breadcrumbs>
 
   <ng-container slot="title-suffix">
-    <ng-container
-      *ngIf="
-        collection != null && (canEditCollection || canDeleteCollection || canViewCollectionInfo)
-      "
-    >
-      <button
-        bitIconButton="bwi-angle-down"
-        [bitMenuTriggerFor]="editCollectionMenu"
-        size="small"
-        type="button"
-      ></button>
-      <bit-menu #editCollectionMenu>
-        <ng-container *ngIf="canEditCollection">
+    @if (
+      collection != null && (canEditCollection || canDeleteCollection || canViewCollectionInfo)
+    ) {
+      <ng-container>
+        <button
+          bitIconButton="bwi-angle-down"
+          [bitMenuTriggerFor]="editCollectionMenu"
+          size="small"
+          type="button"
+        ></button>
+        <bit-menu #editCollectionMenu>
+          <ng-container *ngIf="canEditCollection">
+            <button
+              type="button"
+              bitMenuItem
+              (click)="editCollection(CollectionDialogTabType.Info, false)"
+            >
+              <i class="bwi bwi-fw bwi-pencil-square" aria-hidden="true"></i>
+              {{ "editInfo" | i18n }}
+            </button>
+            <button
+              type="button"
+              bitMenuItem
+              (click)="editCollection(CollectionDialogTabType.Access, false)"
+            >
+              <i class="bwi bwi-fw bwi-users" aria-hidden="true"></i>
+              {{ "access" | i18n }}
+            </button>
+          </ng-container>
+          <ng-container *ngIf="!canEditCollection && canViewCollectionInfo">
+            <button
+              type="button"
+              bitMenuItem
+              (click)="editCollection(CollectionDialogTabType.Info, true)"
+            >
+              <i class="bwi bwi-fw bwi-pencil-square" aria-hidden="true"></i>
+              {{ "viewInfo" | i18n }}
+            </button>
+            <button
+              type="button"
+              bitMenuItem
+              (click)="editCollection(CollectionDialogTabType.Access, true)"
+            >
+              <i class="bwi bwi-fw bwi-users" aria-hidden="true"></i>
+              {{ "viewAccess" | i18n }}
+            </button>
+          </ng-container>
           <button
             type="button"
+            *ngIf="canDeleteCollection"
             bitMenuItem
-            (click)="editCollection(CollectionDialogTabType.Info, false)"
+            (click)="deleteCollection()"
           >
-            <i class="bwi bwi-fw bwi-pencil-square" aria-hidden="true"></i>
-            {{ "editInfo" | i18n }}
+            <span class="tw-text-danger">
+              <i class="bwi bwi-fw bwi-trash" aria-hidden="true"></i>
+              {{ "delete" | i18n }}
+            </span>
           </button>
-          <button
-            type="button"
-            bitMenuItem
-            (click)="editCollection(CollectionDialogTabType.Access, false)"
-          >
-            <i class="bwi bwi-fw bwi-users" aria-hidden="true"></i>
-            {{ "access" | i18n }}
-          </button>
-        </ng-container>
-        <ng-container *ngIf="!canEditCollection && canViewCollectionInfo">
-          <button
-            type="button"
-            bitMenuItem
-            (click)="editCollection(CollectionDialogTabType.Info, true)"
-          >
-            <i class="bwi bwi-fw bwi-pencil-square" aria-hidden="true"></i>
-            {{ "viewInfo" | i18n }}
-          </button>
-          <button
-            type="button"
-            bitMenuItem
-            (click)="editCollection(CollectionDialogTabType.Access, true)"
-          >
-            <i class="bwi bwi-fw bwi-users" aria-hidden="true"></i>
-            {{ "viewAccess" | i18n }}
-          </button>
-        </ng-container>
-        <button type="button" *ngIf="canDeleteCollection" bitMenuItem (click)="deleteCollection()">
-          <span class="tw-text-danger">
-            <i class="bwi bwi-fw bwi-trash" aria-hidden="true"></i>
-            {{ "delete" | i18n }}
-          </span>
-        </button>
-      </bit-menu>
-    </ng-container>
+        </bit-menu>
+      </ng-container>
+    }
     <small *ngIf="loading">
       <i
         class="bwi bwi-spinner bwi-spin tw-text-muted"
diff --git a/apps/web/src/app/auth/emergency-access/models/emergency-access.ts b/apps/web/src/app/auth/emergency-access/models/emergency-access.ts
index b8ae5907bb9..51edca6e671 100644
--- a/apps/web/src/app/auth/emergency-access/models/emergency-access.ts
+++ b/apps/web/src/app/auth/emergency-access/models/emergency-access.ts
@@ -5,6 +5,10 @@ import { KdfType } from "@bitwarden/key-management";
 
 import { EmergencyAccessStatusType } from "../enums/emergency-access-status-type";
 import { EmergencyAccessType } from "../enums/emergency-access-type";
+import {
+  EmergencyAccessGranteeDetailsResponse,
+  EmergencyAccessGrantorDetailsResponse,
+} from "../response/emergency-access.response";
 
 export class GranteeEmergencyAccess {
   id: string;
@@ -16,6 +20,24 @@ export class GranteeEmergencyAccess {
   waitTimeDays: number;
   creationDate: string;
   avatarColor: string;
+
+  constructor(partial: Partial<GranteeEmergencyAccess> = {}) {
+    Object.assign(this, partial);
+  }
+
+  static fromResponse(response: EmergencyAccessGranteeDetailsResponse) {
+    return new GranteeEmergencyAccess({
+      id: response.id,
+      granteeId: response.granteeId,
+      name: response.name,
+      email: response.email,
+      type: response.type,
+      status: response.status,
+      waitTimeDays: response.waitTimeDays,
+      creationDate: response.creationDate,
+      avatarColor: response.avatarColor,
+    });
+  }
 }
 
 export class GrantorEmergencyAccess {
@@ -28,6 +50,24 @@ export class GrantorEmergencyAccess {
   waitTimeDays: number;
   creationDate: string;
   avatarColor: string;
+
+  constructor(partial: Partial<GrantorEmergencyAccess> = {}) {
+    Object.assign(this, partial);
+  }
+
+  static fromResponse(response: EmergencyAccessGrantorDetailsResponse) {
+    return new GrantorEmergencyAccess({
+      id: response.id,
+      grantorId: response.grantorId,
+      name: response.name,
+      email: response.email,
+      type: response.type,
+      status: response.status,
+      waitTimeDays: response.waitTimeDays,
+      creationDate: response.creationDate,
+      avatarColor: response.avatarColor,
+    });
+  }
 }
 
 export class TakeoverTypeEmergencyAccess {
diff --git a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts
index 752e9dc1ce0..05373534ce7 100644
--- a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts
+++ b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.spec.ts
@@ -22,9 +22,11 @@ import { KdfType, KeyService } from "@bitwarden/key-management";
 
 import { EmergencyAccessStatusType } from "../enums/emergency-access-status-type";
 import { EmergencyAccessType } from "../enums/emergency-access-type";
+import { GranteeEmergencyAccess, GrantorEmergencyAccess } from "../models/emergency-access";
 import { EmergencyAccessPasswordRequest } from "../request/emergency-access-password.request";
 import {
   EmergencyAccessGranteeDetailsResponse,
+  EmergencyAccessGrantorDetailsResponse,
   EmergencyAccessTakeoverResponse,
 } from "../response/emergency-access.response";
 
@@ -242,11 +244,19 @@ describe("EmergencyAccessService", () => {
 
     const mockEmergencyAccess = {
       data: [
-        createMockEmergencyAccess("0", "EA 0", EmergencyAccessStatusType.Invited),
-        createMockEmergencyAccess("1", "EA 1", EmergencyAccessStatusType.Accepted),
-        createMockEmergencyAccess("2", "EA 2", EmergencyAccessStatusType.Confirmed),
-        createMockEmergencyAccess("3", "EA 3", EmergencyAccessStatusType.RecoveryInitiated),
-        createMockEmergencyAccess("4", "EA 4", EmergencyAccessStatusType.RecoveryApproved),
+        createMockEmergencyAccessGranteeDetails("0", "EA 0", EmergencyAccessStatusType.Invited),
+        createMockEmergencyAccessGranteeDetails("1", "EA 1", EmergencyAccessStatusType.Accepted),
+        createMockEmergencyAccessGranteeDetails("2", "EA 2", EmergencyAccessStatusType.Confirmed),
+        createMockEmergencyAccessGranteeDetails(
+          "3",
+          "EA 3",
+          EmergencyAccessStatusType.RecoveryInitiated,
+        ),
+        createMockEmergencyAccessGranteeDetails(
+          "4",
+          "EA 4",
+          EmergencyAccessStatusType.RecoveryApproved,
+        ),
       ],
     } as ListResponse<EmergencyAccessGranteeDetailsResponse>;
 
@@ -295,9 +305,113 @@ describe("EmergencyAccessService", () => {
       ).rejects.toThrow("New user key is required for rotation.");
     });
   });
+
+  describe("getEmergencyAccessTrusted", () => {
+    it("should return an empty array if no emergency access is granted", async () => {
+      emergencyAccessApiService.getEmergencyAccessTrusted.mockResolvedValue({
+        data: [],
+      } as ListResponse<EmergencyAccessGranteeDetailsResponse>);
+
+      const result = await emergencyAccessService.getEmergencyAccessTrusted();
+
+      expect(result).toEqual([]);
+    });
+
+    it("should return an empty array if the API returns an empty response", async () => {
+      emergencyAccessApiService.getEmergencyAccessTrusted.mockResolvedValue(
+        null as unknown as ListResponse<EmergencyAccessGranteeDetailsResponse>,
+      );
+
+      const result = await emergencyAccessService.getEmergencyAccessTrusted();
+
+      expect(result).toEqual([]);
+    });
+
+    it("should return a list of trusted emergency access contacts", async () => {
+      const mockEmergencyAccess = [
+        createMockEmergencyAccessGranteeDetails("1", "EA 1", EmergencyAccessStatusType.Invited),
+        createMockEmergencyAccessGranteeDetails("2", "EA 2", EmergencyAccessStatusType.Invited),
+        createMockEmergencyAccessGranteeDetails("3", "EA 3", EmergencyAccessStatusType.Accepted),
+        createMockEmergencyAccessGranteeDetails("4", "EA 4", EmergencyAccessStatusType.Confirmed),
+        createMockEmergencyAccessGranteeDetails(
+          "5",
+          "EA 5",
+          EmergencyAccessStatusType.RecoveryInitiated,
+        ),
+      ];
+      emergencyAccessApiService.getEmergencyAccessTrusted.mockResolvedValue({
+        data: mockEmergencyAccess,
+      } as ListResponse<EmergencyAccessGranteeDetailsResponse>);
+
+      const result = await emergencyAccessService.getEmergencyAccessTrusted();
+
+      expect(result).toHaveLength(mockEmergencyAccess.length);
+
+      result.forEach((access, index) => {
+        expect(access).toBeInstanceOf(GranteeEmergencyAccess);
+
+        expect(access.id).toBe(mockEmergencyAccess[index].id);
+        expect(access.name).toBe(mockEmergencyAccess[index].name);
+        expect(access.status).toBe(mockEmergencyAccess[index].status);
+        expect(access.type).toBe(mockEmergencyAccess[index].type);
+      });
+    });
+  });
+
+  describe("getEmergencyAccessGranted", () => {
+    it("should return an empty array if no emergency access is granted", async () => {
+      emergencyAccessApiService.getEmergencyAccessGranted.mockResolvedValue({
+        data: [],
+      } as ListResponse<EmergencyAccessGrantorDetailsResponse>);
+
+      const result = await emergencyAccessService.getEmergencyAccessGranted();
+
+      expect(result).toEqual([]);
+    });
+
+    it("should return an empty array if the API returns an empty response", async () => {
+      emergencyAccessApiService.getEmergencyAccessGranted.mockResolvedValue(
+        null as unknown as ListResponse<EmergencyAccessGrantorDetailsResponse>,
+      );
+
+      const result = await emergencyAccessService.getEmergencyAccessGranted();
+
+      expect(result).toEqual([]);
+    });
+
+    it("should return a list of granted emergency access contacts", async () => {
+      const mockEmergencyAccess = [
+        createMockEmergencyAccessGrantorDetails("1", "EA 1", EmergencyAccessStatusType.Invited),
+        createMockEmergencyAccessGrantorDetails("2", "EA 2", EmergencyAccessStatusType.Invited),
+        createMockEmergencyAccessGrantorDetails("3", "EA 3", EmergencyAccessStatusType.Accepted),
+        createMockEmergencyAccessGrantorDetails("4", "EA 4", EmergencyAccessStatusType.Confirmed),
+        createMockEmergencyAccessGrantorDetails(
+          "5",
+          "EA 5",
+          EmergencyAccessStatusType.RecoveryInitiated,
+        ),
+      ];
+      emergencyAccessApiService.getEmergencyAccessGranted.mockResolvedValue({
+        data: mockEmergencyAccess,
+      } as ListResponse<EmergencyAccessGrantorDetailsResponse>);
+
+      const result = await emergencyAccessService.getEmergencyAccessGranted();
+
+      expect(result).toHaveLength(mockEmergencyAccess.length);
+
+      result.forEach((access, index) => {
+        expect(access).toBeInstanceOf(GrantorEmergencyAccess);
+
+        expect(access.id).toBe(mockEmergencyAccess[index].id);
+        expect(access.name).toBe(mockEmergencyAccess[index].name);
+        expect(access.status).toBe(mockEmergencyAccess[index].status);
+        expect(access.type).toBe(mockEmergencyAccess[index].type);
+      });
+    });
+  });
 });
 
-function createMockEmergencyAccess(
+function createMockEmergencyAccessGranteeDetails(
   id: string,
   name: string,
   status: EmergencyAccessStatusType,
@@ -309,3 +423,16 @@ function createMockEmergencyAccess(
   emergencyAccess.status = status;
   return emergencyAccess;
 }
+
+function createMockEmergencyAccessGrantorDetails(
+  id: string,
+  name: string,
+  status: EmergencyAccessStatusType,
+): EmergencyAccessGrantorDetailsResponse {
+  const emergencyAccess = new EmergencyAccessGrantorDetailsResponse({});
+  emergencyAccess.id = id;
+  emergencyAccess.name = name;
+  emergencyAccess.type = 0;
+  emergencyAccess.status = status;
+  return emergencyAccess;
+}
diff --git a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts
index 673ab7443f9..a814af32505 100644
--- a/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts
+++ b/apps/web/src/app/auth/emergency-access/services/emergency-access.service.ts
@@ -77,14 +77,22 @@ export class EmergencyAccessService
    * Gets all emergency access that the user has been granted.
    */
   async getEmergencyAccessTrusted(): Promise<GranteeEmergencyAccess[]> {
-    return (await this.emergencyAccessApiService.getEmergencyAccessTrusted()).data;
+    const listResponse = await this.emergencyAccessApiService.getEmergencyAccessTrusted();
+    if (!listResponse || listResponse.data.length === 0) {
+      return [];
+    }
+    return listResponse.data.map((response) => GranteeEmergencyAccess.fromResponse(response));
   }
 
   /**
    * Gets all emergency access that the user has granted.
    */
   async getEmergencyAccessGranted(): Promise<GrantorEmergencyAccess[]> {
-    return (await this.emergencyAccessApiService.getEmergencyAccessGranted()).data;
+    const listResponse = await this.emergencyAccessApiService.getEmergencyAccessGranted();
+    if (!listResponse || listResponse.data.length === 0) {
+      return [];
+    }
+    return listResponse.data.map((response) => GrantorEmergencyAccess.fromResponse(response));
   }
 
   /**
diff --git a/apps/web/src/app/billing/payment/components/change-payment-method-dialog.component.ts b/apps/web/src/app/billing/payment/components/change-payment-method-dialog.component.ts
index efd0055fb95..ff5156ba636 100644
--- a/apps/web/src/app/billing/payment/components/change-payment-method-dialog.component.ts
+++ b/apps/web/src/app/billing/payment/components/change-payment-method-dialog.component.ts
@@ -28,7 +28,11 @@ type DialogResult =
           {{ "changePaymentMethod" | i18n }}
         </span>
         <div bitDialogContent>
-          <app-enter-payment-method [group]="formGroup" [includeBillingAddress]="true">
+          <app-enter-payment-method
+            [group]="formGroup"
+            [showBankAccount]="dialogParams.owner.type !== 'account'"
+            [includeBillingAddress]="true"
+          >
           </app-enter-payment-method>
         </div>
         <ng-container bitDialogFooter>
diff --git a/apps/web/src/app/billing/payment/components/enter-payment-method.component.ts b/apps/web/src/app/billing/payment/components/enter-payment-method.component.ts
index 4f5b2e3b15c..b73c3297e9e 100644
--- a/apps/web/src/app/billing/payment/components/enter-payment-method.component.ts
+++ b/apps/web/src/app/billing/payment/components/enter-payment-method.component.ts
@@ -1,6 +1,6 @@
 import { Component, Input, OnInit } from "@angular/core";
 import { FormControl, FormGroup, Validators } from "@angular/forms";
-import { BehaviorSubject, startWith, Subject, takeUntil } from "rxjs";
+import { map, Observable, of, startWith, Subject, takeUntil } from "rxjs";
 
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -48,7 +48,7 @@ type PaymentMethodFormGroup = FormGroup<{
               {{ "creditCard" | i18n }}
             </bit-label>
           </bit-radio-button>
-          @if (showBankAccount) {
+          @if (showBankAccount$ | async) {
             <bit-radio-button id="bank-payment-method" [value]="'bankAccount'">
               <bit-label>
                 <i class="bwi bwi-fw bwi-billing" aria-hidden="true"></i>
@@ -226,20 +226,12 @@ type PaymentMethodFormGroup = FormGroup<{
 export class EnterPaymentMethodComponent implements OnInit {
   @Input({ required: true }) group!: PaymentMethodFormGroup;
 
-  private showBankAccountSubject = new BehaviorSubject<boolean>(true);
-  showBankAccount$ = this.showBankAccountSubject.asObservable();
-  @Input()
-  set showBankAccount(value: boolean) {
-    this.showBankAccountSubject.next(value);
-  }
-  get showBankAccount(): boolean {
-    return this.showBankAccountSubject.value;
-  }
-
-  @Input() showPayPal: boolean = true;
-  @Input() showAccountCredit: boolean = false;
-  @Input() includeBillingAddress: boolean = false;
+  @Input() private showBankAccount = true;
+  @Input() showPayPal = true;
+  @Input() showAccountCredit = false;
+  @Input() includeBillingAddress = false;
 
+  protected showBankAccount$!: Observable<boolean>;
   protected selectableCountries = selectableCountries;
 
   private destroy$ = new Subject<void>();
@@ -267,7 +259,16 @@ export class EnterPaymentMethodComponent implements OnInit {
     }
 
     if (!this.includeBillingAddress) {
+      this.showBankAccount$ = of(this.showBankAccount);
       this.group.controls.billingAddress.disable();
+    } else {
+      this.group.controls.billingAddress.patchValue({
+        country: "US",
+      });
+      this.showBankAccount$ = this.group.controls.billingAddress.controls.country.valueChanges.pipe(
+        startWith(this.group.controls.billingAddress.controls.country.value),
+        map((country) => this.showBankAccount && country === "US"),
+      );
     }
 
     this.group.controls.type.valueChanges
diff --git a/apps/web/src/app/vault/components/vault-items/vault-collection-row.component.html b/apps/web/src/app/vault/components/vault-items/vault-collection-row.component.html
index 0355c938bce..ad2886b1e59 100644
--- a/apps/web/src/app/vault/components/vault-items/vault-collection-row.component.html
+++ b/apps/web/src/app/vault/components/vault-items/vault-collection-row.component.html
@@ -1,14 +1,15 @@
 <td bitCell [ngClass]="RowHeightClass" class="tw-min-w-fit">
-  <input
-    type="checkbox"
-    bitCheckbox
-    appStopProp
-    *ngIf="showCheckbox"
-    [disabled]="disabled"
-    [checked]="checked"
-    (change)="$event ? this.checkedToggled.next() : null"
-    [attr.aria-label]="'collectionItemSelect' | i18n"
-  />
+  @if (this.canEditCollection || this.canDeleteCollection) {
+    <input
+      type="checkbox"
+      bitCheckbox
+      appStopProp
+      [disabled]="disabled"
+      [checked]="checked"
+      (change)="$event ? this.checkedToggled.next() : null"
+      [attr.aria-label]="'collectionItemSelect' | i18n"
+    />
+  }
 </td>
 <td bitCell [ngClass]="RowHeightClass" class="tw-min-w-fit">
   <div aria-hidden="true">
@@ -57,16 +58,17 @@
   </p>
 </td>
 <td bitCell [ngClass]="RowHeightClass" class="tw-text-right">
-  <button
-    *ngIf="canEditCollection || canDeleteCollection || canViewCollectionInfo"
-    [disabled]="disabled"
-    [bitMenuTriggerFor]="collectionOptions"
-    size="small"
-    bitIconButton="bwi-ellipsis-v"
-    type="button"
-    appA11yTitle="{{ 'options' | i18n }}"
-    appStopProp
-  ></button>
+  @if (canEditCollection || canDeleteCollection || canViewCollectionInfo) {
+    <button
+      [disabled]="disabled"
+      [bitMenuTriggerFor]="collectionOptions"
+      size="small"
+      bitIconButton="bwi-ellipsis-v"
+      type="button"
+      appA11yTitle="{{ 'options' | i18n }}"
+      appStopProp
+    ></button>
+  }
   <bit-menu #collectionOptions>
     <ng-container *ngIf="canEditCollection">
       <button type="button" bitMenuItem (click)="edit(false)">
diff --git a/apps/web/src/app/vault/components/vault-items/vault-collection-row.component.ts b/apps/web/src/app/vault/components/vault-items/vault-collection-row.component.ts
index 5d2b84aa10b..8271cc5a266 100644
--- a/apps/web/src/app/vault/components/vault-items/vault-collection-row.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-collection-row.component.ts
@@ -105,12 +105,4 @@ export class VaultCollectionRowComponent<C extends CipherViewLike> {
   protected deleteCollection() {
     this.onEvent.next({ type: "delete", items: [{ collection: this.collection }] });
   }
-
-  protected get showCheckbox() {
-    if (this.collection?.id === Unassigned) {
-      return false; // Never show checkbox for Unassigned
-    }
-
-    return this.canEditCollection || this.canDeleteCollection;
-  }
 }
diff --git a/apps/web/src/app/vault/components/vault-items/vault-items.component.ts b/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
index e82b03a8815..79ba9a6d2e1 100644
--- a/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.ts
@@ -2,11 +2,16 @@
 // @ts-strict-ignore
 import { SelectionModel } from "@angular/cdk/collections";
 import { Component, EventEmitter, Input, Output } from "@angular/core";
+import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 import { Observable, combineLatest, map, of, startWith, switchMap } from "rxjs";
 
 import { CollectionView, Unassigned, CollectionAdminView } from "@bitwarden/admin-console/common";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
+import {
+  RestrictedCipherType,
+  RestrictedItemTypesService,
+} from "@bitwarden/common/vault/services/restricted-item-types.service";
 import {
   CipherViewLike,
   CipherViewLikeUtils,
@@ -85,8 +90,12 @@ export class VaultItemsComponent<C extends CipherViewLike> {
   protected canDeleteSelected$: Observable<boolean>;
   protected canRestoreSelected$: Observable<boolean>;
   protected disableMenu$: Observable<boolean>;
+  private restrictedTypes: RestrictedCipherType[] = [];
 
-  constructor(protected cipherAuthorizationService: CipherAuthorizationService) {
+  constructor(
+    protected cipherAuthorizationService: CipherAuthorizationService,
+    private restrictedItemTypesService: RestrictedItemTypesService,
+  ) {
     this.canDeleteSelected$ = this.selection.changed.pipe(
       startWith(null),
       switchMap(() => {
@@ -114,6 +123,11 @@ export class VaultItemsComponent<C extends CipherViewLike> {
       }),
     );
 
+    this.restrictedItemTypesService.restricted$.pipe(takeUntilDestroyed()).subscribe((types) => {
+      this.restrictedTypes = types;
+      this.refreshItems();
+    });
+
     this.canRestoreSelected$ = this.selection.changed.pipe(
       startWith(null),
       switchMap(() => {
@@ -342,9 +356,12 @@ export class VaultItemsComponent<C extends CipherViewLike> {
 
   private refreshItems() {
     const collections: VaultItem<C>[] = this.collections.map((collection) => ({ collection }));
-    const ciphers: VaultItem<C>[] = this.ciphers.map((cipher) => ({
-      cipher,
-    }));
+    const ciphers: VaultItem<C>[] = this.ciphers
+      .filter(
+        (cipher) =>
+          !this.restrictedItemTypesService.isCipherRestricted(cipher, this.restrictedTypes),
+      )
+      .map((cipher) => ({ cipher }));
     const items: VaultItem<C>[] = [].concat(collections).concat(ciphers);
 
     // All ciphers are selectable, collections only if they can be edited or deleted
diff --git a/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts b/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
index 785c07fb634..78c4d21dede 100644
--- a/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
@@ -139,6 +139,7 @@ export default {
           provide: RestrictedItemTypesService,
           useValue: {
             restricted$: of([]), // No restricted item types for this story
+            isCipherRestricted: () => false, // No restrictions for this story
           },
         },
       ],
diff --git a/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html b/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html
index 711d1166d7b..413b4792f4e 100644
--- a/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html
+++ b/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.html
@@ -22,41 +22,48 @@
   </bit-breadcrumbs>
 
   <ng-container slot="title-suffix">
-    <ng-container *ngIf="collection != null && (canEditCollection || canDeleteCollection)">
-      <button
-        bitIconButton="bwi-angle-down"
-        [bitMenuTriggerFor]="editCollectionMenu"
-        size="small"
-        type="button"
-        aria-haspopup="true"
-      ></button>
-      <bit-menu #editCollectionMenu>
+    @if (collection != null && (canEditCollection || canDeleteCollection)) {
+      <ng-container>
         <button
+          bitIconButton="bwi-angle-down"
+          [bitMenuTriggerFor]="editCollectionMenu"
+          size="small"
           type="button"
-          *ngIf="canEditCollection"
-          bitMenuItem
-          (click)="editCollection(CollectionDialogTabType.Info)"
-        >
-          <i class="bwi bwi-fw bwi-pencil-square" aria-hidden="true"></i>
-          {{ "editInfo" | i18n }}
-        </button>
-        <button
-          type="button"
-          *ngIf="canEditCollection"
-          bitMenuItem
-          (click)="editCollection(CollectionDialogTabType.Access)"
-        >
-          <i class="bwi bwi-fw bwi-users" aria-hidden="true"></i>
-          {{ "access" | i18n }}
-        </button>
-        <button type="button" *ngIf="canDeleteCollection" bitMenuItem (click)="deleteCollection()">
-          <span class="tw-text-danger">
-            <i class="bwi bwi-fw bwi-trash" aria-hidden="true"></i>
-            {{ "delete" | i18n }}
-          </span>
-        </button>
-      </bit-menu>
-    </ng-container>
+          aria-haspopup="true"
+        ></button>
+        <bit-menu #editCollectionMenu>
+          <button
+            type="button"
+            *ngIf="canEditCollection"
+            bitMenuItem
+            (click)="editCollection(CollectionDialogTabType.Info)"
+          >
+            <i class="bwi bwi-fw bwi-pencil-square" aria-hidden="true"></i>
+            {{ "editInfo" | i18n }}
+          </button>
+          <button
+            type="button"
+            *ngIf="canEditCollection"
+            bitMenuItem
+            (click)="editCollection(CollectionDialogTabType.Access)"
+          >
+            <i class="bwi bwi-fw bwi-users" aria-hidden="true"></i>
+            {{ "access" | i18n }}
+          </button>
+          <button
+            type="button"
+            *ngIf="canDeleteCollection"
+            bitMenuItem
+            (click)="deleteCollection()"
+          >
+            <span class="tw-text-danger">
+              <i class="bwi bwi-fw bwi-trash" aria-hidden="true"></i>
+              {{ "delete" | i18n }}
+            </span>
+          </button>
+        </bit-menu>
+      </ng-container>
+    }
     <small *ngIf="loading">
       <i
         class="bwi bwi-spinner bwi-spin tw-text-muted"
diff --git a/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.ts b/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.ts
index f4f3ba32428..13b2ce2939f 100644
--- a/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.ts
@@ -1,5 +1,3 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
 import { CommonModule } from "@angular/common";
 import { ChangeDetectionStrategy, Component, EventEmitter, Input, Output } from "@angular/core";
 import { Router } from "@angular/router";
@@ -60,10 +58,10 @@ export class VaultHeaderComponent {
    * Boolean to determine the loading state of the header.
    * Shows a loading spinner if set to true
    */
-  @Input() loading: boolean;
+  @Input() loading: boolean = true;
 
   /** Current active filter */
-  @Input() filter: RoutedVaultFilterModel;
+  @Input() filter: RoutedVaultFilterModel | undefined;
 
   /** All organizations that can be shown */
   @Input() organizations: Organization[] = [];
@@ -72,7 +70,7 @@ export class VaultHeaderComponent {
   @Input() collection?: TreeNode<CollectionView>;
 
   /** Whether 'Collection' option is shown in the 'New' dropdown */
-  @Input() canCreateCollections: boolean;
+  @Input() canCreateCollections: boolean = false;
 
   /** Emits an event when the new item button is clicked in the header */
   @Output() onAddCipher = new EventEmitter<CipherType | undefined>();
@@ -106,7 +104,7 @@ export class VaultHeaderComponent {
       return this.collection.node.organizationId;
     }
 
-    if (this.filter.organizationId !== undefined) {
+    if (this.filter?.organizationId !== undefined) {
       return this.filter.organizationId;
     }
 
@@ -119,10 +117,14 @@ export class VaultHeaderComponent {
   }
 
   protected get showBreadcrumbs() {
-    return this.filter.collectionId !== undefined && this.filter.collectionId !== All;
+    return this.filter?.collectionId !== undefined && this.filter.collectionId !== All;
   }
 
   protected get title() {
+    if (this.filter === undefined) {
+      return "";
+    }
+
     if (this.filter.collectionId === Unassigned) {
       return this.i18nService.t("unassigned");
     }
@@ -144,7 +146,7 @@ export class VaultHeaderComponent {
   }
 
   protected get icon() {
-    return this.filter.collectionId && this.filter.collectionId !== All
+    return this.filter?.collectionId && this.filter.collectionId !== All
       ? "bwi-collection-shared"
       : "";
   }
diff --git a/apps/web/src/locales/af/messages.json b/apps/web/src/locales/af/messages.json
index 75c9275b288..5cd8d087d15 100644
--- a/apps/web/src/locales/af/messages.json
+++ b/apps/web/src/locales/af/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Beveiligde nota"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ek"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Webkluis"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/ar/messages.json b/apps/web/src/locales/ar/messages.json
index 1c103219fa1..7642fa69d34 100644
--- a/apps/web/src/locales/ar/messages.json
+++ b/apps/web/src/locales/ar/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "ملاحظة سرية"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "مفتاح بروتوكول النقل الآمن"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "نسخ الاسم"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "أنا"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "قبو الويب"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/az/messages.json b/apps/web/src/locales/az/messages.json
index a455efa3230..2c51163b62c 100644
--- a/apps/web/src/locales/az/messages.json
+++ b/apps/web/src/locales/az/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Güvənli qeyd"
   },
+  "typeNote": {
+    "message": "Not"
+  },
   "typeSshKey": {
     "message": "SSH açarı"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Adı kopyala"
   },
+  "cardNumber": {
+    "message": "kart nömrəsi"
+  },
+  "copyFieldCipherName": {
+    "message": "Kopyala: $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Mən"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Veb seyf"
   },
+  "webApp": {
+    "message": "Veb tətbiq"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Başqa bir cihazdan giriş cəhdinə rədd cavabı verdiniz. Bu həqiqətən siz idinizsə, cihazla yenidən giriş etməyə çalışın."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "$DEVICE$ cihazında $EMAIL$ üçün giriş tələbi təsdiqləndi",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Başqa bir cihazdan giriş cəhdinə rədd cavabı verdiniz. Bu siz idinizsə, cihazla yenidən giriş etməyə çalışın."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Giriş tələbinin müddəti artıq bitib."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Giriş tələbini incələ"
   },
+  "loginRequest": {
+    "message": "Giriş tələbi"
+  },
   "freeTrialEndPromptCount": {
     "message": "Ödənişsiz sınaq müddətiniz $COUNT$ günə bitir.",
     "placeholders": {
@@ -8939,11 +8981,11 @@
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
-    "message": "Advanced options",
+    "message": "Qabaqcıl seçimlər",
     "description": "Advanced option placeholder for uri option component"
   },
   "warningCapitalized": {
-    "message": "Warning",
+    "message": "Xəbərdarlıq",
     "description": "Warning (should maintain locale-relevant capitalization)"
   },
   "maintainYourSubscription": {
diff --git a/apps/web/src/locales/be/messages.json b/apps/web/src/locales/be/messages.json
index 40875670107..d07df39790c 100644
--- a/apps/web/src/locales/be/messages.json
+++ b/apps/web/src/locales/be/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Абароненая нататка"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Я"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Вэб-сховішча"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/bg/messages.json b/apps/web/src/locales/bg/messages.json
index 77ea169bb2b..315ce4ee30b 100644
--- a/apps/web/src/locales/bg/messages.json
+++ b/apps/web/src/locales/bg/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Защитена бележка"
   },
+  "typeNote": {
+    "message": "Бележка"
+  },
   "typeSshKey": {
     "message": "SSH ключ"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Копиране на името"
   },
+  "cardNumber": {
+    "message": "номер на карта"
+  },
+  "copyFieldCipherName": {
+    "message": "Копиране на $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Аз"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Трезор по уеб"
   },
+  "webApp": {
+    "message": "Приложение по уеб"
+  },
   "cli": {
     "message": "ИКР"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Вие отказахте опит за вписване от друго устройство. Ако това наистина сте били Вие, опитайте да се впишете от устройството отново."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Заявката за вписване за $EMAIL$ на $DEVICE$ е одобрена",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Вие отказахте опит за вписване от друго устройство. Ако това сте били Вие, опитайте да се впишете от устройството отново."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Заявката за вписване вече е изтекла."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Преглед на заявката за вписване"
   },
+  "loginRequest": {
+    "message": "Заявка за вписване"
+  },
   "freeTrialEndPromptCount": {
     "message": "Вашият безплатен пробен период приключва след $COUNT$ дни.",
     "placeholders": {
diff --git a/apps/web/src/locales/bn/messages.json b/apps/web/src/locales/bn/messages.json
index 66aa1b9a62e..0b0573c244d 100644
--- a/apps/web/src/locales/bn/messages.json
+++ b/apps/web/src/locales/bn/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "সুরক্ষিত নোট"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "ওয়েব ভল্ট"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/bs/messages.json b/apps/web/src/locales/bs/messages.json
index 9d9bece2b6e..02ed711cb5f 100644
--- a/apps/web/src/locales/bs/messages.json
+++ b/apps/web/src/locales/bs/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Sigurna bilješka"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ja"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/ca/messages.json b/apps/web/src/locales/ca/messages.json
index 118af8c66fb..782ecc69b67 100644
--- a/apps/web/src/locales/ca/messages.json
+++ b/apps/web/src/locales/ca/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Nota segura"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "Clau SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copia el nom"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Jo"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Caixa forta web"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/cs/messages.json b/apps/web/src/locales/cs/messages.json
index 51c04fd9260..8569b953fb7 100644
--- a/apps/web/src/locales/cs/messages.json
+++ b/apps/web/src/locales/cs/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Zabezpečená poznámka"
   },
+  "typeNote": {
+    "message": "Poznámka"
+  },
   "typeSshKey": {
     "message": "SSH klíč"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Kopírovat název"
   },
+  "cardNumber": {
+    "message": "číslo karty"
+  },
+  "copyFieldCipherName": {
+    "message": "Kopírovat $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Já"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Webový trezor"
   },
+  "webApp": {
+    "message": "Webová aplikace"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Pokus o přihlášení byl zamítnut z jiného zařízení. Pokud jste to opravdu Vy, zkuste se znovu přihlásit do zařízení."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Požadavek na přihlášení byl schválen pro $EMAIL$ na $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Pokus o přihlášení byl zamítnut z jiného zařízení. Pokud jste to Vy, zkuste se znovu přihlásit do zařízení."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Požadavek na přihlášení již vypršel."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Podívat se na žádost o přihlášení"
   },
+  "loginRequest": {
+    "message": "Požadavek na přihlášení"
+  },
   "freeTrialEndPromptCount": {
     "message": "Vaše zkušební doba končí za $COUNT$ dnů.",
     "placeholders": {
diff --git a/apps/web/src/locales/cy/messages.json b/apps/web/src/locales/cy/messages.json
index 012dcac1fc9..4089f11392c 100644
--- a/apps/web/src/locales/cy/messages.json
+++ b/apps/web/src/locales/cy/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/da/messages.json b/apps/web/src/locales/da/messages.json
index 3dfde9ee756..1d2ebcaca0f 100644
--- a/apps/web/src/locales/da/messages.json
+++ b/apps/web/src/locales/da/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Sikret notat"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH-nøgle"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Kopiér navn"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Mig"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web-boks"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Du nægtede et loginforsøg fra en anden enhed. Hvis dette virkelig var dig, prøv at logge ind med enheden igen."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login-anmodning er allerede udløbet."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Den gratis prøveperiode slutter om $COUNT$ dage.",
     "placeholders": {
diff --git a/apps/web/src/locales/de/messages.json b/apps/web/src/locales/de/messages.json
index 5ce3b6883bb..6c94a17f36c 100644
--- a/apps/web/src/locales/de/messages.json
+++ b/apps/web/src/locales/de/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Sichere Notiz"
   },
+  "typeNote": {
+    "message": "Notiz"
+  },
   "typeSshKey": {
     "message": "SSH-Schlüssel"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Name kopieren"
   },
+  "cardNumber": {
+    "message": "Kartennummer"
+  },
+  "copyFieldCipherName": {
+    "message": "$FIELD$, $CIPHERNAME$ kopieren",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ich"
   },
@@ -1785,7 +1805,7 @@
     "message": "Wenn du fortfährst, wirst du aus deiner aktuellen Sitzung ausgeloggt. Aktive Sitzungen auf anderen Geräten können bis zu einer Stunde weiterhin aktiv bleiben."
   },
   "changePasswordWarning": {
-    "message": "After changing your password, you will need to log in with your new password. Active sessions on other devices will be logged out within one hour."
+    "message": "Nachdem du dein Passwort geändert hast, musst du dich mit deinem neuen Passwort anmelden. Aktive Sitzungen auf anderen Geräten werden innerhalb einer Stunde abgemeldet."
   },
   "emailChanged": {
     "message": "E-Mail-Adresse gespeichert"
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web-Tresor"
   },
+  "webApp": {
+    "message": "Web-App"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Du hast einen Anmeldeversuch von einem anderen Gerät abgelehnt. Wenn du das wirklich warst, versuche dich erneut mit dem Gerät anzumelden."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Anmeldeanfrage für $EMAIL$ auf $DEVICE$ genehmigt",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Du hast einen Anmeldeversuch von einem anderen Gerät abgelehnt. Wenn du das wirklich warst, versuche dich erneut mit dem Gerät anzumelden."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Anmeldeanfrage ist bereits abgelaufen."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Anmeldeanfrage überprüfen"
   },
+  "loginRequest": {
+    "message": "Anmeldungsanfrage"
+  },
   "freeTrialEndPromptCount": {
     "message": "Deine kostenlose Testversion endet in $COUNT$ Tagen.",
     "placeholders": {
@@ -6068,7 +6110,7 @@
     "message": "Hinzufügen"
   },
   "masterPasswordSuccessfullySet": {
-    "message": "Master-Passwort erfolgreich eingerichtet"
+    "message": "Master-Passwort erfolgreich festgelegt"
   },
   "updatedMasterPassword": {
     "message": "Master-Passwort gespeichert"
@@ -6077,10 +6119,10 @@
     "message": "Master-Passwort aktualisieren"
   },
   "accountRecoveryUpdateMasterPasswordSubtitle": {
-    "message": "Change your master password to complete account recovery."
+    "message": "Ändere dein Master-Passwort, um die Kontowiederherstellung abzuschließen."
   },
   "updateMasterPasswordSubtitle": {
-    "message": "Your master password does not meet this organization’s requirements. Change your master password to continue."
+    "message": "Dein Master-Passwort entspricht nicht den Anforderungen dieser Organisation. Ändere dein Master-Passwort, um fortzufahren."
   },
   "updateMasterPasswordWarning": {
     "message": "Dein Master-Passwort wurde kürzlich von einem Administrator deiner Organisation geändert. Um auf den Tresor zuzugreifen, musst du dein Master-Passwort jetzt aktualisieren. Wenn Du fortfährst, wirst du aus der aktuellen Sitzung abgemeldet und eine erneute Anmeldung ist erforderlich. Aktive Sitzungen auf anderen Geräten können bis zu einer Stunde weiterhin aktiv bleiben."
@@ -8246,7 +8288,7 @@
     "message": "Beim Lesen der Importdatei ist ein Fehler aufgetreten"
   },
   "accessedSecretWithId": {
-    "message": "Accessed a secret with identifier: $SECRET_ID$",
+    "message": "Zugriff auf Geheimnis mit der Kennung: $SECRET_ID$",
     "placeholders": {
       "secret_id": {
         "content": "$1",
@@ -8264,7 +8306,7 @@
     }
   },
   "editedSecretWithId": {
-    "message": "Edited a secret with identifier: $SECRET_ID$",
+    "message": "Ein Geheimnis bearbeitet mit der Kennung: $SECRET_ID$",
     "placeholders": {
       "secret_id": {
         "content": "$1",
@@ -8273,7 +8315,7 @@
     }
   },
   "deletedSecretWithId": {
-    "message": "Deleted a secret with identifier: $SECRET_ID$",
+    "message": "Ein Geheimnis gelöscht mit der Kennung: $SECRET_ID$",
     "placeholders": {
       "secret_id": {
         "content": "$1",
@@ -8282,7 +8324,7 @@
     }
   },
   "createdSecretWithId": {
-    "message": "Created a new secret with identifier: $SECRET_ID$",
+    "message": "Ein neues Geheimnis erstellt mit Kennung: $SECRET_ID$",
     "placeholders": {
       "secret_id": {
         "content": "$1",
@@ -8463,10 +8505,10 @@
     "message": "Admin-Genehmigung anfragen"
   },
   "unableToCompleteLogin": {
-    "message": "Unable to complete login"
+    "message": "Anmeldung kann nicht abgeschlossen werden"
   },
   "loginOnTrustedDeviceOrAskAdminToAssignPassword": {
-    "message": "You need to log in on a trusted device or ask your administrator to assign you a password."
+    "message": "Du musst dich auf einem vertrauenswürdigen Gerät anmelden oder deinem Administrator bitten, dir ein Passwort zuzuweisen."
   },
   "trustedDeviceEncryption": {
     "message": "Vertrauenswürdige Geräteverschlüsselung"
@@ -8923,27 +8965,27 @@
     "description": "Label indicating the most common import formats"
   },
   "uriMatchDefaultStrategyHint": {
-    "message": "URI match detection is how Bitwarden identifies autofill suggestions.",
+    "message": "Die URI-Übereinstimmungserkennung ist die Methode, mit der Bitwarden Auto-Ausfüllen-Vorschläge erkennt.",
     "description": "Explains to the user that URI match detection determines how Bitwarden suggests autofill options, and clarifies that this default strategy applies when no specific match detection is set for a login item."
   },
   "regExAdvancedOptionWarning": {
-    "message": "\"Regular expression\" is an advanced option with increased risk of exposing credentials.",
+    "message": "\"Regulärer Ausdruck\" ist eine erweiterte Option mit erhöhtem Risiko der Kompromittierung von Zugangsdaten.",
     "description": "Content for dialog which warns a user when selecting 'regular expression' matching strategy as a cipher match strategy"
   },
   "startsWithAdvancedOptionWarning": {
-    "message": "\"Starts with\" is an advanced option with increased risk of exposing credentials.",
+    "message": "\"Beginnt mit\" ist eine erweiterte Option mit erhöhtem Risiko der Kompromittierung von Zugangsdaten.",
     "description": "Content for dialog which warns a user when selecting 'starts with' matching strategy as a cipher match strategy"
   },
   "uriMatchWarningDialogLink": {
-    "message": "More about match detection",
+    "message": "Mehr über die Übereinstimmungs-Erkennung",
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
-    "message": "Advanced options",
+    "message": "Erweiterte Optionen",
     "description": "Advanced option placeholder for uri option component"
   },
   "warningCapitalized": {
-    "message": "Warning",
+    "message": "Warnung",
     "description": "Warning (should maintain locale-relevant capitalization)"
   },
   "maintainYourSubscription": {
@@ -10737,49 +10779,49 @@
     "example": "Store your keys and connect with the SSH agent for fast, encrypted authentication. Learn more about SSH agent"
   },
   "setupExtensionPageTitle": {
-    "message": "Autofill your passwords securely with one click"
+    "message": "Fülle deine Passwörter sicher mit einem Klick automatisch aus"
   },
   "setupExtensionPageDescription": {
-    "message": "Get the Bitwarden browser extension and start autofilling today"
+    "message": "Lade dir die Bitwarden Browser-Erweiterung herunter und nutze Auto-Ausfüllen noch heute"
   },
   "getTheExtension": {
-    "message": "Get the extension"
+    "message": "Erweiterung herunterladen"
   },
   "addItLater": {
-    "message": "Add it later"
+    "message": "Später hinzufügen"
   },
   "cannotAutofillPasswordsWithoutExtensionTitle": {
-    "message": "You can't autofill passwords without the browser extension"
+    "message": "Du kannst Passwörter nicht ohne die Browser-Erweiterung automatisch ausfüllen"
   },
   "cannotAutofillPasswordsWithoutExtensionDesc": {
-    "message": "Are you sure you don't want to add the extension now?"
+    "message": "Bist du sicher, dass du die Erweiterung jetzt nicht hinzufügen möchtest?"
   },
   "skipToWebApp": {
-    "message": "Skip to web app"
+    "message": "Zur Web-App springen"
   },
   "bitwardenExtensionInstalled": {
-    "message": "Bitwarden extension installed!"
+    "message": "Bitwarden-Erweiterung installiert!"
   },
   "openExtensionToAutofill": {
-    "message": "Open the extension to log in and start autofilling."
+    "message": "Öffne die Erweiterung, um dich anzumelden und Auto-Ausfüllen zu nutzen."
   },
   "openBitwardenExtension": {
-    "message": "Open Bitwarden extension"
+    "message": "Bitwarden-Erweiterung öffnen"
   },
   "gettingStartedWithBitwardenPart1": {
-    "message": "For tips on getting started with Bitwarden visit the",
+    "message": "Tipps für die ersten Schritte mit Bitwarden findest du unter",
     "description": "This will be displayed as part of a larger sentence. The whole sentence reads: 'For tips on getting started with Bitwarden visit the Learning Center and Help Center'"
   },
   "gettingStartedWithBitwardenPart2": {
-    "message": "Learning Center",
+    "message": "Lernzentrum",
     "description": "This will be displayed as part of a larger sentence. The whole sentence reads: 'For tips on getting started with Bitwarden visit the Learning Center and Help Center'"
   },
   "gettingStartedWithBitwardenPart3": {
-    "message": "Help Center",
+    "message": "Hilfezentrum",
     "description": "This will be displayed as part of a larger sentence. The whole sentence reads: 'For tips on getting started with Bitwarden visit the Learning Center and Help Center'"
   },
   "setupExtensionContentAlt": {
-    "message": "With the Bitwarden browser extension you can easily create new logins, access your saved logins directly from your browser toolbar, and sign in to accounts quickly using Bitwarden autofill."
+    "message": "Mit der Bitwarden Browser-Erweiterung kannst du ganz einfach neue Zugangsdaten erstellen, auf deine gespeicherten Zugangsdaten direkt von deiner Browser-Symbolleiste aus zugreifen und dich schnell mit Bitwarden Auto-Ausfüllen bei Konten anmelden."
   },
   "restart": {
     "message": "Neustarten"
@@ -10808,46 +10850,46 @@
     "description": "Error message shown when trying to add credit to a trialing organization without a billing address."
   },
   "billingAddress": {
-    "message": "Billing address"
+    "message": "Rechnungsadresse"
   },
   "addBillingAddress": {
-    "message": "Add billing address"
+    "message": "Rechnungsadresse hinzufügen"
   },
   "editBillingAddress": {
-    "message": "Edit billing address"
+    "message": "Rechnungsadresse bearbeiten"
   },
   "noBillingAddress": {
-    "message": "No address on file."
+    "message": "Keine Adresse angegeben."
   },
   "billingAddressUpdated": {
-    "message": "Your billing address has been updated."
+    "message": "Deine Rechnungsadresse wurde aktualisiert."
   },
   "paymentDetails": {
-    "message": "Payment details"
+    "message": "Zahlungsdaten"
   },
   "paymentMethodUpdated": {
-    "message": "Your payment method has been updated."
+    "message": "Deine Zahlungsart wurde aktualisiert."
   },
   "bankAccountVerified": {
-    "message": "Your bank account has been verified."
+    "message": "Dein Bankkonto wurde verifiziert."
   },
   "availableCreditAppliedToInvoice": {
-    "message": "Any available credit will be automatically applied towards invoices generated for this account."
+    "message": "Jedes verfügbare Guthaben wird automatisch auf die für dieses Konto erstellten Rechnungen angerechnet."
   },
   "mustBePositiveNumber": {
-    "message": "Must be a positive number"
+    "message": "Muss eine positive Zahl sein"
   },
   "cardSecurityCode": {
-    "message": "Card security code"
+    "message": "Karten-Sicherheitscode"
   },
   "cardSecurityCodeDescription": {
-    "message": "Card security code, also known as CVV or CVC, is typically a 3 digit number printed on the back of your credit card or 4 digit number printed on the front above your card number."
+    "message": "Der Karten-Sicherheitscode, auch CVV oder CVC genannt, ist typischerweise eine dreistellige Zahl, die auf der Rückseite oder als vierstellige Zahl auf der Vorderseite über deiner Kartennummer gedruckt ist."
   },
   "verifyBankAccountWarning": {
-    "message": "Payment with a bank account is only available to customers in the United States. You will be required to verify your bank account. We will make a micro-deposit within the next 1-2 business days. Enter the statement descriptor code from this deposit on the Payment Details page to verify the bank account. Failure to verify the bank account will result in a missed payment and your subscription being suspended."
+    "message": "Die Zahlung mit einem Bankkonto ist nur für Kunden in den Vereinigten Staaten möglich. Du musst dein Bankkonto verifizieren. Wir werden innerhalb der nächsten 1-2 Werktage eine Mikro-Einzahlung vornehmen. Gib den Code aus der Auszugsbeschreibung dieser Einzahlung ein, um das Bankkonto zu verifizieren. Schlägt die Verifizierung des Bankkontos fehl, wird dies als versäumte Zahlung gewertet und dein Abonnement gesperrt."
   },
   "taxId": {
-    "message": "Tax ID: $TAX_ID$",
+    "message": "Steuernummer: $TAX_ID$",
     "placeholders": {
       "tax_id": {
         "content": "$1",
diff --git a/apps/web/src/locales/el/messages.json b/apps/web/src/locales/el/messages.json
index b3e8d6d91d2..21f13a3440f 100644
--- a/apps/web/src/locales/el/messages.json
+++ b/apps/web/src/locales/el/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Ασφαλής σημείωση"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "Κλειδί SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Αντιγραφή ονόματος"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Εγώ"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web Vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 4c4a97e6404..d5ded3c75ea 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -10400,8 +10400,8 @@
   "domainStatusUnderVerification": {
     "message": "Under verification"
   },
-  "claimedDomainsDesc": {
-    "message": "Claim a domain to own all member accounts whose email address matches the domain. Members will be able to skip the SSO identifier when logging in. Administrators will also be able to delete member accounts."
+  "claimedDomainsDescription": {
+    "message": "Claim a domain to own member accounts. The SSO identifier page will be skipped during login for members with claimed domains and administrators will be able to delete claimed accounts."
   },
   "invalidDomainNameClaimMessage": {
     "message": "Input is not a valid format. Format: mydomain.com. Subdomains require separate entries to be claimed."
diff --git a/apps/web/src/locales/en_GB/messages.json b/apps/web/src/locales/en_GB/messages.json
index 7993308c44a..2b3edba1ee9 100644
--- a/apps/web/src/locales/en_GB/messages.json
+++ b/apps/web/src/locales/en_GB/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/en_IN/messages.json b/apps/web/src/locales/en_IN/messages.json
index 1608845dca0..f2fb53f9b7d 100644
--- a/apps/web/src/locales/en_IN/messages.json
+++ b/apps/web/src/locales/en_IN/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/eo/messages.json b/apps/web/src/locales/eo/messages.json
index 86ed31ac4a4..ebc17d7e9b2 100644
--- a/apps/web/src/locales/eo/messages.json
+++ b/apps/web/src/locales/eo/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Sekura noto"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH-ŝlosilo"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Kopii la nomon"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Mi"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Rettrezorejo"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/es/messages.json b/apps/web/src/locales/es/messages.json
index 1daee236d86..5c70de44650 100644
--- a/apps/web/src/locales/es/messages.json
+++ b/apps/web/src/locales/es/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Nota segura"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "Clave SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copiar nombre"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Yo"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Caja fuerte Web"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Tu prueba gratuita termina en $COUNT$ días.",
     "placeholders": {
diff --git a/apps/web/src/locales/et/messages.json b/apps/web/src/locales/et/messages.json
index d95ff17edb8..6e865f9b5cb 100644
--- a/apps/web/src/locales/et/messages.json
+++ b/apps/web/src/locales/et/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Turvaline märkus"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Kopeeri nimi"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Mina"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Veebihoidla"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Sinu tasuta prooviaeg lõppeb $COUNT$ päeva pärast.",
     "placeholders": {
diff --git a/apps/web/src/locales/eu/messages.json b/apps/web/src/locales/eu/messages.json
index 546ffae4aea..fe066e152c0 100644
--- a/apps/web/src/locales/eu/messages.json
+++ b/apps/web/src/locales/eu/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Ohar segurua"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ni"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Webguneko kutxa gotorra"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/fa/messages.json b/apps/web/src/locales/fa/messages.json
index a4072ddca87..8e8fd9663bf 100644
--- a/apps/web/src/locales/fa/messages.json
+++ b/apps/web/src/locales/fa/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "یادداشت امن"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "کلید SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "کپی نام"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "من"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "گاوصندوق وب"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "شما تلاش برای ورود به سیستم از دستگاه دیگری را رد کردید. اگر واقعاً این شما بودید، سعی کنید دوباره با دستگاه وارد شوید."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "درخواست ورود قبلاً منقضی شده است."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "بررسی درخواست ورود"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "دوره آزمایشی رایگان شما در $COUNT$ روز به پایان می‌رسد.",
     "placeholders": {
diff --git a/apps/web/src/locales/fi/messages.json b/apps/web/src/locales/fi/messages.json
index deb06c4c2b7..b2387149755 100644
--- a/apps/web/src/locales/fi/messages.json
+++ b/apps/web/src/locales/fi/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Salattu muistio"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH-avain"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Kopioi nimi"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Minä"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Verkkoholvi"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "Komentorivi"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Kirjautumispyyntö on jo erääntynyt."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Tarkastele kirjautumispyyntöä"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Ilmainen kokeilujakso päättyy $COUNT$ päivän kuluttua.",
     "placeholders": {
diff --git a/apps/web/src/locales/fil/messages.json b/apps/web/src/locales/fil/messages.json
index 9925074ad18..b56828be0e4 100644
--- a/apps/web/src/locales/fil/messages.json
+++ b/apps/web/src/locales/fil/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure na tala"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ako"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/fr/messages.json b/apps/web/src/locales/fr/messages.json
index 5ca186d843c..9a86b4aceb5 100644
--- a/apps/web/src/locales/fr/messages.json
+++ b/apps/web/src/locales/fr/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Note sécurisée"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "Clé SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copier le nom"
   },
+  "cardNumber": {
+    "message": "numéro de carte"
+  },
+  "copyFieldCipherName": {
+    "message": "Copier $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Moi"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Coffre web"
   },
+  "webApp": {
+    "message": "Application web"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Vous avez refusé une tentative de connexion depuis un autre appareil. Si c'était vraiment vous, essayez de vous connecter à nouveau avec l'appareil."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Demande de connexion approuvée pour $EMAIL$ sur $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Vous avez refusé une tentative de connexion depuis un autre appareil. Si c'était vous, essayez de vous connecter à nouveau avec l'appareil."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "La demande de connexion a déjà expiré."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Examiner la demande de connexion"
   },
+  "loginRequest": {
+    "message": "Demande de connexion"
+  },
   "freeTrialEndPromptCount": {
     "message": "Votre essai gratuit se termine dans $COUNT$ jours.",
     "placeholders": {
diff --git a/apps/web/src/locales/gl/messages.json b/apps/web/src/locales/gl/messages.json
index d22f7a2278c..a456d62e8c6 100644
--- a/apps/web/src/locales/gl/messages.json
+++ b/apps/web/src/locales/gl/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Nota segura"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/he/messages.json b/apps/web/src/locales/he/messages.json
index 476f2603b68..6d0d2e38166 100644
--- a/apps/web/src/locales/he/messages.json
+++ b/apps/web/src/locales/he/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "הערה מאובטחת"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "מפתח SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "העתק שם"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "אני"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "כספת רשת"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "דחית ניסיון כניסה ממכשיר אחר. אם זה באמת היית אתה, נסה להיכנס עם המכשיר שוב."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "כבר פג תוקפה של בקשת הכניסה."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "סקור בקשת כניסה"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "הניסיון החינמי שלך מסתיים בעוד $COUNT$ ימים.",
     "placeholders": {
diff --git a/apps/web/src/locales/hi/messages.json b/apps/web/src/locales/hi/messages.json
index ebb408a90e1..301e8a7abb3 100644
--- a/apps/web/src/locales/hi/messages.json
+++ b/apps/web/src/locales/hi/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "सुरक्षित नोट"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "मैं"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/hr/messages.json b/apps/web/src/locales/hr/messages.json
index 2f706a33e7f..b3b2aec4eb6 100644
--- a/apps/web/src/locales/hr/messages.json
+++ b/apps/web/src/locales/hr/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Sigurna bilješka"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH ključ"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Kopiraj ime"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ja"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web trezor"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Odbijena je prijava na drugom uređaju. Ako si ovo stvarno ti, pokušaj se ponovno prijaviti uređajem."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Zahtjev za prijavu je već istekao."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Pregledaj zahtjev za prijavu"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Besplatno probno razdoblje završava za $COUNT$ dan/a.",
     "placeholders": {
diff --git a/apps/web/src/locales/hu/messages.json b/apps/web/src/locales/hu/messages.json
index 6864afe594d..a38ed7f0c03 100644
--- a/apps/web/src/locales/hu/messages.json
+++ b/apps/web/src/locales/hu/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Biztonságos jegyzet"
   },
+  "typeNote": {
+    "message": "Jegyzet"
+  },
   "typeSshKey": {
     "message": "SSH kulcs"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Név másolása"
   },
+  "cardNumber": {
+    "message": "kártya szám"
+  },
+  "copyFieldCipherName": {
+    "message": "$FIELD$, $CIPHERNAME$ másolása",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Én"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Webes széf"
   },
+  "webApp": {
+    "message": "Webalkalmazás"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Megtagadásra került egy bejelentkezési kísérletet egy másik eszközről. Ha valóban mi voltunk, próbáljunk meg újra bejelentkezni az eszközzel."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "A bejelentkezési kérelem jóváhagyásra került: $EMAIL$ - $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Megtagadásra került egy bejelentkezési kísérletet egy másik eszközről. Ha valóban mi voltunk, próbáljunk meg újra bejelentkezni az eszközzel."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "A bejelentkezési kérés már lejárt."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Bejelentkezési kérés áttekintése"
   },
+  "loginRequest": {
+    "message": "Bejelentkezés kérés"
+  },
   "freeTrialEndPromptCount": {
     "message": "Az ingyenes próbaidőszak $COUNT$ nap múlva ér véget.",
     "placeholders": {
diff --git a/apps/web/src/locales/id/messages.json b/apps/web/src/locales/id/messages.json
index b1d0554dc4d..d7d7e6699a3 100644
--- a/apps/web/src/locales/id/messages.json
+++ b/apps/web/src/locales/id/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Catatan Aman"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Salin nama"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Saya"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Brankas web"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/it/messages.json b/apps/web/src/locales/it/messages.json
index 8549da6aadf..0fdcc4952c1 100644
--- a/apps/web/src/locales/it/messages.json
+++ b/apps/web/src/locales/it/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Nota sicura"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "Chiave SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copia nome"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Io"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Cassaforte web"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Hai negato un tentativo di accesso da un altro dispositivo. Se eri davvero tu, prova di nuovo ad accedere con il dispositivo."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "La richiesta di accesso è già scaduta."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Rivedi richiesta di accesso"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Il tuo periodo di prova scade tra $COUNT$ giorni.",
     "placeholders": {
diff --git a/apps/web/src/locales/ja/messages.json b/apps/web/src/locales/ja/messages.json
index 2e24fd7c27f..b23e971a8ae 100644
--- a/apps/web/src/locales/ja/messages.json
+++ b/apps/web/src/locales/ja/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "セキュアメモ"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH 鍵"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "名前をコピー"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "自分"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "ウェブ保管庫"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "別のデバイスからのログイン試行を拒否しました。本当にあなたであった場合は、もう一度デバイスでログインしてみてください。"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "ログインリクエストの有効期限が切れています。"
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "ログインリクエストの内容を確認"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "無料体験はあと $COUNT$ 日で終了します。",
     "placeholders": {
diff --git a/apps/web/src/locales/ka/messages.json b/apps/web/src/locales/ka/messages.json
index 9dba6b40e41..30cd7a8b70f 100644
--- a/apps/web/src/locales/ka/messages.json
+++ b/apps/web/src/locales/ka/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "უსაფრთხო ჩანაწერი"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "მე"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/km/messages.json b/apps/web/src/locales/km/messages.json
index 57b7a83469e..79d58617943 100644
--- a/apps/web/src/locales/km/messages.json
+++ b/apps/web/src/locales/km/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/kn/messages.json b/apps/web/src/locales/kn/messages.json
index f47c3f6de5a..787da7b4dc9 100644
--- a/apps/web/src/locales/kn/messages.json
+++ b/apps/web/src/locales/kn/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "ಸುರಕ್ಷಿತ ಟಿಪ್ಪಣಿ"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "ನನ್ನ"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "ವೆಬ್ ವಾಲ್ಟ್"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/ko/messages.json b/apps/web/src/locales/ko/messages.json
index 29d34b2d587..af7442ce153 100644
--- a/apps/web/src/locales/ko/messages.json
+++ b/apps/web/src/locales/ko/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "보안 메모"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "나"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "웹 보관함"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/lv/messages.json b/apps/web/src/locales/lv/messages.json
index 2df1a726859..ff80c724835 100644
--- a/apps/web/src/locales/lv/messages.json
+++ b/apps/web/src/locales/lv/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Droša piezīme"
   },
+  "typeNote": {
+    "message": "Piezīme"
+  },
   "typeSshKey": {
     "message": "SSH atslēga"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Ievietot nosaukumu starpliktuvē"
   },
+  "cardNumber": {
+    "message": "kartes numurs"
+  },
+  "copyFieldCipherName": {
+    "message": "Ievietot starpliktuvē $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Es"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Tīmekļa glabātava"
   },
+  "webApp": {
+    "message": "Tīmekļa lietotne"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Tu noraidīji pieteikšanās mēģinājumu no citas ierīces. Ja tas tiešām biji Tu, mēģini pieteikties no ierīces vēlreiz!"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "$EMAIL$ pieteikšanās pieprasījums apstiprināts $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Tu noraidīji pieteikšanās mēģinājumu no citas ierīces. Ja tas biji Tu, mēģini pieteikties no ierīces vēlreiz!"
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Pieteikšanās pieprasījuma derīgums jau ir beidzies."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Izskatīt pieteikšanās pieprasījumu"
   },
+  "loginRequest": {
+    "message": "Pieteikšanās pieprasījums"
+  },
   "freeTrialEndPromptCount": {
     "message": "Bezmaksas izmēģinājums beigsies pēc $COUNT$ dienām.",
     "placeholders": {
diff --git a/apps/web/src/locales/ml/messages.json b/apps/web/src/locales/ml/messages.json
index 0f37ab5065d..51dc8b6cdf9 100644
--- a/apps/web/src/locales/ml/messages.json
+++ b/apps/web/src/locales/ml/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "സുരക്ഷിത കുറിപ്പ്"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web Vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/mr/messages.json b/apps/web/src/locales/mr/messages.json
index 19cfb6bebc3..86c8a31943d 100644
--- a/apps/web/src/locales/mr/messages.json
+++ b/apps/web/src/locales/mr/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/my/messages.json b/apps/web/src/locales/my/messages.json
index 57b7a83469e..79d58617943 100644
--- a/apps/web/src/locales/my/messages.json
+++ b/apps/web/src/locales/my/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/nb/messages.json b/apps/web/src/locales/nb/messages.json
index c076b67f21e..6018d3664f1 100644
--- a/apps/web/src/locales/nb/messages.json
+++ b/apps/web/src/locales/nb/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Sikkert notat"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH-nøkkel"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Kopiér navn"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Meg"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Netthvelv"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "Ledetekst"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/ne/messages.json b/apps/web/src/locales/ne/messages.json
index 80aed726a98..ba910035310 100644
--- a/apps/web/src/locales/ne/messages.json
+++ b/apps/web/src/locales/ne/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/nl/messages.json b/apps/web/src/locales/nl/messages.json
index 9ee85ea8021..45954a24a3f 100644
--- a/apps/web/src/locales/nl/messages.json
+++ b/apps/web/src/locales/nl/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Veilige notitie"
   },
+  "typeNote": {
+    "message": "Notitie"
+  },
   "typeSshKey": {
     "message": "SSH-sleutel"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Naam kopiëren"
   },
+  "cardNumber": {
+    "message": "kaartnummer"
+  },
+  "copyFieldCipherName": {
+    "message": "$FIELD$, $CIPHERNAME$ kopiëren",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ik"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Webkluis"
   },
+  "webApp": {
+    "message": "Web-app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Je hebt een inlogpoging vanaf een ander apparaat geweigerd. Als je dit toch echt zelf was, probeer dan opnieuw in te loggen met het apparaat."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Inloggen voor $EMAIL$ goedgekeurd op $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Je hebt een inlogpoging vanaf een ander apparaat geweigerd. Als je dit toch echt zelf was, probeer dan opnieuw in te loggen met het apparaat."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Inlogverzoek is al verlopen."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Inlogverzoek afhandelen"
   },
+  "loginRequest": {
+    "message": "Log-inverzoek"
+  },
   "freeTrialEndPromptCount": {
     "message": "Je gratis proefperiode eindigt over $COUNT$ dagen.",
     "placeholders": {
diff --git a/apps/web/src/locales/nn/messages.json b/apps/web/src/locales/nn/messages.json
index 9b74122c868..e04f1cb835f 100644
--- a/apps/web/src/locales/nn/messages.json
+++ b/apps/web/src/locales/nn/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Trygg notat"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Eg"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/or/messages.json b/apps/web/src/locales/or/messages.json
index 57b7a83469e..79d58617943 100644
--- a/apps/web/src/locales/or/messages.json
+++ b/apps/web/src/locales/or/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/pl/messages.json b/apps/web/src/locales/pl/messages.json
index 8665c3ddc32..e2d73ad47b3 100644
--- a/apps/web/src/locales/pl/messages.json
+++ b/apps/web/src/locales/pl/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Bezpieczna notatka"
   },
+  "typeNote": {
+    "message": "Notatka"
+  },
   "typeSshKey": {
     "message": "Klucz SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Skopiuj nazwę"
   },
+  "cardNumber": {
+    "message": "numer karty"
+  },
+  "copyFieldCipherName": {
+    "message": "Kopiuj $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ja"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Sejf internetowy"
   },
+  "webApp": {
+    "message": "Aplikacja internetowa"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Odrzucono próby logowania z innego urządzenia. Jeśli to naprawdę Ty, spróbuj ponownie zalogować się za pomocą urządzenia."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Logowanie potwierdzone dla $EMAIL$ na $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Odrzucono próby logowania z innego urządzenia. Jeśli to naprawdę Ty, spróbuj ponownie zalogować się za pomocą urządzenia."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Prośba logowania wygasła."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Przejrzyj żądanie logowania"
   },
+  "loginRequest": {
+    "message": "Żądanie logowania"
+  },
   "freeTrialEndPromptCount": {
     "message": "Twój okres próbny kończy się za $COUNT$ dni.",
     "placeholders": {
diff --git a/apps/web/src/locales/pt_BR/messages.json b/apps/web/src/locales/pt_BR/messages.json
index 4654fe2c176..09d4b078ee0 100644
--- a/apps/web/src/locales/pt_BR/messages.json
+++ b/apps/web/src/locales/pt_BR/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Nota Segura"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "Chave SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copiar nome"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Eu"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Cofre Web"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Você negou uma tentativa de acesso de outro dispositivo. Se isso realmente foi você, tente fazer login com o dispositivo novamente."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "O pedido de login já expirou."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Revisar solicitação de login"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Seu teste gratuito termina em $COUNT$ dias.",
     "placeholders": {
diff --git a/apps/web/src/locales/pt_PT/messages.json b/apps/web/src/locales/pt_PT/messages.json
index e22731fda35..cda5cec824d 100644
--- a/apps/web/src/locales/pt_PT/messages.json
+++ b/apps/web/src/locales/pt_PT/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Nota segura"
   },
+  "typeNote": {
+    "message": "Nota"
+  },
   "typeSshKey": {
     "message": "Chave SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copiar nome"
   },
+  "cardNumber": {
+    "message": "número do cartão"
+  },
+  "copyFieldCipherName": {
+    "message": "Copiar $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Eu"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Cofre web"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Recusou uma tentativa de início de sessão de outro dispositivo. Se foi realmente o caso, tente iniciar sessão com o dispositivo novamente."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Pedido de início de sessão aprovado para $EMAIL$ no $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Recusou uma tentativa de início de sessão de outro dispositivo. Se foi realmente o caso, tente iniciar sessão com o dispositivo novamente."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "O pedido de início de sessão já expirou."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Rever pedido de início de sessão"
   },
+  "loginRequest": {
+    "message": "Pedido de início de sessão"
+  },
   "freeTrialEndPromptCount": {
     "message": "O seu período experimental gratuito termina dentro de $COUNT$ dias.",
     "placeholders": {
@@ -6660,7 +6702,7 @@
     "message": "URL do servidor da API"
   },
   "webVaultUrl": {
-    "message": "URL do servidor do cofre Web"
+    "message": "URL do servidor do cofre web"
   },
   "identityUrl": {
     "message": "URL do servidor de identidade"
@@ -8877,7 +8919,7 @@
     "message": "Instalar a extensão do navegador"
   },
   "installBrowserExtensionDetails": {
-    "message": "Utilize a extensão para guardar rapidamente as credenciais e preencher automaticamente formulários sem abrir a aplicação Web."
+    "message": "Utilize a extensão para guardar rapidamente as credenciais e preencher automaticamente formulários sem abrir a aplicação web."
   },
   "projectAccessUpdated": {
     "message": "Acesso ao projeto atualizado"
@@ -8939,11 +8981,11 @@
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
-    "message": "Advanced options",
+    "message": "Opções avançadas",
     "description": "Advanced option placeholder for uri option component"
   },
   "warningCapitalized": {
-    "message": "Warning",
+    "message": "Aviso",
     "description": "Warning (should maintain locale-relevant capitalization)"
   },
   "maintainYourSubscription": {
@@ -9008,7 +9050,7 @@
     "message": "Gratuito durante 1 ano"
   },
   "newWebApp": {
-    "message": "Bem-vindo à nova e melhorada aplicação Web. Saiba mais sobre o que mudou."
+    "message": "Bem-vindo à nova e melhorada aplicação web. Saiba mais sobre o que mudou."
   },
   "releaseBlog": {
     "message": "Ler o blogue de lançamento"
@@ -10755,7 +10797,7 @@
     "message": "Tem a certeza de que não pretende adicionar a extensão agora?"
   },
   "skipToWebApp": {
-    "message": "Saltar para a Web app"
+    "message": "Saltar para a aplicação web"
   },
   "bitwardenExtensionInstalled": {
     "message": "Extensão Bitwarden instalada!"
diff --git a/apps/web/src/locales/ro/messages.json b/apps/web/src/locales/ro/messages.json
index 471b6af342b..3d3e48f0893 100644
--- a/apps/web/src/locales/ro/messages.json
+++ b/apps/web/src/locales/ro/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Notă securizată"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "Cheie SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copiați numele"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Eu"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Seif web"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/ru/messages.json b/apps/web/src/locales/ru/messages.json
index 944acc70862..4cf70f03865 100644
--- a/apps/web/src/locales/ru/messages.json
+++ b/apps/web/src/locales/ru/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Защищенная заметка"
   },
+  "typeNote": {
+    "message": "Заметка"
+  },
   "typeSshKey": {
     "message": "Ключ SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Скопировать имя"
   },
+  "cardNumber": {
+    "message": "номер карты"
+  },
+  "copyFieldCipherName": {
+    "message": "Копировать $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Мое"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Веб-хранилище"
   },
+  "webApp": {
+    "message": "Веб-приложение"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Вы отклонили попытку авторизации с другого устройства. Если это действительно были вы, попробуйте авторизоваться с этого устройства еще раз."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Запрос входа для $EMAIL$ на $DEVICE$ одобрен",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Вы отклонили попытку авторизации с другого устройства. Если это были вы, попробуйте авторизоваться с этого устройства еще раз."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Запрос на вход истек."
   },
@@ -3971,7 +4010,7 @@
     "message": "Только что"
   },
   "requestedXMinutesAgo": {
-    "message": "Запрошено $MINUTES$ мин назад",
+    "message": "Запрошено $MINUTES$ минут назад",
     "placeholders": {
       "minutes": {
         "content": "$1",
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Просмотр запроса на вход"
   },
+  "loginRequest": {
+    "message": "Запрос на вход"
+  },
   "freeTrialEndPromptCount": {
     "message": "Ваша бесплатная пробная версия заканчивается через $COUNT$ дней.",
     "placeholders": {
diff --git a/apps/web/src/locales/si/messages.json b/apps/web/src/locales/si/messages.json
index 98bb0c5bfdc..03a569bc56f 100644
--- a/apps/web/src/locales/si/messages.json
+++ b/apps/web/src/locales/si/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/sk/messages.json b/apps/web/src/locales/sk/messages.json
index 3ffbd08d86e..5543fc20820 100644
--- a/apps/web/src/locales/sk/messages.json
+++ b/apps/web/src/locales/sk/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Zabezpečená poznámka"
   },
+  "typeNote": {
+    "message": "Poznámka"
+  },
   "typeSshKey": {
     "message": "Kľúč SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Kopírovať meno"
   },
+  "cardNumber": {
+    "message": "číslo karty"
+  },
+  "copyFieldCipherName": {
+    "message": "Kopírovať $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ja"
   },
@@ -1785,7 +1805,7 @@
     "message": "Ak budete pokračovať, budete odhlásený a budete sa musieť opäť prihlásiť. Aktívne sedenia na iných zariadeniach môžu byť aktívne ešte hodinu."
   },
   "changePasswordWarning": {
-    "message": "After changing your password, you will need to log in with your new password. Active sessions on other devices will be logged out within one hour."
+    "message": "Po zmene hesla sa musíte prihlásiť pomocou nového hesla. Aktívne relácie na iných zariadeniach budú do jednej hodiny odhlásené."
   },
   "emailChanged": {
     "message": "E-mail bol zmenený"
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Webový trezor"
   },
+  "webApp": {
+    "message": "Webová aplikácia"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Odmietli ste pokus o prihlásenie z iného zariadenia. Ak ste to boli naozaj vy, skúste sa prihlásiť pomocou zariadenia znova."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Potvrdené prihlásenie pre $EMAIL$ na $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Odmietli ste pokus o prihlásenie z iného zariadenia. Ak ste to boli vy, skúste sa prihlásiť pomocou zariadenia znova."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Platnosť žiadosti o prihlásenie už vypršala."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Skontrolovať požiadavku o prihlásenie"
   },
+  "loginRequest": {
+    "message": "Žiadosť o prihlásenie"
+  },
   "freeTrialEndPromptCount": {
     "message": "Vaše bezplatné skúšobné obdobie vyprší o $COUNT$ dní.",
     "placeholders": {
@@ -6077,10 +6119,10 @@
     "message": "Aktualizovať hlavné heslo"
   },
   "accountRecoveryUpdateMasterPasswordSubtitle": {
-    "message": "Change your master password to complete account recovery."
+    "message": "Zmeňte hlavné heslo, aby ste dokončili obnovenie účtu."
   },
   "updateMasterPasswordSubtitle": {
-    "message": "Your master password does not meet this organization’s requirements. Change your master password to continue."
+    "message": "Vaše hlavné heslo nespĺňa požiadavky tejto organizácie. Ak chcete pokračovať, zmeňte hlavné heslo."
   },
   "updateMasterPasswordWarning": {
     "message": "Vaše hlavné heslo nedávno zmenil správca vo vašej organizácii. Ak chcete získať prístup k trezoru, musíte aktualizovať vaše hlavné heslo teraz. Pokračovaním sa odhlásite z aktuálnej relácie a budete sa musieť znova prihlásiť. Aktívne relácie na iných zariadeniach môžu zostať aktívne až jednu hodinu."
@@ -8463,10 +8505,10 @@
     "message": "Žiadosť o schválenie správcom"
   },
   "unableToCompleteLogin": {
-    "message": "Unable to complete login"
+    "message": "Nepodarilo sa dokončiť prihlásenie"
   },
   "loginOnTrustedDeviceOrAskAdminToAssignPassword": {
-    "message": "You need to log in on a trusted device or ask your administrator to assign you a password."
+    "message": "Musíte sa prihlásiť na dôveryhodnom zariadení alebo požiadať správcu o priradenie hesla."
   },
   "trustedDeviceEncryption": {
     "message": "Šifrovanie dôveryhodného zariadenia"
@@ -8923,27 +8965,27 @@
     "description": "Label indicating the most common import formats"
   },
   "uriMatchDefaultStrategyHint": {
-    "message": "URI match detection is how Bitwarden identifies autofill suggestions.",
+    "message": "Zisťovanie zhody URI je spôsob, akým Bitwarden identifikuje návrhy na automatické vypĺňanie.",
     "description": "Explains to the user that URI match detection determines how Bitwarden suggests autofill options, and clarifies that this default strategy applies when no specific match detection is set for a login item."
   },
   "regExAdvancedOptionWarning": {
-    "message": "\"Regular expression\" is an advanced option with increased risk of exposing credentials.",
+    "message": "\"Regulárny výraz\" je pokročilá možnosť so zvýšeným rizikom odhalenia prihlasovacích údajov.",
     "description": "Content for dialog which warns a user when selecting 'regular expression' matching strategy as a cipher match strategy"
   },
   "startsWithAdvancedOptionWarning": {
-    "message": "\"Starts with\" is an advanced option with increased risk of exposing credentials.",
+    "message": "\"Začína na\" je rozšírená možnosť so zvýšeným rizikom odhalenia prihlasovacích údajov.",
     "description": "Content for dialog which warns a user when selecting 'starts with' matching strategy as a cipher match strategy"
   },
   "uriMatchWarningDialogLink": {
-    "message": "More about match detection",
+    "message": "Viac informácií o zisťovaní zhody",
     "description": "Link to match detection docs on warning dialog for advance match strategy"
   },
   "uriAdvancedOption": {
-    "message": "Advanced options",
+    "message": "Rozšírené možnosti",
     "description": "Advanced option placeholder for uri option component"
   },
   "warningCapitalized": {
-    "message": "Warning",
+    "message": "Upozornenie",
     "description": "Warning (should maintain locale-relevant capitalization)"
   },
   "maintainYourSubscription": {
@@ -10737,49 +10779,49 @@
     "example": "Store your keys and connect with the SSH agent for fast, encrypted authentication. Learn more about SSH agent"
   },
   "setupExtensionPageTitle": {
-    "message": "Autofill your passwords securely with one click"
+    "message": "Jedným klikom automaticky a bezpečne vyplňte vaše heslá"
   },
   "setupExtensionPageDescription": {
-    "message": "Get the Bitwarden browser extension and start autofilling today"
+    "message": "Získajte rozšírenie Bitwarden pre prehliadače a začnite automaticky vypĺňať heslá už dnes"
   },
   "getTheExtension": {
-    "message": "Get the extension"
+    "message": "Získať rozšírenie"
   },
   "addItLater": {
-    "message": "Add it later"
+    "message": "Pridať neskor"
   },
   "cannotAutofillPasswordsWithoutExtensionTitle": {
-    "message": "You can't autofill passwords without the browser extension"
+    "message": "Bez rozšírenia Bitwarden pre prehliadače nie je možné automaticky vypĺňať heslá"
   },
   "cannotAutofillPasswordsWithoutExtensionDesc": {
-    "message": "Are you sure you don't want to add the extension now?"
+    "message": "Naozaj teraz nechcete pridať rozšírenie?"
   },
   "skipToWebApp": {
-    "message": "Skip to web app"
+    "message": "Preskočiť na webovú aplikáciu"
   },
   "bitwardenExtensionInstalled": {
-    "message": "Bitwarden extension installed!"
+    "message": "Rozšírenie Bitwarden nainštalované!"
   },
   "openExtensionToAutofill": {
-    "message": "Open the extension to log in and start autofilling."
+    "message": "Otvorte rozšírenie, prihláste sa a začnite automatické vypĺňanie."
   },
   "openBitwardenExtension": {
-    "message": "Open Bitwarden extension"
+    "message": "Otvoriť rozšírenie Bitwarden"
   },
   "gettingStartedWithBitwardenPart1": {
-    "message": "For tips on getting started with Bitwarden visit the",
+    "message": "Pre tipy ako začať s Bitwarden, navštívte",
     "description": "This will be displayed as part of a larger sentence. The whole sentence reads: 'For tips on getting started with Bitwarden visit the Learning Center and Help Center'"
   },
   "gettingStartedWithBitwardenPart2": {
-    "message": "Learning Center",
+    "message": "Vzdelávacie centrum",
     "description": "This will be displayed as part of a larger sentence. The whole sentence reads: 'For tips on getting started with Bitwarden visit the Learning Center and Help Center'"
   },
   "gettingStartedWithBitwardenPart3": {
-    "message": "Help Center",
+    "message": "Centrum pomoci",
     "description": "This will be displayed as part of a larger sentence. The whole sentence reads: 'For tips on getting started with Bitwarden visit the Learning Center and Help Center'"
   },
   "setupExtensionContentAlt": {
-    "message": "With the Bitwarden browser extension you can easily create new logins, access your saved logins directly from your browser toolbar, and sign in to accounts quickly using Bitwarden autofill."
+    "message": "S rozšírením Bitwarden pre prehliadače ľahko vytvorite nove prihlasovacie údaje, pristúpite k vaším uloženým údajom priamo z prehliadača a rýchlo sa prihlásite pomocou Bitwarden automatického vypĺňania."
   },
   "restart": {
     "message": "Reštartovať"
@@ -10808,46 +10850,46 @@
     "description": "Error message shown when trying to add credit to a trialing organization without a billing address."
   },
   "billingAddress": {
-    "message": "Billing address"
+    "message": "Fakturačná adresa"
   },
   "addBillingAddress": {
-    "message": "Add billing address"
+    "message": "Pridať fakturačnú adresu"
   },
   "editBillingAddress": {
-    "message": "Edit billing address"
+    "message": "Upraviť fakturačnú adresu"
   },
   "noBillingAddress": {
-    "message": "No address on file."
+    "message": "Žiadna adresa v záznamoch."
   },
   "billingAddressUpdated": {
-    "message": "Your billing address has been updated."
+    "message": "Vaša fakturačná adresa bola aktualizovaná."
   },
   "paymentDetails": {
-    "message": "Payment details"
+    "message": "Platobné údaje"
   },
   "paymentMethodUpdated": {
-    "message": "Your payment method has been updated."
+    "message": "Vaša platobná metóda bola aktualizovaná."
   },
   "bankAccountVerified": {
-    "message": "Your bank account has been verified."
+    "message": "Váš bankový účet bol overený."
   },
   "availableCreditAppliedToInvoice": {
-    "message": "Any available credit will be automatically applied towards invoices generated for this account."
+    "message": "Dostupný kredit sa automaticky použije na faktúry vytvorené pre tento účet."
   },
   "mustBePositiveNumber": {
-    "message": "Must be a positive number"
+    "message": "Musí byť kladné číslo"
   },
   "cardSecurityCode": {
-    "message": "Card security code"
+    "message": "Bezpečnostný kód karty"
   },
   "cardSecurityCodeDescription": {
-    "message": "Card security code, also known as CVV or CVC, is typically a 3 digit number printed on the back of your credit card or 4 digit number printed on the front above your card number."
+    "message": "Bezpečnostný kód karty, známy aj ako CVV alebo CVC, je zvyčajne trojmiestne číslo vytlačené na zadnej strane kreditnej karty alebo štvormiestne číslo vytlačené na prednej strane nad číslom karty."
   },
   "verifyBankAccountWarning": {
-    "message": "Payment with a bank account is only available to customers in the United States. You will be required to verify your bank account. We will make a micro-deposit within the next 1-2 business days. Enter the statement descriptor code from this deposit on the Payment Details page to verify the bank account. Failure to verify the bank account will result in a missed payment and your subscription being suspended."
+    "message": "Platba prostredníctvom bankového účtu je dostupná len pre zákazníkov v Spojených Štátoch. Budete musieť overiť svoj bankový účet. V priebehu nasledujúcich 1-2 pracovných dní vykonáme mikro vklad. Na overenie bankového účtu zadajte kód popisu výpisu z tohto vkladu na fakturačnej stránke. Neoverenie bankového účtu bude mať za následok neuskutočnenie platby a pozastavenie vášho predplatného."
   },
   "taxId": {
-    "message": "Tax ID: $TAX_ID$",
+    "message": "Daňové ID: $TAX_ID$",
     "placeholders": {
       "tax_id": {
         "content": "$1",
diff --git a/apps/web/src/locales/sl/messages.json b/apps/web/src/locales/sl/messages.json
index 432c94ded26..d210b85efb4 100644
--- a/apps/web/src/locales/sl/messages.json
+++ b/apps/web/src/locales/sl/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Zavarovan zapisek"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Jaz"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/sr_CS/messages.json b/apps/web/src/locales/sr_CS/messages.json
index 05ec916c8bb..eab8e098d81 100644
--- a/apps/web/src/locales/sr_CS/messages.json
+++ b/apps/web/src/locales/sr_CS/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Zaštićena beleška"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/sr_CY/messages.json b/apps/web/src/locales/sr_CY/messages.json
index fd566100c6d..2bdd42ff340 100644
--- a/apps/web/src/locales/sr_CY/messages.json
+++ b/apps/web/src/locales/sr_CY/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Сигурносна белешка"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH кључ"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Копирати име"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ја"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Интернет Сеф"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Одбили сте покушај пријаве са другог уређаја. Ако сте то заиста били ви, покушајте поново да се пријавите помоћу уређаја."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Захтев за пријаву је већ истекао."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Прегледајте захтев за пријаву"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Ваша проба се завршава за $COUNT$ дана.",
     "placeholders": {
diff --git a/apps/web/src/locales/sv/messages.json b/apps/web/src/locales/sv/messages.json
index 8a8b5d4fdc7..6fea9ba15d3 100644
--- a/apps/web/src/locales/sv/messages.json
+++ b/apps/web/src/locales/sv/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Säker anteckning"
   },
+  "typeNote": {
+    "message": "Anteckning"
+  },
   "typeSshKey": {
     "message": "SSH-nyckel"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Kopiera namn"
   },
+  "cardNumber": {
+    "message": "kortnummer"
+  },
+  "copyFieldCipherName": {
+    "message": "Kopiera $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Jag"
   },
@@ -1061,7 +1081,7 @@
     "message": "Logga in med huvudlösenord"
   },
   "readingPasskeyLoading": {
-    "message": "Läser nyckel..."
+    "message": "Läser inloggningsnyckel..."
   },
   "readingPasskeyLoadingInfo": {
     "message": "Håll det här fönstret öppet och följ anvisningarna från din webbläsare."
@@ -1085,7 +1105,7 @@
     "message": "Tvåstegsverifiering stöds inte för nycklar. Uppdatera appen för att logga in."
   },
   "loginWithPasskeyInfo": {
-    "message": "Använd en genererad nyckel som automatiskt loggar in dig utan lösenord. Din identitet verifieras med biometri, såsom ansiktsigenkänning eller fingeravtryck, eller en annan FIDO2-säkerhetsmetod."
+    "message": "Använd en genererad inloggningsnyckel som automatiskt loggar in dig utan lösenord. Din identitet verifieras med biometri, såsom ansiktsigenkänning eller fingeravtryck, eller en annan FIDO2-säkerhetsmetod."
   },
   "newPasskey": {
     "message": "Ny nyckel"
@@ -1100,16 +1120,16 @@
     "message": "Håll det här fönstret öppet och följ anvisningarna från din webbläsare."
   },
   "errorCreatingPasskey": {
-    "message": "Fel vid skapande av nyckel"
+    "message": "Fel vid skapande av inloggningsnyckel"
   },
   "errorCreatingPasskeyInfo": {
-    "message": "Det uppstod ett problem med att skapa nyckeln."
+    "message": "Det uppstod ett problem med att skapa din inloggningsnyckel."
   },
   "passkeySuccessfullyCreated": {
-    "message": "Nyckeln har skapats!"
+    "message": "Inloggningsnyckeln har skapats!"
   },
   "customPasskeyNameInfo": {
-    "message": "Namnge din nyckel för att hjälpa dig att identifiera den."
+    "message": "Namnge din inloggningsnyckel för att hjälpa dig att identifiera den."
   },
   "useForVaultEncryption": {
     "message": "Använd för valvkryptering"
@@ -1118,7 +1138,7 @@
     "message": "Logga in och lås upp utan ditt huvudlösenord på enheter som stöds. Följ anvisningarna från din webbläsare för att slutföra konfigurationen."
   },
   "useForVaultEncryptionErrorReadingPasskey": {
-    "message": "Fel när nyckeln skulle läsas. Försök igen eller avmarkera det här alternativet."
+    "message": "Fel när inloggningsnyckeln skulle läsas. Försök igen eller avmarkera det här alternativet."
   },
   "encryptionNotSupported": {
     "message": "Kryptering stöds inte"
@@ -1130,7 +1150,7 @@
     "message": "Används för kryptering"
   },
   "loginWithPasskeyEnabled": {
-    "message": "Inloggning med nyckel är aktiverad"
+    "message": "Inloggning med inloggningsnyckel är aktiverad"
   },
   "passkeySaved": {
     "message": "$NAME$ sparad",
@@ -1142,16 +1162,16 @@
     }
   },
   "passkeyRemoved": {
-    "message": "Nyckel borttagen"
+    "message": "Inloggningsnyckel borttagen"
   },
   "removePasskey": {
-    "message": "Ta bort nyckel"
+    "message": "Ta bort inloggningsnyckel"
   },
   "removePasskeyInfo": {
     "message": "Om alla nycklar tas bort kommer du inte kunna logga in på nya enheter utan ditt huvudlösenord."
   },
   "passkeyLimitReachedInfo": {
-    "message": "Gränsen för antal nycklar har uppnåtts. Ta bort en nyckel innan du lägger till en ny."
+    "message": "Gränsen för antal inloggningsnycklar har uppnåtts. Ta bort en inloggningsnyckel innan du lägger till en ny."
   },
   "tryAgain": {
     "message": "Försök igen"
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Webbvalv"
   },
+  "webApp": {
+    "message": "Webbapp"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Du nekade ett inloggningsförsök från en annan enhet. Om detta verkligen var du, försök att logga in med enheten igen."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Inloggningsbegäran godkänd för $EMAIL$ på $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Du nekade ett inloggningsförsök från en annan enhet. Om det var du, försök att logga in med enheten igen."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Inloggningsbegäran har redan löpt ut."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Granska begäran om inloggning"
   },
+  "loginRequest": {
+    "message": "Inloggningsbegäran"
+  },
   "freeTrialEndPromptCount": {
     "message": "Din kostnadsfria testperiod avslutas om $COUNT$ dagar.",
     "placeholders": {
@@ -5048,7 +5090,7 @@
     "message": "SSO-identifierare"
   },
   "ssoIdentifierHintPartOne": {
-    "message": "Ge detta ID till dina medlemmar så att de kan logga in med SSO. För att kringgå detta steg, konfigurera",
+    "message": "Ge detta ID till dina medlemmar så att de kan logga in med SSO. För att kringgå detta steg, konfigurera ",
     "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Provide this ID to your members to login with SSO. To bypass this step, set up Domain verification'"
   },
   "unlinkSso": {
@@ -6582,7 +6624,7 @@
     "message": "Migrerad till Key Connector"
   },
   "paymentSponsored": {
-    "message": "Ange en betalningsmetod som ska kopplas till organisationen. Oroa dig inte, vi kommer inte att debitera dig något om du inte väljer ytterligare funktioner eller om ditt sponsorskap upphör."
+    "message": "Ange en betalningsmetod som ska kopplas till organisationen. Oroa dig inte, vi kommer inte att debitera dig något om du inte väljer ytterligare funktioner eller om ditt sponsorskap upphör. "
   },
   "orgCreatedSponsorshipInvalid": {
     "message": "Sponsringserbjudandet har löpt ut. Du kan ta bort den organisation du skapade för att undvika en kostnad i slutet av din 7-dagars provperiod. Annars kan du stänga den här prompten för att behålla organisationen och ta på dig faktureringsansvaret."
@@ -8855,10 +8897,10 @@
     "message": "Nyckel"
   },
   "passkeyNotCopied": {
-    "message": "Nyckeln kommer inte att kopieras"
+    "message": "Inloggningsnyckeln kommer inte att kopieras"
   },
   "passkeyNotCopiedAlert": {
-    "message": "Nyckeln kommer inte att kopieras till det klonade föremålet. Vill du fortsätta klona det här objektet?"
+    "message": "Inloggningsnyckeln kommer inte att kopieras till det klonade föremålet. Vill du fortsätta klona det här objektet?"
   },
   "modifiedCollectionManagement": {
     "message": "Modifierad inställning för samlingshantering $ID$.",
@@ -8970,7 +9012,7 @@
     "message": "Tack för att du anmälde dig till Bitwarden Secrets Manager!"
   },
   "smFreeTrialConfirmationEmail": {
-    "message": "Vi har skickat ett bekräftelsemail till din e-postadress på"
+    "message": "Vi har skickat ett bekräftelsemail till din e-postadress på "
   },
   "sorryToSeeYouGo": {
     "message": "Ledsen att se dig gå! Hjälp till att förbättra Bitwarden genom att dela med dig av varför du avbokar.",
@@ -9254,7 +9296,7 @@
     "message": "Ge grupper eller personer tillgång till detta maskinkonto."
   },
   "machineAccountProjectsDescription": {
-    "message": "Tilldela projekt till detta maskinkonto."
+    "message": "Tilldela projekt till detta maskinkonto. "
   },
   "createMachineAccount": {
     "message": "Skapa ett maskinkonto"
@@ -9398,7 +9440,7 @@
     "message": "SCIM"
   },
   "scimIntegrationDescStart": {
-    "message": "Konfigurera",
+    "message": "Konfigurera ",
     "description": "This represents the beginning of a sentence, broken up to include links. The full sentence will be 'Configure SCIM (System for Cross-domain Identity Management) to automatically provision users and groups to Bitwarden using the implementation guide for your Identity Provider"
   },
   "scimIntegrationDescEnd": {
@@ -9807,10 +9849,10 @@
     "message": "Ladda ner CSV"
   },
   "monthlySubscriptionUserSeatsMessage": {
-    "message": "Justeringar av din prenumeration kommer att resultera i proportionella debiteringar av dina faktureringssummor på din nästa faktureringsperiod."
+    "message": "Justeringar av din prenumeration kommer att resultera i proportionella debiteringar av dina faktureringssummor på din nästa faktureringsperiod. "
   },
   "annualSubscriptionUserSeatsMessage": {
-    "message": "Justeringar av din prenumeration kommer att resultera i proportionella avgifter på en månatlig faktureringscykel."
+    "message": "Justeringar av din prenumeration kommer att resultera i proportionella avgifter på en månatlig faktureringscykel. "
   },
   "billingHistoryDescription": {
     "message": "Ladda ner en CSV-fil för att få fram klientuppgifter för varje faktureringsdatum. Proraterade avgifter ingår inte i CSV-filen och kan skilja sig från den länkade fakturan. De mest exakta faktureringsuppgifterna hittar du på dina månadsfakturor.",
@@ -9974,7 +10016,7 @@
     "message": "Valfri lokal hosting"
   },
   "upgradeFreeOrganization": {
-    "message": "Uppgradera din $NAME$-organisation",
+    "message": "Uppgradera din $NAME$-organisation ",
     "placeholders": {
       "name": {
         "content": "$1",
@@ -10835,7 +10877,7 @@
     "message": "Eventuell tillgänglig kredit kommer automatiskt att tillämpas på fakturor som genereras för detta konto."
   },
   "mustBePositiveNumber": {
-    "message": "Måste vara ett positivt nummer."
+    "message": "Måste vara ett positivt tal"
   },
   "cardSecurityCode": {
     "message": "Kortets säkerhetskod"
diff --git a/apps/web/src/locales/te/messages.json b/apps/web/src/locales/te/messages.json
index 57b7a83469e..79d58617943 100644
--- a/apps/web/src/locales/te/messages.json
+++ b/apps/web/src/locales/te/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Me"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/th/messages.json b/apps/web/src/locales/th/messages.json
index 9562698d1b3..7adae0d45f7 100644
--- a/apps/web/src/locales/th/messages.json
+++ b/apps/web/src/locales/th/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Secure note"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "ฉัน"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web vault"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Login request has already expired."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/tr/messages.json b/apps/web/src/locales/tr/messages.json
index 4a336df5a9f..34b549ba813 100644
--- a/apps/web/src/locales/tr/messages.json
+++ b/apps/web/src/locales/tr/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Güvenli not"
   },
+  "typeNote": {
+    "message": "Not"
+  },
   "typeSshKey": {
     "message": "SSH key"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Adı kopyala"
   },
+  "cardNumber": {
+    "message": "kart numarası"
+  },
+  "copyFieldCipherName": {
+    "message": "Kopyala: $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Ben"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Web kasası"
   },
+  "webApp": {
+    "message": "Web uygulaması"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Başka bir cihazdan giriş isteğini reddettiniz. Yanlışlıkla yaptıysanız aynı cihazdan yeniden giriş yapmayı deneyin."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "$DEVICE$ cihazında $EMAIL$ girişi onaylandı",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "Başka bir cihazdan giriş isteğini reddettiniz. Yanlışlıkla yaptıysanız aynı cihazdan yeniden giriş yapmayı deneyin."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Giriş isteğinin süresi doldu."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Giriş isteği"
+  },
   "freeTrialEndPromptCount": {
     "message": "Your free trial ends in $COUNT$ days.",
     "placeholders": {
diff --git a/apps/web/src/locales/uk/messages.json b/apps/web/src/locales/uk/messages.json
index cc59b1b39c9..3fa6e0cceb1 100644
--- a/apps/web/src/locales/uk/messages.json
+++ b/apps/web/src/locales/uk/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Захищена нотатка"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "Ключ SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Копіювати ім'я"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Я"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Вебсховище"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Ви відхилили спробу входу з іншого пристрою. Якщо це були дійсно ви, спробуйте увійти з пристроєм знову."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Термін дії запиту на вхід завершився."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Переглянути запит входу"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Ваш безплатний пробний період завершується через $COUNT$ днів.",
     "placeholders": {
diff --git a/apps/web/src/locales/vi/messages.json b/apps/web/src/locales/vi/messages.json
index b1bc5557228..a9832ed445c 100644
--- a/apps/web/src/locales/vi/messages.json
+++ b/apps/web/src/locales/vi/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "Ghi chú"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "Khóa SSH"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Sao chép tên"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "Tôi"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "Kho web"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "Bạn đã từ chối một lần đăng nhập từ thiết bị khác. Nếu thực sự là bạn, hãy thử đăng nhập lại bằng thiết bị đó."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "Yêu cầu đăng nhập đã hết hạn."
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Xem xét yêu cầu đăng nhập"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "Thời gian dùng thử miễn phí của bạn sẽ kết thúc trong $COUNT$ ngày.",
     "placeholders": {
diff --git a/apps/web/src/locales/zh_CN/messages.json b/apps/web/src/locales/zh_CN/messages.json
index 42157058174..5bc6c472cd1 100644
--- a/apps/web/src/locales/zh_CN/messages.json
+++ b/apps/web/src/locales/zh_CN/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "安全笔记"
   },
+  "typeNote": {
+    "message": "笔记"
+  },
   "typeSshKey": {
     "message": "SSH 密钥"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "复制名称"
   },
+  "cardNumber": {
+    "message": "卡号"
+  },
+  "copyFieldCipherName": {
+    "message": "复制 $FIELD$、$CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "我"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "网页密码库"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "您拒绝了一个来自其他设备的登录尝试。若确实是您本人，请尝试再次发起设备登录。"
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "登录请求已过期。"
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "审查登录请求"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "您的免费试用将于 $COUNT$ 天后结束。",
     "placeholders": {
diff --git a/apps/web/src/locales/zh_TW/messages.json b/apps/web/src/locales/zh_TW/messages.json
index 3cdf7bd7944..4bba75e84ef 100644
--- a/apps/web/src/locales/zh_TW/messages.json
+++ b/apps/web/src/locales/zh_TW/messages.json
@@ -647,6 +647,9 @@
   "typeSecureNote": {
     "message": "安全筆記"
   },
+  "typeNote": {
+    "message": "Note"
+  },
   "typeSshKey": {
     "message": "SSH 金鑰"
   },
@@ -861,6 +864,23 @@
   "copyName": {
     "message": "Copy name"
   },
+  "cardNumber": {
+    "message": "card number"
+  },
+  "copyFieldCipherName": {
+    "message": "Copy $FIELD$, $CIPHERNAME$",
+    "description": "Title for a button that copies a field value to the clipboard.",
+    "placeholders": {
+      "field": {
+        "content": "$1",
+        "example": "Username"
+      },
+      "ciphername": {
+        "content": "$2",
+        "example": "Login Item"
+      }
+    }
+  },
   "me": {
     "message": "我"
   },
@@ -3482,6 +3502,9 @@
   "webVault": {
     "message": "網頁版密碼庫"
   },
+  "webApp": {
+    "message": "Web app"
+  },
   "cli": {
     "message": "CLI 命令列介面"
   },
@@ -3964,6 +3987,22 @@
   "youDeniedALogInAttemptFromAnotherDevice": {
     "message": "You denied a login attempt from another device. If this really was you, try to log in with the device again."
   },
+  "loginRequestApprovedForEmailOnDevice": {
+    "message": "Login request approved for $EMAIL$ on $DEVICE$",
+    "placeholders": {
+      "email": {
+        "content": "$1",
+        "example": "name@example.com"
+      },
+      "device": {
+        "content": "$2",
+        "example": "Web app - Chrome"
+      }
+    }
+  },
+  "youDeniedLoginAttemptFromAnotherDevice": {
+    "message": "You denied a login attempt from another device. If this was you, try to log in with the device again."
+  },
   "loginRequestHasAlreadyExpired": {
     "message": "登入要求已逾期。"
   },
@@ -4108,6 +4147,9 @@
   "reviewLoginRequest": {
     "message": "Review login request"
   },
+  "loginRequest": {
+    "message": "Login request"
+  },
   "freeTrialEndPromptCount": {
     "message": "您的免費試用將於 $COUNT$ 天後結束。",
     "placeholders": {
diff --git a/bitwarden_license/bit-common/src/dirt/reports/risk-insights/models/password-health.ts b/bitwarden_license/bit-common/src/dirt/reports/risk-insights/models/password-health.ts
index 62eb0122dca..6be24d60b89 100644
--- a/bitwarden_license/bit-common/src/dirt/reports/risk-insights/models/password-health.ts
+++ b/bitwarden_license/bit-common/src/dirt/reports/risk-insights/models/password-health.ts
@@ -158,6 +158,13 @@ export interface PasswordHealthReportApplicationsRequest {
   url: string;
 }
 
+export interface EncryptedDataModel {
+  organizationId: OrganizationId;
+  encryptedData: string;
+  encryptionKey: string;
+  date: Date;
+}
+
 // FIXME: update to use a const object instead of a typescript enum
 // eslint-disable-next-line @bitwarden/platform/no-enums
 export enum DrawerType {
diff --git a/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/risk-insights-api.service.spec.ts b/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/risk-insights-api.service.spec.ts
new file mode 100644
index 00000000000..ef9fc768944
--- /dev/null
+++ b/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/risk-insights-api.service.spec.ts
@@ -0,0 +1,83 @@
+import { mock } from "jest-mock-extended";
+
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+
+import { EncryptedDataModel } from "../models/password-health";
+
+import { RiskInsightsApiService } from "./risk-insights-api.service";
+
+describe("RiskInsightsApiService", () => {
+  let service: RiskInsightsApiService;
+  const mockApiService = mock<ApiService>();
+
+  beforeEach(() => {
+    service = new RiskInsightsApiService(mockApiService);
+  });
+
+  it("should be created", () => {
+    expect(service).toBeTruthy();
+  });
+
+  describe("getRiskInsightsSummary", () => {
+    it("should call apiService.send with correct parameters and return an Observable", (done) => {
+      const orgId = "org123";
+      const minDate = new Date("2024-01-01");
+      const maxDate = new Date("2024-01-31");
+      const mockResponse: EncryptedDataModel[] = [{ encryptedData: "abc" } as EncryptedDataModel];
+
+      mockApiService.send.mockResolvedValueOnce(mockResponse);
+
+      service.getRiskInsightsSummary(orgId, minDate, maxDate).subscribe((result) => {
+        expect(mockApiService.send).toHaveBeenCalledWith(
+          "GET",
+          `organization-report-summary/org123?from=2024-01-01&to=2024-01-31`,
+          null,
+          true,
+          true,
+        );
+        expect(result).toEqual(mockResponse);
+        done();
+      });
+    });
+  });
+
+  describe("saveRiskInsightsSummary", () => {
+    it("should call apiService.send with correct parameters and return an Observable", (done) => {
+      const data: EncryptedDataModel = { encryptedData: "xyz" } as EncryptedDataModel;
+
+      mockApiService.send.mockResolvedValueOnce(undefined);
+
+      service.saveRiskInsightsSummary(data).subscribe((result) => {
+        expect(mockApiService.send).toHaveBeenCalledWith(
+          "POST",
+          "organization-report-summary",
+          data,
+          true,
+          true,
+        );
+        expect(result).toBeUndefined();
+        done();
+      });
+    });
+  });
+
+  describe("updateRiskInsightsSummary", () => {
+    it("should call apiService.send with correct parameters and return an Observable", (done) => {
+      const data: EncryptedDataModel = { encryptedData: "xyz" } as EncryptedDataModel;
+
+      mockApiService.send.mockResolvedValueOnce(undefined);
+
+      service.updateRiskInsightsSummary(data).subscribe((result) => {
+        expect(mockApiService.send).toHaveBeenCalledWith(
+          "PUT",
+          "organization-report-summary",
+          data,
+          true,
+          true,
+        );
+        expect(result).toBeUndefined();
+        done();
+      });
+    });
+  });
+});
diff --git a/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/risk-insights-api.service.ts b/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/risk-insights-api.service.ts
new file mode 100644
index 00000000000..0d69947b826
--- /dev/null
+++ b/bitwarden_license/bit-common/src/dirt/reports/risk-insights/services/risk-insights-api.service.ts
@@ -0,0 +1,45 @@
+import { from, Observable } from "rxjs";
+
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+
+import { EncryptedDataModel } from "../models/password-health";
+
+export class RiskInsightsApiService {
+  constructor(private apiService: ApiService) {}
+
+  getRiskInsightsSummary(
+    orgId: string,
+    minDate: Date,
+    maxDate: Date,
+  ): Observable<EncryptedDataModel[]> {
+    const minDateStr = minDate.toISOString().split("T")[0];
+    const maxDateStr = maxDate.toISOString().split("T")[0];
+    const dbResponse = this.apiService.send(
+      "GET",
+      `organization-report-summary/${orgId.toString()}?from=${minDateStr}&to=${maxDateStr}`,
+      null,
+      true,
+      true,
+    );
+
+    return from(dbResponse as Promise<EncryptedDataModel[]>);
+  }
+
+  saveRiskInsightsSummary(data: EncryptedDataModel): Observable<void> {
+    const dbResponse = this.apiService.send(
+      "POST",
+      "organization-report-summary",
+      data,
+      true,
+      true,
+    );
+
+    return from(dbResponse as Promise<void>);
+  }
+
+  updateRiskInsightsSummary(data: EncryptedDataModel): Observable<void> {
+    const dbResponse = this.apiService.send("PUT", "organization-report-summary", data, true, true);
+
+    return from(dbResponse as Promise<void>);
+  }
+}
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.html b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.html
index 4b8d916f776..20afe902b73 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.html
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.html
@@ -4,8 +4,8 @@
   </button>
 </app-header>
 
-<p bitTypography="body1" class="tw-text-main tw-w-2/5">
-  {{ "claimedDomainsDesc" | i18n }}
+<p bitTypography="body1" class="tw-text-main tw-max-w-4xl">
+  {{ "claimedDomainsDescription" | i18n }}
   <a
     bitLink
     target="_blank"
diff --git a/libs/admin-console/src/common/collections/models/collection-admin.view.ts b/libs/admin-console/src/common/collections/models/collection-admin.view.ts
index cfc9996cd7a..dd7a57013ca 100644
--- a/libs/admin-console/src/common/collections/models/collection-admin.view.ts
+++ b/libs/admin-console/src/common/collections/models/collection-admin.view.ts
@@ -1,5 +1,3 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 
 import { CollectionAccessSelectionView } from "./collection-access-selection.view";
@@ -16,12 +14,12 @@ export class CollectionAdminView extends CollectionView {
    * Flag indicating the collection has no active user or group assigned to it with CanManage permissions
    * In this case, the collection can be managed by admins/owners or custom users with appropriate permissions
    */
-  unmanaged: boolean;
+  unmanaged: boolean = false;
 
   /**
    * Flag indicating the user has been explicitly assigned to this Collection
    */
-  assigned: boolean;
+  assigned: boolean = false;
 
   constructor(response?: CollectionAccessDetailsResponse) {
     super(response);
@@ -45,6 +43,10 @@ export class CollectionAdminView extends CollectionView {
    * Returns true if the user can edit a collection (including user and group access) from the Admin Console.
    */
   override canEdit(org: Organization): boolean {
+    if (this.isDefaultCollection) {
+      return false;
+    }
+
     return (
       org?.canEditAnyCollection ||
       (this.unmanaged && org?.canEditUnmanagedCollections) ||
@@ -56,6 +58,10 @@ export class CollectionAdminView extends CollectionView {
    * Returns true if the user can delete a collection from the Admin Console.
    */
   override canDelete(org: Organization): boolean {
+    if (this.isDefaultCollection) {
+      return false;
+    }
+
     return org?.canDeleteAnyCollection || super.canDelete(org);
   }
 
@@ -63,6 +69,10 @@ export class CollectionAdminView extends CollectionView {
    * Whether the user can modify user access to this collection
    */
   canEditUserAccess(org: Organization): boolean {
+    if (this.isDefaultCollection) {
+      return false;
+    }
+
     return (
       (org.permissions.manageUsers && org.allowAdminAccessToAllCollectionItems) || this.canEdit(org)
     );
@@ -72,6 +82,10 @@ export class CollectionAdminView extends CollectionView {
    * Whether the user can modify group access to this collection
    */
   canEditGroupAccess(org: Organization): boolean {
+    if (this.isDefaultCollection) {
+      return false;
+    }
+
     return (
       (org.permissions.manageGroups && org.allowAdminAccessToAllCollectionItems) ||
       this.canEdit(org)
@@ -82,11 +96,13 @@ export class CollectionAdminView extends CollectionView {
    * Returns true if the user can view collection info and access in a read-only state from the Admin Console
    */
   override canViewCollectionInfo(org: Organization | undefined): boolean {
-    if (this.isUnassignedCollection) {
+    if (this.isUnassignedCollection || this.isDefaultCollection) {
       return false;
     }
+    const isAdmin = org?.isAdmin ?? false;
+    const permissions = org?.permissions.editAnyCollection ?? false;
 
-    return this.manage || org?.isAdmin || org?.permissions.editAnyCollection;
+    return this.manage || isAdmin || permissions;
   }
 
   /**
diff --git a/libs/admin-console/src/common/collections/models/collection.view.ts b/libs/admin-console/src/common/collections/models/collection.view.ts
index 7baf2e2b718..bce1d558f96 100644
--- a/libs/admin-console/src/common/collections/models/collection.view.ts
+++ b/libs/admin-console/src/common/collections/models/collection.view.ts
@@ -1,27 +1,25 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
 import { Jsonify } from "type-fest";
 
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { View } from "@bitwarden/common/models/view/view";
 import { ITreeNodeObject } from "@bitwarden/common/vault/models/domain/tree-node";
 
-import { Collection, CollectionType } from "./collection";
+import { Collection, CollectionType, CollectionTypes } from "./collection";
 import { CollectionAccessDetailsResponse } from "./collection.response";
 
 export const NestingDelimiter = "/";
 
 export class CollectionView implements View, ITreeNodeObject {
-  id: string = null;
-  organizationId: string = null;
-  name: string = null;
-  externalId: string = null;
+  id: string | undefined;
+  organizationId: string | undefined;
+  name: string | undefined;
+  externalId: string | undefined;
   // readOnly applies to the items within a collection
-  readOnly: boolean = null;
-  hidePasswords: boolean = null;
-  manage: boolean = null;
-  assigned: boolean = null;
-  type: CollectionType = null;
+  readOnly: boolean = false;
+  hidePasswords: boolean = false;
+  manage: boolean = false;
+  assigned: boolean = false;
+  type: CollectionType = CollectionTypes.SharedCollection;
 
   constructor(c?: Collection | CollectionAccessDetailsResponse) {
     if (!c) {
@@ -57,7 +55,11 @@ export class CollectionView implements View, ITreeNodeObject {
    * Returns true if the user can edit a collection (including user and group access) from the individual vault.
    * Does not include admin permissions - see {@link CollectionAdminView.canEdit}.
    */
-  canEdit(org: Organization): boolean {
+  canEdit(org: Organization | undefined): boolean {
+    if (this.isDefaultCollection) {
+      return false;
+    }
+
     if (org != null && org.id !== this.organizationId) {
       throw new Error(
         "Id of the organization provided does not match the org id of the collection.",
@@ -71,7 +73,7 @@ export class CollectionView implements View, ITreeNodeObject {
    * Returns true if the user can delete a collection from the individual vault.
    * Does not include admin permissions - see {@link CollectionAdminView.canDelete}.
    */
-  canDelete(org: Organization): boolean {
+  canDelete(org: Organization | undefined): boolean {
     if (org != null && org.id !== this.organizationId) {
       throw new Error(
         "Id of the organization provided does not match the org id of the collection.",
@@ -81,7 +83,7 @@ export class CollectionView implements View, ITreeNodeObject {
     const canDeleteManagedCollections = !org?.limitCollectionDeletion || org.isAdmin;
 
     // Only use individual permissions, not admin permissions
-    return canDeleteManagedCollections && this.manage;
+    return canDeleteManagedCollections && this.manage && !this.isDefaultCollection;
   }
 
   /**
@@ -94,4 +96,8 @@ export class CollectionView implements View, ITreeNodeObject {
   static fromJSON(obj: Jsonify<CollectionView>) {
     return Object.assign(new CollectionView(new Collection()), obj);
   }
+
+  get isDefaultCollection() {
+    return this.type == CollectionTypes.DefaultUserCollection;
+  }
 }
diff --git a/libs/angular/src/vault/services/custom-nudges-services/empty-vault-nudge.service.ts b/libs/angular/src/vault/services/custom-nudges-services/empty-vault-nudge.service.ts
index 8302ff541aa..d90ae06a75f 100644
--- a/libs/angular/src/vault/services/custom-nudges-services/empty-vault-nudge.service.ts
+++ b/libs/angular/src/vault/services/custom-nudges-services/empty-vault-nudge.service.ts
@@ -42,7 +42,7 @@ export class EmptyVaultNudgeService extends DefaultSingleNudgeService {
         const orgIds = new Set(orgs.map((org) => org.id));
         const canCreateCollections = orgs.some((org) => org.canCreateNewCollections);
         const hasManageCollections = collections.some(
-          (c) => c.manage && orgIds.has(c.organizationId),
+          (c) => c.manage && orgIds.has(c.organizationId!),
         );
 
         // When the user has dismissed the nudge or spotlight, return the nudge status directly
diff --git a/libs/angular/src/vault/services/custom-nudges-services/vault-settings-import-nudge.service.ts b/libs/angular/src/vault/services/custom-nudges-services/vault-settings-import-nudge.service.ts
index 2d86c76dff7..df0403ba4ab 100644
--- a/libs/angular/src/vault/services/custom-nudges-services/vault-settings-import-nudge.service.ts
+++ b/libs/angular/src/vault/services/custom-nudges-services/vault-settings-import-nudge.service.ts
@@ -46,7 +46,7 @@ export class VaultSettingsImportNudgeService extends DefaultSingleNudgeService {
         const orgIds = new Set(orgs.map((org) => org.id));
         const canCreateCollections = orgs.some((org) => org.canCreateNewCollections);
         const hasManageCollections = collections.some(
-          (c) => c.manage && orgIds.has(c.organizationId),
+          (c) => c.manage && orgIds.has(c.organizationId!),
         );
 
         // When the user has dismissed the nudge or spotlight, return the nudge status directly
diff --git a/libs/angular/src/vault/vault-filter/services/vault-filter.service.ts b/libs/angular/src/vault/vault-filter/services/vault-filter.service.ts
index fea57743055..0d633be868e 100644
--- a/libs/angular/src/vault/vault-filter/services/vault-filter.service.ts
+++ b/libs/angular/src/vault/vault-filter/services/vault-filter.service.ts
@@ -191,6 +191,9 @@ export function sortDefaultCollections(
     .sort((a, b) => {
       const aName = orgs.find((o) => o.id === a.organizationId)?.name ?? a.organizationId;
       const bName = orgs.find((o) => o.id === b.organizationId)?.name ?? b.organizationId;
+      if (!aName || !bName) {
+        throw new Error("Collection does not have an organizationId.");
+      }
       return collator.compare(aName, bName);
     });
   return [
diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts
index 1af2ab1f0a9..8e9dc6fd35e 100644
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -54,6 +54,7 @@ export enum FeatureFlag {
   PM9111ExtensionPersistAddEditForm = "pm-9111-extension-persist-add-edit-form",
   PM19941MigrateCipherDomainToSdk = "pm-19941-migrate-cipher-domain-to-sdk",
   PM22134SdkCipherListView = "pm-22134-sdk-cipher-list-view",
+  PM22136_SdkCipherEncryption = "pm-22136-sdk-cipher-encryption",
   CipherKeyEncryption = "cipher-key-encryption",
   EndUserNotifications = "pm-10609-end-user-notifications",
   RemoveCardItemTypePolicy = "pm-16442-remove-card-item-type-policy",
@@ -103,6 +104,7 @@ export const DefaultFeatureFlagValue = {
   [FeatureFlag.RemoveCardItemTypePolicy]: FALSE,
   [FeatureFlag.PM22134SdkCipherListView]: FALSE,
   [FeatureFlag.PM19315EndUserActivationMvp]: FALSE,
+  [FeatureFlag.PM22136_SdkCipherEncryption]: FALSE,
 
   /* Auth */
   [FeatureFlag.PM16117_SetInitialPasswordRefactor]: FALSE,
diff --git a/libs/common/src/key-management/crypto/abstractions/crypto-function.service.ts b/libs/common/src/key-management/crypto/abstractions/crypto-function.service.ts
index d9541481083..5e4fa86a684 100644
--- a/libs/common/src/key-management/crypto/abstractions/crypto-function.service.ts
+++ b/libs/common/src/key-management/crypto/abstractions/crypto-function.service.ts
@@ -41,7 +41,6 @@ export abstract class CryptoFunctionService {
     algorithm: "sha1" | "sha256" | "sha512",
   ): Promise<Uint8Array | string>;
   abstract compareFast(a: Uint8Array | string, b: Uint8Array | string): Promise<boolean>;
-  abstract aesEncrypt(data: Uint8Array, iv: Uint8Array, key: Uint8Array): Promise<Uint8Array>;
   abstract aesDecryptFastParameters(
     data: string,
     iv: string,
diff --git a/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts b/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts
index 93d9cb64ce1..67db3591e74 100644
--- a/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts
+++ b/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts
@@ -7,20 +7,6 @@ import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-cr
 import { EncString } from "../models/enc-string";
 
 export abstract class EncryptService {
-  /**
-   * @deprecated
-   * Encrypts a string or Uint8Array to an EncString
-   * @param plainValue - The value to encrypt
-   * @param key - The key to encrypt the value with
-   */
-  abstract encrypt(plainValue: string | Uint8Array, key: SymmetricCryptoKey): Promise<EncString>;
-  /**
-   * @deprecated
-   * Encrypts a value to a Uint8Array
-   * @param plainValue - The value to encrypt
-   * @param key - The key to encrypt the value with
-   */
-  abstract encryptToBytes(plainValue: Uint8Array, key: SymmetricCryptoKey): Promise<EncArrayBuffer>;
   /**
    * @deprecated
    * Decrypts an EncString to a string
diff --git a/libs/common/src/key-management/crypto/models/enc-string.ts b/libs/common/src/key-management/crypto/models/enc-string.ts
index 1ff98d1b6b6..3478ced0cf3 100644
--- a/libs/common/src/key-management/crypto/models/enc-string.ts
+++ b/libs/common/src/key-management/crypto/models/enc-string.ts
@@ -153,6 +153,10 @@ export class EncString implements Encrypted {
     return EXPECTED_NUM_PARTS_BY_ENCRYPTION_TYPE[encType] === encPieces.length;
   }
 
+  /**
+   * @deprecated - This function is deprecated. Use EncryptService.decryptString instead.
+   * @returns - The decrypted string, or `[error: cannot decrypt]` if decryption fails.
+   */
   async decrypt(
     orgId: string | null,
     key: SymmetricCryptoKey | null = null,
diff --git a/libs/common/src/key-management/crypto/services/bulk-encrypt.service.impementation.spec.ts b/libs/common/src/key-management/crypto/services/bulk-encrypt.service.impementation.spec.ts
deleted file mode 100644
index bc77cfb410f..00000000000
--- a/libs/common/src/key-management/crypto/services/bulk-encrypt.service.impementation.spec.ts
+++ /dev/null
@@ -1,170 +0,0 @@
-import { mock, MockProxy } from "jest-mock-extended";
-import * as rxjs from "rxjs";
-
-import { ServerConfig } from "../../../platform/abstractions/config/server-config";
-import { LogService } from "../../../platform/abstractions/log.service";
-import { Decryptable } from "../../../platform/interfaces/decryptable.interface";
-import { InitializerMetadata } from "../../../platform/interfaces/initializer-metadata.interface";
-import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
-import { CryptoFunctionService } from "../abstractions/crypto-function.service";
-import { buildSetConfigMessage } from "../types/worker-command.type";
-
-import { BulkEncryptServiceImplementation } from "./bulk-encrypt.service.implementation";
-
-describe("BulkEncryptServiceImplementation", () => {
-  const cryptoFunctionService = mock<CryptoFunctionService>();
-  const logService = mock<LogService>();
-
-  let sut: BulkEncryptServiceImplementation;
-
-  beforeEach(() => {
-    sut = new BulkEncryptServiceImplementation(cryptoFunctionService, logService);
-  });
-
-  afterEach(() => {
-    jest.resetAllMocks();
-  });
-
-  describe("decryptItems", () => {
-    const key = mock<SymmetricCryptoKey>();
-    const serverConfig = mock<ServerConfig>();
-    const mockWorker = mock<Worker>();
-    let globalWindow: any;
-
-    beforeEach(() => {
-      globalWindow = global.window;
-
-      // Mock creating a worker.
-      global.Worker = jest.fn().mockImplementation(() => mockWorker);
-      global.URL = jest.fn().mockImplementation(() => "url") as unknown as typeof URL;
-      global.URL.createObjectURL = jest.fn().mockReturnValue("blob:url");
-      global.URL.revokeObjectURL = jest.fn();
-      global.URL.canParse = jest.fn().mockReturnValue(true);
-
-      // Mock the workers returned response.
-      const mockMessageEvent = {
-        id: "mock-guid",
-        data: ["decrypted1", "decrypted2"],
-      };
-      const mockMessageEvent$ = rxjs.from([mockMessageEvent]);
-      jest.spyOn(rxjs, "fromEvent").mockReturnValue(mockMessageEvent$);
-    });
-
-    afterEach(() => {
-      global.window = globalWindow;
-    });
-
-    it("throws error if key is null", async () => {
-      const nullKey = null as unknown as SymmetricCryptoKey;
-      await expect(sut.decryptItems([], nullKey)).rejects.toThrow("No encryption key provided.");
-    });
-
-    it("returns an empty array when items is null", async () => {
-      const result = await sut.decryptItems(null as any, key);
-      expect(result).toEqual([]);
-    });
-
-    it("returns an empty array when items is empty", async () => {
-      const result = await sut.decryptItems([], key);
-      expect(result).toEqual([]);
-    });
-
-    it("decrypts items sequentially when window is undefined", async () => {
-      // Make global window undefined.
-      delete (global as any).window;
-
-      const mockItems = [createMockDecryptable("item1"), createMockDecryptable("item2")];
-
-      const result = await sut.decryptItems(mockItems, key);
-
-      expect(logService.info).toHaveBeenCalledWith(
-        "Window not available in BulkEncryptService, decrypting sequentially",
-      );
-      expect(result).toEqual(["item1", "item2"]);
-      expect(mockItems[0].decrypt).toHaveBeenCalledWith(key);
-      expect(mockItems[1].decrypt).toHaveBeenCalledWith(key);
-    });
-
-    it("uses workers for decryption when window is available", async () => {
-      const mockDecryptedItems = ["decrypted1", "decrypted2"];
-      jest
-        .spyOn<any, any>(sut, "getDecryptedItemsFromWorkers")
-        .mockResolvedValue(mockDecryptedItems);
-
-      const mockItems = [createMockDecryptable("item1"), createMockDecryptable("item2")];
-
-      const result = await sut.decryptItems(mockItems, key);
-
-      expect(sut["getDecryptedItemsFromWorkers"]).toHaveBeenCalledWith(mockItems, key);
-      expect(result).toEqual(mockDecryptedItems);
-    });
-
-    it("creates new worker when none exist", async () => {
-      (sut as any).currentServerConfig = undefined;
-      const mockItems = [createMockDecryptable("item1"), createMockDecryptable("item2")];
-
-      await sut.decryptItems(mockItems, key);
-
-      expect(global.Worker).toHaveBeenCalled();
-      expect(mockWorker.postMessage).toHaveBeenCalledTimes(1);
-      expect(mockWorker.postMessage).not.toHaveBeenCalledWith(
-        buildSetConfigMessage({ newConfig: serverConfig }),
-      );
-    });
-
-    it("sends a SetConfigMessage to the new worker when there is a current server config", async () => {
-      (sut as any).currentServerConfig = serverConfig;
-      const mockItems = [createMockDecryptable("item1"), createMockDecryptable("item2")];
-
-      await sut.decryptItems(mockItems, key);
-
-      expect(global.Worker).toHaveBeenCalled();
-      expect(mockWorker.postMessage).toHaveBeenCalledTimes(2);
-      expect(mockWorker.postMessage).toHaveBeenCalledWith(
-        buildSetConfigMessage({ newConfig: serverConfig }),
-      );
-    });
-
-    it("does not create worker if one exists", async () => {
-      (sut as any).currentServerConfig = serverConfig;
-      (sut as any).workers = [mockWorker];
-      const mockItems = [createMockDecryptable("item1"), createMockDecryptable("item2")];
-
-      await sut.decryptItems(mockItems, key);
-
-      expect(global.Worker).not.toHaveBeenCalled();
-      expect(mockWorker.postMessage).toHaveBeenCalledTimes(1);
-      expect(mockWorker.postMessage).not.toHaveBeenCalledWith(
-        buildSetConfigMessage({ newConfig: serverConfig }),
-      );
-    });
-  });
-
-  describe("onServerConfigChange", () => {
-    it("updates internal currentServerConfig to new config", () => {
-      const newConfig = mock<ServerConfig>();
-
-      sut.onServerConfigChange(newConfig);
-
-      expect((sut as any).currentServerConfig).toBe(newConfig);
-    });
-
-    it("does send a SetConfigMessage to workers when there is a worker", () => {
-      const newConfig = mock<ServerConfig>();
-      const mockWorker = mock<Worker>();
-      (sut as any).workers = [mockWorker];
-
-      sut.onServerConfigChange(newConfig);
-
-      expect(mockWorker.postMessage).toHaveBeenCalledWith(buildSetConfigMessage({ newConfig }));
-    });
-  });
-});
-
-function createMockDecryptable<T extends InitializerMetadata>(
-  returnValue: any,
-): MockProxy<Decryptable<T>> {
-  const mockDecryptable = mock<Decryptable<T>>();
-  mockDecryptable.decrypt.mockResolvedValue(returnValue);
-  return mockDecryptable;
-}
diff --git a/libs/common/src/key-management/crypto/services/bulk-encrypt.service.implementation.ts b/libs/common/src/key-management/crypto/services/bulk-encrypt.service.implementation.ts
index 7421ae1eb20..1bc1827a07a 100644
--- a/libs/common/src/key-management/crypto/services/bulk-encrypt.service.implementation.ts
+++ b/libs/common/src/key-management/crypto/services/bulk-encrypt.service.implementation.ts
@@ -1,38 +1,19 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
-import { firstValueFrom, fromEvent, filter, map, takeUntil, defaultIfEmpty, Subject } from "rxjs";
-import { Jsonify } from "type-fest";
-
 import { BulkEncryptService } from "@bitwarden/common/key-management/crypto/abstractions/bulk-encrypt.service";
 import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { Decryptable } from "@bitwarden/common/platform/interfaces/decryptable.interface";
 import { InitializerMetadata } from "@bitwarden/common/platform/interfaces/initializer-metadata.interface";
-import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
-import { getClassInitializer } from "@bitwarden/common/platform/services/cryptography/get-class-initializer";
 
-import {
-  DefaultFeatureFlagValue,
-  FeatureFlag,
-  getFeatureFlagValue,
-} from "../../../enums/feature-flag.enum";
+import { DefaultFeatureFlagValue, FeatureFlag } from "../../../enums/feature-flag.enum";
 import { ServerConfig } from "../../../platform/abstractions/config/server-config";
-import { buildDecryptMessage, buildSetConfigMessage } from "../types/worker-command.type";
-
-// TTL (time to live) is not strictly required but avoids tying up memory resources if inactive
-const workerTTL = 60000; // 1 minute
-const maxWorkers = 8;
-const minNumberOfItemsForMultithreading = 400;
 
+/**
+ * @deprecated Will be deleted in an immediate subsequent PR
+ */
 export class BulkEncryptServiceImplementation implements BulkEncryptService {
-  private workers: Worker[] = [];
-  private timeout: any;
-  private currentServerConfig: ServerConfig | undefined = undefined;
   protected useSDKForDecryption: boolean = DefaultFeatureFlagValue[FeatureFlag.UseSDKForDecryption];
 
-  private clear$ = new Subject<void>();
-
   constructor(
     protected cryptoFunctionService: CryptoFunctionService,
     protected logService: LogService,
@@ -54,139 +35,12 @@ export class BulkEncryptServiceImplementation implements BulkEncryptService {
       return [];
     }
 
-    if (typeof window === "undefined" || this.useSDKForDecryption) {
-      this.logService.info("Window not available in BulkEncryptService, decrypting sequentially");
-      const results = [];
-      for (let i = 0; i < items.length; i++) {
-        results.push(await items[i].decrypt(key));
-      }
-      return results;
-    }
-
-    const decryptedItems = await this.getDecryptedItemsFromWorkers(items, key);
-    return decryptedItems;
-  }
-
-  onServerConfigChange(newConfig: ServerConfig): void {
-    this.currentServerConfig = newConfig;
-    this.useSDKForDecryption = getFeatureFlagValue(newConfig, FeatureFlag.UseSDKForDecryption);
-    this.updateWorkerServerConfigs(newConfig);
-  }
-
-  /**
-   * Sends items to a set of web workers to decrypt them. This utilizes multiple workers to decrypt items
-   * faster without interrupting other operations (e.g. updating UI).
-   */
-  private async getDecryptedItemsFromWorkers<T extends InitializerMetadata>(
-    items: Decryptable<T>[],
-    key: SymmetricCryptoKey,
-  ): Promise<T[]> {
-    if (items == null || items.length < 1) {
-      return [];
-    }
-
-    this.clearTimeout();
-
-    const hardwareConcurrency = navigator.hardwareConcurrency || 1;
-    let numberOfWorkers = Math.min(hardwareConcurrency, maxWorkers);
-    if (items.length < minNumberOfItemsForMultithreading) {
-      numberOfWorkers = 1;
-    }
-
-    this.logService.info(
-      `Starting decryption using multithreading with ${numberOfWorkers} workers for ${items.length} items`,
-    );
-
-    if (this.workers.length == 0) {
-      for (let i = 0; i < numberOfWorkers; i++) {
-        this.workers.push(
-          new Worker(
-            new URL(
-              /* webpackChunkName: 'encrypt-worker' */
-              "@bitwarden/common/key-management/crypto/services/encrypt.worker.ts",
-              import.meta.url,
-            ),
-          ),
-        );
-      }
-      if (this.currentServerConfig != undefined) {
-        this.updateWorkerServerConfigs(this.currentServerConfig);
-      }
-    }
-
-    const itemsPerWorker = Math.floor(items.length / this.workers.length);
     const results = [];
-
-    for (const [i, worker] of this.workers.entries()) {
-      const start = i * itemsPerWorker;
-      const end = start + itemsPerWorker;
-      const itemsForWorker = items.slice(start, end);
-
-      // push the remaining items to the last worker
-      if (i == this.workers.length - 1) {
-        itemsForWorker.push(...items.slice(end));
-      }
-
-      const id = Utils.newGuid();
-      const request = buildDecryptMessage({
-        id,
-        items: itemsForWorker,
-        key: key,
-      });
-
-      worker.postMessage(request);
-      results.push(
-        firstValueFrom(
-          fromEvent(worker, "message").pipe(
-            filter((response: MessageEvent) => response.data?.id === id),
-            map((response) => JSON.parse(response.data.items)),
-            map((items) =>
-              items.map((jsonItem: Jsonify<T>) => {
-                const initializer = getClassInitializer<T>(jsonItem.initializerKey);
-                return initializer(jsonItem);
-              }),
-            ),
-            takeUntil(this.clear$),
-            defaultIfEmpty([]),
-          ),
-        ),
-      );
+    for (let i = 0; i < items.length; i++) {
+      results.push(await items[i].decrypt(key));
     }
-
-    const decryptedItems = (await Promise.all(results)).flat();
-    this.logService.info(
-      `Finished decrypting ${decryptedItems.length} items using ${numberOfWorkers} workers`,
-    );
-
-    this.restartTimeout();
-
-    return decryptedItems;
+    return results;
   }
 
-  private updateWorkerServerConfigs(newConfig: ServerConfig) {
-    this.workers.forEach((worker) => {
-      const request = buildSetConfigMessage({ newConfig });
-      worker.postMessage(request);
-    });
-  }
-
-  private clear() {
-    this.clear$.next();
-    for (const worker of this.workers) {
-      worker.terminate();
-    }
-    this.workers = [];
-    this.clearTimeout();
-  }
-
-  private restartTimeout() {
-    this.clearTimeout();
-    this.timeout = setTimeout(() => this.clear(), workerTTL);
-  }
-
-  private clearTimeout() {
-    if (this.timeout != null) {
-      clearTimeout(this.timeout);
-    }
-  }
+  onServerConfigChange(newConfig: ServerConfig): void {}
 }
diff --git a/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts b/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts
index a68ecd2db54..3e36fd334ec 100644
--- a/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts
+++ b/libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts
@@ -3,36 +3,20 @@
 import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import {
-  EncryptionType,
-  encryptionTypeToString as encryptionTypeName,
-} from "@bitwarden/common/platform/enums";
+import { SdkLoadService } from "@bitwarden/common/platform/abstractions/sdk/sdk-load.service";
+import { EncryptionType } from "@bitwarden/common/platform/enums";
 import { Decryptable } from "@bitwarden/common/platform/interfaces/decryptable.interface";
 import { Encrypted } from "@bitwarden/common/platform/interfaces/encrypted";
 import { InitializerMetadata } from "@bitwarden/common/platform/interfaces/initializer-metadata.interface";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncArrayBuffer } from "@bitwarden/common/platform/models/domain/enc-array-buffer";
-import { EncryptedObject } from "@bitwarden/common/platform/models/domain/encrypted-object";
-import {
-  Aes256CbcHmacKey,
-  Aes256CbcKey,
-  SymmetricCryptoKey,
-} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PureCrypto } from "@bitwarden/sdk-internal";
 
-import {
-  DefaultFeatureFlagValue,
-  FeatureFlag,
-  getFeatureFlagValue,
-} from "../../../enums/feature-flag.enum";
 import { ServerConfig } from "../../../platform/abstractions/config/server-config";
-import { SdkLoadService } from "../../../platform/abstractions/sdk/sdk-load.service";
 import { EncryptService } from "../abstractions/encrypt.service";
 
 export class EncryptServiceImplementation implements EncryptService {
-  protected useSDKForDecryption: boolean = DefaultFeatureFlagValue[FeatureFlag.UseSDKForDecryption];
-  private blockType0: boolean = DefaultFeatureFlagValue[FeatureFlag.PM17987_BlockType0];
-
   constructor(
     protected cryptoFunctionService: CryptoFunctionService,
     protected logService: LogService,
@@ -41,27 +25,40 @@ export class EncryptServiceImplementation implements EncryptService {
 
   // Proxy functions; Their implementation are temporary before moving at this level to the SDK
   async encryptString(plainValue: string, key: SymmetricCryptoKey): Promise<EncString> {
-    return this.encrypt(plainValue, key);
+    if (plainValue == null) {
+      this.logService.warning(
+        "[EncryptService] WARNING: encryptString called with null value. Returning null, but this behavior is deprecated and will be removed.",
+      );
+      return null;
+    }
+
+    await SdkLoadService.Ready;
+    return new EncString(PureCrypto.symmetric_encrypt_string(plainValue, key.toEncoded()));
   }
 
   async encryptBytes(plainValue: Uint8Array, key: SymmetricCryptoKey): Promise<EncString> {
-    return this.encrypt(plainValue, key);
+    await SdkLoadService.Ready;
+    return new EncString(PureCrypto.symmetric_encrypt_bytes(plainValue, key.toEncoded()));
   }
 
   async encryptFileData(plainValue: Uint8Array, key: SymmetricCryptoKey): Promise<EncArrayBuffer> {
-    return this.encryptToBytes(plainValue, key);
+    await SdkLoadService.Ready;
+    return new EncArrayBuffer(PureCrypto.symmetric_encrypt_filedata(plainValue, key.toEncoded()));
   }
 
   async decryptString(encString: EncString, key: SymmetricCryptoKey): Promise<string> {
-    return this.decryptToUtf8(encString, key);
+    await SdkLoadService.Ready;
+    return PureCrypto.symmetric_decrypt_string(encString.encryptedString, key.toEncoded());
   }
 
   async decryptBytes(encString: EncString, key: SymmetricCryptoKey): Promise<Uint8Array> {
-    return this.decryptToBytes(encString, key);
+    await SdkLoadService.Ready;
+    return PureCrypto.symmetric_decrypt_bytes(encString.encryptedString, key.toEncoded());
   }
 
   async decryptFileData(encBuffer: EncArrayBuffer, key: SymmetricCryptoKey): Promise<Uint8Array> {
-    return this.decryptToBytes(encBuffer, key);
+    await SdkLoadService.Ready;
+    return PureCrypto.symmetric_decrypt_filedata(encBuffer.buffer, key.toEncoded());
   }
 
   async wrapDecapsulationKey(
@@ -76,7 +73,10 @@ export class EncryptServiceImplementation implements EncryptService {
       throw new Error("No wrappingKey provided for wrapping.");
     }
 
-    return await this.encryptUint8Array(decapsulationKeyPkcs8, wrappingKey);
+    await SdkLoadService.Ready;
+    return new EncString(
+      PureCrypto.wrap_decapsulation_key(decapsulationKeyPkcs8, wrappingKey.toEncoded()),
+    );
   }
 
   async wrapEncapsulationKey(
@@ -91,7 +91,10 @@ export class EncryptServiceImplementation implements EncryptService {
       throw new Error("No wrappingKey provided for wrapping.");
     }
 
-    return await this.encryptUint8Array(encapsulationKeySpki, wrappingKey);
+    await SdkLoadService.Ready;
+    return new EncString(
+      PureCrypto.wrap_encapsulation_key(encapsulationKeySpki, wrappingKey.toEncoded()),
+    );
   }
 
   async wrapSymmetricKey(
@@ -106,26 +109,61 @@ export class EncryptServiceImplementation implements EncryptService {
       throw new Error("No wrappingKey provided for wrapping.");
     }
 
-    return await this.encryptUint8Array(keyToBeWrapped.toEncoded(), wrappingKey);
+    await SdkLoadService.Ready;
+    return new EncString(
+      PureCrypto.wrap_symmetric_key(keyToBeWrapped.toEncoded(), wrappingKey.toEncoded()),
+    );
   }
 
   async unwrapDecapsulationKey(
     wrappedDecapsulationKey: EncString,
     wrappingKey: SymmetricCryptoKey,
   ): Promise<Uint8Array> {
-    return this.decryptBytes(wrappedDecapsulationKey, wrappingKey);
+    if (wrappedDecapsulationKey == null) {
+      throw new Error("No wrappedDecapsulationKey provided for unwrapping.");
+    }
+    if (wrappingKey == null) {
+      throw new Error("No wrappingKey provided for unwrapping.");
+    }
+
+    await SdkLoadService.Ready;
+    return PureCrypto.unwrap_decapsulation_key(
+      wrappedDecapsulationKey.encryptedString,
+      wrappingKey.toEncoded(),
+    );
   }
   async unwrapEncapsulationKey(
     wrappedEncapsulationKey: EncString,
     wrappingKey: SymmetricCryptoKey,
   ): Promise<Uint8Array> {
-    return this.decryptBytes(wrappedEncapsulationKey, wrappingKey);
+    if (wrappedEncapsulationKey == null) {
+      throw new Error("No wrappedEncapsulationKey provided for unwrapping.");
+    }
+    if (wrappingKey == null) {
+      throw new Error("No wrappingKey provided for unwrapping.");
+    }
+
+    await SdkLoadService.Ready;
+    return PureCrypto.unwrap_encapsulation_key(
+      wrappedEncapsulationKey.encryptedString,
+      wrappingKey.toEncoded(),
+    );
   }
   async unwrapSymmetricKey(
     keyToBeUnwrapped: EncString,
     wrappingKey: SymmetricCryptoKey,
   ): Promise<SymmetricCryptoKey> {
-    return new SymmetricCryptoKey(await this.decryptBytes(keyToBeUnwrapped, wrappingKey));
+    if (keyToBeUnwrapped == null) {
+      throw new Error("No keyToBeUnwrapped provided for unwrapping.");
+    }
+    if (wrappingKey == null) {
+      throw new Error("No wrappingKey provided for unwrapping.");
+    }
+
+    await SdkLoadService.Ready;
+    return new SymmetricCryptoKey(
+      PureCrypto.unwrap_symmetric_key(keyToBeUnwrapped.encryptedString, wrappingKey.toEncoded()),
+    );
   }
 
   async hash(value: string | Uint8Array, algorithm: "sha1" | "sha256" | "sha512"): Promise<string> {
@@ -134,261 +172,33 @@ export class EncryptServiceImplementation implements EncryptService {
   }
 
   // Handle updating private properties to turn on/off feature flags.
-  onServerConfigChange(newConfig: ServerConfig): void {
-    const oldFlagValue = this.useSDKForDecryption;
-    this.useSDKForDecryption = getFeatureFlagValue(newConfig, FeatureFlag.UseSDKForDecryption);
-    this.logService.debug(
-      "[EncryptService] Updated sdk decryption flag",
-      oldFlagValue,
-      this.useSDKForDecryption,
-    );
-    this.blockType0 = getFeatureFlagValue(newConfig, FeatureFlag.PM17987_BlockType0);
-  }
-
-  async encrypt(plainValue: string | Uint8Array, key: SymmetricCryptoKey): Promise<EncString> {
-    if (key == null) {
-      throw new Error("No encryption key provided.");
-    }
-
-    if (this.blockType0) {
-      if (key.inner().type === EncryptionType.AesCbc256_B64) {
-        throw new Error("Type 0 encryption is not supported.");
-      }
-    }
-
-    if (plainValue == null) {
-      return Promise.resolve(null);
-    }
-
-    if (typeof plainValue === "string") {
-      return this.encryptUint8Array(Utils.fromUtf8ToArray(plainValue), key);
-    } else {
-      return this.encryptUint8Array(plainValue, key);
-    }
-  }
-
-  private async encryptUint8Array(
-    plainValue: Uint8Array,
-    key: SymmetricCryptoKey,
-  ): Promise<EncString> {
-    if (key == null) {
-      throw new Error("No encryption key provided.");
-    }
-
-    if (this.blockType0) {
-      if (key.inner().type === EncryptionType.AesCbc256_B64) {
-        throw new Error("Type 0 encryption is not supported.");
-      }
-    }
-
-    if (plainValue == null) {
-      return Promise.resolve(null);
-    }
-
-    const innerKey = key.inner();
-    if (innerKey.type === EncryptionType.AesCbc256_HmacSha256_B64) {
-      const encObj = await this.aesEncrypt(plainValue, innerKey);
-      const iv = Utils.fromBufferToB64(encObj.iv);
-      const data = Utils.fromBufferToB64(encObj.data);
-      const mac = Utils.fromBufferToB64(encObj.mac);
-      return new EncString(innerKey.type, data, iv, mac);
-    } else if (innerKey.type === EncryptionType.AesCbc256_B64) {
-      const encObj = await this.aesEncryptLegacy(plainValue, innerKey);
-      const iv = Utils.fromBufferToB64(encObj.iv);
-      const data = Utils.fromBufferToB64(encObj.data);
-      return new EncString(innerKey.type, data, iv);
-    }
-  }
-
-  async encryptToBytes(plainValue: Uint8Array, key: SymmetricCryptoKey): Promise<EncArrayBuffer> {
-    if (key == null) {
-      throw new Error("No encryption key provided.");
-    }
-
-    if (this.blockType0) {
-      if (key.inner().type === EncryptionType.AesCbc256_B64) {
-        throw new Error("Type 0 encryption is not supported.");
-      }
-    }
-
-    const innerKey = key.inner();
-    if (innerKey.type === EncryptionType.AesCbc256_HmacSha256_B64) {
-      const encValue = await this.aesEncrypt(plainValue, innerKey);
-      const macLen = encValue.mac.length;
-      const encBytes = new Uint8Array(
-        1 + encValue.iv.byteLength + macLen + encValue.data.byteLength,
-      );
-      encBytes.set([innerKey.type]);
-      encBytes.set(new Uint8Array(encValue.iv), 1);
-      encBytes.set(new Uint8Array(encValue.mac), 1 + encValue.iv.byteLength);
-      encBytes.set(new Uint8Array(encValue.data), 1 + encValue.iv.byteLength + macLen);
-      return new EncArrayBuffer(encBytes);
-    } else if (innerKey.type === EncryptionType.AesCbc256_B64) {
-      const encValue = await this.aesEncryptLegacy(plainValue, innerKey);
-      const encBytes = new Uint8Array(1 + encValue.iv.byteLength + encValue.data.byteLength);
-      encBytes.set([innerKey.type]);
-      encBytes.set(new Uint8Array(encValue.iv), 1);
-      encBytes.set(new Uint8Array(encValue.data), 1 + encValue.iv.byteLength);
-      return new EncArrayBuffer(encBytes);
-    }
-  }
+  onServerConfigChange(newConfig: ServerConfig): void {}
 
   async decryptToUtf8(
     encString: EncString,
     key: SymmetricCryptoKey,
-    decryptContext: string = "no context",
+    _decryptContext: string = "no context",
   ): Promise<string> {
-    if (this.useSDKForDecryption) {
-      this.logService.debug("decrypting with SDK");
-      if (encString == null || encString.encryptedString == null) {
-        throw new Error("encString is null or undefined");
-      }
-      await SdkLoadService.Ready;
-      return PureCrypto.symmetric_decrypt(encString.encryptedString, key.toEncoded());
-    }
-    this.logService.debug("decrypting with javascript");
-
-    if (key == null) {
-      throw new Error("No key provided for decryption.");
-    }
-
-    const innerKey = key.inner();
-    if (encString.encryptionType !== innerKey.type) {
-      this.logDecryptError(
-        "Key encryption type does not match payload encryption type",
-        innerKey.type,
-        encString.encryptionType,
-        decryptContext,
-      );
-      return null;
-    }
-
-    if (innerKey.type === EncryptionType.AesCbc256_HmacSha256_B64) {
-      const fastParams = this.cryptoFunctionService.aesDecryptFastParameters(
-        encString.data,
-        encString.iv,
-        encString.mac,
-        key,
-      );
-
-      const computedMac = await this.cryptoFunctionService.hmacFast(
-        fastParams.macData,
-        fastParams.macKey,
-        "sha256",
-      );
-      const macsEqual = await this.cryptoFunctionService.compareFast(fastParams.mac, computedMac);
-      if (!macsEqual) {
-        this.logMacFailed(
-          "decryptToUtf8 MAC comparison failed. Key or payload has changed.",
-          innerKey.type,
-          encString.encryptionType,
-          decryptContext,
-        );
-        return null;
-      }
-      return await this.cryptoFunctionService.aesDecryptFast({
-        mode: "cbc",
-        parameters: fastParams,
-      });
-    } else if (innerKey.type === EncryptionType.AesCbc256_B64) {
-      const fastParams = this.cryptoFunctionService.aesDecryptFastParameters(
-        encString.data,
-        encString.iv,
-        undefined,
-        key,
-      );
-      return await this.cryptoFunctionService.aesDecryptFast({
-        mode: "cbc",
-        parameters: fastParams,
-      });
-    } else {
-      throw new Error(`Unsupported encryption type`);
-    }
+    await SdkLoadService.Ready;
+    return PureCrypto.symmetric_decrypt(encString.encryptedString, key.toEncoded());
   }
 
   async decryptToBytes(
     encThing: Encrypted,
     key: SymmetricCryptoKey,
-    decryptContext: string = "no context",
+    _decryptContext: string = "no context",
   ): Promise<Uint8Array | null> {
-    if (this.useSDKForDecryption) {
-      this.logService.debug("[EncryptService] Decrypting bytes with SDK");
-      if (
-        encThing.encryptionType == null ||
-        encThing.ivBytes == null ||
-        encThing.dataBytes == null
-      ) {
-        throw new Error("Cannot decrypt, missing type, IV, or data bytes.");
-      }
-      const buffer = EncArrayBuffer.fromParts(
-        encThing.encryptionType,
-        encThing.ivBytes,
-        encThing.dataBytes,
-        encThing.macBytes,
-      ).buffer;
-      await SdkLoadService.Ready;
-      return PureCrypto.symmetric_decrypt_array_buffer(buffer, key.toEncoded());
-    }
-    this.logService.debug("[EncryptService] Decrypting bytes with javascript");
-
-    if (key == null) {
-      throw new Error("No encryption key provided.");
-    }
-
-    if (encThing == null) {
-      throw new Error("Nothing provided for decryption.");
-    }
-
-    const inner = key.inner();
-    if (encThing.encryptionType !== inner.type) {
-      this.logDecryptError(
-        "Encryption key type mismatch",
-        inner.type,
-        encThing.encryptionType,
-        decryptContext,
-      );
-      return null;
-    }
-
-    if (inner.type === EncryptionType.AesCbc256_HmacSha256_B64) {
-      if (encThing.macBytes == null) {
-        this.logDecryptError("Mac missing", inner.type, encThing.encryptionType, decryptContext);
-        return null;
-      }
-
-      const macData = new Uint8Array(encThing.ivBytes.byteLength + encThing.dataBytes.byteLength);
-      macData.set(new Uint8Array(encThing.ivBytes), 0);
-      macData.set(new Uint8Array(encThing.dataBytes), encThing.ivBytes.byteLength);
-      const computedMac = await this.cryptoFunctionService.hmac(
-        macData,
-        inner.authenticationKey,
-        "sha256",
-      );
-      const macsMatch = await this.cryptoFunctionService.compare(encThing.macBytes, computedMac);
-      if (!macsMatch) {
-        this.logMacFailed(
-          "MAC comparison failed. Key or payload has changed.",
-          inner.type,
-          encThing.encryptionType,
-          decryptContext,
-        );
-        return null;
-      }
-
-      return await this.cryptoFunctionService.aesDecrypt(
-        encThing.dataBytes,
-        encThing.ivBytes,
-        inner.encryptionKey,
-        "cbc",
-      );
-    } else if (inner.type === EncryptionType.AesCbc256_B64) {
-      return await this.cryptoFunctionService.aesDecrypt(
-        encThing.dataBytes,
-        encThing.ivBytes,
-        inner.encryptionKey,
-        "cbc",
-      );
+    if (encThing.encryptionType == null || encThing.ivBytes == null || encThing.dataBytes == null) {
+      throw new Error("Cannot decrypt, missing type, IV, or data bytes.");
     }
+    const buffer = EncArrayBuffer.fromParts(
+      encThing.encryptionType,
+      encThing.ivBytes,
+      encThing.dataBytes,
+      encThing.macBytes,
+    ).buffer;
+    await SdkLoadService.Ready;
+    return PureCrypto.symmetric_decrypt_array_buffer(buffer, key.toEncoded());
   }
 
   async encapsulateKeyUnsigned(
@@ -398,14 +208,31 @@ export class EncryptServiceImplementation implements EncryptService {
     if (sharedKey == null) {
       throw new Error("No sharedKey provided for encapsulation");
     }
-    return await this.rsaEncrypt(sharedKey.toEncoded(), encapsulationKey);
+    if (encapsulationKey == null) {
+      throw new Error("No encapsulationKey provided for encapsulation");
+    }
+    await SdkLoadService.Ready;
+    return new EncString(
+      PureCrypto.encapsulate_key_unsigned(sharedKey.toEncoded(), encapsulationKey),
+    );
   }
 
   async decapsulateKeyUnsigned(
     encryptedSharedKey: EncString,
     decapsulationKey: Uint8Array,
   ): Promise<SymmetricCryptoKey> {
-    const keyBytes = await this.rsaDecrypt(encryptedSharedKey, decapsulationKey);
+    if (encryptedSharedKey == null) {
+      throw new Error("No encryptedSharedKey provided for decapsulation");
+    }
+    if (decapsulationKey == null) {
+      throw new Error("No decapsulationKey provided for decapsulation");
+    }
+
+    const keyBytes = PureCrypto.decapsulate_key_unsigned(
+      encryptedSharedKey.encryptedString,
+      decapsulationKey,
+    );
+    await SdkLoadService.Ready;
     return new SymmetricCryptoKey(keyBytes);
   }
 
@@ -428,51 +255,6 @@ export class EncryptServiceImplementation implements EncryptService {
     return results;
   }
 
-  private async aesEncrypt(data: Uint8Array, key: Aes256CbcHmacKey): Promise<EncryptedObject> {
-    const obj = new EncryptedObject();
-    obj.iv = await this.cryptoFunctionService.randomBytes(16);
-    obj.data = await this.cryptoFunctionService.aesEncrypt(data, obj.iv, key.encryptionKey);
-
-    const macData = new Uint8Array(obj.iv.byteLength + obj.data.byteLength);
-    macData.set(new Uint8Array(obj.iv), 0);
-    macData.set(new Uint8Array(obj.data), obj.iv.byteLength);
-    obj.mac = await this.cryptoFunctionService.hmac(macData, key.authenticationKey, "sha256");
-
-    return obj;
-  }
-
-  /**
-   * @deprecated Removed once AesCbc256_B64 support is removed
-   */
-  private async aesEncryptLegacy(data: Uint8Array, key: Aes256CbcKey): Promise<EncryptedObject> {
-    const obj = new EncryptedObject();
-    obj.iv = await this.cryptoFunctionService.randomBytes(16);
-    obj.data = await this.cryptoFunctionService.aesEncrypt(data, obj.iv, key.encryptionKey);
-    return obj;
-  }
-
-  private logDecryptError(
-    msg: string,
-    keyEncType: EncryptionType,
-    dataEncType: EncryptionType,
-    decryptContext: string,
-  ) {
-    this.logService.error(
-      `[Encrypt service] ${msg} Key type ${encryptionTypeName(keyEncType)} Payload type ${encryptionTypeName(dataEncType)} Decrypt context: ${decryptContext}`,
-    );
-  }
-
-  private logMacFailed(
-    msg: string,
-    keyEncType: EncryptionType,
-    dataEncType: EncryptionType,
-    decryptContext: string,
-  ) {
-    if (this.logMacFailures) {
-      this.logDecryptError(msg, keyEncType, dataEncType, decryptContext);
-    }
-  }
-
   async rsaEncrypt(data: Uint8Array, publicKey: Uint8Array): Promise<EncString> {
     if (data == null) {
       throw new Error("No data provided for encryption.");
diff --git a/libs/common/src/key-management/crypto/services/encrypt.service.spec.ts b/libs/common/src/key-management/crypto/services/encrypt.service.spec.ts
index 68021086bb1..4cc76d45f50 100644
--- a/libs/common/src/key-management/crypto/services/encrypt.service.spec.ts
+++ b/libs/common/src/key-management/crypto/services/encrypt.service.spec.ts
@@ -3,20 +3,14 @@ import { mockReset, mock } from "jest-mock-extended";
 import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { SdkLoadService } from "@bitwarden/common/platform/abstractions/sdk/sdk-load.service";
 import { EncryptionType } from "@bitwarden/common/platform/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncArrayBuffer } from "@bitwarden/common/platform/models/domain/enc-array-buffer";
-import {
-  Aes256CbcHmacKey,
-  SymmetricCryptoKey,
-} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
-import { CsprngArray } from "@bitwarden/common/types/csprng";
+import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PureCrypto } from "@bitwarden/sdk-internal";
 
 import { makeStaticByteArray } from "../../../../spec";
-import { DefaultFeatureFlagValue, FeatureFlag } from "../../../enums/feature-flag.enum";
-import { ServerConfig } from "../../../platform/abstractions/config/server-config";
-import { SdkLoadService } from "../../../platform/abstractions/sdk/sdk-load.service";
 
 import { EncryptServiceImplementation } from "./encrypt.service.implementation";
 
@@ -26,24 +20,50 @@ describe("EncryptService", () => {
 
   let encryptService: EncryptServiceImplementation;
 
+  const testEncBuffer = EncArrayBuffer.fromParts(
+    EncryptionType.AesCbc256_HmacSha256_B64,
+    new Uint8Array(16),
+    new Uint8Array(32),
+    new Uint8Array(32),
+  );
+
   beforeEach(() => {
     mockReset(cryptoFunctionService);
     mockReset(logService);
 
+    jest.spyOn(PureCrypto, "symmetric_decrypt_array_buffer").mockReturnValue(new Uint8Array(1));
+    jest.spyOn(PureCrypto, "symmetric_decrypt").mockReturnValue("decrypted_string");
+
+    jest.spyOn(PureCrypto, "symmetric_decrypt_filedata").mockReturnValue(new Uint8Array(1));
+    jest.spyOn(PureCrypto, "symmetric_encrypt_filedata").mockReturnValue(testEncBuffer.buffer);
+    jest.spyOn(PureCrypto, "symmetric_decrypt_string").mockReturnValue("decrypted_string");
+    jest.spyOn(PureCrypto, "symmetric_encrypt_string").mockReturnValue("encrypted_string");
+    jest.spyOn(PureCrypto, "symmetric_decrypt_bytes").mockReturnValue(new Uint8Array(3));
+    jest.spyOn(PureCrypto, "symmetric_encrypt_bytes").mockReturnValue("encrypted_bytes");
+
+    jest.spyOn(PureCrypto, "wrap_decapsulation_key").mockReturnValue("wrapped_decapsulation_key");
+    jest.spyOn(PureCrypto, "wrap_encapsulation_key").mockReturnValue("wrapped_encapsulation_key");
+    jest.spyOn(PureCrypto, "wrap_symmetric_key").mockReturnValue("wrapped_symmetric_key");
+    jest.spyOn(PureCrypto, "unwrap_decapsulation_key").mockReturnValue(new Uint8Array(4));
+    jest.spyOn(PureCrypto, "unwrap_encapsulation_key").mockReturnValue(new Uint8Array(5));
+    jest.spyOn(PureCrypto, "unwrap_symmetric_key").mockReturnValue(new Uint8Array(64));
+
+    jest.spyOn(PureCrypto, "decapsulate_key_unsigned").mockReturnValue(new Uint8Array(64));
+    jest.spyOn(PureCrypto, "encapsulate_key_unsigned").mockReturnValue("encapsulated_key_unsigned");
+    (SdkLoadService as any).Ready = jest.fn().mockResolvedValue(true);
+
     encryptService = new EncryptServiceImplementation(cryptoFunctionService, logService, true);
   });
 
   describe("wrapSymmetricKey", () => {
-    it("roundtrip encrypts and decrypts a symmetric key", async () => {
-      cryptoFunctionService.aesEncrypt.mockResolvedValue(makeStaticByteArray(64, 0));
-      cryptoFunctionService.randomBytes.mockResolvedValue(makeStaticByteArray(16) as CsprngArray);
-      cryptoFunctionService.hmac.mockResolvedValue(makeStaticByteArray(32));
-
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
       const wrappingKey = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const encString = await encryptService.wrapSymmetricKey(key, wrappingKey);
-      expect(encString.encryptionType).toEqual(EncryptionType.AesCbc256_HmacSha256_B64);
-      expect(encString.data).toEqual(Utils.fromBufferToB64(makeStaticByteArray(64, 0)));
+      await encryptService.wrapSymmetricKey(key, wrappingKey);
+      expect(PureCrypto.wrap_symmetric_key).toHaveBeenCalledWith(
+        key.toEncoded(),
+        wrappingKey.toEncoded(),
+      );
     });
     it("fails if key toBeWrapped is null", async () => {
       const wrappingKey = new SymmetricCryptoKey(makeStaticByteArray(64));
@@ -57,33 +77,17 @@ describe("EncryptService", () => {
         "No wrappingKey provided for wrapping.",
       );
     });
-    it("fails if type 0 key is provided with flag turned on", async () => {
-      (encryptService as any).blockType0 = true;
-      const mock32Key = mock<SymmetricCryptoKey>();
-      mock32Key.inner.mockReturnValue({
-        type: 0,
-        encryptionKey: makeStaticByteArray(32),
-      });
-
-      await expect(encryptService.wrapSymmetricKey(mock32Key, mock32Key)).rejects.toThrow(
-        "Type 0 encryption is not supported.",
-      );
-    });
   });
 
   describe("wrapDecapsulationKey", () => {
-    it("roundtrip encrypts and decrypts a decapsulation key", async () => {
-      cryptoFunctionService.aesEncrypt.mockResolvedValue(makeStaticByteArray(64, 0));
-      cryptoFunctionService.randomBytes.mockResolvedValue(makeStaticByteArray(16) as CsprngArray);
-      cryptoFunctionService.hmac.mockResolvedValue(makeStaticByteArray(32));
-
+    it("is a proxy to PureCrypto", async () => {
+      const decapsulationKey = makeStaticByteArray(10);
       const wrappingKey = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const encString = await encryptService.wrapDecapsulationKey(
-        makeStaticByteArray(64),
-        wrappingKey,
+      await encryptService.wrapDecapsulationKey(decapsulationKey, wrappingKey);
+      expect(PureCrypto.wrap_decapsulation_key).toHaveBeenCalledWith(
+        decapsulationKey,
+        wrappingKey.toEncoded(),
       );
-      expect(encString.encryptionType).toEqual(EncryptionType.AesCbc256_HmacSha256_B64);
-      expect(encString.data).toEqual(Utils.fromBufferToB64(makeStaticByteArray(64, 0)));
     });
     it("fails if decapsulation key is null", async () => {
       const wrappingKey = new SymmetricCryptoKey(makeStaticByteArray(64));
@@ -97,33 +101,17 @@ describe("EncryptService", () => {
         "No wrappingKey provided for wrapping.",
       );
     });
-    it("throws if type 0 key is provided with flag turned on", async () => {
-      (encryptService as any).blockType0 = true;
-      const mock32Key = mock<SymmetricCryptoKey>();
-      mock32Key.inner.mockReturnValue({
-        type: 0,
-        encryptionKey: makeStaticByteArray(32),
-      });
-
-      await expect(
-        encryptService.wrapDecapsulationKey(new Uint8Array(200), mock32Key),
-      ).rejects.toThrow("Type 0 encryption is not supported.");
-    });
   });
 
   describe("wrapEncapsulationKey", () => {
-    it("roundtrip encrypts and decrypts an encapsulationKey key", async () => {
-      cryptoFunctionService.aesEncrypt.mockResolvedValue(makeStaticByteArray(64, 0));
-      cryptoFunctionService.randomBytes.mockResolvedValue(makeStaticByteArray(16) as CsprngArray);
-      cryptoFunctionService.hmac.mockResolvedValue(makeStaticByteArray(32));
-
+    it("is a proxy to PureCrypto", async () => {
+      const encapsulationKey = makeStaticByteArray(10);
       const wrappingKey = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const encString = await encryptService.wrapEncapsulationKey(
-        makeStaticByteArray(64),
-        wrappingKey,
+      await encryptService.wrapEncapsulationKey(encapsulationKey, wrappingKey);
+      expect(PureCrypto.wrap_encapsulation_key).toHaveBeenCalledWith(
+        encapsulationKey,
+        wrappingKey.toEncoded(),
       );
-      expect(encString.encryptionType).toEqual(EncryptionType.AesCbc256_HmacSha256_B64);
-      expect(encString.data).toEqual(Utils.fromBufferToB64(makeStaticByteArray(64, 0)));
     });
     it("fails if encapsulation key is null", async () => {
       const wrappingKey = new SymmetricCryptoKey(makeStaticByteArray(64));
@@ -137,535 +125,152 @@ describe("EncryptService", () => {
         "No wrappingKey provided for wrapping.",
       );
     });
-    it("throws if type 0 key is provided with flag turned on", async () => {
-      (encryptService as any).blockType0 = true;
-      const mock32Key = mock<SymmetricCryptoKey>();
-      mock32Key.inner.mockReturnValue({
-        type: 0,
-        encryptionKey: makeStaticByteArray(32),
-      });
-
-      await expect(
-        encryptService.wrapEncapsulationKey(new Uint8Array(200), mock32Key),
-      ).rejects.toThrow("Type 0 encryption is not supported.");
-    });
-  });
-
-  describe("onServerConfigChange", () => {
-    const newConfig = mock<ServerConfig>();
-
-    afterEach(() => {
-      jest.resetAllMocks();
-    });
-
-    it("updates internal flag with default value when not present in config", () => {
-      encryptService.onServerConfigChange(newConfig);
-
-      expect((encryptService as any).blockType0).toBe(
-        DefaultFeatureFlagValue[FeatureFlag.PM17987_BlockType0],
-      );
-    });
-
-    test.each([true, false])("updates internal flag with value in config", (expectedValue) => {
-      newConfig.featureStates = { [FeatureFlag.PM17987_BlockType0]: expectedValue };
-
-      encryptService.onServerConfigChange(newConfig);
-
-      expect((encryptService as any).blockType0).toBe(expectedValue);
-    });
-  });
-
-  describe("encrypt", () => {
-    it("throws if no key is provided", () => {
-      return expect(encryptService.encrypt(null, null)).rejects.toThrow(
-        "No encryption key provided.",
-      );
-    });
-
-    it("throws if type 0 key is provided with flag turned on", async () => {
-      (encryptService as any).blockType0 = true;
-      const key = new SymmetricCryptoKey(makeStaticByteArray(32));
-      const mock32Key = mock<SymmetricCryptoKey>();
-      mock32Key.inner.mockReturnValue({
-        type: 0,
-        encryptionKey: makeStaticByteArray(32),
-      });
-
-      await expect(encryptService.encrypt(null!, key)).rejects.toThrow(
-        "Type 0 encryption is not supported.",
-      );
-      await expect(encryptService.encrypt(null!, mock32Key)).rejects.toThrow(
-        "Type 0 encryption is not supported.",
-      );
-
-      const plainValue = "data";
-      await expect(encryptService.encrypt(plainValue, key)).rejects.toThrow(
-        "Type 0 encryption is not supported.",
-      );
-      await expect(encryptService.encrypt(plainValue, mock32Key)).rejects.toThrow(
-        "Type 0 encryption is not supported.",
-      );
-    });
-
-    it("returns null if no data is provided with valid key", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const actual = await encryptService.encrypt(null, key);
-      expect(actual).toBeNull();
-    });
-
-    it("creates an EncString for Aes256Cbc", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(32));
-      const plainValue = "data";
-      cryptoFunctionService.aesEncrypt.mockResolvedValue(makeStaticByteArray(4, 100));
-      cryptoFunctionService.randomBytes.mockResolvedValue(makeStaticByteArray(16) as CsprngArray);
-      const result = await encryptService.encrypt(plainValue, key);
-      expect(cryptoFunctionService.aesEncrypt).toHaveBeenCalledWith(
-        Utils.fromByteStringToArray(plainValue),
-        makeStaticByteArray(16),
-        makeStaticByteArray(32),
-      );
-      expect(cryptoFunctionService.hmac).not.toHaveBeenCalled();
-
-      expect(Utils.fromB64ToArray(result.data).length).toEqual(4);
-      expect(Utils.fromB64ToArray(result.iv).length).toEqual(16);
-    });
-
-    it("creates an EncString for Aes256Cbc_HmacSha256_B64", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const plainValue = "data";
-      cryptoFunctionService.hmac.mockResolvedValue(makeStaticByteArray(32));
-      cryptoFunctionService.aesEncrypt.mockResolvedValue(makeStaticByteArray(4, 100));
-      cryptoFunctionService.randomBytes.mockResolvedValue(makeStaticByteArray(16) as CsprngArray);
-      const result = await encryptService.encrypt(plainValue, key);
-      expect(cryptoFunctionService.aesEncrypt).toHaveBeenCalledWith(
-        Utils.fromByteStringToArray(plainValue),
-        makeStaticByteArray(16),
-        makeStaticByteArray(32),
-      );
-
-      const macData = new Uint8Array(16 + 4);
-      macData.set(makeStaticByteArray(16));
-      macData.set(makeStaticByteArray(4, 100), 16);
-      expect(cryptoFunctionService.hmac).toHaveBeenCalledWith(
-        macData,
-        makeStaticByteArray(32, 32),
-        "sha256",
-      );
-
-      expect(Utils.fromB64ToArray(result.data).length).toEqual(4);
-      expect(Utils.fromB64ToArray(result.iv).length).toEqual(16);
-      expect(Utils.fromB64ToArray(result.mac).length).toEqual(32);
-    });
-  });
-
-  describe("encryptToBytes", () => {
-    const plainValue = makeStaticByteArray(16, 1);
-
-    it("throws if no key is provided", () => {
-      return expect(encryptService.encryptToBytes(plainValue, null)).rejects.toThrow(
-        "No encryption key",
-      );
-    });
-
-    it("throws if type 0 key provided with flag turned on", async () => {
-      (encryptService as any).blockType0 = true;
-      const key = new SymmetricCryptoKey(makeStaticByteArray(32));
-      const mock32Key = mock<SymmetricCryptoKey>();
-      mock32Key.inner.mockReturnValue({
-        type: 0,
-        encryptionKey: makeStaticByteArray(32),
-      });
-
-      await expect(encryptService.encryptToBytes(plainValue, key)).rejects.toThrow(
-        "Type 0 encryption is not supported.",
-      );
-
-      await expect(encryptService.encryptToBytes(plainValue, mock32Key)).rejects.toThrow(
-        "Type 0 encryption is not supported.",
-      );
-    });
-
-    it("encrypts data with provided Aes256Cbc key and returns correct encbuffer", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(32, 0));
-      const iv = makeStaticByteArray(16, 80);
-      const cipherText = makeStaticByteArray(20, 150);
-      cryptoFunctionService.randomBytes.mockResolvedValue(iv as CsprngArray);
-      cryptoFunctionService.aesEncrypt.mockResolvedValue(cipherText);
-
-      const actual = await encryptService.encryptToBytes(plainValue, key);
-      const expectedBytes = new Uint8Array(1 + iv.byteLength + cipherText.byteLength);
-      expectedBytes.set([EncryptionType.AesCbc256_B64]);
-      expectedBytes.set(iv, 1);
-      expectedBytes.set(cipherText, 1 + iv.byteLength);
-
-      expect(actual.buffer).toEqualBuffer(expectedBytes);
-    });
-
-    it("encrypts data with provided Aes256Cbc_HmacSha256 key and returns correct encbuffer", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(64, 0));
-      const iv = makeStaticByteArray(16, 80);
-      const mac = makeStaticByteArray(32, 100);
-      const cipherText = makeStaticByteArray(20, 150);
-      cryptoFunctionService.randomBytes.mockResolvedValue(iv as CsprngArray);
-      cryptoFunctionService.aesEncrypt.mockResolvedValue(cipherText);
-      cryptoFunctionService.hmac.mockResolvedValue(mac);
-
-      const actual = await encryptService.encryptToBytes(plainValue, key);
-      const expectedBytes = new Uint8Array(
-        1 + iv.byteLength + mac.byteLength + cipherText.byteLength,
-      );
-      expectedBytes.set([EncryptionType.AesCbc256_HmacSha256_B64]);
-      expectedBytes.set(iv, 1);
-      expectedBytes.set(mac, 1 + iv.byteLength);
-      expectedBytes.set(cipherText, 1 + iv.byteLength + mac.byteLength);
-
-      expect(actual.buffer).toEqualBuffer(expectedBytes);
-    });
-  });
-
-  describe("decryptToBytes", () => {
-    const encType = EncryptionType.AesCbc256_HmacSha256_B64;
-    const key = new SymmetricCryptoKey(makeStaticByteArray(64, 100));
-    const computedMac = new Uint8Array(1);
-    const encBuffer = new EncArrayBuffer(makeStaticByteArray(60, encType));
-
-    beforeEach(() => {
-      cryptoFunctionService.hmac.mockResolvedValue(computedMac);
-    });
-
-    it("throws if no key is provided", () => {
-      return expect(encryptService.decryptToBytes(encBuffer, null)).rejects.toThrow(
-        "No encryption key",
-      );
-    });
-
-    it("throws if no encrypted value is provided", () => {
-      return expect(encryptService.decryptToBytes(null, key)).rejects.toThrow(
-        "Nothing provided for decryption",
-      );
-    });
-
-    it("calls PureCrypto when useSDKForDecryption is true", async () => {
-      (encryptService as any).useSDKForDecryption = true;
-      const decryptedBytes = makeStaticByteArray(10, 200);
-      Object.defineProperty(SdkLoadService, "Ready", {
-        value: Promise.resolve(),
-        configurable: true,
-      });
-      jest.spyOn(PureCrypto, "symmetric_decrypt_array_buffer").mockReturnValue(decryptedBytes);
-
-      const actual = await encryptService.decryptToBytes(encBuffer, key);
-
-      expect(PureCrypto.symmetric_decrypt_array_buffer).toHaveBeenCalledWith(
-        encBuffer.buffer,
-        key.toEncoded(),
-      );
-      expect(actual).toEqualBuffer(decryptedBytes);
-    });
-
-    it("decrypts data with provided key for Aes256CbcHmac", async () => {
-      const decryptedBytes = makeStaticByteArray(10, 200);
-
-      cryptoFunctionService.hmac.mockResolvedValue(makeStaticByteArray(1));
-      cryptoFunctionService.compare.mockResolvedValue(true);
-      cryptoFunctionService.aesDecrypt.mockResolvedValueOnce(decryptedBytes);
-
-      const actual = await encryptService.decryptToBytes(encBuffer, key);
-
-      expect(cryptoFunctionService.aesDecrypt).toBeCalledWith(
-        expect.toEqualBuffer(encBuffer.dataBytes),
-        expect.toEqualBuffer(encBuffer.ivBytes),
-        expect.toEqualBuffer(key.inner().encryptionKey),
-        "cbc",
-      );
-
-      expect(actual).toEqualBuffer(decryptedBytes);
-    });
-
-    it("decrypts data with provided key for Aes256Cbc", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(32, 0));
-      const encBuffer = new EncArrayBuffer(makeStaticByteArray(60, EncryptionType.AesCbc256_B64));
-      const decryptedBytes = makeStaticByteArray(10, 200);
-
-      cryptoFunctionService.hmac.mockResolvedValue(makeStaticByteArray(1));
-      cryptoFunctionService.compare.mockResolvedValue(true);
-      cryptoFunctionService.aesDecrypt.mockResolvedValueOnce(decryptedBytes);
-
-      const actual = await encryptService.decryptToBytes(encBuffer, key);
-
-      expect(cryptoFunctionService.aesDecrypt).toBeCalledWith(
-        expect.toEqualBuffer(encBuffer.dataBytes),
-        expect.toEqualBuffer(encBuffer.ivBytes),
-        expect.toEqualBuffer(key.inner().encryptionKey),
-        "cbc",
-      );
-
-      expect(actual).toEqualBuffer(decryptedBytes);
-    });
-
-    it("compares macs using CryptoFunctionService", async () => {
-      const expectedMacData = new Uint8Array(
-        encBuffer.ivBytes.byteLength + encBuffer.dataBytes.byteLength,
-      );
-      expectedMacData.set(new Uint8Array(encBuffer.ivBytes));
-      expectedMacData.set(new Uint8Array(encBuffer.dataBytes), encBuffer.ivBytes.byteLength);
-
-      await encryptService.decryptToBytes(encBuffer, key);
-
-      expect(cryptoFunctionService.hmac).toBeCalledWith(
-        expect.toEqualBuffer(expectedMacData),
-        (key.inner() as Aes256CbcHmacKey).authenticationKey,
-        "sha256",
-      );
-
-      expect(cryptoFunctionService.compare).toBeCalledWith(
-        expect.toEqualBuffer(encBuffer.macBytes),
-        expect.toEqualBuffer(computedMac),
-      );
-    });
-
-    it("returns null if macs don't match", async () => {
-      cryptoFunctionService.compare.mockResolvedValue(false);
-
-      const actual = await encryptService.decryptToBytes(encBuffer, key);
-      expect(cryptoFunctionService.compare).toHaveBeenCalled();
-      expect(cryptoFunctionService.aesDecrypt).not.toHaveBeenCalled();
-      expect(actual).toBeNull();
-    });
-
-    it("returns null if mac could not be calculated", async () => {
-      cryptoFunctionService.hmac.mockResolvedValue(null);
-
-      const actual = await encryptService.decryptToBytes(encBuffer, key);
-      expect(cryptoFunctionService.hmac).toHaveBeenCalled();
-      expect(cryptoFunctionService.aesDecrypt).not.toHaveBeenCalled();
-      expect(actual).toBeNull();
-    });
-
-    it("returns null if key is Aes256Cbc but encbuffer is Aes256Cbc_HmacSha256", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(32, 0));
-      cryptoFunctionService.compare.mockResolvedValue(true);
-
-      const actual = await encryptService.decryptToBytes(encBuffer, key);
-
-      expect(actual).toBeNull();
-      expect(cryptoFunctionService.aesDecrypt).not.toHaveBeenCalled();
-    });
-
-    it("returns null if key is Aes256Cbc_HmacSha256 but encbuffer is Aes256Cbc", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(64, 0));
-      cryptoFunctionService.compare.mockResolvedValue(true);
-      const buffer = new EncArrayBuffer(makeStaticByteArray(200, EncryptionType.AesCbc256_B64));
-      const actual = await encryptService.decryptToBytes(buffer, key);
-
-      expect(actual).toBeNull();
-      expect(cryptoFunctionService.aesDecrypt).not.toHaveBeenCalled();
-    });
-  });
-
-  describe("decryptToUtf8", () => {
-    it("throws if no key is provided", () => {
-      return expect(encryptService.decryptToUtf8(null, null)).rejects.toThrow(
-        "No key provided for decryption.",
-      );
-    });
-
-    it("calls PureCrypto when useSDKForDecryption is true", async () => {
-      (encryptService as any).useSDKForDecryption = true;
-      const key = new SymmetricCryptoKey(makeStaticByteArray(64, 0));
-      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
-      Object.defineProperty(SdkLoadService, "Ready", {
-        value: Promise.resolve(),
-        configurable: true,
-      });
-      jest.spyOn(PureCrypto, "symmetric_decrypt").mockReturnValue("data");
-
-      const actual = await encryptService.decryptToUtf8(encString, key);
-
-      expect(actual).toEqual("data");
-      expect(PureCrypto.symmetric_decrypt).toHaveBeenCalledWith(
-        encString.encryptedString,
-        key.toEncoded(),
-      );
-    });
-
-    it("decrypts data with provided key for AesCbc256_HmacSha256", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(64, 0));
-      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
-      cryptoFunctionService.aesDecryptFastParameters.mockReturnValue({
-        macData: makeStaticByteArray(32, 0),
-        macKey: makeStaticByteArray(32, 0),
-        mac: makeStaticByteArray(32, 0),
-      } as any);
-      cryptoFunctionService.hmacFast.mockResolvedValue(makeStaticByteArray(32, 0));
-      cryptoFunctionService.compareFast.mockResolvedValue(true);
-      cryptoFunctionService.aesDecryptFast.mockResolvedValue("data");
-
-      const actual = await encryptService.decryptToUtf8(encString, key);
-      expect(actual).toEqual("data");
-      expect(cryptoFunctionService.compareFast).toHaveBeenCalledWith(
-        makeStaticByteArray(32, 0),
-        makeStaticByteArray(32, 0),
-      );
-    });
-
-    it("decrypts data with provided key for AesCbc256", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(32, 0));
-      const encString = new EncString(EncryptionType.AesCbc256_B64, "data");
-      cryptoFunctionService.aesDecryptFastParameters.mockReturnValue({
-        macData: makeStaticByteArray(32, 0),
-        macKey: makeStaticByteArray(32, 0),
-        mac: makeStaticByteArray(32, 0),
-      } as any);
-      cryptoFunctionService.hmacFast.mockResolvedValue(makeStaticByteArray(32, 0));
-      cryptoFunctionService.compareFast.mockResolvedValue(true);
-      cryptoFunctionService.aesDecryptFast.mockResolvedValue("data");
-
-      const actual = await encryptService.decryptToUtf8(encString, key);
-      expect(actual).toEqual("data");
-      expect(cryptoFunctionService.compareFast).not.toHaveBeenCalled();
-    });
-
-    it("returns null if key is AesCbc256_HMAC but encstring is AesCbc256", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(64, 0));
-      const encString = new EncString(EncryptionType.AesCbc256_B64, "data");
-
-      const actual = await encryptService.decryptToUtf8(encString, key);
-      expect(actual).toBeNull();
-      expect(logService.error).toHaveBeenCalled();
-    });
-
-    it("returns null if key is AesCbc256 but encstring is AesCbc256_HMAC", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(32, 0));
-      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
-
-      const actual = await encryptService.decryptToUtf8(encString, key);
-      expect(actual).toBeNull();
-      expect(logService.error).toHaveBeenCalled();
-    });
-
-    it("returns null if macs don't match", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(64, 0));
-      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
-      cryptoFunctionService.aesDecryptFastParameters.mockReturnValue({
-        macData: makeStaticByteArray(32, 0),
-        macKey: makeStaticByteArray(32, 0),
-        mac: makeStaticByteArray(32, 0),
-      } as any);
-      cryptoFunctionService.hmacFast.mockResolvedValue(makeStaticByteArray(32, 0));
-      cryptoFunctionService.compareFast.mockResolvedValue(false);
-      cryptoFunctionService.aesDecryptFast.mockResolvedValue("data");
-
-      const actual = await encryptService.decryptToUtf8(encString, key);
-      expect(actual).toBeNull();
-    });
-  });
-
-  describe("decryptToUtf8", () => {
-    it("throws if no key is provided", () => {
-      return expect(encryptService.decryptToUtf8(null, null)).rejects.toThrow(
-        "No key provided for decryption.",
-      );
-    });
-    it("returns null if key is mac key but encstring has no mac", async () => {
-      const key = new SymmetricCryptoKey(makeStaticByteArray(64, 0));
-      const encString = new EncString(EncryptionType.AesCbc256_B64, "data");
-
-      const actual = await encryptService.decryptToUtf8(encString, key);
-      expect(actual).toBeNull();
-      expect(logService.error).toHaveBeenCalled();
-    });
   });
 
   describe("encryptString", () => {
-    it("is a proxy to encrypt", async () => {
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
       const plainValue = "data";
-      encryptService.encrypt = jest.fn();
-      await encryptService.encryptString(plainValue, key);
-      expect(encryptService.encrypt).toHaveBeenCalledWith(plainValue, key);
+      const result = await encryptService.encryptString(plainValue, key);
+      expect(result).toEqual(new EncString("encrypted_string"));
+      expect(PureCrypto.symmetric_encrypt_string).toHaveBeenCalledWith(plainValue, key.toEncoded());
     });
   });
 
   describe("encryptBytes", () => {
-    it("is a proxy to encrypt", async () => {
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
       const plainValue = makeStaticByteArray(16, 1);
-      encryptService.encrypt = jest.fn();
-      await encryptService.encryptBytes(plainValue, key);
-      expect(encryptService.encrypt).toHaveBeenCalledWith(plainValue, key);
+      const result = await encryptService.encryptBytes(plainValue, key);
+      expect(result).toEqual(new EncString("encrypted_bytes"));
+      expect(PureCrypto.symmetric_encrypt_bytes).toHaveBeenCalledWith(plainValue, key.toEncoded());
     });
   });
 
   describe("encryptFileData", () => {
-    it("is a proxy to encryptToBytes", async () => {
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
       const plainValue = makeStaticByteArray(16, 1);
-      encryptService.encryptToBytes = jest.fn();
-      await encryptService.encryptFileData(plainValue, key);
-      expect(encryptService.encryptToBytes).toHaveBeenCalledWith(plainValue, key);
+      const result = await encryptService.encryptFileData(plainValue, key);
+      expect(result).toEqual(testEncBuffer);
+      expect(PureCrypto.symmetric_encrypt_filedata).toHaveBeenCalledWith(
+        plainValue,
+        key.toEncoded(),
+      );
     });
   });
 
   describe("decryptString", () => {
-    it("is a proxy to decryptToUtf8", async () => {
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const encString = new EncString(EncryptionType.AesCbc256_B64, "data");
-      encryptService.decryptToUtf8 = jest.fn();
-      await encryptService.decryptString(encString, key);
-      expect(encryptService.decryptToUtf8).toHaveBeenCalledWith(encString, key);
+      const encString = new EncString("encrypted_string");
+      const result = await encryptService.decryptString(encString, key);
+      expect(result).toEqual("decrypted_string");
+      expect(PureCrypto.symmetric_decrypt_string).toHaveBeenCalledWith(
+        encString.encryptedString,
+        key.toEncoded(),
+      );
     });
   });
 
   describe("decryptBytes", () => {
-    it("is a proxy to decryptToBytes", async () => {
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const encString = new EncString(EncryptionType.AesCbc256_B64, "data");
-      encryptService.decryptToBytes = jest.fn();
-      await encryptService.decryptBytes(encString, key);
-      expect(encryptService.decryptToBytes).toHaveBeenCalledWith(encString, key);
+      const encString = new EncString("encrypted_bytes");
+      const result = await encryptService.decryptBytes(encString, key);
+      expect(result).toEqual(new Uint8Array(3));
+      expect(PureCrypto.symmetric_decrypt_bytes).toHaveBeenCalledWith(
+        encString.encryptedString,
+        key.toEncoded(),
+      );
     });
   });
 
   describe("decryptFileData", () => {
-    it("is a proxy to decrypt", async () => {
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const encString = new EncArrayBuffer(makeStaticByteArray(60, EncryptionType.AesCbc256_B64));
-      encryptService.decryptToBytes = jest.fn();
-      await encryptService.decryptFileData(encString, key);
-      expect(encryptService.decryptToBytes).toHaveBeenCalledWith(encString, key);
+      const encString = new EncArrayBuffer(testEncBuffer.buffer);
+      const result = await encryptService.decryptFileData(encString, key);
+      expect(result).toEqual(new Uint8Array(1));
+      expect(PureCrypto.symmetric_decrypt_filedata).toHaveBeenCalledWith(
+        encString.buffer,
+        key.toEncoded(),
+      );
     });
   });
 
   describe("unwrapDecapsulationKey", () => {
-    it("is a proxy to decryptBytes", async () => {
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const encString = new EncString(EncryptionType.AesCbc256_B64, "data");
-      encryptService.decryptBytes = jest.fn();
-      await encryptService.unwrapDecapsulationKey(encString, key);
-      expect(encryptService.decryptBytes).toHaveBeenCalledWith(encString, key);
+      const encString = new EncString("wrapped_decapsulation_key");
+      const result = await encryptService.unwrapDecapsulationKey(encString, key);
+      expect(result).toEqual(new Uint8Array(4));
+      expect(PureCrypto.unwrap_decapsulation_key).toHaveBeenCalledWith(
+        encString.encryptedString,
+        key.toEncoded(),
+      );
+    });
+    it("throws if wrappedDecapsulationKey is null", () => {
+      const key = new SymmetricCryptoKey(makeStaticByteArray(64));
+      return expect(encryptService.unwrapDecapsulationKey(null, key)).rejects.toThrow(
+        "No wrappedDecapsulationKey provided for unwrapping.",
+      );
+    });
+    it("throws if wrappingKey is null", () => {
+      const encString = new EncString("wrapped_decapsulation_key");
+      return expect(encryptService.unwrapDecapsulationKey(encString, null)).rejects.toThrow(
+        "No wrappingKey provided for unwrapping.",
+      );
     });
   });
 
   describe("unwrapEncapsulationKey", () => {
-    it("is a proxy to decryptBytes", async () => {
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const encString = new EncString(EncryptionType.AesCbc256_B64, "data");
-      encryptService.decryptBytes = jest.fn();
-      await encryptService.unwrapEncapsulationKey(encString, key);
-      expect(encryptService.decryptBytes).toHaveBeenCalledWith(encString, key);
+      const encString = new EncString("wrapped_encapsulation_key");
+      const result = await encryptService.unwrapEncapsulationKey(encString, key);
+      expect(result).toEqual(new Uint8Array(5));
+      expect(PureCrypto.unwrap_encapsulation_key).toHaveBeenCalledWith(
+        encString.encryptedString,
+        key.toEncoded(),
+      );
+    });
+    it("throws if wrappedEncapsulationKey is null", () => {
+      const key = new SymmetricCryptoKey(makeStaticByteArray(64));
+      return expect(encryptService.unwrapEncapsulationKey(null, key)).rejects.toThrow(
+        "No wrappedEncapsulationKey provided for unwrapping.",
+      );
+    });
+    it("throws if wrappingKey is null", () => {
+      const encString = new EncString("wrapped_encapsulation_key");
+      return expect(encryptService.unwrapEncapsulationKey(encString, null)).rejects.toThrow(
+        "No wrappingKey provided for unwrapping.",
+      );
     });
   });
 
   describe("unwrapSymmetricKey", () => {
-    it("is a proxy to decryptBytes", async () => {
+    it("is a proxy to PureCrypto", async () => {
       const key = new SymmetricCryptoKey(makeStaticByteArray(64));
-      const encString = new EncString(EncryptionType.AesCbc256_B64, "data");
-      const jestFn = jest.fn();
-      jestFn.mockResolvedValue(new Uint8Array(64));
-      encryptService.decryptBytes = jestFn;
-      await encryptService.unwrapSymmetricKey(encString, key);
-      expect(encryptService.decryptBytes).toHaveBeenCalledWith(encString, key);
+      const encString = new EncString("wrapped_symmetric_key");
+      const result = await encryptService.unwrapSymmetricKey(encString, key);
+      expect(result).toEqual(new SymmetricCryptoKey(new Uint8Array(64)));
+      expect(PureCrypto.unwrap_symmetric_key).toHaveBeenCalledWith(
+        encString.encryptedString,
+        key.toEncoded(),
+      );
+    });
+    it("throws if keyToBeUnwrapped is null", () => {
+      const key = new SymmetricCryptoKey(makeStaticByteArray(64));
+      return expect(encryptService.unwrapSymmetricKey(null, key)).rejects.toThrow(
+        "No keyToBeUnwrapped provided for unwrapping.",
+      );
+    });
+    it("throws if wrappingKey is null", () => {
+      const encString = new EncString("wrapped_symmetric_key");
+      return expect(encryptService.unwrapSymmetricKey(encString, null)).rejects.toThrow(
+        "No wrappingKey provided for unwrapping.",
+      );
     });
   });
 
@@ -690,23 +295,13 @@ describe("EncryptService", () => {
 
       it("throws if no public key is provided", () => {
         return expect(encryptService.encapsulateKeyUnsigned(testKey, null)).rejects.toThrow(
-          "No public key",
+          "No encapsulationKey provided for encapsulation",
         );
       });
 
       it("encrypts data with provided key", async () => {
-        cryptoFunctionService.rsaEncrypt.mockResolvedValue(encryptedData);
-
         const actual = await encryptService.encapsulateKeyUnsigned(testKey, publicKey);
-
-        expect(cryptoFunctionService.rsaEncrypt).toBeCalledWith(
-          expect.toEqualBuffer(testKey.toEncoded()),
-          expect.toEqualBuffer(publicKey),
-          "sha1",
-        );
-
-        expect(actual).toEqual(encString);
-        expect(actual.dataBytes).toEqualBuffer(encryptedData);
+        expect(actual).toEqual(new EncString("encapsulated_key_unsigned"));
       });
 
       it("throws if no data was provided", () => {
@@ -719,39 +314,19 @@ describe("EncryptService", () => {
     describe("decapsulateKeyUnsigned", () => {
       it("throws if no data is provided", () => {
         return expect(encryptService.decapsulateKeyUnsigned(null, privateKey)).rejects.toThrow(
-          "No data",
+          "No encryptedSharedKey provided for decapsulation",
         );
       });
 
       it("throws if no private key is provided", () => {
         return expect(encryptService.decapsulateKeyUnsigned(encString, null)).rejects.toThrow(
-          "No private key",
+          "No decapsulationKey provided for decapsulation",
         );
       });
 
-      it.each([EncryptionType.AesCbc256_B64, EncryptionType.AesCbc256_HmacSha256_B64])(
-        "throws if encryption type is %s",
-        async (encType) => {
-          encString.encryptionType = encType;
-
-          await expect(
-            encryptService.decapsulateKeyUnsigned(encString, privateKey),
-          ).rejects.toThrow("Invalid encryption type");
-        },
-      );
-
       it("decrypts data with provided key", async () => {
-        cryptoFunctionService.rsaDecrypt.mockResolvedValue(data);
-
         const actual = await encryptService.decapsulateKeyUnsigned(makeEncString(data), privateKey);
-
-        expect(cryptoFunctionService.rsaDecrypt).toBeCalledWith(
-          expect.toEqualBuffer(data),
-          expect.toEqualBuffer(privateKey),
-          "sha1",
-        );
-
-        expect(actual.toEncoded()).toEqualBuffer(data);
+        expect(actual.toEncoded()).toEqualBuffer(new Uint8Array(64));
       });
     });
   });
diff --git a/libs/common/src/key-management/crypto/services/fallback-bulk-encrypt.service.spec.ts b/libs/common/src/key-management/crypto/services/fallback-bulk-encrypt.service.spec.ts
deleted file mode 100644
index c016724e652..00000000000
--- a/libs/common/src/key-management/crypto/services/fallback-bulk-encrypt.service.spec.ts
+++ /dev/null
@@ -1,97 +0,0 @@
-import { mock } from "jest-mock-extended";
-
-import { ServerConfig } from "../../../platform/abstractions/config/server-config";
-import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
-import { BulkEncryptService } from "../abstractions/bulk-encrypt.service";
-import { EncryptService } from "../abstractions/encrypt.service";
-
-import { FallbackBulkEncryptService } from "./fallback-bulk-encrypt.service";
-
-describe("FallbackBulkEncryptService", () => {
-  const encryptService = mock<EncryptService>();
-  const featureFlagEncryptService = mock<BulkEncryptService>();
-  const serverConfig = mock<ServerConfig>();
-
-  let sut: FallbackBulkEncryptService;
-
-  beforeEach(() => {
-    sut = new FallbackBulkEncryptService(encryptService);
-  });
-
-  afterEach(() => {
-    jest.resetAllMocks();
-  });
-
-  describe("decryptItems", () => {
-    const key = mock<SymmetricCryptoKey>();
-    const mockItems = [{ id: "guid", name: "encryptedValue" }] as any[];
-    const mockDecryptedItems = [{ id: "guid", name: "decryptedValue" }] as any[];
-
-    it("calls decryptItems on featureFlagEncryptService when it is set", async () => {
-      featureFlagEncryptService.decryptItems.mockResolvedValue(mockDecryptedItems);
-      await sut.setFeatureFlagEncryptService(featureFlagEncryptService);
-
-      const result = await sut.decryptItems(mockItems, key);
-
-      expect(featureFlagEncryptService.decryptItems).toHaveBeenCalledWith(mockItems, key);
-      expect(encryptService.decryptItems).not.toHaveBeenCalled();
-      expect(result).toEqual(mockDecryptedItems);
-    });
-
-    it("calls decryptItems on encryptService when featureFlagEncryptService is not set", async () => {
-      encryptService.decryptItems.mockResolvedValue(mockDecryptedItems);
-
-      const result = await sut.decryptItems(mockItems, key);
-
-      expect(encryptService.decryptItems).toHaveBeenCalledWith(mockItems, key);
-      expect(result).toEqual(mockDecryptedItems);
-    });
-  });
-
-  describe("setFeatureFlagEncryptService", () => {
-    it("sets the featureFlagEncryptService property", async () => {
-      await sut.setFeatureFlagEncryptService(featureFlagEncryptService);
-
-      expect((sut as any).featureFlagEncryptService).toBe(featureFlagEncryptService);
-    });
-
-    it("does not call onServerConfigChange when currentServerConfig is undefined", async () => {
-      await sut.setFeatureFlagEncryptService(featureFlagEncryptService);
-
-      expect(featureFlagEncryptService.onServerConfigChange).not.toHaveBeenCalled();
-      expect((sut as any).featureFlagEncryptService).toBe(featureFlagEncryptService);
-    });
-
-    it("calls onServerConfigChange with currentServerConfig when it is defined", async () => {
-      sut.onServerConfigChange(serverConfig);
-
-      await sut.setFeatureFlagEncryptService(featureFlagEncryptService);
-
-      expect(featureFlagEncryptService.onServerConfigChange).toHaveBeenCalledWith(serverConfig);
-      expect((sut as any).featureFlagEncryptService).toBe(featureFlagEncryptService);
-    });
-  });
-
-  describe("onServerConfigChange", () => {
-    it("updates internal currentServerConfig to new config", async () => {
-      sut.onServerConfigChange(serverConfig);
-
-      expect((sut as any).currentServerConfig).toBe(serverConfig);
-    });
-
-    it("calls onServerConfigChange on featureFlagEncryptService when it is set", async () => {
-      await sut.setFeatureFlagEncryptService(featureFlagEncryptService);
-
-      sut.onServerConfigChange(serverConfig);
-
-      expect(featureFlagEncryptService.onServerConfigChange).toHaveBeenCalledWith(serverConfig);
-      expect(encryptService.onServerConfigChange).not.toHaveBeenCalled();
-    });
-
-    it("calls onServerConfigChange on encryptService when featureFlagEncryptService is not set", () => {
-      sut.onServerConfigChange(serverConfig);
-
-      expect(encryptService.onServerConfigChange).toHaveBeenCalledWith(serverConfig);
-    });
-  });
-});
diff --git a/libs/common/src/key-management/crypto/services/fallback-bulk-encrypt.service.ts b/libs/common/src/key-management/crypto/services/fallback-bulk-encrypt.service.ts
index 7eefa896e6a..0a05bff4422 100644
--- a/libs/common/src/key-management/crypto/services/fallback-bulk-encrypt.service.ts
+++ b/libs/common/src/key-management/crypto/services/fallback-bulk-encrypt.service.ts
@@ -9,7 +9,7 @@ import { ServerConfig } from "../../../platform/abstractions/config/server-confi
 import { EncryptService } from "../abstractions/encrypt.service";
 
 /**
- * @deprecated For the feature flag from PM-4154, remove once feature is rolled out
+ * @deprecated Will be deleted in an immediate subsequent PR
  */
 export class FallbackBulkEncryptService implements BulkEncryptService {
   private featureFlagEncryptService: BulkEncryptService;
@@ -25,22 +25,10 @@ export class FallbackBulkEncryptService implements BulkEncryptService {
     items: Decryptable<T>[],
     key: SymmetricCryptoKey,
   ): Promise<T[]> {
-    if (this.featureFlagEncryptService != null) {
-      return await this.featureFlagEncryptService.decryptItems(items, key);
-    } else {
-      return await this.encryptService.decryptItems(items, key);
-    }
+    return await this.encryptService.decryptItems(items, key);
   }
 
-  async setFeatureFlagEncryptService(featureFlagEncryptService: BulkEncryptService) {
-    if (this.currentServerConfig !== undefined) {
-      featureFlagEncryptService.onServerConfigChange(this.currentServerConfig);
-    }
-    this.featureFlagEncryptService = featureFlagEncryptService;
-  }
+  async setFeatureFlagEncryptService(featureFlagEncryptService: BulkEncryptService) {}
 
-  onServerConfigChange(newConfig: ServerConfig): void {
-    this.currentServerConfig = newConfig;
-    (this.featureFlagEncryptService ?? this.encryptService).onServerConfigChange(newConfig);
-  }
+  onServerConfigChange(newConfig: ServerConfig): void {}
 }
diff --git a/libs/common/src/key-management/crypto/services/multithread-encrypt.service.implementation.spec.ts b/libs/common/src/key-management/crypto/services/multithread-encrypt.service.implementation.spec.ts
deleted file mode 100644
index bb966c32507..00000000000
--- a/libs/common/src/key-management/crypto/services/multithread-encrypt.service.implementation.spec.ts
+++ /dev/null
@@ -1,123 +0,0 @@
-import { mock } from "jest-mock-extended";
-import * as rxjs from "rxjs";
-
-import { ServerConfig } from "../../../platform/abstractions/config/server-config";
-import { LogService } from "../../../platform/abstractions/log.service";
-import { Decryptable } from "../../../platform/interfaces/decryptable.interface";
-import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
-import { CryptoFunctionService } from "../abstractions/crypto-function.service";
-import { buildSetConfigMessage } from "../types/worker-command.type";
-
-import { EncryptServiceImplementation } from "./encrypt.service.implementation";
-import { MultithreadEncryptServiceImplementation } from "./multithread-encrypt.service.implementation";
-
-describe("MultithreadEncryptServiceImplementation", () => {
-  const cryptoFunctionService = mock<CryptoFunctionService>();
-  const logService = mock<LogService>();
-  const serverConfig = mock<ServerConfig>();
-
-  let sut: MultithreadEncryptServiceImplementation;
-
-  beforeEach(() => {
-    sut = new MultithreadEncryptServiceImplementation(cryptoFunctionService, logService, true);
-  });
-
-  afterEach(() => {
-    jest.resetAllMocks();
-  });
-
-  describe("decryptItems", () => {
-    const key = mock<SymmetricCryptoKey>();
-    const mockWorker = mock<Worker>();
-
-    beforeEach(() => {
-      // Mock creating a worker.
-      global.Worker = jest.fn().mockImplementation(() => mockWorker);
-      global.URL = jest.fn().mockImplementation(() => "url") as unknown as typeof URL;
-      global.URL.createObjectURL = jest.fn().mockReturnValue("blob:url");
-      global.URL.revokeObjectURL = jest.fn();
-      global.URL.canParse = jest.fn().mockReturnValue(true);
-
-      // Mock the workers returned response.
-      const mockMessageEvent = {
-        id: "mock-guid",
-        data: ["decrypted1", "decrypted2"],
-      };
-      const mockMessageEvent$ = rxjs.from([mockMessageEvent]);
-      jest.spyOn(rxjs, "fromEvent").mockReturnValue(mockMessageEvent$);
-    });
-
-    it("returns empty array if items is null", async () => {
-      const items = null as unknown as Decryptable<any>[];
-      const result = await sut.decryptItems(items, key);
-      expect(result).toEqual([]);
-    });
-
-    it("returns empty array if items is empty", async () => {
-      const result = await sut.decryptItems([], key);
-      expect(result).toEqual([]);
-    });
-
-    it("creates worker if none exists", async () => {
-      // Make sure currentServerConfig is undefined so a SetConfigMessage is not sent.
-      (sut as any).currentServerConfig = undefined;
-
-      await sut.decryptItems([mock<Decryptable<any>>(), mock<Decryptable<any>>()], key);
-
-      expect(global.Worker).toHaveBeenCalled();
-      expect(mockWorker.postMessage).toHaveBeenCalledTimes(1);
-      expect(mockWorker.postMessage).not.toHaveBeenCalledWith(
-        buildSetConfigMessage({ newConfig: serverConfig }),
-      );
-    });
-
-    it("sends a SetConfigMessage to the new worker when there is a current server config", async () => {
-      // Populate currentServerConfig so a SetConfigMessage is sent.
-      (sut as any).currentServerConfig = serverConfig;
-
-      await sut.decryptItems([mock<Decryptable<any>>(), mock<Decryptable<any>>()], key);
-
-      expect(global.Worker).toHaveBeenCalled();
-      expect(mockWorker.postMessage).toHaveBeenCalledTimes(2);
-      expect(mockWorker.postMessage).toHaveBeenCalledWith(
-        buildSetConfigMessage({ newConfig: serverConfig }),
-      );
-    });
-
-    it("does not create worker if one exists", async () => {
-      (sut as any).currentServerConfig = serverConfig;
-      (sut as any).worker = mockWorker;
-
-      await sut.decryptItems([mock<Decryptable<any>>(), mock<Decryptable<any>>()], key);
-
-      expect(global.Worker).not.toHaveBeenCalled();
-      expect(mockWorker.postMessage).toHaveBeenCalledTimes(1);
-      expect(mockWorker.postMessage).not.toHaveBeenCalledWith(
-        buildSetConfigMessage({ newConfig: serverConfig }),
-      );
-    });
-  });
-
-  describe("onServerConfigChange", () => {
-    it("updates internal currentServerConfig to new config and calls super", () => {
-      const superSpy = jest.spyOn(EncryptServiceImplementation.prototype, "onServerConfigChange");
-
-      sut.onServerConfigChange(serverConfig);
-
-      expect(superSpy).toHaveBeenCalledWith(serverConfig);
-      expect((sut as any).currentServerConfig).toBe(serverConfig);
-    });
-
-    it("sends config update to worker if worker exists", () => {
-      const mockWorker = mock<Worker>();
-      (sut as any).worker = mockWorker;
-
-      sut.onServerConfigChange(serverConfig);
-
-      expect(mockWorker.postMessage).toHaveBeenCalledTimes(1);
-      expect(mockWorker.postMessage).toHaveBeenCalledWith(
-        buildSetConfigMessage({ newConfig: serverConfig }),
-      );
-    });
-  });
-});
diff --git a/libs/common/src/key-management/crypto/services/multithread-encrypt.service.implementation.ts b/libs/common/src/key-management/crypto/services/multithread-encrypt.service.implementation.ts
index a3a663f72a9..ab65074af3b 100644
--- a/libs/common/src/key-management/crypto/services/multithread-encrypt.service.implementation.ts
+++ b/libs/common/src/key-management/crypto/services/multithread-encrypt.service.implementation.ts
@@ -1,31 +1,16 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
-import { defaultIfEmpty, filter, firstValueFrom, fromEvent, map, Subject, takeUntil } from "rxjs";
-import { Jsonify } from "type-fest";
-
 import { Decryptable } from "@bitwarden/common/platform/interfaces/decryptable.interface";
 import { InitializerMetadata } from "@bitwarden/common/platform/interfaces/initializer-metadata.interface";
-import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
-import { getClassInitializer } from "@bitwarden/common/platform/services/cryptography/get-class-initializer";
 
 import { ServerConfig } from "../../../platform/abstractions/config/server-config";
-import { buildDecryptMessage, buildSetConfigMessage } from "../types/worker-command.type";
 
 import { EncryptServiceImplementation } from "./encrypt.service.implementation";
 
-// TTL (time to live) is not strictly required but avoids tying up memory resources if inactive
-const workerTTL = 3 * 60000; // 3 minutes
-
 /**
- * @deprecated Replaced by BulkEncryptionService (PM-4154)
+ * @deprecated Will be deleted in an immediate subsequent PR
  */
 export class MultithreadEncryptServiceImplementation extends EncryptServiceImplementation {
-  private worker: Worker;
-  private timeout: any;
-  private currentServerConfig: ServerConfig | undefined = undefined;
-
-  private clear$ = new Subject<void>();
+  protected useSDKForDecryption: boolean = true;
 
   /**
    * Sends items to a web worker to decrypt them.
@@ -35,84 +20,8 @@ export class MultithreadEncryptServiceImplementation extends EncryptServiceImple
     items: Decryptable<T>[],
     key: SymmetricCryptoKey,
   ): Promise<T[]> {
-    if (items == null || items.length < 1) {
-      return [];
-    }
-
-    if (this.useSDKForDecryption) {
-      return await super.decryptItems(items, key);
-    }
-
-    this.logService.info("Starting decryption using multithreading");
-
-    if (this.worker == null) {
-      this.worker = new Worker(
-        new URL(
-          /* webpackChunkName: 'encrypt-worker' */
-          "@bitwarden/common/key-management/crypto/services/encrypt.worker.ts",
-          import.meta.url,
-        ),
-      );
-      if (this.currentServerConfig !== undefined) {
-        this.updateWorkerServerConfig(this.currentServerConfig);
-      }
-    }
-
-    this.restartTimeout();
-
-    const id = Utils.newGuid();
-    const request = buildDecryptMessage({
-      id,
-      items: items,
-      key: key,
-    });
-
-    this.worker.postMessage(request);
-
-    return await firstValueFrom(
-      fromEvent(this.worker, "message").pipe(
-        filter((response: MessageEvent) => response.data?.id === id),
-        map((response) => JSON.parse(response.data.items)),
-        map((items) =>
-          items.map((jsonItem: Jsonify<T>) => {
-            const initializer = getClassInitializer<T>(jsonItem.initializerKey);
-            return initializer(jsonItem);
-          }),
-        ),
-        takeUntil(this.clear$),
-        defaultIfEmpty([]),
-      ),
-    );
+    return await super.decryptItems(items, key);
   }
 
-  override onServerConfigChange(newConfig: ServerConfig): void {
-    this.currentServerConfig = newConfig;
-    super.onServerConfigChange(newConfig);
-    this.updateWorkerServerConfig(newConfig);
-  }
-
-  private updateWorkerServerConfig(newConfig: ServerConfig) {
-    if (this.worker != null) {
-      const request = buildSetConfigMessage({ newConfig });
-      this.worker.postMessage(request);
-    }
-  }
-
-  private clear() {
-    this.clear$.next();
-    this.worker?.terminate();
-    this.worker = null;
-    this.clearTimeout();
-  }
-
-  private restartTimeout() {
-    this.clearTimeout();
-    this.timeout = setTimeout(() => this.clear(), workerTTL);
-  }
-
-  private clearTimeout() {
-    if (this.timeout != null) {
-      clearTimeout(this.timeout);
-    }
-  }
+  override onServerConfigChange(newConfig: ServerConfig): void {}
 }
diff --git a/libs/common/src/key-management/crypto/services/web-crypto-function.service.spec.ts b/libs/common/src/key-management/crypto/services/web-crypto-function.service.spec.ts
index 0037ba3391d..ae968fc6844 100644
--- a/libs/common/src/key-management/crypto/services/web-crypto-function.service.spec.ts
+++ b/libs/common/src/key-management/crypto/services/web-crypto-function.service.spec.ts
@@ -233,48 +233,6 @@ describe("WebCrypto Function Service", () => {
     });
   });
 
-  describe("aesEncrypt CBC mode", () => {
-    it("should successfully encrypt data", async () => {
-      const cryptoFunctionService = getWebCryptoFunctionService();
-      const iv = makeStaticByteArray(16);
-      const key = makeStaticByteArray(32);
-      const data = Utils.fromUtf8ToArray("EncryptMe!");
-      const encValue = await cryptoFunctionService.aesEncrypt(data, iv, key);
-      expect(Utils.fromBufferToB64(encValue)).toBe("ByUF8vhyX4ddU9gcooznwA==");
-    });
-
-    it("should successfully encrypt and then decrypt data fast", async () => {
-      const cryptoFunctionService = getWebCryptoFunctionService();
-      const iv = makeStaticByteArray(16);
-      const key = makeStaticByteArray(32);
-      const value = "EncryptMe!";
-      const data = Utils.fromUtf8ToArray(value);
-      const encValue = await cryptoFunctionService.aesEncrypt(data, iv, key);
-      const encData = Utils.fromBufferToB64(encValue);
-      const b64Iv = Utils.fromBufferToB64(iv);
-      const symKey = new SymmetricCryptoKey(key);
-      const parameters = cryptoFunctionService.aesDecryptFastParameters(
-        encData,
-        b64Iv,
-        null,
-        symKey,
-      );
-      const decValue = await cryptoFunctionService.aesDecryptFast({ mode: "cbc", parameters });
-      expect(decValue).toBe(value);
-    });
-
-    it("should successfully encrypt and then decrypt data", async () => {
-      const cryptoFunctionService = getWebCryptoFunctionService();
-      const iv = makeStaticByteArray(16);
-      const key = makeStaticByteArray(32);
-      const value = "EncryptMe!";
-      const data = Utils.fromUtf8ToArray(value);
-      const encValue = new Uint8Array(await cryptoFunctionService.aesEncrypt(data, iv, key));
-      const decValue = await cryptoFunctionService.aesDecrypt(encValue, iv, key, "cbc");
-      expect(Utils.fromBufferToUtf8(decValue)).toBe(value);
-    });
-  });
-
   describe("aesDecryptFast CBC mode", () => {
     it("should successfully decrypt data", async () => {
       const cryptoFunctionService = getWebCryptoFunctionService();
diff --git a/libs/common/src/key-management/crypto/services/web-crypto-function.service.ts b/libs/common/src/key-management/crypto/services/web-crypto-function.service.ts
index 32cbd58dde2..80a2a31dea6 100644
--- a/libs/common/src/key-management/crypto/services/web-crypto-function.service.ts
+++ b/libs/common/src/key-management/crypto/services/web-crypto-function.service.ts
@@ -204,14 +204,6 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
     return equals;
   }
 
-  async aesEncrypt(data: Uint8Array, iv: Uint8Array, key: Uint8Array): Promise<Uint8Array> {
-    const impKey = await this.subtle.importKey("raw", key, { name: "AES-CBC" } as any, false, [
-      "encrypt",
-    ]);
-    const buffer = await this.subtle.encrypt({ name: "AES-CBC", iv: iv }, impKey, data);
-    return new Uint8Array(buffer);
-  }
-
   aesDecryptFastParameters(
     data: string,
     iv: string,
diff --git a/libs/common/src/platform/services/sdk/default-sdk.service.ts b/libs/common/src/platform/services/sdk/default-sdk.service.ts
index 1dfdfd207c0..c12fbe2dbb2 100644
--- a/libs/common/src/platform/services/sdk/default-sdk.service.ts
+++ b/libs/common/src/platform/services/sdk/default-sdk.service.ts
@@ -228,6 +228,7 @@ export class DefaultSdkService implements SdkService {
             },
       privateKey,
       signingKey: undefined,
+      securityState: undefined,
     });
 
     // We initialize the org crypto even if the org_keys are
diff --git a/libs/common/src/tools/send/services/send.service.ts b/libs/common/src/tools/send/services/send.service.ts
index 97470b23697..57463b3b42b 100644
--- a/libs/common/src/tools/send/services/send.service.ts
+++ b/libs/common/src/tools/send/services/send.service.ts
@@ -89,10 +89,13 @@ export class SendService implements InternalSendServiceAbstraction {
     }
     // Key is not a SymmetricCryptoKey, but key material used to derive the cryptoKey
     send.key = await this.encryptService.encryptBytes(model.key, userKey);
+    // FIXME: model.name can be null. encryptString should not be called with null values.
     send.name = await this.encryptService.encryptString(model.name, model.cryptoKey);
+    // FIXME: model.notes can be null. encryptString should not be called with null values.
     send.notes = await this.encryptService.encryptString(model.notes, model.cryptoKey);
     if (send.type === SendType.Text) {
       send.text = new SendText();
+      // FIXME: model.text.text can be null. encryptString should not be called with null values.
       send.text.text = await this.encryptService.encryptString(model.text.text, model.cryptoKey);
       send.text.hidden = model.text.hidden;
     } else if (send.type === SendType.File) {
diff --git a/libs/common/src/vault/abstractions/cipher-encryption.service.ts b/libs/common/src/vault/abstractions/cipher-encryption.service.ts
index 6b2a8e8943e..067c63b2110 100644
--- a/libs/common/src/vault/abstractions/cipher-encryption.service.ts
+++ b/libs/common/src/vault/abstractions/cipher-encryption.service.ts
@@ -1,6 +1,7 @@
+import { EncryptionContext } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherListView } from "@bitwarden/sdk-internal";
 
-import { UserId } from "../../types/guid";
+import { UserId, OrganizationId } from "../../types/guid";
 import { Cipher } from "../models/domain/cipher";
 import { AttachmentView } from "../models/view/attachment.view";
 import { CipherView } from "../models/view/cipher.view";
@@ -9,6 +10,28 @@ import { CipherView } from "../models/view/cipher.view";
  * Service responsible for encrypting and decrypting ciphers.
  */
 export abstract class CipherEncryptionService {
+  /**
+   * Encrypts a cipher using the SDK for the given userId.
+   * @param model The cipher view to encrypt
+   * @param userId The user ID to initialize the SDK client with
+   *
+   * @returns A promise that resolves to the encryption context, or undefined if encryption fails
+   */
+  abstract encrypt(model: CipherView, userId: UserId): Promise<EncryptionContext | undefined>;
+
+  /**
+   * Move the cipher to the specified organization by re-encrypting its keys with the organization's key.
+   * The cipher.organizationId will be updated to the new organizationId.
+   * @param model The cipher view to move to the organization
+   * @param organizationId The ID of the organization to move the cipher to
+   * @param userId The user ID to initialize the SDK client with
+   */
+  abstract moveToOrganization(
+    model: CipherView,
+    organizationId: OrganizationId,
+    userId: UserId,
+  ): Promise<EncryptionContext | undefined>;
+
   /**
    * Decrypts a cipher using the SDK for the given userId.
    *
diff --git a/libs/common/src/vault/abstractions/cipher.service.ts b/libs/common/src/vault/abstractions/cipher.service.ts
index d1d686a66af..2f186369463 100644
--- a/libs/common/src/vault/abstractions/cipher.service.ts
+++ b/libs/common/src/vault/abstractions/cipher.service.ts
@@ -120,11 +120,21 @@ export abstract class CipherService implements UserKeyRotationDataProvider<Ciphe
     orgAdmin?: boolean,
     isNotClone?: boolean,
   ): Promise<Cipher>;
+
+  /**
+   * Move a cipher to an organization by re-encrypting its keys with the organization's key.
+   * @param cipher The cipher to move
+   * @param organizationId The Id of the organization to move the cipher to
+   * @param collectionIds The collection Ids to assign the cipher to in the organization
+   * @param userId The Id of the user performing the operation
+   * @param originalCipher Optional original cipher that will be used to compare/update password history
+   */
   abstract shareWithServer(
     cipher: CipherView,
     organizationId: string,
     collectionIds: string[],
     userId: UserId,
+    originalCipher?: Cipher,
   ): Promise<Cipher>;
   abstract shareManyWithServer(
     ciphers: CipherView[],
diff --git a/libs/common/src/vault/models/api/cipher-permissions.api.ts b/libs/common/src/vault/models/api/cipher-permissions.api.ts
index b7341d39b1d..f9b62c4fc8d 100644
--- a/libs/common/src/vault/models/api/cipher-permissions.api.ts
+++ b/libs/common/src/vault/models/api/cipher-permissions.api.ts
@@ -4,7 +4,7 @@ import { CipherPermissions as SdkCipherPermissions } from "@bitwarden/sdk-intern
 
 import { BaseResponse } from "../../../models/response/base.response";
 
-export class CipherPermissionsApi extends BaseResponse {
+export class CipherPermissionsApi extends BaseResponse implements SdkCipherPermissions {
   delete: boolean = false;
   restore: boolean = false;
 
@@ -35,4 +35,11 @@ export class CipherPermissionsApi extends BaseResponse {
 
     return permissions;
   }
+
+  /**
+   * Converts the CipherPermissionsApi to an SdkCipherPermissions
+   */
+  toSdkCipherPermissions(): SdkCipherPermissions {
+    return this;
+  }
 }
diff --git a/libs/common/src/vault/models/data/local.data.ts b/libs/common/src/vault/models/data/local.data.ts
index 9ba820a58a2..50a24feba6f 100644
--- a/libs/common/src/vault/models/data/local.data.ts
+++ b/libs/common/src/vault/models/data/local.data.ts
@@ -1,4 +1,45 @@
+import {
+  LocalDataView as SdkLocalDataView,
+  LocalData as SdkLocalData,
+} from "@bitwarden/sdk-internal";
+
 export type LocalData = {
   lastUsedDate?: number;
   lastLaunched?: number;
 };
+
+/**
+ * Convert the SdkLocalDataView to LocalData
+ * @param localData
+ */
+export function fromSdkLocalData(
+  localData: SdkLocalDataView | SdkLocalData | undefined,
+): LocalData | undefined {
+  if (localData == null) {
+    return undefined;
+  }
+  return {
+    lastUsedDate: localData.lastUsedDate ? new Date(localData.lastUsedDate).getTime() : undefined,
+    lastLaunched: localData.lastLaunched ? new Date(localData.lastLaunched).getTime() : undefined,
+  };
+}
+
+/**
+ * Convert the LocalData to SdkLocalData
+ * @param localData
+ */
+export function toSdkLocalData(
+  localData: LocalData | undefined,
+): (SdkLocalDataView & SdkLocalData) | undefined {
+  if (localData == null) {
+    return undefined;
+  }
+  return {
+    lastUsedDate: localData.lastUsedDate
+      ? new Date(localData.lastUsedDate).toISOString()
+      : undefined,
+    lastLaunched: localData.lastLaunched
+      ? new Date(localData.lastLaunched).toISOString()
+      : undefined,
+  };
+}
diff --git a/libs/common/src/vault/models/domain/attachment.spec.ts b/libs/common/src/vault/models/domain/attachment.spec.ts
index d2b536b0590..2ea2c3d9a1d 100644
--- a/libs/common/src/vault/models/domain/attachment.spec.ts
+++ b/libs/common/src/vault/models/domain/attachment.spec.ts
@@ -93,6 +93,7 @@ describe("Attachment", () => {
         sizeName: "1.1 KB",
         fileName: "fileName",
         key: expect.any(SymmetricCryptoKey),
+        encryptedKey: attachment.key,
       });
     });
 
diff --git a/libs/common/src/vault/models/domain/attachment.ts b/libs/common/src/vault/models/domain/attachment.ts
index abfebffb2e6..638f354c4b8 100644
--- a/libs/common/src/vault/models/domain/attachment.ts
+++ b/libs/common/src/vault/models/domain/attachment.ts
@@ -56,6 +56,7 @@ export class Attachment extends Domain {
 
     if (this.key != null) {
       view.key = await this.decryptAttachmentKey(orgId, encKey);
+      view.encryptedKey = this.key; // Keep the encrypted key for the view
     }
 
     return view;
@@ -131,4 +132,24 @@ export class Attachment extends Domain {
       key: this.key?.toJSON(),
     };
   }
+
+  /**
+   * Maps an SDK Attachment object to an Attachment
+   * @param obj - The SDK attachment object
+   */
+  static fromSdkAttachment(obj: SdkAttachment): Attachment | undefined {
+    if (!obj) {
+      return undefined;
+    }
+
+    const attachment = new Attachment();
+    attachment.id = obj.id;
+    attachment.url = obj.url;
+    attachment.size = obj.size;
+    attachment.sizeName = obj.sizeName;
+    attachment.fileName = EncString.fromJSON(obj.fileName);
+    attachment.key = EncString.fromJSON(obj.key);
+
+    return attachment;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/card.ts b/libs/common/src/vault/models/domain/card.ts
index c78f9dfb719..688053ae93c 100644
--- a/libs/common/src/vault/models/domain/card.ts
+++ b/libs/common/src/vault/models/domain/card.ts
@@ -103,4 +103,24 @@ export class Card extends Domain {
       code: this.code?.toJSON(),
     };
   }
+
+  /**
+   * Maps an SDK Card object to a Card
+   * @param obj - The SDK Card object
+   */
+  static fromSdkCard(obj: SdkCard): Card | undefined {
+    if (obj == null) {
+      return undefined;
+    }
+
+    const card = new Card();
+    card.cardholderName = EncString.fromJSON(obj.cardholderName);
+    card.brand = EncString.fromJSON(obj.brand);
+    card.number = EncString.fromJSON(obj.number);
+    card.expMonth = EncString.fromJSON(obj.expMonth);
+    card.expYear = EncString.fromJSON(obj.expYear);
+    card.code = EncString.fromJSON(obj.code);
+
+    return card;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/cipher.spec.ts b/libs/common/src/vault/models/domain/cipher.spec.ts
index 3ea8916a10b..60fff8b510e 100644
--- a/libs/common/src/vault/models/domain/cipher.spec.ts
+++ b/libs/common/src/vault/models/domain/cipher.spec.ts
@@ -10,6 +10,7 @@ import {
   UriMatchType,
   CipherRepromptType as SdkCipherRepromptType,
   LoginLinkedIdType,
+  Cipher as SdkCipher,
 } from "@bitwarden/sdk-internal";
 
 import { makeStaticByteArray, mockEnc, mockFromJson } from "../../../../spec/utils";
@@ -206,7 +207,7 @@ describe("Cipher DTO", () => {
     it("Convert", () => {
       const cipher = new Cipher(cipherData);
 
-      expect(cipher).toEqual({
+      expect(cipher).toMatchObject({
         initializerKey: InitializerKey.Cipher,
         id: "id",
         organizationId: "orgId",
@@ -339,9 +340,9 @@ describe("Cipher DTO", () => {
         edit: true,
         viewPassword: true,
         login: loginView,
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
+        attachments: [],
+        fields: [],
+        passwordHistory: [],
         collectionIds: undefined,
         revisionDate: new Date("2022-01-31T12:00:00.000Z"),
         creationDate: new Date("2022-01-01T12:00:00.000Z"),
@@ -462,9 +463,9 @@ describe("Cipher DTO", () => {
         edit: true,
         viewPassword: true,
         secureNote: { type: 0 },
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
+        attachments: [],
+        fields: [],
+        passwordHistory: [],
         collectionIds: undefined,
         revisionDate: new Date("2022-01-31T12:00:00.000Z"),
         creationDate: new Date("2022-01-01T12:00:00.000Z"),
@@ -603,9 +604,9 @@ describe("Cipher DTO", () => {
         edit: true,
         viewPassword: true,
         card: cardView,
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
+        attachments: [],
+        fields: [],
+        passwordHistory: [],
         collectionIds: undefined,
         revisionDate: new Date("2022-01-31T12:00:00.000Z"),
         creationDate: new Date("2022-01-01T12:00:00.000Z"),
@@ -768,9 +769,9 @@ describe("Cipher DTO", () => {
         edit: true,
         viewPassword: true,
         identity: identityView,
-        attachments: null,
-        fields: null,
-        passwordHistory: null,
+        attachments: [],
+        fields: [],
+        passwordHistory: [],
         collectionIds: undefined,
         revisionDate: new Date("2022-01-31T12:00:00.000Z"),
         creationDate: new Date("2022-01-01T12:00:00.000Z"),
@@ -1001,6 +1002,167 @@ describe("Cipher DTO", () => {
         revisionDate: "2022-01-31T12:00:00.000Z",
       });
     });
+
+    it("should map from SDK Cipher", () => {
+      jest.restoreAllMocks();
+      const sdkCipher: SdkCipher = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        collectionIds: [],
+        key: "EncryptedString",
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        type: SdkCipherType.Login,
+        login: {
+          username: "EncryptedString",
+          password: "EncryptedString",
+          passwordRevisionDate: "2022-01-31T12:00:00.000Z",
+          uris: [
+            {
+              uri: "EncryptedString",
+              uriChecksum: "EncryptedString",
+              match: UriMatchType.Domain,
+            },
+          ],
+          totp: "EncryptedString",
+          autofillOnPageLoad: false,
+          fido2Credentials: undefined,
+        },
+        identity: undefined,
+        card: undefined,
+        secureNote: undefined,
+        sshKey: undefined,
+        favorite: false,
+        reprompt: SdkCipherRepromptType.None,
+        organizationUseTotp: true,
+        edit: true,
+        permissions: new CipherPermissionsApi(),
+        viewPassword: true,
+        localData: {
+          lastUsedDate: "2025-04-15T12:00:00.000Z",
+          lastLaunched: "2025-04-15T12:00:00.000Z",
+        },
+        attachments: [
+          {
+            id: "a1",
+            url: "url",
+            size: "1100",
+            sizeName: "1.1 KB",
+            fileName: "file",
+            key: "EncKey",
+          },
+          {
+            id: "a2",
+            url: "url",
+            size: "1100",
+            sizeName: "1.1 KB",
+            fileName: "file",
+            key: "EncKey",
+          },
+        ],
+        fields: [
+          {
+            name: "EncryptedString",
+            value: "EncryptedString",
+            type: FieldType.Linked,
+            linkedId: LoginLinkedIdType.Username,
+          },
+          {
+            name: "EncryptedString",
+            value: "EncryptedString",
+            type: FieldType.Linked,
+            linkedId: LoginLinkedIdType.Password,
+          },
+        ],
+        passwordHistory: [
+          {
+            password: "EncryptedString",
+            lastUsedDate: "2022-01-31T12:00:00.000Z",
+          },
+        ],
+        creationDate: "2022-01-01T12:00:00.000Z",
+        deletedDate: undefined,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+      };
+
+      const lastUsedDate = new Date("2025-04-15T12:00:00.000Z").getTime();
+      const lastLaunched = new Date("2025-04-15T12:00:00.000Z").getTime();
+
+      const cipherData: CipherData = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        edit: true,
+        permissions: new CipherPermissionsApi(),
+        collectionIds: [],
+        viewPassword: true,
+        organizationUseTotp: true,
+        favorite: false,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+        type: CipherType.Login,
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        creationDate: "2022-01-01T12:00:00.000Z",
+        deletedDate: null,
+        reprompt: CipherRepromptType.None,
+        key: "EncryptedString",
+        login: {
+          uris: [
+            {
+              uri: "EncryptedString",
+              uriChecksum: "EncryptedString",
+              match: UriMatchStrategy.Domain,
+            },
+          ],
+          username: "EncryptedString",
+          password: "EncryptedString",
+          passwordRevisionDate: "2022-01-31T12:00:00.000Z",
+          totp: "EncryptedString",
+          autofillOnPageLoad: false,
+        },
+        passwordHistory: [
+          { password: "EncryptedString", lastUsedDate: "2022-01-31T12:00:00.000Z" },
+        ],
+        attachments: [
+          {
+            id: "a1",
+            url: "url",
+            size: "1100",
+            sizeName: "1.1 KB",
+            fileName: "file",
+            key: "EncKey",
+          },
+          {
+            id: "a2",
+            url: "url",
+            size: "1100",
+            sizeName: "1.1 KB",
+            fileName: "file",
+            key: "EncKey",
+          },
+        ],
+        fields: [
+          {
+            name: "EncryptedString",
+            value: "EncryptedString",
+            type: FieldType.Linked,
+            linkedId: LoginLinkedId.Username,
+          },
+          {
+            name: "EncryptedString",
+            value: "EncryptedString",
+            type: FieldType.Linked,
+            linkedId: LoginLinkedId.Password,
+          },
+        ],
+      };
+      const expectedCipher = new Cipher(cipherData, { lastUsedDate, lastLaunched });
+
+      const cipher = Cipher.fromSdkCipher(sdkCipher);
+
+      expect(cipher).toEqual(expectedCipher);
+    });
   });
 });
 
diff --git a/libs/common/src/vault/models/domain/cipher.ts b/libs/common/src/vault/models/domain/cipher.ts
index 2f64fb82726..2a13cb06d71 100644
--- a/libs/common/src/vault/models/domain/cipher.ts
+++ b/libs/common/src/vault/models/domain/cipher.ts
@@ -2,6 +2,7 @@
 // @ts-strict-ignore
 import { Jsonify } from "type-fest";
 
+import { uuidToString } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { Cipher as SdkCipher } from "@bitwarden/sdk-internal";
 
 import { EncString } from "../../../key-management/crypto/models/enc-string";
@@ -14,7 +15,7 @@ import { CipherRepromptType } from "../../enums/cipher-reprompt-type";
 import { CipherType } from "../../enums/cipher-type";
 import { CipherPermissionsApi } from "../api/cipher-permissions.api";
 import { CipherData } from "../data/cipher.data";
-import { LocalData } from "../data/local.data";
+import { LocalData, fromSdkLocalData, toSdkLocalData } from "../data/local.data";
 import { AttachmentView } from "../view/attachment.view";
 import { CipherView } from "../view/cipher.view";
 import { FieldView } from "../view/field.view";
@@ -361,16 +362,7 @@ export class Cipher extends Domain implements Decryptable<CipherView> {
           }
         : undefined,
       viewPassword: this.viewPassword ?? true,
-      localData: this.localData
-        ? {
-            lastUsedDate: this.localData.lastUsedDate
-              ? new Date(this.localData.lastUsedDate).toISOString()
-              : undefined,
-            lastLaunched: this.localData.lastLaunched
-              ? new Date(this.localData.lastLaunched).toISOString()
-              : undefined,
-          }
-        : undefined,
+      localData: toSdkLocalData(this.localData),
       attachments: this.attachments?.map((a) => a.toSdkAttachment()),
       fields: this.fields?.map((f) => f.toSdkField()),
       passwordHistory: this.passwordHistory?.map((ph) => ph.toSdkPasswordHistory()),
@@ -408,4 +400,50 @@ export class Cipher extends Domain implements Decryptable<CipherView> {
 
     return sdkCipher;
   }
+
+  /**
+   * Maps an SDK Cipher object to a Cipher
+   * @param sdkCipher - The SDK Cipher object
+   */
+  static fromSdkCipher(sdkCipher: SdkCipher | null): Cipher | undefined {
+    if (sdkCipher == null) {
+      return undefined;
+    }
+
+    const cipher = new Cipher();
+
+    cipher.id = sdkCipher.id ? uuidToString(sdkCipher.id) : undefined;
+    cipher.organizationId = sdkCipher.organizationId
+      ? uuidToString(sdkCipher.organizationId)
+      : undefined;
+    cipher.folderId = sdkCipher.folderId ? uuidToString(sdkCipher.folderId) : undefined;
+    cipher.collectionIds = sdkCipher.collectionIds ? sdkCipher.collectionIds.map(uuidToString) : [];
+    cipher.key = EncString.fromJSON(sdkCipher.key);
+    cipher.name = EncString.fromJSON(sdkCipher.name);
+    cipher.notes = EncString.fromJSON(sdkCipher.notes);
+    cipher.type = sdkCipher.type;
+    cipher.favorite = sdkCipher.favorite;
+    cipher.organizationUseTotp = sdkCipher.organizationUseTotp;
+    cipher.edit = sdkCipher.edit;
+    cipher.permissions = CipherPermissionsApi.fromSdkCipherPermissions(sdkCipher.permissions);
+    cipher.viewPassword = sdkCipher.viewPassword;
+    cipher.localData = fromSdkLocalData(sdkCipher.localData);
+    cipher.attachments = sdkCipher.attachments?.map((a) => Attachment.fromSdkAttachment(a)) ?? [];
+    cipher.fields = sdkCipher.fields?.map((f) => Field.fromSdkField(f)) ?? [];
+    cipher.passwordHistory =
+      sdkCipher.passwordHistory?.map((ph) => Password.fromSdkPasswordHistory(ph)) ?? [];
+    cipher.creationDate = new Date(sdkCipher.creationDate);
+    cipher.revisionDate = new Date(sdkCipher.revisionDate);
+    cipher.deletedDate = sdkCipher.deletedDate ? new Date(sdkCipher.deletedDate) : null;
+    cipher.reprompt = sdkCipher.reprompt;
+
+    // Cipher type specific properties
+    cipher.login = Login.fromSdkLogin(sdkCipher.login);
+    cipher.secureNote = SecureNote.fromSdkSecureNote(sdkCipher.secureNote);
+    cipher.card = Card.fromSdkCard(sdkCipher.card);
+    cipher.identity = Identity.fromSdkIdentity(sdkCipher.identity);
+    cipher.sshKey = SshKey.fromSdkSshKey(sdkCipher.sshKey);
+
+    return cipher;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/fido2-credential.ts b/libs/common/src/vault/models/domain/fido2-credential.ts
index 508f8a6d5fb..5dbf55b44fc 100644
--- a/libs/common/src/vault/models/domain/fido2-credential.ts
+++ b/libs/common/src/vault/models/domain/fido2-credential.ts
@@ -173,4 +173,32 @@ export class Fido2Credential extends Domain {
       creationDate: this.creationDate.toISOString(),
     };
   }
+
+  /**
+   * Maps an SDK Fido2Credential object to a Fido2Credential
+   * @param obj - The SDK Fido2Credential object
+   */
+  static fromSdkFido2Credential(obj: SdkFido2Credential): Fido2Credential | undefined {
+    if (!obj) {
+      return undefined;
+    }
+
+    const credential = new Fido2Credential();
+
+    credential.credentialId = EncString.fromJSON(obj.credentialId);
+    credential.keyType = EncString.fromJSON(obj.keyType);
+    credential.keyAlgorithm = EncString.fromJSON(obj.keyAlgorithm);
+    credential.keyCurve = EncString.fromJSON(obj.keyCurve);
+    credential.keyValue = EncString.fromJSON(obj.keyValue);
+    credential.rpId = EncString.fromJSON(obj.rpId);
+    credential.userHandle = EncString.fromJSON(obj.userHandle);
+    credential.userName = EncString.fromJSON(obj.userName);
+    credential.counter = EncString.fromJSON(obj.counter);
+    credential.rpName = EncString.fromJSON(obj.rpName);
+    credential.userDisplayName = EncString.fromJSON(obj.userDisplayName);
+    credential.discoverable = EncString.fromJSON(obj.discoverable);
+    credential.creationDate = new Date(obj.creationDate);
+
+    return credential;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/field.spec.ts b/libs/common/src/vault/models/domain/field.spec.ts
index 08bc0da84fe..b5e26199e7d 100644
--- a/libs/common/src/vault/models/domain/field.spec.ts
+++ b/libs/common/src/vault/models/domain/field.spec.ts
@@ -1,6 +1,14 @@
+import {
+  Field as SdkField,
+  FieldType,
+  LoginLinkedIdType,
+  CardLinkedIdType,
+  IdentityLinkedIdType,
+} from "@bitwarden/sdk-internal";
+
 import { mockEnc, mockFromJson } from "../../../../spec";
 import { EncryptedString, EncString } from "../../../key-management/crypto/models/enc-string";
-import { CardLinkedId, FieldType, IdentityLinkedId, LoginLinkedId } from "../../enums";
+import { CardLinkedId, IdentityLinkedId, LoginLinkedId } from "../../enums";
 import { FieldData } from "../../models/data/field.data";
 import { Field } from "../../models/domain/field";
 
@@ -103,5 +111,34 @@ describe("Field", () => {
       identityField.linkedId = IdentityLinkedId.LicenseNumber;
       expect(identityField.toSdkField().linkedId).toBe(415);
     });
+
+    it("should map from SDK Field", () => {
+      // Test Login LinkedId
+      const loginField: SdkField = {
+        name: undefined,
+        value: undefined,
+        type: FieldType.Linked,
+        linkedId: LoginLinkedIdType.Username,
+      };
+      expect(Field.fromSdkField(loginField)!.linkedId).toBe(100);
+
+      // Test Card LinkedId
+      const cardField: SdkField = {
+        name: undefined,
+        value: undefined,
+        type: FieldType.Linked,
+        linkedId: CardLinkedIdType.Number,
+      };
+      expect(Field.fromSdkField(cardField)!.linkedId).toBe(305);
+
+      // Test Identity LinkedId
+      const identityFieldSdkField: SdkField = {
+        name: undefined,
+        value: undefined,
+        type: FieldType.Linked,
+        linkedId: IdentityLinkedIdType.LicenseNumber,
+      };
+      expect(Field.fromSdkField(identityFieldSdkField)!.linkedId).toBe(415);
+    });
   });
 });
diff --git a/libs/common/src/vault/models/domain/field.ts b/libs/common/src/vault/models/domain/field.ts
index d6453932cc7..53756e21046 100644
--- a/libs/common/src/vault/models/domain/field.ts
+++ b/libs/common/src/vault/models/domain/field.ts
@@ -90,4 +90,22 @@ export class Field extends Domain {
       linkedId: this.linkedId as unknown as SdkLinkedIdType,
     };
   }
+
+  /**
+   * Maps SDK Field to Field
+   * @param obj The SDK Field object to map
+   */
+  static fromSdkField(obj: SdkField): Field | undefined {
+    if (!obj) {
+      return undefined;
+    }
+
+    const field = new Field();
+    field.name = EncString.fromJSON(obj.name);
+    field.value = EncString.fromJSON(obj.value);
+    field.type = obj.type;
+    field.linkedId = obj.linkedId;
+
+    return field;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/identity.ts b/libs/common/src/vault/models/domain/identity.ts
index 5dc752531be..16e68c72551 100644
--- a/libs/common/src/vault/models/domain/identity.ts
+++ b/libs/common/src/vault/models/domain/identity.ts
@@ -195,4 +195,36 @@ export class Identity extends Domain {
       licenseNumber: this.licenseNumber?.toJSON(),
     };
   }
+
+  /**
+   * Maps an SDK Identity object to an Identity
+   * @param obj - The SDK Identity object
+   */
+  static fromSdkIdentity(obj: SdkIdentity): Identity | undefined {
+    if (obj == null) {
+      return undefined;
+    }
+
+    const identity = new Identity();
+    identity.title = EncString.fromJSON(obj.title);
+    identity.firstName = EncString.fromJSON(obj.firstName);
+    identity.middleName = EncString.fromJSON(obj.middleName);
+    identity.lastName = EncString.fromJSON(obj.lastName);
+    identity.address1 = EncString.fromJSON(obj.address1);
+    identity.address2 = EncString.fromJSON(obj.address2);
+    identity.address3 = EncString.fromJSON(obj.address3);
+    identity.city = EncString.fromJSON(obj.city);
+    identity.state = EncString.fromJSON(obj.state);
+    identity.postalCode = EncString.fromJSON(obj.postalCode);
+    identity.country = EncString.fromJSON(obj.country);
+    identity.company = EncString.fromJSON(obj.company);
+    identity.email = EncString.fromJSON(obj.email);
+    identity.phone = EncString.fromJSON(obj.phone);
+    identity.ssn = EncString.fromJSON(obj.ssn);
+    identity.username = EncString.fromJSON(obj.username);
+    identity.passportNumber = EncString.fromJSON(obj.passportNumber);
+    identity.licenseNumber = EncString.fromJSON(obj.licenseNumber);
+
+    return identity;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/login-uri.ts b/libs/common/src/vault/models/domain/login-uri.ts
index e7bc2e8892e..9cfa4951dd8 100644
--- a/libs/common/src/vault/models/domain/login-uri.ts
+++ b/libs/common/src/vault/models/domain/login-uri.ts
@@ -102,4 +102,17 @@ export class LoginUri extends Domain {
       match: this.match,
     };
   }
+
+  static fromSdkLoginUri(obj: SdkLoginUri): LoginUri | undefined {
+    if (obj == null) {
+      return undefined;
+    }
+
+    const view = new LoginUri();
+    view.uri = EncString.fromJSON(obj.uri);
+    view.uriChecksum = obj.uriChecksum ? EncString.fromJSON(obj.uriChecksum) : undefined;
+    view.match = obj.match;
+
+    return view;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/login.ts b/libs/common/src/vault/models/domain/login.ts
index 4d77983d4af..93af2269185 100644
--- a/libs/common/src/vault/models/domain/login.ts
+++ b/libs/common/src/vault/models/domain/login.ts
@@ -163,4 +163,31 @@ export class Login extends Domain {
       fido2Credentials: this.fido2Credentials?.map((f) => f.toSdkFido2Credential()),
     };
   }
+
+  /**
+   * Maps an SDK Login object to a Login
+   * @param obj - The SDK Login object
+   */
+  static fromSdkLogin(obj: SdkLogin): Login | undefined {
+    if (!obj) {
+      return undefined;
+    }
+
+    const login = new Login();
+
+    login.uris =
+      obj.uris?.filter((u) => u.uri != null).map((uri) => LoginUri.fromSdkLoginUri(uri)) ?? [];
+    login.username = EncString.fromJSON(obj.username);
+    login.password = EncString.fromJSON(obj.password);
+    login.passwordRevisionDate = obj.passwordRevisionDate
+      ? new Date(obj.passwordRevisionDate)
+      : undefined;
+    login.totp = EncString.fromJSON(obj.totp);
+    login.autofillOnPageLoad = obj.autofillOnPageLoad ?? false;
+    login.fido2Credentials = obj.fido2Credentials?.map((f) =>
+      Fido2Credential.fromSdkFido2Credential(f),
+    );
+
+    return login;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/password.ts b/libs/common/src/vault/models/domain/password.ts
index f8aacf765bf..b8a30099454 100644
--- a/libs/common/src/vault/models/domain/password.ts
+++ b/libs/common/src/vault/models/domain/password.ts
@@ -71,4 +71,20 @@ export class Password extends Domain {
       lastUsedDate: this.lastUsedDate.toISOString(),
     };
   }
+
+  /**
+   * Maps an SDK PasswordHistory object to a Password
+   * @param obj - The SDK PasswordHistory object
+   */
+  static fromSdkPasswordHistory(obj: PasswordHistory): Password | undefined {
+    if (!obj) {
+      return undefined;
+    }
+
+    const passwordHistory = new Password();
+    passwordHistory.password = EncString.fromJSON(obj.password);
+    passwordHistory.lastUsedDate = new Date(obj.lastUsedDate);
+
+    return passwordHistory;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/secure-note.ts b/libs/common/src/vault/models/domain/secure-note.ts
index ac7977b0e46..1426ff85eab 100644
--- a/libs/common/src/vault/models/domain/secure-note.ts
+++ b/libs/common/src/vault/models/domain/secure-note.ts
@@ -54,4 +54,19 @@ export class SecureNote extends Domain {
       type: this.type,
     };
   }
+
+  /**
+   * Maps an SDK SecureNote object to a SecureNote
+   * @param obj - The SDK SecureNote object
+   */
+  static fromSdkSecureNote(obj: SdkSecureNote): SecureNote | undefined {
+    if (obj == null) {
+      return undefined;
+    }
+
+    const secureNote = new SecureNote();
+    secureNote.type = obj.type;
+
+    return secureNote;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/ssh-key.ts b/libs/common/src/vault/models/domain/ssh-key.ts
index c0afcd83fc2..0c8abf76e44 100644
--- a/libs/common/src/vault/models/domain/ssh-key.ts
+++ b/libs/common/src/vault/models/domain/ssh-key.ts
@@ -85,4 +85,21 @@ export class SshKey extends Domain {
       fingerprint: this.keyFingerprint.toJSON(),
     };
   }
+
+  /**
+   * Maps an SDK SshKey object to a SshKey
+   * @param obj - The SDK SshKey object
+   */
+  static fromSdkSshKey(obj: SdkSshKey): SshKey | undefined {
+    if (obj == null) {
+      return undefined;
+    }
+
+    const sshKey = new SshKey();
+    sshKey.privateKey = EncString.fromJSON(obj.privateKey);
+    sshKey.publicKey = EncString.fromJSON(obj.publicKey);
+    sshKey.keyFingerprint = EncString.fromJSON(obj.fingerprint);
+
+    return sshKey;
+  }
 }
diff --git a/libs/common/src/vault/models/domain/tree-node.ts b/libs/common/src/vault/models/domain/tree-node.ts
index 7af1d9e6ab4..7ba8e593908 100644
--- a/libs/common/src/vault/models/domain/tree-node.ts
+++ b/libs/common/src/vault/models/domain/tree-node.ts
@@ -16,6 +16,6 @@ export class TreeNode<T extends ITreeNodeObject> {
 }
 
 export interface ITreeNodeObject {
-  id: string;
-  name: string;
+  id: string | undefined;
+  name: string | undefined;
 }
diff --git a/libs/common/src/vault/models/view/card.view.ts b/libs/common/src/vault/models/view/card.view.ts
index dd7f5d6be57..ed02fa68365 100644
--- a/libs/common/src/vault/models/view/card.view.ts
+++ b/libs/common/src/vault/models/view/card.view.ts
@@ -10,7 +10,7 @@ import { linkedFieldOption } from "../../linked-field-option.decorator";
 
 import { ItemView } from "./item.view";
 
-export class CardView extends ItemView {
+export class CardView extends ItemView implements SdkCardView {
   @linkedFieldOption(LinkedId.CardholderName, { sortPosition: 0 })
   cardholderName: string = null;
   @linkedFieldOption(LinkedId.ExpMonth, { sortPosition: 3, i18nKey: "expirationMonth" })
@@ -168,4 +168,12 @@ export class CardView extends ItemView {
 
     return cardView;
   }
+
+  /**
+   * Converts the CardView to an SDK CardView.
+   * The view implements the SdkView so we can safely return `this`
+   */
+  toSdkCardView(): SdkCardView {
+    return this;
+  }
 }
diff --git a/libs/common/src/vault/models/view/cipher.view.spec.ts b/libs/common/src/vault/models/view/cipher.view.spec.ts
index b9d3e42aa62..46cea06979f 100644
--- a/libs/common/src/vault/models/view/cipher.view.spec.ts
+++ b/libs/common/src/vault/models/view/cipher.view.spec.ts
@@ -1,3 +1,7 @@
+import { Jsonify } from "type-fest";
+
+import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
+import { CipherPermissionsApi } from "@bitwarden/common/vault/models/api/cipher-permissions.api";
 import {
   CipherView as SdkCipherView,
   CipherType as SdkCipherType,
@@ -85,6 +89,25 @@ describe("CipherView", () => {
 
       expect(actual).toMatchObject(expected);
     });
+
+    it("handle both string and object inputs for the cipher key", () => {
+      const cipherKeyString = "cipherKeyString";
+      const cipherKeyObject = new EncString("cipherKeyObject");
+
+      // Test with string input
+      let actual = CipherView.fromJSON({
+        key: cipherKeyString,
+      });
+      expect(actual.key).toBeInstanceOf(EncString);
+      expect(actual.key?.toJSON()).toBe(cipherKeyString);
+
+      // Test with object input (which can happen when cipher view is stored in an InMemory state provider)
+      actual = CipherView.fromJSON({
+        key: cipherKeyObject,
+      } as Jsonify<CipherView>);
+      expect(actual.key).toBeInstanceOf(EncString);
+      expect(actual.key?.toJSON()).toBe(cipherKeyObject.toJSON());
+    });
   });
 
   describe("fromSdkCipherView", () => {
@@ -196,11 +219,80 @@ describe("CipherView", () => {
             __fromSdk: true,
           },
         ],
-        passwordHistory: null,
+        passwordHistory: [],
         creationDate: new Date("2022-01-01T12:00:00.000Z"),
         revisionDate: new Date("2022-01-02T12:00:00.000Z"),
         deletedDate: null,
       });
     });
   });
+
+  describe("toSdkCipherView", () => {
+    it("maps properties correctly", () => {
+      const cipherView = new CipherView();
+      cipherView.id = "0a54d80c-14aa-4ef8-8c3a-7ea99ce5b602";
+      cipherView.organizationId = "000f2a6e-da5e-4726-87ed-1c5c77322c3c";
+      cipherView.folderId = "41b22db4-8e2a-4ed2-b568-f1186c72922f";
+      cipherView.collectionIds = ["b0473506-3c3c-4260-a734-dfaaf833ab6f"];
+      cipherView.key = new EncString("some-key");
+      cipherView.name = "name";
+      cipherView.notes = "notes";
+      cipherView.type = CipherType.Login;
+      cipherView.favorite = true;
+      cipherView.edit = true;
+      cipherView.viewPassword = false;
+      cipherView.reprompt = CipherRepromptType.None;
+      cipherView.organizationUseTotp = false;
+      cipherView.localData = {
+        lastLaunched: new Date("2022-01-01T12:00:00.000Z").getTime(),
+        lastUsedDate: new Date("2022-01-02T12:00:00.000Z").getTime(),
+      };
+      cipherView.permissions = new CipherPermissionsApi();
+      cipherView.permissions.restore = true;
+      cipherView.permissions.delete = true;
+      cipherView.attachments = [];
+      cipherView.fields = [];
+      cipherView.passwordHistory = [];
+      cipherView.login = new LoginView();
+      cipherView.revisionDate = new Date("2022-01-02T12:00:00.000Z");
+      cipherView.creationDate = new Date("2022-01-02T12:00:00.000Z");
+
+      const sdkCipherView = cipherView.toSdkCipherView();
+
+      expect(sdkCipherView).toMatchObject({
+        id: "0a54d80c-14aa-4ef8-8c3a-7ea99ce5b602",
+        organizationId: "000f2a6e-da5e-4726-87ed-1c5c77322c3c",
+        folderId: "41b22db4-8e2a-4ed2-b568-f1186c72922f",
+        collectionIds: ["b0473506-3c3c-4260-a734-dfaaf833ab6f"],
+        key: "some-key",
+        name: "name",
+        notes: "notes",
+        type: SdkCipherType.Login,
+        favorite: true,
+        edit: true,
+        viewPassword: false,
+        reprompt: SdkCipherRepromptType.None,
+        organizationUseTotp: false,
+        localData: {
+          lastLaunched: "2022-01-01T12:00:00.000Z",
+          lastUsedDate: "2022-01-02T12:00:00.000Z",
+        },
+        permissions: {
+          restore: true,
+          delete: true,
+        },
+        deletedDate: undefined,
+        creationDate: "2022-01-02T12:00:00.000Z",
+        revisionDate: "2022-01-02T12:00:00.000Z",
+        attachments: [],
+        passwordHistory: [],
+        login: undefined,
+        identity: undefined,
+        card: undefined,
+        secureNote: undefined,
+        sshKey: undefined,
+        fields: [],
+      } as SdkCipherView);
+    });
+  });
 });
diff --git a/libs/common/src/vault/models/view/cipher.view.ts b/libs/common/src/vault/models/view/cipher.view.ts
index 353fffa8eef..0c41e49c3ab 100644
--- a/libs/common/src/vault/models/view/cipher.view.ts
+++ b/libs/common/src/vault/models/view/cipher.view.ts
@@ -1,5 +1,7 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
+import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
+import { uuidToString, asUuid } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { CipherView as SdkCipherView } from "@bitwarden/sdk-internal";
 
 import { View } from "../../../models/view/view";
@@ -9,7 +11,7 @@ import { DeepJsonify } from "../../../types/deep-jsonify";
 import { CipherType, LinkedIdType } from "../../enums";
 import { CipherRepromptType } from "../../enums/cipher-reprompt-type";
 import { CipherPermissionsApi } from "../api/cipher-permissions.api";
-import { LocalData } from "../data/local.data";
+import { LocalData, toSdkLocalData, fromSdkLocalData } from "../data/local.data";
 import { Cipher } from "../domain/cipher";
 
 import { AttachmentView } from "./attachment.view";
@@ -41,14 +43,17 @@ export class CipherView implements View, InitializerMetadata {
   card = new CardView();
   secureNote = new SecureNoteView();
   sshKey = new SshKeyView();
-  attachments: AttachmentView[] = null;
-  fields: FieldView[] = null;
-  passwordHistory: PasswordHistoryView[] = null;
+  attachments: AttachmentView[] = [];
+  fields: FieldView[] = [];
+  passwordHistory: PasswordHistoryView[] = [];
   collectionIds: string[] = null;
   revisionDate: Date = null;
   creationDate: Date = null;
   deletedDate: Date = null;
   reprompt: CipherRepromptType = CipherRepromptType.None;
+  // We need a copy of the encrypted key so we can pass it to
+  // the SdkCipherView during encryption
+  key?: EncString;
 
   /**
    * Flag to indicate if the cipher decryption failed.
@@ -76,6 +81,7 @@ export class CipherView implements View, InitializerMetadata {
     this.deletedDate = c.deletedDate;
     // Old locally stored ciphers might have reprompt == null. If so set it to None.
     this.reprompt = c.reprompt ?? CipherRepromptType.None;
+    this.key = c.key;
   }
 
   private get item() {
@@ -194,6 +200,18 @@ export class CipherView implements View, InitializerMetadata {
     const attachments = obj.attachments?.map((a: any) => AttachmentView.fromJSON(a));
     const fields = obj.fields?.map((f: any) => FieldView.fromJSON(f));
     const passwordHistory = obj.passwordHistory?.map((ph: any) => PasswordHistoryView.fromJSON(ph));
+    const permissions = CipherPermissionsApi.fromJSON(obj.permissions);
+    let key: EncString | undefined;
+
+    if (obj.key != null) {
+      if (typeof obj.key === "string") {
+        // If the key is a string, we need to parse it as EncString
+        key = EncString.fromJSON(obj.key);
+      } else if ((obj.key as any) instanceof EncString) {
+        // If the key is already an EncString instance, we can use it directly
+        key = obj.key;
+      }
+    }
 
     Object.assign(view, obj, {
       creationDate: creationDate,
@@ -202,6 +220,8 @@ export class CipherView implements View, InitializerMetadata {
       attachments: attachments,
       fields: fields,
       passwordHistory: passwordHistory,
+      permissions: permissions,
+      key: key,
     });
 
     switch (obj.type) {
@@ -236,9 +256,9 @@ export class CipherView implements View, InitializerMetadata {
     }
 
     const cipherView = new CipherView();
-    cipherView.id = obj.id ?? null;
-    cipherView.organizationId = obj.organizationId ?? null;
-    cipherView.folderId = obj.folderId ?? null;
+    cipherView.id = uuidToString(obj.id) ?? null;
+    cipherView.organizationId = uuidToString(obj.organizationId) ?? null;
+    cipherView.folderId = uuidToString(obj.folderId) ?? null;
     cipherView.name = obj.name;
     cipherView.notes = obj.notes ?? null;
     cipherView.type = obj.type;
@@ -247,26 +267,18 @@ export class CipherView implements View, InitializerMetadata {
     cipherView.permissions = CipherPermissionsApi.fromSdkCipherPermissions(obj.permissions);
     cipherView.edit = obj.edit;
     cipherView.viewPassword = obj.viewPassword;
-    cipherView.localData = obj.localData
-      ? {
-          lastUsedDate: obj.localData.lastUsedDate
-            ? new Date(obj.localData.lastUsedDate).getTime()
-            : undefined,
-          lastLaunched: obj.localData.lastLaunched
-            ? new Date(obj.localData.lastLaunched).getTime()
-            : undefined,
-        }
-      : undefined;
+    cipherView.localData = fromSdkLocalData(obj.localData);
     cipherView.attachments =
-      obj.attachments?.map((a) => AttachmentView.fromSdkAttachmentView(a)) ?? null;
-    cipherView.fields = obj.fields?.map((f) => FieldView.fromSdkFieldView(f)) ?? null;
+      obj.attachments?.map((a) => AttachmentView.fromSdkAttachmentView(a)) ?? [];
+    cipherView.fields = obj.fields?.map((f) => FieldView.fromSdkFieldView(f)) ?? [];
     cipherView.passwordHistory =
-      obj.passwordHistory?.map((ph) => PasswordHistoryView.fromSdkPasswordHistoryView(ph)) ?? null;
-    cipherView.collectionIds = obj.collectionIds ?? null;
+      obj.passwordHistory?.map((ph) => PasswordHistoryView.fromSdkPasswordHistoryView(ph)) ?? [];
+    cipherView.collectionIds = obj.collectionIds?.map((i) => uuidToString(i)) ?? [];
     cipherView.revisionDate = obj.revisionDate == null ? null : new Date(obj.revisionDate);
     cipherView.creationDate = obj.creationDate == null ? null : new Date(obj.creationDate);
     cipherView.deletedDate = obj.deletedDate == null ? null : new Date(obj.deletedDate);
     cipherView.reprompt = obj.reprompt ?? CipherRepromptType.None;
+    cipherView.key = EncString.fromJSON(obj.key);
 
     switch (obj.type) {
       case CipherType.Card:
@@ -290,4 +302,66 @@ export class CipherView implements View, InitializerMetadata {
 
     return cipherView;
   }
+
+  /**
+   * Maps CipherView to SdkCipherView
+   *
+   * @returns {SdkCipherView} The SDK cipher view object
+   */
+  toSdkCipherView(): SdkCipherView {
+    const sdkCipherView: SdkCipherView = {
+      id: this.id ? asUuid(this.id) : undefined,
+      organizationId: this.organizationId ? asUuid(this.organizationId) : undefined,
+      folderId: this.folderId ? asUuid(this.folderId) : undefined,
+      name: this.name ?? "",
+      notes: this.notes,
+      type: this.type ?? CipherType.Login,
+      favorite: this.favorite,
+      organizationUseTotp: this.organizationUseTotp,
+      permissions: this.permissions?.toSdkCipherPermissions(),
+      edit: this.edit,
+      viewPassword: this.viewPassword,
+      localData: toSdkLocalData(this.localData),
+      attachments: this.attachments?.map((a) => a.toSdkAttachmentView()),
+      fields: this.fields?.map((f) => f.toSdkFieldView()),
+      passwordHistory: this.passwordHistory?.map((ph) => ph.toSdkPasswordHistoryView()),
+      collectionIds: this.collectionIds?.map((i) => i) ?? [],
+      // Revision and creation dates are non-nullable in SDKCipherView
+      revisionDate: (this.revisionDate ?? new Date()).toISOString(),
+      creationDate: (this.creationDate ?? new Date()).toISOString(),
+      deletedDate: this.deletedDate?.toISOString(),
+      reprompt: this.reprompt ?? CipherRepromptType.None,
+      key: this.key?.toJSON(),
+      // Cipher type specific properties are set in the switch statement below
+      // CipherView initializes each with default constructors (undefined values)
+      // The SDK does not expect those undefined values and will throw exceptions
+      login: undefined,
+      card: undefined,
+      identity: undefined,
+      secureNote: undefined,
+      sshKey: undefined,
+    };
+
+    switch (this.type) {
+      case CipherType.Card:
+        sdkCipherView.card = this.card.toSdkCardView();
+        break;
+      case CipherType.Identity:
+        sdkCipherView.identity = this.identity.toSdkIdentityView();
+        break;
+      case CipherType.Login:
+        sdkCipherView.login = this.login.toSdkLoginView();
+        break;
+      case CipherType.SecureNote:
+        sdkCipherView.secureNote = this.secureNote.toSdkSecureNoteView();
+        break;
+      case CipherType.SshKey:
+        sdkCipherView.sshKey = this.sshKey.toSdkSshKeyView();
+        break;
+      default:
+        break;
+    }
+
+    return sdkCipherView;
+  }
 }
diff --git a/libs/common/src/vault/models/view/fido2-credential.view.ts b/libs/common/src/vault/models/view/fido2-credential.view.ts
index bf1d324d22d..410757ebe30 100644
--- a/libs/common/src/vault/models/view/fido2-credential.view.ts
+++ b/libs/common/src/vault/models/view/fido2-credential.view.ts
@@ -2,7 +2,10 @@
 // @ts-strict-ignore
 import { Jsonify } from "type-fest";
 
-import { Fido2CredentialView as SdkFido2CredentialView } from "@bitwarden/sdk-internal";
+import {
+  Fido2CredentialView as SdkFido2CredentialView,
+  Fido2CredentialFullView,
+} from "@bitwarden/sdk-internal";
 
 import { ItemView } from "./item.view";
 
@@ -56,4 +59,22 @@ export class Fido2CredentialView extends ItemView {
 
     return view;
   }
+
+  toSdkFido2CredentialFullView(): Fido2CredentialFullView {
+    return {
+      credentialId: this.credentialId,
+      keyType: this.keyType,
+      keyAlgorithm: this.keyAlgorithm,
+      keyCurve: this.keyCurve,
+      keyValue: this.keyValue,
+      rpId: this.rpId,
+      userHandle: this.userHandle,
+      userName: this.userName,
+      counter: this.counter.toString(),
+      rpName: this.rpName,
+      userDisplayName: this.userDisplayName,
+      discoverable: this.discoverable ? "true" : "false",
+      creationDate: this.creationDate?.toISOString(),
+    };
+  }
 }
diff --git a/libs/common/src/vault/models/view/field.view.ts b/libs/common/src/vault/models/view/field.view.ts
index 770150f8a63..8c9a923aed2 100644
--- a/libs/common/src/vault/models/view/field.view.ts
+++ b/libs/common/src/vault/models/view/field.view.ts
@@ -2,7 +2,7 @@
 // @ts-strict-ignore
 import { Jsonify } from "type-fest";
 
-import { FieldView as SdkFieldView } from "@bitwarden/sdk-internal";
+import { FieldView as SdkFieldView, FieldType as SdkFieldType } from "@bitwarden/sdk-internal";
 
 import { View } from "../../../models/view/view";
 import { FieldType, LinkedIdType } from "../../enums";
@@ -50,4 +50,16 @@ export class FieldView implements View {
 
     return view;
   }
+
+  /**
+   * Converts the FieldView to an SDK FieldView.
+   */
+  toSdkFieldView(): SdkFieldView {
+    return {
+      name: this.name ?? undefined,
+      value: this.value ?? undefined,
+      type: this.type ?? SdkFieldType.Text,
+      linkedId: this.linkedId ?? undefined,
+    };
+  }
 }
diff --git a/libs/common/src/vault/models/view/identity.view.ts b/libs/common/src/vault/models/view/identity.view.ts
index 877940e4aea..2b863dc5e5f 100644
--- a/libs/common/src/vault/models/view/identity.view.ts
+++ b/libs/common/src/vault/models/view/identity.view.ts
@@ -10,7 +10,7 @@ import { linkedFieldOption } from "../../linked-field-option.decorator";
 
 import { ItemView } from "./item.view";
 
-export class IdentityView extends ItemView {
+export class IdentityView extends ItemView implements SdkIdentityView {
   @linkedFieldOption(LinkedId.Title, { sortPosition: 0 })
   title: string = null;
   @linkedFieldOption(LinkedId.MiddleName, { sortPosition: 2 })
@@ -192,4 +192,12 @@ export class IdentityView extends ItemView {
 
     return identityView;
   }
+
+  /**
+   * Converts the IdentityView to an SDK IdentityView.
+   * The view implements the SdkView so we can safely return `this`
+   */
+  toSdkIdentityView(): SdkIdentityView {
+    return this;
+  }
 }
diff --git a/libs/common/src/vault/models/view/login-uri.view.ts b/libs/common/src/vault/models/view/login-uri.view.ts
index 43d47aa4a3c..38cd517e542 100644
--- a/libs/common/src/vault/models/view/login-uri.view.ts
+++ b/libs/common/src/vault/models/view/login-uri.view.ts
@@ -129,6 +129,15 @@ export class LoginUriView implements View {
     return view;
   }
 
+  /** Converts a LoginUriView object to an SDK LoginUriView object. */
+  toSdkLoginUriView(): SdkLoginUriView {
+    return {
+      uri: this.uri ?? undefined,
+      match: this.match ?? undefined,
+      uriChecksum: undefined, // SDK handles uri checksum generation internally
+    };
+  }
+
   matchesUri(
     targetUri: string,
     equivalentDomains: Set<string>,
diff --git a/libs/common/src/vault/models/view/login.view.ts b/libs/common/src/vault/models/view/login.view.ts
index c6e6ca001e4..d268cf4afaa 100644
--- a/libs/common/src/vault/models/view/login.view.ts
+++ b/libs/common/src/vault/models/view/login.view.ts
@@ -124,10 +124,30 @@ export class LoginView extends ItemView {
       obj.passwordRevisionDate == null ? null : new Date(obj.passwordRevisionDate);
     loginView.totp = obj.totp ?? null;
     loginView.autofillOnPageLoad = obj.autofillOnPageLoad ?? null;
-    loginView.uris = obj.uris?.map((uri) => LoginUriView.fromSdkLoginUriView(uri)) || [];
+    loginView.uris =
+      obj.uris
+        ?.filter((uri) => uri.uri != null && uri.uri !== "")
+        .map((uri) => LoginUriView.fromSdkLoginUriView(uri)) || [];
     // FIDO2 credentials are not decrypted here, they remain encrypted
     loginView.fido2Credentials = null;
 
     return loginView;
   }
+
+  /**
+   * Converts the LoginView to an SDK LoginView.
+   *
+   * Note: FIDO2 credentials remain encrypted in the SDK view so they are not included here.
+   */
+  toSdkLoginView(): SdkLoginView {
+    return {
+      username: this.username,
+      password: this.password,
+      passwordRevisionDate: this.passwordRevisionDate?.toISOString(),
+      totp: this.totp,
+      autofillOnPageLoad: this.autofillOnPageLoad ?? undefined,
+      uris: this.uris?.map((uri) => uri.toSdkLoginUriView()),
+      fido2Credentials: undefined, // FIDO2 credentials are handled separately and remain encrypted
+    };
+  }
 }
diff --git a/libs/common/src/vault/models/view/password-history.view.spec.ts b/libs/common/src/vault/models/view/password-history.view.spec.ts
index 81894ec7493..512ec8d86d8 100644
--- a/libs/common/src/vault/models/view/password-history.view.spec.ts
+++ b/libs/common/src/vault/models/view/password-history.view.spec.ts
@@ -33,4 +33,17 @@ describe("PasswordHistoryView", () => {
       });
     });
   });
+
+  describe("toSdkPasswordHistoryView", () => {
+    it("should return a SdkPasswordHistoryView", () => {
+      const passwordHistoryView = new PasswordHistoryView();
+      passwordHistoryView.password = "password";
+      passwordHistoryView.lastUsedDate = new Date("2023-10-01T00:00:00.000Z");
+
+      expect(passwordHistoryView.toSdkPasswordHistoryView()).toMatchObject({
+        password: "password",
+        lastUsedDate: "2023-10-01T00:00:00.000Z",
+      });
+    });
+  });
 });
diff --git a/libs/common/src/vault/models/view/password-history.view.ts b/libs/common/src/vault/models/view/password-history.view.ts
index 31f05f4cc71..9bd708b19fd 100644
--- a/libs/common/src/vault/models/view/password-history.view.ts
+++ b/libs/common/src/vault/models/view/password-history.view.ts
@@ -41,4 +41,14 @@ export class PasswordHistoryView implements View {
 
     return view;
   }
+
+  /**
+   * Converts the PasswordHistoryView to an SDK PasswordHistoryView.
+   */
+  toSdkPasswordHistoryView(): SdkPasswordHistoryView {
+    return {
+      password: this.password ?? "",
+      lastUsedDate: this.lastUsedDate.toISOString(),
+    };
+  }
 }
diff --git a/libs/common/src/vault/models/view/secure-note.view.ts b/libs/common/src/vault/models/view/secure-note.view.ts
index 8e7a6b4652d..5e401961869 100644
--- a/libs/common/src/vault/models/view/secure-note.view.ts
+++ b/libs/common/src/vault/models/view/secure-note.view.ts
@@ -9,7 +9,7 @@ import { SecureNote } from "../domain/secure-note";
 
 import { ItemView } from "./item.view";
 
-export class SecureNoteView extends ItemView {
+export class SecureNoteView extends ItemView implements SdkSecureNoteView {
   type: SecureNoteType = null;
 
   constructor(n?: SecureNote) {
@@ -42,4 +42,12 @@ export class SecureNoteView extends ItemView {
 
     return secureNoteView;
   }
+
+  /**
+   * Converts the SecureNoteView to an SDK SecureNoteView.
+   * The view implements the SdkView so we can safely return `this`
+   */
+  toSdkSecureNoteView(): SdkSecureNoteView {
+    return this;
+  }
 }
diff --git a/libs/common/src/vault/models/view/ssh-key.view.ts b/libs/common/src/vault/models/view/ssh-key.view.ts
index a83793678dc..0547eeb7f8e 100644
--- a/libs/common/src/vault/models/view/ssh-key.view.ts
+++ b/libs/common/src/vault/models/view/ssh-key.view.ts
@@ -63,4 +63,15 @@ export class SshKeyView extends ItemView {
 
     return sshKeyView;
   }
+
+  /**
+   * Converts the SshKeyView to an SDK SshKeyView.
+   */
+  toSdkSshKeyView(): SdkSshKeyView {
+    return {
+      privateKey: this.privateKey,
+      publicKey: this.publicKey,
+      fingerprint: this.keyFingerprint,
+    };
+  }
 }
diff --git a/libs/common/src/vault/services/cipher.service.spec.ts b/libs/common/src/vault/services/cipher.service.spec.ts
index bf30b78ca63..f027122993d 100644
--- a/libs/common/src/vault/services/cipher.service.spec.ts
+++ b/libs/common/src/vault/services/cipher.service.spec.ts
@@ -1,7 +1,9 @@
 import { mock } from "jest-mock-extended";
 import { BehaviorSubject, map, of } from "rxjs";
 
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { CipherResponse } from "@bitwarden/common/vault/models/response/cipher.response";
 // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
 // eslint-disable-next-line no-restricted-imports
 import { CipherDecryptionKeys, KeyService } from "@bitwarden/key-management";
@@ -23,7 +25,7 @@ import { Utils } from "../../platform/misc/utils";
 import { EncArrayBuffer } from "../../platform/models/domain/enc-array-buffer";
 import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
 import { ContainerService } from "../../platform/services/container.service";
-import { CipherId, UserId } from "../../types/guid";
+import { CipherId, UserId, OrganizationId, CollectionId } from "../../types/guid";
 import { CipherKey, OrgKey, UserKey } from "../../types/key";
 import { CipherEncryptionService } from "../abstractions/cipher-encryption.service";
 import { EncryptionContext } from "../abstractions/cipher.service";
@@ -108,6 +110,7 @@ describe("Cipher Service", () => {
   const cipherEncryptionService = mock<CipherEncryptionService>();
 
   const userId = "TestUserId" as UserId;
+  const orgId = "4ff8c0b2-1d3e-4f8c-9b2d-1d3e4f8c0b2" as OrganizationId;
 
   let cipherService: CipherService;
   let encryptionContext: EncryptionContext;
@@ -155,7 +158,9 @@ describe("Cipher Service", () => {
       );
 
       configService.checkServerMeetsVersionRequirement$.mockReturnValue(of(false));
-      configService.getFeatureFlag.mockResolvedValue(false);
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.CipherKeyEncryption)
+        .mockResolvedValue(false);
 
       const spy = jest.spyOn(cipherFileUploadService, "upload");
 
@@ -270,6 +275,55 @@ describe("Cipher Service", () => {
       jest.spyOn(cipherService as any, "getAutofillOnPageLoadDefault").mockResolvedValue(true);
     });
 
+    it("should call encrypt method of CipherEncryptionService when feature flag is true", async () => {
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.PM22136_SdkCipherEncryption)
+        .mockResolvedValue(true);
+      cipherEncryptionService.encrypt.mockResolvedValue(encryptionContext);
+
+      const result = await cipherService.encrypt(cipherView, userId);
+
+      expect(result).toEqual(encryptionContext);
+      expect(cipherEncryptionService.encrypt).toHaveBeenCalledWith(cipherView, userId);
+    });
+
+    it("should call legacy encrypt when feature flag is false", async () => {
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.PM22136_SdkCipherEncryption)
+        .mockResolvedValue(false);
+
+      jest.spyOn(cipherService as any, "encryptCipher").mockResolvedValue(encryptionContext.cipher);
+
+      const result = await cipherService.encrypt(cipherView, userId);
+
+      expect(result).toEqual(encryptionContext);
+      expect(cipherEncryptionService.encrypt).not.toHaveBeenCalled();
+    });
+
+    it("should call legacy encrypt when keys are provided", async () => {
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.PM22136_SdkCipherEncryption)
+        .mockResolvedValue(true);
+
+      jest.spyOn(cipherService as any, "encryptCipher").mockResolvedValue(encryptionContext.cipher);
+
+      const encryptKey = new SymmetricCryptoKey(new Uint8Array(32));
+      const decryptKey = new SymmetricCryptoKey(new Uint8Array(32));
+
+      let result = await cipherService.encrypt(cipherView, userId, encryptKey);
+
+      expect(result).toEqual(encryptionContext);
+      expect(cipherEncryptionService.encrypt).not.toHaveBeenCalled();
+
+      result = await cipherService.encrypt(cipherView, userId, undefined, decryptKey);
+      expect(result).toEqual(encryptionContext);
+      expect(cipherEncryptionService.encrypt).not.toHaveBeenCalled();
+
+      result = await cipherService.encrypt(cipherView, userId, encryptKey, decryptKey);
+      expect(result).toEqual(encryptionContext);
+      expect(cipherEncryptionService.encrypt).not.toHaveBeenCalled();
+    });
+
     it("should return the encrypting user id", async () => {
       keyService.getOrgKey.mockReturnValue(
         Promise.resolve<any>(new SymmetricCryptoKey(new Uint8Array(32)) as OrgKey),
@@ -310,7 +364,9 @@ describe("Cipher Service", () => {
       });
 
       it("is null when feature flag is false", async () => {
-        configService.getFeatureFlag.mockResolvedValue(false);
+        configService.getFeatureFlag
+          .calledWith(FeatureFlag.CipherKeyEncryption)
+          .mockResolvedValue(false);
         const { cipher } = await cipherService.encrypt(cipherView, userId);
 
         expect(cipher.key).toBeNull();
@@ -318,7 +374,9 @@ describe("Cipher Service", () => {
 
       describe("when feature flag is true", () => {
         beforeEach(() => {
-          configService.getFeatureFlag.mockResolvedValue(true);
+          configService.getFeatureFlag
+            .calledWith(FeatureFlag.CipherKeyEncryption)
+            .mockResolvedValue(true);
         });
 
         it("is null when the cipher is not viewPassword", async () => {
@@ -348,7 +406,9 @@ describe("Cipher Service", () => {
       });
 
       it("is not called when feature flag is false", async () => {
-        configService.getFeatureFlag.mockResolvedValue(false);
+        configService.getFeatureFlag
+          .calledWith(FeatureFlag.CipherKeyEncryption)
+          .mockResolvedValue(false);
 
         await cipherService.encrypt(cipherView, userId);
 
@@ -357,7 +417,9 @@ describe("Cipher Service", () => {
 
       describe("when feature flag is true", () => {
         beforeEach(() => {
-          configService.getFeatureFlag.mockResolvedValue(true);
+          configService.getFeatureFlag
+            .calledWith(FeatureFlag.CipherKeyEncryption)
+            .mockResolvedValue(true);
         });
 
         it("is called when cipher viewPassword is true", async () => {
@@ -401,7 +463,9 @@ describe("Cipher Service", () => {
     let encryptedKey: EncString;
 
     beforeEach(() => {
-      configService.getFeatureFlag.mockResolvedValue(true);
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.CipherKeyEncryption)
+        .mockResolvedValue(true);
       configService.checkServerMeetsVersionRequirement$.mockReturnValue(of(true));
 
       searchService.indexedEntityId$.mockReturnValue(of(null));
@@ -474,7 +538,9 @@ describe("Cipher Service", () => {
 
   describe("decrypt", () => {
     it("should call decrypt method of CipherEncryptionService when feature flag is true", async () => {
-      configService.getFeatureFlag.mockResolvedValue(true);
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.PM19941MigrateCipherDomainToSdk)
+        .mockResolvedValue(true);
       cipherEncryptionService.decrypt.mockResolvedValue(new CipherView(encryptionContext.cipher));
 
       const result = await cipherService.decrypt(encryptionContext.cipher, userId);
@@ -488,7 +554,9 @@ describe("Cipher Service", () => {
 
     it("should call legacy decrypt when feature flag is false", async () => {
       const mockUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
-      configService.getFeatureFlag.mockResolvedValue(false);
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.PM19941MigrateCipherDomainToSdk)
+        .mockResolvedValue(false);
       cipherService.getKeyForCipherKeyDecryption = jest.fn().mockResolvedValue(mockUserKey);
       encryptService.decryptToBytes.mockResolvedValue(new Uint8Array(32));
       jest
@@ -509,7 +577,9 @@ describe("Cipher Service", () => {
     it("should use SDK when feature flag is enabled", async () => {
       const cipher = new Cipher(cipherData);
       const attachment = new AttachmentView(cipher.attachments![0]);
-      configService.getFeatureFlag.mockResolvedValue(true);
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.PM19941MigrateCipherDomainToSdk)
+        .mockResolvedValue(true);
 
       jest.spyOn(cipherService, "ciphers$").mockReturnValue(of({ [cipher.id]: cipherData }));
       cipherEncryptionService.decryptAttachmentContent.mockResolvedValue(mockDecryptedContent);
@@ -534,7 +604,9 @@ describe("Cipher Service", () => {
     });
 
     it("should use legacy decryption when feature flag is enabled", async () => {
-      configService.getFeatureFlag.mockResolvedValue(false);
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.PM19941MigrateCipherDomainToSdk)
+        .mockResolvedValue(false);
       const cipher = new Cipher(cipherData);
       const attachment = new AttachmentView(cipher.attachments![0]);
       attachment.key = makeSymmetricCryptoKey(64);
@@ -557,4 +629,77 @@ describe("Cipher Service", () => {
       expect(encryptService.decryptFileData).toHaveBeenCalledWith(mockEncBuf, attachment.key);
     });
   });
+
+  describe("shareWithServer()", () => {
+    it("should use cipherEncryptionService to move the cipher when feature flag enabled", async () => {
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.PM22136_SdkCipherEncryption)
+        .mockResolvedValue(true);
+
+      apiService.putShareCipher.mockResolvedValue(new CipherResponse(cipherData));
+
+      const expectedCipher = new Cipher(cipherData);
+      expectedCipher.organizationId = orgId;
+      const cipherView = new CipherView(expectedCipher);
+      const collectionIds = ["collection1", "collection2"] as CollectionId[];
+
+      cipherView.organizationId = undefined; // Ensure organizationId is undefined for this test
+
+      cipherEncryptionService.moveToOrganization.mockResolvedValue({
+        cipher: expectedCipher,
+        encryptedFor: userId,
+      });
+
+      await cipherService.shareWithServer(cipherView, orgId, collectionIds, userId);
+
+      // Expect SDK usage
+      expect(cipherEncryptionService.moveToOrganization).toHaveBeenCalledWith(
+        cipherView,
+        orgId,
+        userId,
+      );
+      // Expect collectionIds to be assigned
+      expect(apiService.putShareCipher).toHaveBeenCalledWith(
+        cipherView.id,
+        expect.objectContaining({
+          cipher: expect.objectContaining({ organizationId: orgId }),
+          collectionIds: collectionIds,
+        }),
+      );
+    });
+
+    it("should use legacy encryption when feature flag disabled", async () => {
+      configService.getFeatureFlag
+        .calledWith(FeatureFlag.PM22136_SdkCipherEncryption)
+        .mockResolvedValue(false);
+
+      apiService.putShareCipher.mockResolvedValue(new CipherResponse(cipherData));
+
+      const expectedCipher = new Cipher(cipherData);
+      expectedCipher.organizationId = orgId;
+      const cipherView = new CipherView(expectedCipher);
+      const collectionIds = ["collection1", "collection2"] as CollectionId[];
+
+      cipherView.organizationId = undefined; // Ensure organizationId is undefined for this test
+
+      const oldEncryptSharedSpy = jest
+        .spyOn(cipherService as any, "encryptSharedCipher")
+        .mockResolvedValue({
+          cipher: expectedCipher,
+          encryptedFor: userId,
+        });
+
+      await cipherService.shareWithServer(cipherView, orgId, collectionIds, userId);
+
+      // Expect no SDK usage
+      expect(cipherEncryptionService.moveToOrganization).not.toHaveBeenCalled();
+      expect(oldEncryptSharedSpy).toHaveBeenCalledWith(
+        expect.objectContaining({
+          organizationId: orgId,
+          collectionIds: collectionIds,
+        } as unknown as CipherView),
+        userId,
+      );
+    });
+  });
 });
diff --git a/libs/common/src/vault/services/cipher.service.ts b/libs/common/src/vault/services/cipher.service.ts
index 8bef5289a95..1524e4e1b29 100644
--- a/libs/common/src/vault/services/cipher.service.ts
+++ b/libs/common/src/vault/services/cipher.service.ts
@@ -231,13 +231,14 @@ export class CipherService implements CipherServiceAbstraction {
     this.clearCipherViewsForUser$.next(userId);
   }
 
-  async encrypt(
-    model: CipherView,
-    userId: UserId,
-    keyForCipherEncryption?: SymmetricCryptoKey,
-    keyForCipherKeyDecryption?: SymmetricCryptoKey,
-    originalCipher: Cipher = null,
-  ): Promise<EncryptionContext> {
+  /**
+   * Adjusts the cipher history for the given model by updating its history properties based on the original cipher.
+   * @param model The cipher model to adjust.
+   * @param userId The acting userId
+   * @param originalCipher The original cipher to compare against. If not provided, it will be fetched from the store.
+   * @private
+   */
+  private async adjustCipherHistory(model: CipherView, userId: UserId, originalCipher?: Cipher) {
     if (model.id != null) {
       if (originalCipher == null) {
         originalCipher = await this.get(model.id, userId);
@@ -247,6 +248,25 @@ export class CipherService implements CipherServiceAbstraction {
       }
       this.adjustPasswordHistoryLength(model);
     }
+  }
+
+  async encrypt(
+    model: CipherView,
+    userId: UserId,
+    keyForCipherEncryption?: SymmetricCryptoKey,
+    keyForCipherKeyDecryption?: SymmetricCryptoKey,
+    originalCipher: Cipher = null,
+  ): Promise<EncryptionContext> {
+    await this.adjustCipherHistory(model, userId, originalCipher);
+
+    const sdkEncryptionEnabled =
+      (await this.configService.getFeatureFlag(FeatureFlag.PM22136_SdkCipherEncryption)) &&
+      keyForCipherEncryption == null && // PM-23085 - SDK encryption does not currently support custom keys (e.g. key rotation)
+      keyForCipherKeyDecryption == null; // PM-23348 - Or has explicit methods for re-encrypting ciphers with different keys (e.g. move to org)
+
+    if (sdkEncryptionEnabled) {
+      return await this.cipherEncryptionService.encrypt(model, userId);
+    }
 
     const cipher = new Cipher();
     cipher.id = model.id;
@@ -854,22 +874,48 @@ export class CipherService implements CipherServiceAbstraction {
     organizationId: string,
     collectionIds: string[],
     userId: UserId,
+    originalCipher?: Cipher,
   ): Promise<Cipher> {
-    const attachmentPromises: Promise<any>[] = [];
-    if (cipher.attachments != null) {
-      cipher.attachments.forEach((attachment) => {
-        if (attachment.key == null) {
-          attachmentPromises.push(
-            this.shareAttachmentWithServer(attachment, cipher.id, organizationId),
-          );
-        }
-      });
-    }
-    await Promise.all(attachmentPromises);
+    const sdkCipherEncryptionEnabled = await this.configService.getFeatureFlag(
+      FeatureFlag.PM22136_SdkCipherEncryption,
+    );
+
+    await this.adjustCipherHistory(cipher, userId, originalCipher);
+
+    let encCipher: EncryptionContext;
+    if (sdkCipherEncryptionEnabled) {
+      // The SDK does not expect the cipher to already have an organizationId. It will result in the wrong
+      // cipher encryption key being used during the move to organization operation.
+      if (cipher.organizationId != null) {
+        throw new Error("Cipher is already associated with an organization.");
+      }
+
+      encCipher = await this.cipherEncryptionService.moveToOrganization(
+        cipher,
+        organizationId as OrganizationId,
+        userId,
+      );
+      encCipher.cipher.collectionIds = collectionIds;
+    } else {
+      // This old attachment logic is safe to remove after it is replaced in PM-22750; which will require fixing
+      // the attachment before sharing.
+      const attachmentPromises: Promise<any>[] = [];
+      if (cipher.attachments != null) {
+        cipher.attachments.forEach((attachment) => {
+          if (attachment.key == null) {
+            attachmentPromises.push(
+              this.shareAttachmentWithServer(attachment, cipher.id, organizationId),
+            );
+          }
+        });
+      }
+      await Promise.all(attachmentPromises);
+
+      cipher.organizationId = organizationId;
+      cipher.collectionIds = collectionIds;
+      encCipher = await this.encryptSharedCipher(cipher, userId);
+    }
 
-    cipher.organizationId = organizationId;
-    cipher.collectionIds = collectionIds;
-    const encCipher = await this.encryptSharedCipher(cipher, userId);
     const request = new CipherShareRequest(encCipher);
     const response = await this.apiService.putShareCipher(cipher.id, request);
     const data = new CipherData(response, collectionIds);
@@ -883,16 +929,36 @@ export class CipherService implements CipherServiceAbstraction {
     collectionIds: string[],
     userId: UserId,
   ) {
+    const sdkCipherEncryptionEnabled = await this.configService.getFeatureFlag(
+      FeatureFlag.PM22136_SdkCipherEncryption,
+    );
     const promises: Promise<any>[] = [];
     const encCiphers: Cipher[] = [];
     for (const cipher of ciphers) {
-      cipher.organizationId = organizationId;
-      cipher.collectionIds = collectionIds;
-      promises.push(
-        this.encryptSharedCipher(cipher, userId).then((c) => {
-          encCiphers.push(c.cipher);
-        }),
-      );
+      if (sdkCipherEncryptionEnabled) {
+        // The SDK does not expect the cipher to already have an organizationId. It will result in the wrong
+        // cipher encryption key being used during the move to organization operation.
+        if (cipher.organizationId != null) {
+          throw new Error("Cipher is already associated with an organization.");
+        }
+
+        promises.push(
+          this.cipherEncryptionService
+            .moveToOrganization(cipher, organizationId as OrganizationId, userId)
+            .then((encCipher) => {
+              encCipher.cipher.collectionIds = collectionIds;
+              encCiphers.push(encCipher.cipher);
+            }),
+        );
+      } else {
+        cipher.organizationId = organizationId;
+        cipher.collectionIds = collectionIds;
+        promises.push(
+          this.encryptSharedCipher(cipher, userId).then((c) => {
+            encCiphers.push(c.cipher);
+          }),
+        );
+      }
     }
     await Promise.all(promises);
     const request = new CipherBulkShareRequest(encCiphers, collectionIds, userId);
diff --git a/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts b/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts
index 4d05a5197fb..9e0cf62ed08 100644
--- a/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts
+++ b/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts
@@ -1,20 +1,22 @@
 import { mock } from "jest-mock-extended";
 import { of } from "rxjs";
 
+import { Fido2Credential } from "@bitwarden/common/vault/models/domain/fido2-credential";
 import {
-  Fido2Credential,
+  Fido2Credential as SdkFido2Credential,
   Cipher as SdkCipher,
   CipherType as SdkCipherType,
   CipherView as SdkCipherView,
   CipherListView,
   AttachmentView as SdkAttachmentView,
+  Fido2CredentialFullView,
 } from "@bitwarden/sdk-internal";
 
 import { mockEnc } from "../../../spec";
 import { UriMatchStrategy } from "../../models/domain/domain-service";
 import { LogService } from "../../platform/abstractions/log.service";
 import { SdkService } from "../../platform/abstractions/sdk/sdk.service";
-import { UserId } from "../../types/guid";
+import { UserId, CipherId, OrganizationId } from "../../types/guid";
 import { CipherRepromptType, CipherType } from "../enums";
 import { CipherPermissionsApi } from "../models/api/cipher-permissions.api";
 import { CipherData } from "../models/data/cipher.data";
@@ -25,10 +27,15 @@ import { Fido2CredentialView } from "../models/view/fido2-credential.view";
 
 import { DefaultCipherEncryptionService } from "./default-cipher-encryption.service";
 
+const cipherId = "bdc4ef23-1116-477e-ae73-247854af58cb" as CipherId;
+const orgId = "c5e9654f-6cc5-44c4-8e09-3d323522668c" as OrganizationId;
+const folderId = "a3e9654f-6cc5-44c4-8e09-3d323522668c";
+const userId = "59fbbb44-8cc8-4279-ab40-afc5f68704f4" as UserId;
+
 const cipherData: CipherData = {
-  id: "id",
-  organizationId: "orgId",
-  folderId: "folderId",
+  id: cipherId,
+  organizationId: orgId,
+  folderId: folderId,
   edit: true,
   viewPassword: true,
   organizationUseTotp: true,
@@ -78,13 +85,17 @@ describe("DefaultCipherEncryptionService", () => {
   const sdkService = mock<SdkService>();
   const logService = mock<LogService>();
   let sdkCipherView: SdkCipherView;
+  let sdkCipher: SdkCipher;
 
   const mockSdkClient = {
     vault: jest.fn().mockReturnValue({
       ciphers: jest.fn().mockReturnValue({
+        encrypt: jest.fn(),
+        set_fido2_credentials: jest.fn(),
         decrypt: jest.fn(),
         decrypt_list: jest.fn(),
         decrypt_fido2_credentials: jest.fn(),
+        move_to_organization: jest.fn(),
       }),
       attachments: jest.fn().mockReturnValue({
         decrypt_buffer: jest.fn(),
@@ -99,21 +110,25 @@ describe("DefaultCipherEncryptionService", () => {
     take: jest.fn().mockReturnValue(mockRef),
   };
 
-  const userId = "user-id" as UserId;
-
   let cipherObj: Cipher;
+  let cipherViewObj: CipherView;
 
   beforeEach(() => {
     sdkService.userClient$ = jest.fn((userId: UserId) => of(mockSdk)) as any;
     cipherEncryptionService = new DefaultCipherEncryptionService(sdkService, logService);
     cipherObj = new Cipher(cipherData);
+    cipherViewObj = new CipherView(cipherObj);
 
     jest.spyOn(cipherObj, "toSdkCipher").mockImplementation(() => {
       return { id: cipherData.id } as SdkCipher;
     });
 
+    jest.spyOn(cipherViewObj, "toSdkCipherView").mockImplementation(() => {
+      return { id: cipherData.id } as SdkCipherView;
+    });
+
     sdkCipherView = {
-      id: "test-id",
+      id: cipherId as string,
       type: SdkCipherType.Login,
       name: "test-name",
       login: {
@@ -121,16 +136,211 @@ describe("DefaultCipherEncryptionService", () => {
         password: "test-password",
       },
     } as SdkCipherView;
+
+    sdkCipher = {
+      id: cipherId,
+      type: SdkCipherType.Login,
+      name: "encrypted-name",
+      login: {
+        username: "encrypted-username",
+        password: "encrypted-password",
+      },
+    } as unknown as SdkCipher;
   });
 
   afterEach(() => {
     jest.clearAllMocks();
   });
 
+  describe("encrypt", () => {
+    it("should encrypt a cipher successfully", async () => {
+      const expectedCipher: Cipher = {
+        id: cipherId as string,
+        type: CipherType.Login,
+        name: "encrypted-name",
+        login: {
+          username: "encrypted-username",
+          password: "encrypted-password",
+        },
+      } as unknown as Cipher;
+
+      mockSdkClient.vault().ciphers().encrypt.mockReturnValue({
+        cipher: sdkCipher,
+        encryptedFor: userId,
+      });
+      jest.spyOn(Cipher, "fromSdkCipher").mockReturnValue(expectedCipher);
+
+      const result = await cipherEncryptionService.encrypt(cipherViewObj, userId);
+
+      expect(result).toBeDefined();
+      expect(result!.cipher).toEqual(expectedCipher);
+      expect(result!.encryptedFor).toBe(userId);
+      expect(cipherViewObj.toSdkCipherView).toHaveBeenCalled();
+      expect(mockSdkClient.vault().ciphers().encrypt).toHaveBeenCalledWith({ id: cipherData.id });
+    });
+
+    it("should encrypt FIDO2 credentials if present", async () => {
+      const fidoCredentialView = new Fido2CredentialView();
+      fidoCredentialView.credentialId = "credentialId";
+
+      cipherViewObj.login.fido2Credentials = [fidoCredentialView];
+
+      jest.spyOn(fidoCredentialView, "toSdkFido2CredentialFullView").mockImplementation(
+        () =>
+          ({
+            credentialId: "credentialId",
+          }) as Fido2CredentialFullView,
+      );
+      jest.spyOn(cipherViewObj, "toSdkCipherView").mockImplementation(
+        () =>
+          ({
+            id: cipherId as string,
+            login: {
+              fido2Credentials: undefined,
+            },
+          }) as unknown as SdkCipherView,
+      );
+
+      mockSdkClient
+        .vault()
+        .ciphers()
+        .set_fido2_credentials.mockReturnValue({
+          id: cipherId as string,
+          login: {
+            fido2Credentials: [
+              {
+                credentialId: "encrypted-credentialId",
+              },
+            ],
+          },
+        });
+
+      mockSdkClient.vault().ciphers().encrypt.mockReturnValue({
+        cipher: sdkCipher,
+        encryptedFor: userId,
+      });
+
+      cipherObj.login!.fido2Credentials = [
+        { credentialId: "encrypted-credentialId" } as unknown as Fido2Credential,
+      ];
+
+      jest.spyOn(Cipher, "fromSdkCipher").mockReturnValue(cipherObj);
+
+      const result = await cipherEncryptionService.encrypt(cipherViewObj, userId);
+
+      expect(result).toBeDefined();
+      expect(result!.cipher.login!.fido2Credentials).toHaveLength(1);
+
+      // Ensure set_fido2_credentials was called with correct parameters
+      expect(mockSdkClient.vault().ciphers().set_fido2_credentials).toHaveBeenCalledWith(
+        expect.objectContaining({ id: cipherId }),
+        [{ credentialId: "credentialId" }],
+      );
+
+      // Encrypted fido2 credential should be in the cipher passed to encrypt
+      expect(mockSdkClient.vault().ciphers().encrypt).toHaveBeenCalledWith(
+        expect.objectContaining({
+          id: cipherId,
+          login: { fido2Credentials: [{ credentialId: "encrypted-credentialId" }] },
+        }),
+      );
+    });
+  });
+
+  describe("moveToOrganization", () => {
+    it("should call the sdk method to move a cipher to an organization", async () => {
+      const expectedCipher: Cipher = {
+        id: cipherId as string,
+        type: CipherType.Login,
+        name: "encrypted-name",
+        organizationId: orgId,
+        login: {
+          username: "encrypted-username",
+          password: "encrypted-password",
+        },
+      } as unknown as Cipher;
+
+      mockSdkClient.vault().ciphers().move_to_organization.mockReturnValue({
+        id: cipherId,
+        organizationId: orgId,
+      });
+      mockSdkClient.vault().ciphers().encrypt.mockReturnValue({
+        cipher: sdkCipher,
+        encryptedFor: userId,
+      });
+      jest.spyOn(Cipher, "fromSdkCipher").mockReturnValue(expectedCipher);
+
+      const result = await cipherEncryptionService.moveToOrganization(cipherViewObj, orgId, userId);
+
+      expect(result).toBeDefined();
+      expect(result!.cipher).toEqual(expectedCipher);
+      expect(result!.encryptedFor).toBe(userId);
+      expect(cipherViewObj.toSdkCipherView).toHaveBeenCalled();
+      expect(mockSdkClient.vault().ciphers().move_to_organization).toHaveBeenCalledWith(
+        { id: cipherData.id },
+        orgId,
+      );
+    });
+
+    it("should re-encrypt any fido2 credentials when moving to an organization", async () => {
+      const mockSdkCredentialView = {
+        username: "username",
+      } as unknown as Fido2CredentialFullView;
+      const mockCredentialView = mock<Fido2CredentialView>();
+      mockCredentialView.toSdkFido2CredentialFullView.mockReturnValue(mockSdkCredentialView);
+      cipherViewObj.login.fido2Credentials = [mockCredentialView];
+      const expectedCipher: Cipher = {
+        id: cipherId as string,
+        type: CipherType.Login,
+        name: "encrypted-name",
+        organizationId: orgId,
+        login: {
+          username: "encrypted-username",
+          password: "encrypted-password",
+          fido2Credentials: [{ username: "encrypted-username" }],
+        },
+      } as unknown as Cipher;
+
+      mockSdkClient
+        .vault()
+        .ciphers()
+        .set_fido2_credentials.mockReturnValue({
+          id: cipherId as string,
+          login: {
+            fido2Credentials: [mockSdkCredentialView],
+          },
+        } as SdkCipherView);
+      mockSdkClient.vault().ciphers().move_to_organization.mockReturnValue({
+        id: cipherId,
+        organizationId: orgId,
+      });
+      mockSdkClient.vault().ciphers().encrypt.mockReturnValue({
+        cipher: sdkCipher,
+        encryptedFor: userId,
+      });
+      jest.spyOn(Cipher, "fromSdkCipher").mockReturnValue(expectedCipher);
+
+      const result = await cipherEncryptionService.moveToOrganization(cipherViewObj, orgId, userId);
+
+      expect(result).toBeDefined();
+      expect(result!.cipher).toEqual(expectedCipher);
+      expect(result!.encryptedFor).toBe(userId);
+      expect(cipherViewObj.toSdkCipherView).toHaveBeenCalled();
+      expect(mockSdkClient.vault().ciphers().set_fido2_credentials).toHaveBeenCalledWith(
+        expect.objectContaining({ id: cipherId }),
+        expect.arrayContaining([mockSdkCredentialView]),
+      );
+      expect(mockSdkClient.vault().ciphers().move_to_organization).toHaveBeenCalledWith(
+        { id: cipherData.id, login: { fido2Credentials: [mockSdkCredentialView] } },
+        orgId,
+      );
+    });
+  });
+
   describe("decrypt", () => {
     it("should decrypt a cipher successfully", async () => {
       const expectedCipherView: CipherView = {
-        id: "test-id",
+        id: cipherId as string,
         type: CipherType.Login,
         name: "test-name",
         login: {
@@ -168,12 +378,12 @@ describe("DefaultCipherEncryptionService", () => {
           discoverable: mockEnc("true"),
           creationDate: new Date("2023-01-01T12:00:00.000Z"),
         },
-      ] as unknown as Fido2Credential[];
+      ] as unknown as SdkFido2Credential[];
 
       sdkCipherView.login!.fido2Credentials = fido2Credentials;
 
       const expectedCipherView: CipherView = {
-        id: "test-id",
+        id: cipherId,
         type: CipherType.Login,
         name: "test-name",
         login: {
@@ -228,13 +438,15 @@ describe("DefaultCipherEncryptionService", () => {
     it("should decrypt multiple ciphers successfully", async () => {
       const ciphers = [new Cipher(cipherData), new Cipher(cipherData)];
 
+      const cipherId2 = "bdc4ef23-2222-477e-ae73-247854af58cb" as CipherId;
+
       const expectedViews = [
         {
-          id: "test-id-1",
+          id: cipherId as string,
           name: "test-name-1",
         } as CipherView,
         {
-          id: "test-id-2",
+          id: cipherId2 as string,
           name: "test-name-2",
         } as CipherView,
       ];
@@ -242,8 +454,11 @@ describe("DefaultCipherEncryptionService", () => {
       mockSdkClient
         .vault()
         .ciphers()
-        .decrypt.mockReturnValueOnce({ id: "test-id-1", name: "test-name-1" } as SdkCipherView)
-        .mockReturnValueOnce({ id: "test-id-2", name: "test-name-2" } as SdkCipherView);
+        .decrypt.mockReturnValueOnce({
+          id: cipherId,
+          name: "test-name-1",
+        } as unknown as SdkCipherView)
+        .mockReturnValueOnce({ id: cipherId2, name: "test-name-2" } as unknown as SdkCipherView);
 
       jest
         .spyOn(CipherView, "fromSdkCipherView")
diff --git a/libs/common/src/vault/services/default-cipher-encryption.service.ts b/libs/common/src/vault/services/default-cipher-encryption.service.ts
index 2c57df6f5bb..3547bafb4c9 100644
--- a/libs/common/src/vault/services/default-cipher-encryption.service.ts
+++ b/libs/common/src/vault/services/default-cipher-encryption.service.ts
@@ -1,10 +1,15 @@
 import { EMPTY, catchError, firstValueFrom, map } from "rxjs";
 
-import { CipherListView } from "@bitwarden/sdk-internal";
+import { EncryptionContext } from "@bitwarden/common/vault/abstractions/cipher.service";
+import {
+  CipherListView,
+  BitwardenClient,
+  CipherView as SdkCipherView,
+} from "@bitwarden/sdk-internal";
 
 import { LogService } from "../../platform/abstractions/log.service";
-import { SdkService } from "../../platform/abstractions/sdk/sdk.service";
-import { UserId } from "../../types/guid";
+import { SdkService, asUuid } from "../../platform/abstractions/sdk/sdk.service";
+import { UserId, OrganizationId } from "../../types/guid";
 import { CipherEncryptionService } from "../abstractions/cipher-encryption.service";
 import { CipherType } from "../enums";
 import { Cipher } from "../models/domain/cipher";
@@ -18,6 +23,67 @@ export class DefaultCipherEncryptionService implements CipherEncryptionService {
     private logService: LogService,
   ) {}
 
+  async encrypt(model: CipherView, userId: UserId): Promise<EncryptionContext | undefined> {
+    return firstValueFrom(
+      this.sdkService.userClient$(userId).pipe(
+        map((sdk) => {
+          if (!sdk) {
+            throw new Error("SDK not available");
+          }
+
+          using ref = sdk.take();
+          const sdkCipherView = this.toSdkCipherView(model, ref.value);
+
+          const encryptionContext = ref.value.vault().ciphers().encrypt(sdkCipherView);
+
+          return {
+            cipher: Cipher.fromSdkCipher(encryptionContext.cipher)!,
+            encryptedFor: asUuid<UserId>(encryptionContext.encryptedFor),
+          };
+        }),
+        catchError((error: unknown) => {
+          this.logService.error(`Failed to encrypt cipher: ${error}`);
+          return EMPTY;
+        }),
+      ),
+    );
+  }
+
+  async moveToOrganization(
+    model: CipherView,
+    organizationId: OrganizationId,
+    userId: UserId,
+  ): Promise<EncryptionContext | undefined> {
+    return firstValueFrom(
+      this.sdkService.userClient$(userId).pipe(
+        map((sdk) => {
+          if (!sdk) {
+            throw new Error("SDK not available");
+          }
+
+          using ref = sdk.take();
+          const sdkCipherView = this.toSdkCipherView(model, ref.value);
+
+          const movedCipherView = ref.value
+            .vault()
+            .ciphers()
+            .move_to_organization(sdkCipherView, asUuid(organizationId));
+
+          const encryptionContext = ref.value.vault().ciphers().encrypt(movedCipherView);
+
+          return {
+            cipher: Cipher.fromSdkCipher(encryptionContext.cipher)!,
+            encryptedFor: asUuid<UserId>(encryptionContext.encryptedFor),
+          };
+        }),
+        catchError((error: unknown) => {
+          this.logService.error(`Failed to move cipher to organization: ${error}`);
+          return EMPTY;
+        }),
+      ),
+    );
+  }
+
   async decrypt(cipher: Cipher, userId: UserId): Promise<CipherView> {
     return firstValueFrom(
       this.sdkService.userClient$(userId).pipe(
@@ -51,11 +117,8 @@ export class DefaultCipherEncryptionService implements CipherEncryptionService {
             clientCipherView.login.fido2Credentials = fido2CredentialViews
               .map((f) => {
                 const view = Fido2CredentialView.fromSdkFido2CredentialView(f)!;
-
-                return {
-                  ...view,
-                  keyValue: decryptedKeyValue,
-                };
+                view.keyValue = decryptedKeyValue;
+                return view;
               })
               .filter((view): view is Fido2CredentialView => view !== undefined);
           }
@@ -104,10 +167,8 @@ export class DefaultCipherEncryptionService implements CipherEncryptionService {
               clientCipherView.login.fido2Credentials = fido2CredentialViews
                 .map((f) => {
                   const view = Fido2CredentialView.fromSdkFido2CredentialView(f)!;
-                  return {
-                    ...view,
-                    keyValue: decryptedKeyValue,
-                  };
+                  view.keyValue = decryptedKeyValue;
+                  return view;
                 })
                 .filter((view): view is Fido2CredentialView => view !== undefined);
             }
@@ -187,4 +248,25 @@ export class DefaultCipherEncryptionService implements CipherEncryptionService {
       ),
     );
   }
+
+  /**
+   * Helper method to convert a CipherView model to an SDK CipherView. Has special handling for Fido2 credentials
+   * that need to be encrypted before being sent to the SDK.
+   * @param model The CipherView model to convert
+   * @param sdk An instance of SDK client
+   * @private
+   */
+  private toSdkCipherView(model: CipherView, sdk: BitwardenClient): SdkCipherView {
+    let sdkCipherView = model.toSdkCipherView();
+
+    if (model.type === CipherType.Login && model.login?.hasFido2Credentials) {
+      // Encrypt Fido2 credentials separately
+      const fido2Credentials = model.login.fido2Credentials?.map((f) =>
+        f.toSdkFido2CredentialFullView(),
+      );
+      sdkCipherView = sdk.vault().ciphers().set_fido2_credentials(sdkCipherView, fido2Credentials);
+    }
+
+    return sdkCipherView;
+  }
 }
diff --git a/libs/components/src/container/container.component.ts b/libs/components/src/container/container.component.ts
index 2f9e15c06b8..9f6a4cbef94 100644
--- a/libs/components/src/container/container.component.ts
+++ b/libs/components/src/container/container.component.ts
@@ -1,7 +1,7 @@
 import { Component } from "@angular/core";
 
 /**
- * Generic container that constrains page content width.
+ * bit-container is a minimally styled component that limits the max width of its content to the tailwind theme variable '4xl'. '4xl' is equal to the value of 56rem
  */
 @Component({
   selector: "bit-container",
diff --git a/libs/components/src/container/container.mdx b/libs/components/src/container/container.mdx
new file mode 100644
index 00000000000..35e0c69587f
--- /dev/null
+++ b/libs/components/src/container/container.mdx
@@ -0,0 +1,13 @@
+import { Meta, Primary, Title, Description } from "@storybook/addon-docs";
+
+import * as stories from "./container.stories";
+
+<Meta of={stories} />
+
+```ts
+import { ContainerComponent } from "@bitwarden/components";
+```
+
+<Title />
+<Description />
+<Primary />
diff --git a/libs/components/src/container/container.stories.ts b/libs/components/src/container/container.stories.ts
new file mode 100644
index 00000000000..7d9078db638
--- /dev/null
+++ b/libs/components/src/container/container.stories.ts
@@ -0,0 +1,34 @@
+import { Meta, moduleMetadata, StoryObj } from "@storybook/angular";
+
+import { ContainerComponent } from "./container.component";
+
+export default {
+  title: "Component Library/Container",
+  component: ContainerComponent,
+  decorators: [
+    moduleMetadata({
+      imports: [ContainerComponent],
+    }),
+  ],
+  parameters: {
+    design: {
+      type: "figma",
+      url: "https://www.figma.com/design/Zt3YSeb6E6lebAffrNLa0h/Tailwind-Component-Library?node-id=21662-47329&t=k6OTDDPZOTtypRqo-11",
+    },
+  },
+} as Meta<ContainerComponent>;
+
+type Story = StoryObj<ContainerComponent>;
+
+export const Container: Story = {
+  render: (args) => ({
+    props: args,
+    template: /*html*/ `
+      <bit-container>
+        <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed malesuada felis nulla, dignissim suscipit metus posuere vel. Duis eget porttitor arcu. Praesent tempor sodales nisi ut rhoncus. Curabitur vel enim eget est elementum finibus nec vitae erat. Duis dapibus, purus varius porttitor facilisis, justo nibh scelerisque tortor, consequat eleifend augue mi et nisi. Pellentesque convallis eget sem vitae malesuada. In hac habitasse platea dictumst. Suspendisse vulputate, neque in feugiat ultricies, mi diam malesuada tellus, at ultrices nisi enim nec nunc. Integer sapien mi, facilisis sed ultrices eget, dapibus sed velit. Aenean convallis nulla id lacus mattis gravida.<p>
+
+        <p>Etiam quis ipsum in risus euismod sagittis ac vel lorem. Donec eget mollis augue. Maecenas vitae libero ornare felis sagittis consequat et nec urna. Integer velit sapien, mollis non magna consectetur, laoreet placerat risus. Pellentesque bibendum ante in diam commodo imperdiet. Donec ante ligula, interdum eu facilisis non, commodo eu dolor. Cras rutrum imperdiet tortor eget finibus. Donec fringilla vitae libero sed tincidunt. Quisque nulla quam, consectetur et dictum sit amet, ultrices quis tortor. Cras lacinia, lacus sed venenatis luctus, risus odio ultricies lacus, eu lacinia sapien nisl vel augue. Nunc fermentum ac nisl at dictum. Nulla gravida, odio ut pellentesque commodo, sapien urna ultrices enim, ut euismod odio nisi ac justo. Pellentesque auctor erat sit amet semper convallis. In finibus enim in lorem commodo, id pretium ligula finibus. Cras vehicula nisl eget gravida dapibus.</p>
+      </bit-container>
+    `,
+  }),
+};
diff --git a/libs/components/src/radio-button/radio-input.component.ts b/libs/components/src/radio-button/radio-input.component.ts
index 6140969d651..33100db1679 100644
--- a/libs/components/src/radio-button/radio-input.component.ts
+++ b/libs/components/src/radio-button/radio-input.component.ts
@@ -32,6 +32,7 @@ export class RadioInputComponent implements BitFormControlAbstraction {
     "tw-border-secondary-600",
     "tw-w-[1.12rem]",
     "tw-h-[1.12rem]",
+    "!tw-p-[.125rem]",
     "tw-flex-none", // Flexbox fix for bit-form-control
 
     "hover:tw-border-2",
@@ -45,9 +46,8 @@ export class RadioInputComponent implements BitFormControlAbstraction {
     "before:tw-content-['']",
     "before:tw-transition",
     "before:tw-block",
-    "before:tw-absolute",
     "before:tw-rounded-full",
-    "before:tw-inset-[2px]",
+    "before:tw-size-full",
 
     "disabled:tw-cursor-auto",
     "disabled:tw-bg-secondary-100",
diff --git a/libs/importer/src/importers/base-importer.ts b/libs/importer/src/importers/base-importer.ts
index 9033997a475..1a97bc5a325 100644
--- a/libs/importer/src/importers/base-importer.ts
+++ b/libs/importer/src/importers/base-importer.ts
@@ -279,7 +279,7 @@ export abstract class BaseImporter {
     result.collections = result.folders.map((f) => {
       const collection = new CollectionView();
       collection.name = f.name;
-      collection.id = f.id;
+      collection.id = f.id ?? undefined; // folder id may be null, which is not suitable for collections.
       return collection;
     });
     result.folderRelationships = [];
@@ -320,12 +320,6 @@ export abstract class BaseImporter {
     } else {
       cipher.notes = cipher.notes.trim();
     }
-    if (cipher.fields != null && cipher.fields.length === 0) {
-      cipher.fields = null;
-    }
-    if (cipher.passwordHistory != null && cipher.passwordHistory.length === 0) {
-      cipher.passwordHistory = null;
-    }
   }
 
   protected processKvp(
diff --git a/libs/importer/src/importers/keeper/keeper-csv-importer.spec.ts b/libs/importer/src/importers/keeper/keeper-csv-importer.spec.ts
index d7a4d487bcb..026c501cf5a 100644
--- a/libs/importer/src/importers/keeper/keeper-csv-importer.spec.ts
+++ b/libs/importer/src/importers/keeper/keeper-csv-importer.spec.ts
@@ -66,7 +66,7 @@ describe("Keeper CSV Importer", () => {
     expect(result != null).toBe(true);
 
     const cipher = result.ciphers.shift();
-    expect(cipher.fields).toBeNull();
+    expect(cipher.fields.length).toBe(0);
 
     const cipher2 = result.ciphers.shift();
     expect(cipher2.fields.length).toBe(2);
diff --git a/libs/importer/src/importers/keeper/keeper-json-importer.spec.ts b/libs/importer/src/importers/keeper/keeper-json-importer.spec.ts
index 31169021e0c..22008f3b4c1 100644
--- a/libs/importer/src/importers/keeper/keeper-json-importer.spec.ts
+++ b/libs/importer/src/importers/keeper/keeper-json-importer.spec.ts
@@ -39,7 +39,7 @@ describe("Keeper Json Importer", () => {
     expect(cipher3.login.username).toEqual("someUserName");
     expect(cipher3.login.password).toEqual("w4k4k1wergf$^&@#*%2");
     expect(cipher3.notes).toBeNull();
-    expect(cipher3.fields).toBeNull();
+    expect(cipher3.fields.length).toBe(0);
     expect(cipher3.login.uris.length).toEqual(1);
     const uriView3 = cipher3.login.uris.shift();
     expect(uriView3.uri).toEqual("https://example.com");
diff --git a/libs/key-management/src/key.service.ts b/libs/key-management/src/key.service.ts
index 7c1041a42f5..eed5a529204 100644
--- a/libs/key-management/src/key.service.ts
+++ b/libs/key-management/src/key.service.ts
@@ -3,10 +3,13 @@ import {
   NEVER,
   Observable,
   combineLatest,
+  distinctUntilChanged,
+  filter,
   firstValueFrom,
   forkJoin,
   map,
   of,
+  shareReplay,
   switchMap,
 } from "rxjs";
 
@@ -83,6 +86,9 @@ export class DefaultKeyService implements KeyServiceAbstraction {
   ) {
     this.activeUserOrgKeys$ = this.stateProvider.activeUserId$.pipe(
       switchMap((userId) => (userId != null ? this.orgKeys$(userId) : NEVER)),
+      filter((orgKeys) => orgKeys != null),
+      distinctUntilChanged(),
+      shareReplay({ bufferSize: 1, refCount: false }),
     ) as Observable<Record<OrganizationId, OrgKey>>;
   }
 
@@ -416,12 +422,9 @@ export class DefaultKeyService implements KeyServiceAbstraction {
   }
 
   async getOrgKey(orgId: OrganizationId): Promise<OrgKey | null> {
-    const activeUserId = await firstValueFrom(this.stateProvider.activeUserId$);
-    if (activeUserId == null) {
-      throw new Error("A user must be active to retrieve an org key");
-    }
-    const orgKeys = await firstValueFrom(this.orgKeys$(activeUserId));
-    return orgKeys?.[orgId] ?? null;
+    return await firstValueFrom(
+      this.activeUserOrgKeys$.pipe(map((orgKeys) => orgKeys[orgId] ?? null)),
+    );
   }
 
   async makeDataEncKey<T extends OrgKey | UserKey>(
diff --git a/libs/vault/src/cipher-form/components/custom-fields/add-edit-custom-field-dialog/add-edit-custom-field-dialog.component.ts b/libs/vault/src/cipher-form/components/custom-fields/add-edit-custom-field-dialog/add-edit-custom-field-dialog.component.ts
index 7ddcf902d70..7d56db4366b 100644
--- a/libs/vault/src/cipher-form/components/custom-fields/add-edit-custom-field-dialog/add-edit-custom-field-dialog.component.ts
+++ b/libs/vault/src/cipher-form/components/custom-fields/add-edit-custom-field-dialog/add-edit-custom-field-dialog.component.ts
@@ -71,8 +71,11 @@ export class AddEditCustomFieldDialogComponent {
       if (this.data.disallowHiddenField && option.value === FieldType.Hidden) {
         return false;
       }
-      // Filter out the Linked field type for Secure Notes
-      if (this.data.cipherType === CipherType.SecureNote) {
+      // Filter out the Linked field type for Secure Notes and SSH Keys
+      if (
+        this.data.cipherType === CipherType.SecureNote ||
+        this.data.cipherType === CipherType.SshKey
+      ) {
         return option.value !== FieldType.Linked;
       }
 
diff --git a/libs/vault/src/cipher-form/components/item-details/item-details-section.component.spec.ts b/libs/vault/src/cipher-form/components/item-details/item-details-section.component.spec.ts
index dfa0f9a89ca..db8e2007c61 100644
--- a/libs/vault/src/cipher-form/components/item-details/item-details-section.component.spec.ts
+++ b/libs/vault/src/cipher-form/components/item-details/item-details-section.component.spec.ts
@@ -31,7 +31,7 @@ const createMockCollection = (
   organizationId: string,
   readOnly = false,
   canEdit = true,
-) => {
+): CollectionView => {
   return {
     id,
     name,
@@ -42,6 +42,7 @@ const createMockCollection = (
     manage: true,
     assigned: true,
     type: CollectionTypes.DefaultUserCollection,
+    isDefaultCollection: true,
     canEditItems: jest.fn().mockReturnValue(canEdit),
     canEdit: jest.fn(),
     canDelete: jest.fn(),
diff --git a/libs/vault/src/cipher-form/services/default-cipher-form.service.ts b/libs/vault/src/cipher-form/services/default-cipher-form.service.ts
index 5228c85c3f7..d195ff8b00b 100644
--- a/libs/vault/src/cipher-form/services/default-cipher-form.service.ts
+++ b/libs/vault/src/cipher-form/services/default-cipher-form.service.ts
@@ -5,7 +5,7 @@ import { firstValueFrom, map } from "rxjs";
 
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
-import { UserId } from "@bitwarden/common/types/guid";
+import { UserId, OrganizationId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
@@ -31,21 +31,13 @@ export class DefaultCipherFormService implements CipherFormService {
   }
 
   async saveCipher(cipher: CipherView, config: CipherFormConfig): Promise<CipherView> {
-    // Passing the original cipher is important here as it is responsible for appending to password history
     const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
-    const encrypted = await this.cipherService.encrypt(
-      cipher,
-      activeUserId,
-      null,
-      null,
-      config.originalCipher ?? null,
-    );
-    const encryptedCipher = encrypted.cipher;
 
     let savedCipher: Cipher;
 
     // Creating a new cipher
     if (cipher.id == null) {
+      const encrypted = await this.cipherService.encrypt(cipher, activeUserId);
       savedCipher = await this.cipherService.createWithServer(encrypted, config.admin);
       return await this.cipherService.decrypt(savedCipher, activeUserId);
     }
@@ -61,16 +53,37 @@ export class DefaultCipherFormService implements CipherFormService {
 
     // Call shareWithServer if the owner is changing from a user to an organization
     if (config.originalCipher.organizationId === null && cipher.organizationId != null) {
+      // shareWithServer expects the cipher to have no organizationId set
+      const organizationId = cipher.organizationId as OrganizationId;
+      cipher.organizationId = null;
+
       savedCipher = await this.cipherService.shareWithServer(
         cipher,
-        cipher.organizationId,
+        organizationId,
         cipher.collectionIds,
         activeUserId,
+        config.originalCipher,
       );
       // If the collectionIds are the same, update the cipher normally
     } else if (isSetEqual(originalCollectionIds, newCollectionIds)) {
+      const encrypted = await this.cipherService.encrypt(
+        cipher,
+        activeUserId,
+        null,
+        null,
+        config.originalCipher,
+      );
       savedCipher = await this.cipherService.updateWithServer(encrypted, config.admin);
     } else {
+      const encrypted = await this.cipherService.encrypt(
+        cipher,
+        activeUserId,
+        null,
+        null,
+        config.originalCipher,
+      );
+      const encryptedCipher = encrypted.cipher;
+
       // Updating a cipher with collection changes is not supported with a single request currently
       // First update the cipher with the original collectionIds
       encryptedCipher.collectionIds = config.originalCipher.collectionIds;
diff --git a/libs/vault/src/cipher-view/cipher-view.component.html b/libs/vault/src/cipher-view/cipher-view.component.html
index a2ade0e885c..e65dd62500e 100644
--- a/libs/vault/src/cipher-view/cipher-view.component.html
+++ b/libs/vault/src/cipher-view/cipher-view.component.html
@@ -67,12 +67,12 @@
   </ng-container>
 
   <!-- CUSTOM FIELDS -->
-  <ng-container *ngIf="cipher.fields">
+  <ng-container *ngIf="cipher.hasFields">
     <app-custom-fields-v2 [cipher]="cipher"> </app-custom-fields-v2>
   </ng-container>
 
   <!-- ATTACHMENTS SECTION -->
-  <ng-container *ngIf="cipher.attachments">
+  <ng-container *ngIf="cipher.hasAttachments">
     <app-attachments-v2-view
       [emergencyAccessId]="emergencyAccessId"
       [cipher]="cipher"
diff --git a/libs/vault/src/components/password-history-view/password-history-view.component.spec.ts b/libs/vault/src/components/password-history-view/password-history-view.component.spec.ts
index c535847f7ba..2a9ca3b8433 100644
--- a/libs/vault/src/components/password-history-view/password-history-view.component.spec.ts
+++ b/libs/vault/src/components/password-history-view/password-history-view.component.spec.ts
@@ -9,6 +9,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { PasswordHistoryView } from "@bitwarden/common/vault/models/view/password-history.view";
 import { ColorPasswordComponent, ColorPasswordModule, ItemModule } from "@bitwarden/components";
 
 import { PasswordHistoryViewComponent } from "./password-history-view.component";
@@ -54,8 +55,14 @@ describe("PasswordHistoryViewComponent", () => {
   });
 
   describe("history", () => {
-    const password1 = { password: "bad-password-1", lastUsedDate: new Date("09/13/2004") };
-    const password2 = { password: "bad-password-2", lastUsedDate: new Date("02/01/2004") };
+    const password1 = {
+      password: "bad-password-1",
+      lastUsedDate: new Date("09/13/2004"),
+    } as PasswordHistoryView;
+    const password2 = {
+      password: "bad-password-2",
+      lastUsedDate: new Date("02/01/2004"),
+    } as PasswordHistoryView;
 
     beforeEach(async () => {
       mockCipher.passwordHistory = [password1, password2];
diff --git a/package-lock.json b/package-lock.json
index 541c596c78a..e44797997f1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -23,7 +23,7 @@
         "@angular/platform-browser": "19.2.14",
         "@angular/platform-browser-dynamic": "19.2.14",
         "@angular/router": "19.2.14",
-        "@bitwarden/sdk-internal": "0.2.0-main.225",
+        "@bitwarden/sdk-internal": "0.2.0-main.231",
         "@electron/fuses": "1.8.0",
         "@emotion/css": "11.13.5",
         "@koa/multer": "4.0.0",
@@ -282,7 +282,7 @@
     },
     "apps/desktop": {
       "name": "@bitwarden/desktop",
-      "version": "2025.7.1",
+      "version": "2025.7.0",
       "hasInstallScript": true,
       "license": "GPL-3.0"
     },
@@ -4604,9 +4604,9 @@
       "link": true
     },
     "node_modules/@bitwarden/sdk-internal": {
-      "version": "0.2.0-main.225",
-      "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.225.tgz",
-      "integrity": "sha512-bhSFNX584GPJ9wMBYff1d18/Hfj+o+D4E1l3uDLZNXRI9s7w919AQWqJ0xUy1vh8gpkLJovkf64HQGqs0OiQQA==",
+      "version": "0.2.0-main.231",
+      "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.231.tgz",
+      "integrity": "sha512-fDKB/RFVvkRPWlhL/qhPAdJDjD1EpFjpEjjpY0v5QNGalh6NCztOr1OcMc4kvipPp4g+epZjs3SPN38K6R+7zw==",
       "license": "GPL-3.0",
       "dependencies": {
         "type-fest": "^4.41.0"
diff --git a/package.json b/package.json
index b7923a92f6f..089ef3342e9 100644
--- a/package.json
+++ b/package.json
@@ -158,7 +158,7 @@
     "@angular/platform-browser": "19.2.14",
     "@angular/platform-browser-dynamic": "19.2.14",
     "@angular/router": "19.2.14",
-    "@bitwarden/sdk-internal": "0.2.0-main.225",
+    "@bitwarden/sdk-internal": "0.2.0-main.231",
     "@electron/fuses": "1.8.0",
     "@emotion/css": "11.13.5",
     "@koa/multer": "4.0.0",