diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 57812aa82..cef8a7a2c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -71,6 +71,11 @@ jobs:
         with:
           nuget-version: 5.9.0
 
+      - name: Set up .NET
+        uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
+        with:
+          dotnet-version: '3.1.x'
+
       - name: Set up MSBuild
         uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c # v1.3.1
 
diff --git a/.github/workflows/version-auto-bump.yml b/.github/workflows/version-auto-bump.yml
index 5e2d17fb9..c486d1535 100644
--- a/.github/workflows/version-auto-bump.yml
+++ b/.github/workflows/version-auto-bump.yml
@@ -32,14 +32,10 @@ jobs:
           echo "new-version=$NEW_VER" >> $GITHUB_OUTPUT
 
   trigger_version_bump:
-    name: "Version bump"
-    runs-on: ubuntu-22.04
-    needs:
-      - setup
-    steps:
-      - name: Bump version to ${{ needs.setup.outputs.version_number }}
-        uses: ./.github/workflows/version-bump.yml
-        secrets:
-          AZURE_PROD_KV_CREDENTIALS: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-        with:
-          version_number: ${{ needs.setup.outputs.version_number }}
+    name: Bump version to ${{ needs.setup.outputs.version_number }}
+    needs: setup
+    uses: ./.github/workflows/version-bump.yml
+    secrets:
+      AZURE_PROD_KV_CREDENTIALS: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+    with:
+      version_number: ${{ needs.setup.outputs.version_number }}
diff --git a/crowdin.yml b/crowdin.yml
index 57dfe8ff7..45e3e516d 100644
--- a/crowdin.yml
+++ b/crowdin.yml
@@ -38,3 +38,15 @@ files:
         pt-PT: pt-PT
         en-GB: en-GB
         en-IN: en-IN
+  - source: "/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en.lproj/Localizable.strings"
+    dest: "/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en.lproj/%original_file_name%"
+    translation: "/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization//%two_letters_code%.lproj/%original_file_name%"
+    update_option: update_as_unapproved
+    languages_mapping:
+      two_letters_code:
+        zh-CN: zh-Hans
+        zh-TW: zh-Hant
+        pt-BR: pt-BR
+        pt-PT: pt-PT
+        en-GB: en-GB
+        en-IN: en-IN
diff --git a/src/Android/Android.csproj b/src/Android/Android.csproj
index c5f838ff8..8561fb4f1 100644
--- a/src/Android/Android.csproj
+++ b/src/Android/Android.csproj
@@ -233,6 +233,18 @@
       <SubType></SubType>
       <Generator></Generator>
     </AndroidResource>
+    <AndroidResource Include="Resources\layout\validatable_input_dialog_layout.xml">
+      <SubType></SubType>
+      <Generator></Generator>
+    </AndroidResource>
+    <AndroidResource Include="Resources\drawable\empty_uris_placeholder.xml">
+      <SubType></SubType>
+      <Generator></Generator>
+    </AndroidResource>
+    <AndroidResource Include="Resources\drawable\empty_uris_placeholder_dark.xml">
+      <SubType></SubType>
+      <Generator></Generator>
+    </AndroidResource>
   </ItemGroup>
   <ItemGroup>
     <AndroidResource Include="Resources\drawable\splash_screen.xml" />
diff --git a/src/Android/Properties/AndroidManifest.xml b/src/Android/Properties/AndroidManifest.xml
index 77372ff73..b4658aa9d 100644
--- a/src/Android/Properties/AndroidManifest.xml
+++ b/src/Android/Properties/AndroidManifest.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2023.5.1" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2023.7.1" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
 	<uses-sdk android:minSdkVersion="21" android:targetSdkVersion="33" />
 	<uses-permission android:name="android.permission.INTERNET" />
 	<uses-permission android:name="android.permission.NFC" />
diff --git a/src/Android/Renderers/CustomLabelRenderer.cs b/src/Android/Renderers/CustomLabelRenderer.cs
index 62287087d..838b9b967 100644
--- a/src/Android/Renderers/CustomLabelRenderer.cs
+++ b/src/Android/Renderers/CustomLabelRenderer.cs
@@ -1,10 +1,10 @@
-using System;
-using Bit.App.Controls;
-using System.ComponentModel;
-using Xamarin.Forms.Platform.Android;
+using System.ComponentModel;
 using Android.Content;
-using Xamarin.Forms;
+using Android.OS;
+using Bit.App.Controls;
 using Bit.Droid.Renderers;
+using Xamarin.Forms;
+using Xamarin.Forms.Platform.Android;
 
 [assembly: ExportRenderer(typeof(CustomLabel), typeof(CustomLabelRenderer))]
 namespace Bit.Droid.Renderers
@@ -15,6 +15,19 @@ namespace Bit.Droid.Renderers
             : base(context)
         { }
 
+        protected override void OnElementChanged(ElementChangedEventArgs<Label> e)
+        {
+            base.OnElementChanged(e);
+
+            if (Control != null && e.NewElement is CustomLabel label)
+            {
+                if (label.FontWeight.HasValue && Build.VERSION.SdkInt >= BuildVersionCodes.P)
+                {
+                    Control.Typeface = Android.Graphics.Typeface.Create(null, label.FontWeight.Value, false);
+                }
+            }
+        }
+
         protected override void OnElementPropertyChanged(object sender, PropertyChangedEventArgs e)
         {
             var label = sender as CustomLabel;
@@ -28,4 +41,3 @@ namespace Bit.Droid.Renderers
         }
     }
 }
-
diff --git a/src/Android/Resources/drawable/empty_uris_placeholder.xml b/src/Android/Resources/drawable/empty_uris_placeholder.xml
new file mode 100644
index 000000000..a7ceb3a01
--- /dev/null
+++ b/src/Android/Resources/drawable/empty_uris_placeholder.xml
@@ -0,0 +1,35 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android" xmlns:aapt="http://schemas.android.com/aapt"
+    android:viewportWidth="129"
+    android:viewportHeight="124"
+    android:width="129dp"
+    android:height="124dp">
+    <path
+        android:pathData="M126.8227 61.9441A59.6843 59.6843 0 0 1 7.4541 61.9441A59.6843 59.6843 0 0 1 126.8227 61.9441Z"
+        android:fillColor="#F0F0F0"
+        android:strokeColor="#89929F"
+        android:strokeWidth="3" />
+    <path
+        android:pathData="M21.6167 100.851C52.597 103.31 79.6937 80.3264 82.1391 49.5156C83.6205 30.8497 76.0789 14.8844 62.7275 3.63385"
+        android:strokeColor="#89929F"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M14.5633 34.2845C12.2035 66.7711 38.5225 96.3429 72.6666 98.8232C74.2596 98.9389 78.629 98.9975 80.1951 99C84.6245 98.8232 97.8063 96.593 106.813 91.8485C113.439 88.3581 119.745 84.6984 124.644 79.1121"
+        android:strokeColor="#89929F"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M124.502 48.5051C106.554 24.3817 68.8237 21.6709 41.4178 42.0617C24.8146 54.4149 14.7327 72.4183 13.9255 90.1427"
+        android:strokeColor="#89929F"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M83.4034 28.3934A5 5 0 0 1 73.4034 28.3934A5 5 0 0 1 83.4034 28.3934Z"
+        android:fillColor="#89929F" />
+    <path
+        android:pathData="M24.7698 66.5518A5 5 0 0 1 14.7698 66.5518A5 5 0 0 1 24.7698 66.5518Z"
+        android:fillColor="#89929F" />
+    <path
+        android:pathData="M57.344 94.4726A5 5 0 0 1 47.344 94.4726A5 5 0 0 1 57.344 94.4726Z"
+        android:fillColor="#89929F" />
+</vector>
\ No newline at end of file
diff --git a/src/Android/Resources/drawable/empty_uris_placeholder_dark.xml b/src/Android/Resources/drawable/empty_uris_placeholder_dark.xml
new file mode 100644
index 000000000..e35c7f004
--- /dev/null
+++ b/src/Android/Resources/drawable/empty_uris_placeholder_dark.xml
@@ -0,0 +1,35 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android" xmlns:aapt="http://schemas.android.com/aapt"
+    android:viewportWidth="129"
+    android:viewportHeight="124"
+    android:width="129dp"
+    android:height="124dp">
+    <path
+        android:pathData="M126.8227 61.9441A59.6843 59.6843 0 0 1 7.4541 61.9441A59.6843 59.6843 0 0 1 126.8227 61.9441Z"
+        android:fillColor="@android:color/transparent"
+        android:strokeColor="#A3A3A3"
+        android:strokeWidth="3" />
+    <path
+        android:pathData="M21.6167 100.851C52.597 103.31 79.6937 80.3264 82.1391 49.5156C83.6205 30.8497 76.0789 14.8844 62.7275 3.63385"
+        android:strokeColor="#A3A3A3"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M14.5633 34.2845C12.2035 66.7711 38.5225 96.3429 72.6666 98.8232C74.2596 98.9389 78.629 98.9975 80.1951 99C84.6245 98.8232 97.8063 96.593 106.813 91.8485C113.439 88.3581 119.745 84.6984 124.644 79.1121"
+        android:strokeColor="#A3A3A3"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M124.502 48.5051C106.554 24.3817 68.8237 21.6709 41.4178 42.0617C24.8146 54.4149 14.7327 72.4183 13.9255 90.1427"
+        android:strokeColor="#A3A3A3"
+        android:strokeWidth="1.5"
+        android:strokeLineCap="round" />
+    <path
+        android:pathData="M83.4034 28.3934A5 5 0 0 1 73.4034 28.3934A5 5 0 0 1 83.4034 28.3934Z"
+        android:fillColor="#A3A3A3" />
+    <path
+        android:pathData="M24.7698 66.5518A5 5 0 0 1 14.7698 66.5518A5 5 0 0 1 24.7698 66.5518Z"
+        android:fillColor="#A3A3A3" />
+    <path
+        android:pathData="M57.344 94.4726A5 5 0 0 1 47.344 94.4726A5 5 0 0 1 57.344 94.4726Z"
+        android:fillColor="#A3A3A3" />
+</vector>
\ No newline at end of file
diff --git a/src/Android/Resources/layout/validatable_input_dialog_layout.xml b/src/Android/Resources/layout/validatable_input_dialog_layout.xml
new file mode 100644
index 000000000..0ec80eba8
--- /dev/null
+++ b/src/Android/Resources/layout/validatable_input_dialog_layout.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    android:orientation="vertical"
+    android:layout_width="match_parent"
+    android:layout_height="wrap_content"
+    android:paddingLeft="30dp"
+    android:paddingRight="30dp">
+    <TextView
+        android:id="@+id/lblHeader"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:textSize="@dimen/dialog_header_text_size"
+        android:layout_marginTop="5dp"
+        android:layout_marginBottom="-3dp"
+        android:labelFor="@+id/txtValue"/>
+    <EditText
+        android:id="@id/txtValue"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:textSize="@dimen/dialog_input_text_size"/>
+    <TextView
+        android:id="@+id/lblValueSubinfo"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:textSize="@dimen/dialog_sub_value_info_text_size"/>
+</LinearLayout>
+
diff --git a/src/Android/Resources/values/dimens.xml b/src/Android/Resources/values/dimens.xml
index cff37d6db..9f2789871 100644
--- a/src/Android/Resources/values/dimens.xml
+++ b/src/Android/Resources/values/dimens.xml
@@ -2,4 +2,7 @@
 <resources xmlns:tools="http://schemas.android.com/tools">
   <dimen name="design_bottom_navigation_text_size" tools:override="true">15sp</dimen>
   <dimen name="design_bottom_navigation_active_text_size" tools:override="true">15sp</dimen>
+  <dimen name="dialog_input_text_size">16sp</dimen>
+  <dimen name="dialog_header_text_size">12sp</dimen>
+  <dimen name="dialog_sub_value_info_text_size">12sp</dimen>
 </resources>
diff --git a/src/Android/Services/DeviceActionService.cs b/src/Android/Services/DeviceActionService.cs
index c49bc0758..4f843eb55 100644
--- a/src/Android/Services/DeviceActionService.cs
+++ b/src/Android/Services/DeviceActionService.cs
@@ -3,6 +3,7 @@ using System.Threading.Tasks;
 using Android.App;
 using Android.Content;
 using Android.Content.PM;
+using Android.Media;
 using Android.Nfc;
 using Android.OS;
 using Android.Provider;
@@ -13,11 +14,17 @@ using Android.Views.InputMethods;
 using Android.Widget;
 using Bit.App.Abstractions;
 using Bit.App.Resources;
+using Bit.App.Utilities;
+using Bit.App.Utilities.Prompts;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Utilities;
 using Bit.Droid.Utilities;
 using Plugin.CurrentActivity;
+using Xamarin.Forms.Platform.Android;
+using static Android.Icu.Text.CaseMap;
+using static Android.Renderscripts.ScriptGroup;
+using static Android.Util.EventLogTags;
 using static Bit.App.Pages.SettingsPageViewModel;
 
 namespace Bit.Droid.Services
@@ -209,10 +216,7 @@ namespace Bit.Droid.Services
             }
             if (numericKeyboard)
             {
-                input.InputType = InputTypes.ClassNumber | InputTypes.NumberFlagDecimal | InputTypes.NumberFlagSigned;
-#pragma warning disable CS0618 // Type or member is obsolete
-                input.KeyListener = DigitsKeyListener.GetInstance(false, false);
-#pragma warning restore CS0618 // Type or member is obsolete
+                SetNumericKeyboardTo(input);
             }
             if (password)
             {
@@ -248,6 +252,82 @@ namespace Bit.Droid.Services
             return result.Task;
         }
 
+        public Task<ValidatablePromptResponse?> DisplayValidatablePromptAsync(ValidatablePromptConfig config)
+        {
+            var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
+            if (activity == null)
+            {
+                return Task.FromResult<ValidatablePromptResponse?>(null);
+            }
+
+            var alertBuilder = new AlertDialog.Builder(activity);
+            alertBuilder.SetTitle(config.Title);
+            var view = activity.LayoutInflater.Inflate(Resource.Layout.validatable_input_dialog_layout, null);
+            alertBuilder.SetView(view);
+            
+            var result = new TaskCompletionSource<ValidatablePromptResponse?>();
+
+            alertBuilder.SetPositiveButton(config.OkButtonText ?? AppResources.Ok, listener: null);
+            alertBuilder.SetNegativeButton(config.CancelButtonText ?? AppResources.Cancel, (sender, args) => result.TrySetResult(null));
+            if (!string.IsNullOrEmpty(config.ThirdButtonText))
+            {
+                alertBuilder.SetNeutralButton(config.ThirdButtonText, (sender, args) => result.TrySetResult(new ValidatablePromptResponse(null, true)));
+            }
+
+            var alert = alertBuilder.Create();
+
+            var input = view.FindViewById<EditText>(Resource.Id.txtValue);
+            var lblHeader = view.FindViewById<TextView>(Resource.Id.lblHeader);
+            var lblValueSubinfo = view.FindViewById<TextView>(Resource.Id.lblValueSubinfo);
+
+            lblHeader.Text = config.Subtitle;
+            lblValueSubinfo.Text = config.ValueSubInfo;
+
+            var defaultSubInfoColor = lblValueSubinfo.TextColors;
+
+            input.InputType = InputTypes.ClassText;
+
+            if (config.NumericKeyboard)
+            {
+                SetNumericKeyboardTo(input);
+            }
+
+            input.ImeOptions = input.ImeOptions | (ImeAction)ImeFlags.NoPersonalizedLearning | (ImeAction)ImeFlags.NoExtractUi;
+            input.Text = config.Text ?? string.Empty;
+            input.SetSelection(config.Text?.Length ?? 0);
+            input.AfterTextChanged += (sender, args) =>
+            {
+                if (lblValueSubinfo.Text != config.ValueSubInfo)
+                {
+                    lblValueSubinfo.Text = config.ValueSubInfo;
+                    lblHeader.SetTextColor(defaultSubInfoColor);
+                    lblValueSubinfo.SetTextColor(defaultSubInfoColor);
+                }
+            };
+
+            alert.Window.SetSoftInputMode(SoftInput.StateVisible);
+            alert.Show();
+
+            var positiveButton = alert.GetButton((int)DialogButtonType.Positive);
+            positiveButton.Click += (sender, args) =>
+            {
+                var error = config.ValidateText(input.Text);
+                if (error != null)
+                {
+                    lblHeader.SetTextColor(ThemeManager.GetResourceColor("DangerColor").ToAndroid());
+                    lblValueSubinfo.SetTextColor(ThemeManager.GetResourceColor("DangerColor").ToAndroid());
+                    lblValueSubinfo.Text = error;
+                    lblValueSubinfo.SendAccessibilityEvent(Android.Views.Accessibility.EventTypes.ViewFocused);
+                    return;
+                }
+
+                result.TrySetResult(new ValidatablePromptResponse(input.Text, false));
+                alert.Dismiss();
+            };
+
+            return result.Task;
+        }
+
         public void RateApp()
         {
             var activity = (MainActivity)CrossCurrentActivity.Current.Activity;
@@ -525,5 +605,13 @@ namespace Bit.Droid.Services
             // only used by iOS
             throw new NotImplementedException();
         }
+
+        private void SetNumericKeyboardTo(EditText editText)
+        {
+            editText.InputType = InputTypes.ClassNumber | InputTypes.NumberFlagDecimal | InputTypes.NumberFlagSigned;
+#pragma warning disable CS0618 // Type or member is obsolete
+            editText.KeyListener = DigitsKeyListener.GetInstance(false, false);
+#pragma warning restore CS0618 // Type or member is obsolete
+        }
     }
 }
diff --git a/src/Android/Utilities/IntentExtensions.cs b/src/Android/Utilities/IntentExtensions.cs
index fc6242821..746cf4738 100644
--- a/src/Android/Utilities/IntentExtensions.cs
+++ b/src/Android/Utilities/IntentExtensions.cs
@@ -1,5 +1,6 @@
 using Android.Content;
 using Android.OS;
+using Java.Lang;
 
 namespace Bit.Droid.Utilities
 {
@@ -13,7 +14,12 @@ namespace Bit.Droid.Utilities
                 // Note: getting the bundle like this will cause to call unparcel() internally
                 var b = intent?.Extras?.GetBundle("trashstringwhichhasnousebuttocheckunparcel");
             }
-            catch (BadParcelableException)
+            catch (Exception ex) when
+            (
+                ex is BadParcelableException ||
+                ex is ClassNotFoundException ||
+                ex is RuntimeException
+            )
             {
                 intent.ReplaceExtras((Bundle)null);
             }
diff --git a/src/App/Abstractions/IDeviceActionService.cs b/src/App/Abstractions/IDeviceActionService.cs
index e539b156f..56bf5d17f 100644
--- a/src/App/Abstractions/IDeviceActionService.cs
+++ b/src/App/Abstractions/IDeviceActionService.cs
@@ -1,4 +1,5 @@
 using System.Threading.Tasks;
+using Bit.App.Utilities.Prompts;
 using Bit.Core.Enums;
 using Bit.Core.Models;
 
@@ -18,6 +19,7 @@ namespace Bit.App.Abstractions
         Task<string> DisplayPromptAync(string title = null, string description = null, string text = null,
             string okButtonText = null, string cancelButtonText = null, bool numericKeyboard = false,
             bool autofocus = true, bool password = false);
+        Task<ValidatablePromptResponse?> DisplayValidatablePromptAsync(ValidatablePromptConfig config);
         Task<string> DisplayAlertAsync(string title, string message, string cancel, params string[] buttons);
         Task<string> DisplayActionSheetAsync(string title, string cancel, string destruction, params string[] buttons);
 
diff --git a/src/App/App.csproj b/src/App/App.csproj
index 54d589ef7..a39ef90af 100644
--- a/src/App/App.csproj
+++ b/src/App/App.csproj
@@ -146,6 +146,7 @@
     <Folder Include="Controls\IconLabelButton\" />
     <Folder Include="Controls\PasswordStrengthProgressBar\" />
     <Folder Include="Utilities\Automation\" />
+    <Folder Include="Utilities\Prompts\" />
   </ItemGroup>
 
   <ItemGroup>
@@ -442,5 +443,6 @@
     <None Remove="MessagePack.MSBuild.Tasks" />
     <None Remove="Controls\PasswordStrengthProgressBar\" />
     <None Remove="Utilities\Automation\" />
+    <None Remove="Utilities\Prompts\" />
   </ItemGroup>
 </Project>
diff --git a/src/App/Controls/CustomLabel.cs b/src/App/Controls/CustomLabel.cs
index e822d3304..77d1fda79 100644
--- a/src/App/Controls/CustomLabel.cs
+++ b/src/App/Controls/CustomLabel.cs
@@ -1,5 +1,4 @@
-using System;
-using Xamarin.Forms;
+using Xamarin.Forms;
 
 namespace Bit.App.Controls
 {
@@ -8,6 +7,7 @@ namespace Bit.App.Controls
         public CustomLabel()
         {
         }
+
+        public int? FontWeight { get; set; }
     }
 }
-
diff --git a/src/App/Pages/Accounts/LockPage.xaml b/src/App/Pages/Accounts/LockPage.xaml
index f34a8b284..dabcb9fd6 100644
--- a/src/App/Pages/Accounts/LockPage.xaml
+++ b/src/App/Pages/Accounts/LockPage.xaml
@@ -46,7 +46,7 @@
                     <StackLayout StyleClass="box">
                         <Grid
                             StyleClass="box-row"
-                            IsVisible="{Binding PinLock}"
+                            IsVisible="{Binding PinEnabled}"
                             Padding="0, 10, 0, 0">
                             <Grid.RowDefinitions>
                                 <RowDefinition Height="Auto" />
@@ -89,7 +89,7 @@
                         <Grid
                             x:Name="_passwordGrid"
                             StyleClass="box-row"
-                            IsVisible="{Binding PinLock, Converter={StaticResource inverseBool}}"
+                            IsVisible="{Binding PinEnabled, Converter={StaticResource inverseBool}}"
                             Padding="0, 10, 0, 0">
                             <Grid.RowDefinitions>
                                 <RowDefinition Height="Auto" />
diff --git a/src/App/Pages/Accounts/LockPage.xaml.cs b/src/App/Pages/Accounts/LockPage.xaml.cs
index f5a7914a5..d62b4c6b2 100644
--- a/src/App/Pages/Accounts/LockPage.xaml.cs
+++ b/src/App/Pages/Accounts/LockPage.xaml.cs
@@ -44,7 +44,7 @@ namespace Bit.App.Pages
         {
             get
             {
-                if (_vm?.PinLock ?? false)
+                if (_vm?.PinEnabled ?? false)
                 {
                     return _pin;
                 }
@@ -54,7 +54,7 @@ namespace Bit.App.Pages
 
         public async Task PromptBiometricAfterResumeAsync()
         {
-            if (_vm.BiometricLock)
+            if (_vm.BiometricEnabled)
             {
                 await Task.Delay(500);
                 if (!_promptedAfterResume)
@@ -91,13 +91,13 @@ namespace Bit.App.Pages
 
             _vm.FocusSecretEntry += PerformFocusSecretEntry;
 
-            if (!_vm.BiometricLock)
+            if (!_vm.BiometricEnabled)
             {
                 RequestFocus(SecretEntry);
             }
             else
             {
-                if (_vm.UsingKeyConnector && !_vm.PinLock)
+                if (_vm.UsingKeyConnector && !_vm.PinEnabled)
                 {
                     _passwordGrid.IsVisible = false;
                     _unlockButton.IsVisible = false;
diff --git a/src/App/Pages/Accounts/LockPageViewModel.cs b/src/App/Pages/Accounts/LockPageViewModel.cs
index 26d15c630..dc6221e2e 100644
--- a/src/App/Pages/Accounts/LockPageViewModel.cs
+++ b/src/App/Pages/Accounts/LockPageViewModel.cs
@@ -38,16 +38,15 @@ namespace Bit.App.Pages
         private string _masterPassword;
         private string _pin;
         private bool _showPassword;
-        private bool _pinLock;
-        private bool _biometricLock;
+        private PinLockEnum _pinStatus;
+        private bool _pinEnabled;
+        private bool _biometricEnabled;
         private bool _biometricIntegrityValid = true;
         private bool _biometricButtonVisible;
         private bool _usingKeyConnector;
         private string _biometricButtonText;
         private string _loggedInAsText;
         private string _lockedVerifyText;
-        private bool _isPinProtected;
-        private bool _isPinProtectedWithKey;
 
         public LockPageViewModel()
         {
@@ -101,10 +100,10 @@ namespace Bit.App.Pages
                 });
         }
 
-        public bool PinLock
+        public bool PinEnabled
         {
-            get => _pinLock;
-            set => SetProperty(ref _pinLock, value);
+            get => _pinEnabled;
+            set => SetProperty(ref _pinEnabled, value);
         }
 
         public bool UsingKeyConnector
@@ -112,10 +111,10 @@ namespace Bit.App.Pages
             get => _usingKeyConnector;
         }
 
-        public bool BiometricLock
+        public bool BiometricEnabled
         {
-            get => _biometricLock;
-            set => SetProperty(ref _biometricLock, value);
+            get => _biometricEnabled;
+            set => SetProperty(ref _biometricEnabled, value);
         }
 
         public bool BiometricIntegrityValid
@@ -163,14 +162,18 @@ namespace Bit.App.Pages
 
         public async Task InitAsync()
         {
-            (_isPinProtected, _isPinProtectedWithKey) = await _vaultTimeoutService.IsPinLockSetAsync();
-            PinLock = (_isPinProtected && await _stateService.GetPinProtectedKeyAsync() != null) ||
-                      _isPinProtectedWithKey;
-            BiometricLock = await _vaultTimeoutService.IsBiometricLockSetAsync() && await _cryptoService.HasKeyAsync();
+            _pinStatus = await _vaultTimeoutService.IsPinLockSetAsync();
+
+            var ephemeralPinSet = await _stateService.GetUserKeyPinEphemeralAsync()
+                ?? await _stateService.GetPinProtectedKeyAsync();
+            PinEnabled = (_pinStatus == PinLockEnum.Transient && ephemeralPinSet != null) ||
+                      _pinStatus == PinLockEnum.Persistent;
+
+            BiometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync() && await _cryptoService.HasEncryptedUserKeyAsync();
 
             // Users with key connector and without biometric or pin has no MP to unlock with
             _usingKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
-            if (_usingKeyConnector && !(BiometricLock || PinLock))
+            if (_usingKeyConnector && !(BiometricEnabled || PinEnabled))
             {
                 await _vaultTimeoutService.LogOutAsync();
                 return;
@@ -189,7 +192,7 @@ namespace Bit.App.Pages
             }
             var webVaultHostname = CoreHelpers.GetHostname(webVault);
             LoggedInAsText = string.Format(AppResources.LoggedInAsOn, _email, webVaultHostname);
-            if (PinLock)
+            if (PinEnabled)
             {
                 PageTitle = AppResources.VerifyPIN;
                 LockedVerifyText = AppResources.VaultLockedPIN;
@@ -208,7 +211,7 @@ namespace Bit.App.Pages
                 }
             }
 
-            if (BiometricLock)
+            if (BiometricEnabled)
             {
                 BiometricIntegrityValid = await _platformUtilsService.IsBiometricIntegrityValidAsync();
                 if (!_biometricIntegrityValid)
@@ -230,14 +233,14 @@ namespace Bit.App.Pages
 
         public async Task SubmitAsync()
         {
-            if (PinLock && string.IsNullOrWhiteSpace(Pin))
+            if (PinEnabled && string.IsNullOrWhiteSpace(Pin))
             {
                 await Page.DisplayAlert(AppResources.AnErrorHasOccurred,
                     string.Format(AppResources.ValidationFieldRequired, AppResources.PIN),
                     AppResources.Ok);
                 return;
             }
-            if (!PinLock && string.IsNullOrWhiteSpace(MasterPassword))
+            if (!PinEnabled && string.IsNullOrWhiteSpace(MasterPassword))
             {
                 await Page.DisplayAlert(AppResources.AnErrorHasOccurred,
                     string.Format(AppResources.ValidationFieldRequired, AppResources.MasterPassword),
@@ -248,34 +251,54 @@ namespace Bit.App.Pages
             ShowPassword = false;
             var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
 
-            if (PinLock)
+            if (PinEnabled)
             {
                 var failed = true;
                 try
                 {
-                    if (_isPinProtected)
+                    EncString userKeyPin = null;
+                    EncString oldPinProtected = null;
+                    if (_pinStatus == PinLockEnum.Persistent)
                     {
-                        var key = await _cryptoService.MakeKeyFromPinAsync(Pin, _email,
+                        userKeyPin = await _stateService.GetUserKeyPinAsync();
+                        var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
+                        oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
+                    }
+                    else if (_pinStatus == PinLockEnum.Transient)
+                    {
+                        userKeyPin = await _stateService.GetUserKeyPinEphemeralAsync();
+                        oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
+                    }
+
+                    UserKey userKey;
+                    if (oldPinProtected != null)
+                    {
+                        userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
+                            _pinStatus == PinLockEnum.Transient,
+                            Pin,
+                            _email,
                             kdfConfig,
-                            await _stateService.GetPinProtectedKeyAsync());
-                        var encKey = await _cryptoService.GetEncKeyAsync(key);
-                        var protectedPin = await _stateService.GetProtectedPinAsync();
-                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
-                        failed = decPin != Pin;
-                        if (!failed)
-                        {
-                            Pin = string.Empty;
-                            await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                            await SetKeyAndContinueAsync(key);
-                        }
+                            oldPinProtected
+                        );
                     }
                     else
                     {
-                        var key = await _cryptoService.MakeKeyFromPinAsync(Pin, _email, kdfConfig);
-                        failed = false;
+                        userKey = await _cryptoService.DecryptUserKeyWithPinAsync(
+                            Pin,
+                            _email,
+                            kdfConfig,
+                            userKeyPin
+                        );
+                    }
+
+                    var protectedPin = await _stateService.GetProtectedPinAsync();
+                    var decryptedPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), userKey);
+                    failed = decryptedPin != Pin;
+                    if (!failed)
+                    {
                         Pin = string.Empty;
                         await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                        await SetKeyAndContinueAsync(key);
+                        await SetKeyAndContinueAsync(userKey);
                     }
                 }
                 catch
@@ -296,19 +319,21 @@ namespace Bit.App.Pages
             }
             else
             {
-                var key = await _cryptoService.MakeKeyAsync(MasterPassword, _email, kdfConfig);
-                var storedKeyHash = await _cryptoService.GetKeyHashAsync();
+                var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, _email, kdfConfig);
+                var storedKeyHash = await _cryptoService.GetPasswordHashAsync();
                 var passwordValid = false;
                 MasterPasswordPolicyOptions enforcedMasterPasswordOptions = null;
 
                 if (storedKeyHash != null)
                 {
-                    passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(MasterPassword, key);
+                    // Offline unlock possible
+                    passwordValid = await _cryptoService.CompareAndUpdatePasswordHashAsync(MasterPassword, masterKey);
                 }
                 else
                 {
+                    // Online unlock required
                     await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
-                    var keyHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.ServerAuthorization);
+                    var keyHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey, HashPurpose.ServerAuthorization);
                     var request = new PasswordVerificationRequest();
                     request.MasterPasswordHash = keyHash;
 
@@ -317,8 +342,8 @@ namespace Bit.App.Pages
                         var response = await _apiService.PostAccountVerifyPasswordAsync(request);
                         enforcedMasterPasswordOptions = response.MasterPasswordPolicy;
                         passwordValid = true;
-                        var localKeyHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.LocalAuthorization);
-                        await _cryptoService.SetKeyHashAsync(localKeyHash);
+                        var localKeyHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey, HashPurpose.LocalAuthorization);
+                        await _cryptoService.SetPasswordHashAsync(localKeyHash);
                     }
                     catch (Exception e)
                     {
@@ -328,15 +353,6 @@ namespace Bit.App.Pages
                 }
                 if (passwordValid)
                 {
-                    if (_isPinProtected)
-                    {
-                        var protectedPin = await _stateService.GetProtectedPinAsync();
-                        var encKey = await _cryptoService.GetEncKeyAsync(key);
-                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
-                        var pinKey = await _cryptoService.MakePinKeyAysnc(decPin, _email, kdfConfig);
-                        await _stateService.SetPinProtectedKeyAsync(await _cryptoService.EncryptAsync(key.Key, pinKey));
-                    }
-
                     if (await RequirePasswordChangeAsync(enforcedMasterPasswordOptions))
                     {
                         // Save the ForcePasswordResetReason to force a password reset after unlock
@@ -346,10 +362,13 @@ namespace Bit.App.Pages
 
                     MasterPassword = string.Empty;
                     await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                    await SetKeyAndContinueAsync(key);
+
+                    var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
+                    await _cryptoService.SetMasterKeyAsync(masterKey);
+                    await SetKeyAndContinueAsync(userKey);
 
                     // Re-enable biometrics
-                    if (BiometricLock & !BiometricIntegrityValid)
+                    if (BiometricEnabled & !BiometricIntegrityValid)
                     {
                         await _biometricService.SetupBiometricAsync();
                     }
@@ -426,7 +445,7 @@ namespace Bit.App.Pages
         public void TogglePassword()
         {
             ShowPassword = !ShowPassword;
-            var secret = PinLock ? Pin : MasterPassword;
+            var secret = PinEnabled ? Pin : MasterPassword;
             _secretEntryFocusWeakEventManager.RaiseEvent(string.IsNullOrEmpty(secret) ? 0 : secret.Length, nameof(FocusSecretEntry));
         }
 
@@ -434,12 +453,12 @@ namespace Bit.App.Pages
         {
             BiometricIntegrityValid = await _platformUtilsService.IsBiometricIntegrityValidAsync();
             BiometricButtonVisible = BiometricIntegrityValid;
-            if (!BiometricLock || !BiometricIntegrityValid)
+            if (!BiometricEnabled || !BiometricIntegrityValid)
             {
                 return;
             }
             var success = await _platformUtilsService.AuthenticateBiometricAsync(null,
-                PinLock ? AppResources.PIN : AppResources.MasterPassword,
+                PinEnabled ? AppResources.PIN : AppResources.MasterPassword,
                 () => _secretEntryFocusWeakEventManager.RaiseEvent((int?)null, nameof(FocusSecretEntry)));
             await _stateService.SetBiometricLockedAsync(!success);
             if (success)
@@ -448,12 +467,12 @@ namespace Bit.App.Pages
             }
         }
 
-        private async Task SetKeyAndContinueAsync(SymmetricCryptoKey key)
+        private async Task SetKeyAndContinueAsync(UserKey key)
         {
-            var hasKey = await _cryptoService.HasKeyAsync();
+            var hasKey = await _cryptoService.HasUserKeyAsync();
             if (!hasKey)
             {
-                await _cryptoService.SetKeyAsync(key);
+                await _cryptoService.SetUserKeyAsync(key);
             }
             await _deviceTrustCryptoService.TrustDeviceIfNeededAsync();
             await DoContinueAsync();
diff --git a/src/App/Pages/Accounts/RegisterPageViewModel.cs b/src/App/Pages/Accounts/RegisterPageViewModel.cs
index ebfc522c1..b742a65ba 100644
--- a/src/App/Pages/Accounts/RegisterPageViewModel.cs
+++ b/src/App/Pages/Accounts/RegisterPageViewModel.cs
@@ -177,25 +177,28 @@ namespace Bit.App.Pages
             Name = string.IsNullOrWhiteSpace(Name) ? null : Name;
             Email = Email.Trim().ToLower();
             var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null);
-            var key = await _cryptoService.MakeKeyAsync(MasterPassword, Email, kdfConfig);
-            var encKey = await _cryptoService.MakeEncKeyAsync(key);
-            var hashedPassword = await _cryptoService.HashPasswordAsync(MasterPassword, key);
-            var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1);
+            var newMasterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, Email, kdfConfig);
+            var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(
+                newMasterKey,
+                await _cryptoService.MakeUserKeyAsync()
+            );
+            var hashedPassword = await _cryptoService.HashPasswordAsync(MasterPassword, newMasterKey);
+            var (newPublicKey, newProtectedPrivateKey) = await _cryptoService.MakeKeyPairAsync(newUserKey);
             var request = new RegisterRequest
             {
                 Email = Email,
                 Name = Name,
                 MasterPasswordHash = hashedPassword,
                 MasterPasswordHint = Hint,
-                Key = encKey.Item2.EncryptedString,
+                Key = newProtectedUserKey.EncryptedString,
                 Kdf = kdfConfig.Type,
                 KdfIterations = kdfConfig.Iterations,
                 KdfMemory = kdfConfig.Memory,
                 KdfParallelism = kdfConfig.Parallelism,
                 Keys = new KeysRequest
                 {
-                    PublicKey = keys.Item1,
-                    EncryptedPrivateKey = keys.Item2.EncryptedString
+                    PublicKey = newPublicKey,
+                    EncryptedPrivateKey = newProtectedPrivateKey.EncryptedString
                 },
                 CaptchaResponse = _captchaToken,
             };
diff --git a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
index 51d468275..57ffaac79 100644
--- a/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/SetPasswordPageViewModel.cs
@@ -165,26 +165,18 @@ namespace Bit.App.Pages
 
             var kdfConfig = new KdfConfig(KdfType.PBKDF2_SHA256, Constants.Pbkdf2Iterations, null, null);
             var email = await _stateService.GetEmailAsync();
-            var key = await _cryptoService.MakeKeyAsync(MasterPassword, email, kdfConfig);
-            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.ServerAuthorization);
-            var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key, HashPurpose.LocalAuthorization);
+            var newMasterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
+            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, newMasterKey, HashPurpose.ServerAuthorization);
+            var localMasterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, newMasterKey, HashPurpose.LocalAuthorization);
 
-            Tuple<SymmetricCryptoKey, EncString> encKey;
-            var existingEncKey = await _cryptoService.GetEncKeyAsync();
-            if (existingEncKey == null)
-            {
-                encKey = await _cryptoService.MakeEncKeyAsync(key);
-            }
-            else
-            {
-                encKey = await _cryptoService.RemakeEncKeyAsync(key);
-            }
+            var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(newMasterKey,
+                await _cryptoService.GetUserKeyAsync() ?? await _cryptoService.MakeUserKeyAsync());
 
-            var keys = await _cryptoService.MakeKeyPairAsync(encKey.Item1);
+            var keys = await _cryptoService.MakeKeyPairAsync(newUserKey);
             var request = new SetPasswordRequest
             {
                 MasterPasswordHash = masterPasswordHash,
-                Key = encKey.Item2.EncryptedString,
+                Key = newProtectedUserKey.EncryptedString,
                 MasterPasswordHint = Hint,
                 Kdf = kdfConfig.Type.GetValueOrDefault(KdfType.PBKDF2_SHA256),
                 KdfIterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Pbkdf2Iterations),
@@ -204,19 +196,19 @@ namespace Bit.App.Pages
                 // Set Password and relevant information
                 await _apiService.SetPasswordAsync(request);
                 await _stateService.SetKdfConfigurationAsync(kdfConfig);
-                await _cryptoService.SetKeyAsync(key);
-                await _cryptoService.SetKeyHashAsync(localMasterPasswordHash);
-                await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
-                await _cryptoService.SetEncPrivateKeyAsync(keys.Item2.EncryptedString);
+                await _cryptoService.SetMasterKeyAsync(newMasterKey);
+                await _cryptoService.SetPasswordHashAsync(localMasterPasswordHash);
+                await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(newProtectedUserKey.EncryptedString);
+                await _cryptoService.SetPrivateKeyAsync(keys.Item2.EncryptedString);
 
                 if (ResetPasswordAutoEnroll)
                 {
                     // Grab Organization Keys
                     var response = await _apiService.GetOrganizationKeysAsync(OrgId);
                     var publicKey = CoreHelpers.Base64UrlDecode(response.PublicKey);
-                    // Grab user's Encryption Key and encrypt with Org Public Key
-                    var userEncKey = await _cryptoService.GetEncKeyAsync();
-                    var encryptedKey = await _cryptoService.RsaEncryptAsync(userEncKey.Key, publicKey);
+                    // Grab User Key and encrypt with Org Public Key
+                    var userKey = await _cryptoService.GetUserKeyAsync();
+                    var encryptedKey = await _cryptoService.RsaEncryptAsync(userKey.Key, publicKey);
                     // Request
                     var resetRequest = new OrganizationUserResetPasswordEnrollmentRequest
                     {
diff --git a/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs b/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
index daf4b2dbe..7d8ec85f0 100644
--- a/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
+++ b/src/App/Pages/Accounts/UpdateTempPasswordPageViewModel.cs
@@ -93,12 +93,12 @@ namespace Bit.App.Pages
             var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
             var email = await _stateService.GetEmailAsync();
 
-            // Create new key and hash new password
-            var key = await _cryptoService.MakeKeyAsync(MasterPassword, email, kdfConfig);
-            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, key);
+            // Create new master key and hash new password
+            var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, email, kdfConfig);
+            var masterPasswordHash = await _cryptoService.HashPasswordAsync(MasterPassword, masterKey);
 
-            // Create new encKey for the User
-            var newEncKey = await _cryptoService.RemakeEncKeyAsync(key);
+            // Encrypt user key with new master key
+            var (userKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(masterKey);
 
             // Initiate API action
             try
@@ -108,10 +108,10 @@ namespace Bit.App.Pages
                 switch (_reason)
                 {
                     case ForcePasswordResetReason.AdminForcePasswordReset:
-                        await UpdateTempPasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString);
+                        await UpdateTempPasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
                         break;
                     case ForcePasswordResetReason.WeakMasterPasswordOnLogin:
-                        await UpdatePasswordAsync(masterPasswordHash, newEncKey.Item2.EncryptedString);
+                        await UpdatePasswordAsync(masterPasswordHash, newProtectedUserKey.EncryptedString);
                         break;
                     default:
                         throw new ArgumentOutOfRangeException();
diff --git a/src/App/Pages/Settings/BlockAutofillUrisPage.xaml b/src/App/Pages/Settings/BlockAutofillUrisPage.xaml
new file mode 100644
index 000000000..8514edcad
--- /dev/null
+++ b/src/App/Pages/Settings/BlockAutofillUrisPage.xaml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<pages:BaseContentPage xmlns="http://xamarin.com/schemas/2014/forms"
+    xmlns:x="http://schemas.microsoft.com/winfx/2009/xaml"
+    x:Class="Bit.App.Pages.BlockAutofillUrisPage"
+    xmlns:pages="clr-namespace:Bit.App.Pages"
+    xmlns:controls="clr-namespace:Bit.App.Controls"
+    xmlns:u="clr-namespace:Bit.App.Utilities"
+    xmlns:core="clr-namespace:Bit.Core;assembly=BitwardenCore"
+    x:DataType="pages:BlockAutofillUrisPageViewModel"
+    Title="{u:I18n BlockAutoFill}">
+    <ContentPage.BindingContext>
+        <pages:BlockAutofillUrisPageViewModel />
+    </ContentPage.BindingContext>
+    <ContentPage.Resources>
+        <ResourceDictionary>
+            <u:InverseBoolConverter x:Key="inverseBool" />
+        </ResourceDictionary>
+    </ContentPage.Resources>
+    <StackLayout Orientation="Vertical">
+        <Image
+            x:Name="_emptyUrisPlaceholder"
+            HorizontalOptions="Center"
+            WidthRequest="120"
+            HeightRequest="120"
+            Margin="0,100,0,0"
+            IsVisible="{Binding ShowList, Converter={StaticResource inverseBool}}"
+            AutomationProperties.IsInAccessibleTree="True"
+            AutomationProperties.Name="{u:I18n ThereAreNoBlockedURIs}" />
+        <controls:CustomLabel
+            StyleClass="box-label-regular"
+            Text="{u:I18n AutoFillWillNotBeOfferedForTheseURIs}"
+            FontWeight="500"
+            HorizontalTextAlignment="Center"
+            Margin="14,10,14,0"/>
+        <controls:ExtendedCollectionView
+            ItemsSource="{Binding BlockedUris}"
+            IsVisible="{Binding ShowList}"
+            VerticalOptions="FillAndExpand"
+            Margin="0,5,0,0"
+            SelectionMode="None"
+            StyleClass="list, list-platform"
+            ExtraDataForLogging="Blocked Autofill Uris"
+            AutomationId="BlockedUrisCellList">
+            <CollectionView.ItemTemplate>
+                <DataTemplate x:DataType="pages:BlockAutofillUriItemViewModel">
+                    <StackLayout
+                        Orientation="Vertical"
+                        AutomationId="BlockedUriCell">
+                        <StackLayout
+                            Orientation="Horizontal">
+                            <controls:CustomLabel
+                                VerticalOptions="Center"
+                                StyleClass="box-label-regular"
+                                Text="{Binding Uri}"
+                                MaxLines="2"
+                                LineBreakMode="TailTruncation"
+                                FontWeight="500"
+                                Margin="15,0,0,0"
+                                HorizontalOptions="StartAndExpand"/>
+                            <controls:IconButton
+                                StyleClass="box-row-button-muted, box-row-button-platform"
+                                Text="{Binding Source={x:Static core:BitwardenIcons.PencilSquare}}"
+                                Command="{Binding EditUriCommand}"
+                                Margin="5,0,15,0"
+                                AutomationProperties.IsInAccessibleTree="True"
+                                AutomationProperties.Name="{u:I18n EditURI}"
+                                AutomationId="EditUriButton" />
+                        </StackLayout>
+                        <BoxView StyleClass="box-row-separator" />
+                    </StackLayout>
+                </DataTemplate>
+            </CollectionView.ItemTemplate>
+        </controls:ExtendedCollectionView>
+        <Button
+            Text="{u:I18n NewBlockedURI}"
+            Command="{Binding AddUriCommand}"
+            VerticalOptions="End"
+            HeightRequest="40"
+            Opacity="0.8"
+            Margin="14,5,14,10"
+            AutomationProperties.IsInAccessibleTree="True"
+            AutomationProperties.Name="{u:I18n NewBlockedURI}"
+            AutomationId="NewBlockedUriButton" />
+    </StackLayout>
+</pages:BaseContentPage>
diff --git a/src/App/Pages/Settings/BlockAutofillUrisPage.xaml.cs b/src/App/Pages/Settings/BlockAutofillUrisPage.xaml.cs
new file mode 100644
index 000000000..e8bf3b0cd
--- /dev/null
+++ b/src/App/Pages/Settings/BlockAutofillUrisPage.xaml.cs
@@ -0,0 +1,44 @@
+using System.Threading.Tasks;
+using Bit.App.Styles;
+using Bit.App.Utilities;
+using Bit.Core.Utilities;
+using Xamarin.Essentials;
+using Xamarin.Forms;
+
+namespace Bit.App.Pages
+{
+    public partial class BlockAutofillUrisPage : BaseContentPage, IThemeDirtablePage
+    {
+        private readonly BlockAutofillUrisPageViewModel _vm;
+
+        public BlockAutofillUrisPage()
+        {
+            InitializeComponent();
+
+            _vm = BindingContext as BlockAutofillUrisPageViewModel;
+            _vm.Page = this;
+        }
+
+        protected override void OnAppearing()
+        {
+            base.OnAppearing();
+
+            _vm.InitAsync().FireAndForget(_ => Navigation.PopAsync());
+
+            UpdatePlaceholder();
+        }
+
+        public override async Task UpdateOnThemeChanged()
+        {
+            await base.UpdateOnThemeChanged();
+
+            UpdatePlaceholder();
+        }
+
+        private void UpdatePlaceholder()
+        {
+            MainThread.BeginInvokeOnMainThread(() =>
+                _emptyUrisPlaceholder.Source = ImageSource.FromFile(ThemeManager.UsingLightTheme ? "empty_uris_placeholder" : "empty_uris_placeholder_dark"));
+        }
+    }
+}
diff --git a/src/App/Pages/Settings/BlockAutofillUrisPageViewModel.cs b/src/App/Pages/Settings/BlockAutofillUrisPageViewModel.cs
new file mode 100644
index 000000000..a3f823990
--- /dev/null
+++ b/src/App/Pages/Settings/BlockAutofillUrisPageViewModel.cs
@@ -0,0 +1,186 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using System.Windows.Input;
+using Bit.App.Abstractions;
+using Bit.App.Resources;
+using Bit.Core;
+using Bit.Core.Abstractions;
+using Bit.Core.Utilities;
+using Xamarin.CommunityToolkit.ObjectModel;
+using Xamarin.Essentials;
+using Xamarin.Forms;
+
+namespace Bit.App.Pages
+{
+    public class BlockAutofillUrisPageViewModel : BaseViewModel
+    {
+        private const char URI_SEPARARTOR = ',';
+        private const string URI_FORMAT = "https://domain.com";
+
+        private readonly IStateService _stateService;
+        private readonly IDeviceActionService _deviceActionService;
+
+        public BlockAutofillUrisPageViewModel()
+        {
+            _stateService = ServiceContainer.Resolve<IStateService>();
+            _deviceActionService = ServiceContainer.Resolve<IDeviceActionService>();
+
+            AddUriCommand = new AsyncCommand(AddUriAsync,
+                onException: ex => HandleException(ex),
+                allowsMultipleExecutions: false);
+
+            EditUriCommand = new AsyncCommand<BlockAutofillUriItemViewModel>(EditUriAsync,
+                onException: ex => HandleException(ex),
+                allowsMultipleExecutions: false);
+        }
+
+        public ObservableRangeCollection<BlockAutofillUriItemViewModel> BlockedUris { get; set; } = new ObservableRangeCollection<BlockAutofillUriItemViewModel>();
+
+        public bool ShowList => BlockedUris.Any();
+
+        public ICommand AddUriCommand { get; }
+
+        public ICommand EditUriCommand { get; }
+
+        public async Task InitAsync()
+        {
+            var blockedUrisList = await _stateService.GetAutofillBlacklistedUrisAsync();
+            if (blockedUrisList?.Any() != true)
+            {
+                return;
+            }
+            await MainThread.InvokeOnMainThreadAsync(() =>
+            {
+                BlockedUris.AddRange(blockedUrisList.OrderBy(uri => uri).Select(u => new BlockAutofillUriItemViewModel(u, EditUriCommand)).ToList());
+                TriggerPropertyChanged(nameof(ShowList));
+            });
+        }
+
+        private async Task AddUriAsync()
+        {
+            var response = await _deviceActionService.DisplayValidatablePromptAsync(new Utilities.Prompts.ValidatablePromptConfig
+            {
+                Title = AppResources.NewUri,
+                Subtitle = AppResources.EnterURI,
+                ValueSubInfo = string.Format(AppResources.FormatXSeparateMultipleURIsWithAComma, URI_FORMAT),
+                OkButtonText = AppResources.Save,
+                ValidateText = text => ValidateUris(text, true)
+            });
+            if (response?.Text is null)
+            {
+                return;
+            }
+
+            await MainThread.InvokeOnMainThreadAsync(() =>
+            {
+                foreach (var uri in response.Value.Text.Split(URI_SEPARARTOR).Where(s => !string.IsNullOrEmpty(s)))
+                {
+                    var cleanedUri = uri.Replace(Environment.NewLine, string.Empty).Trim();
+                    BlockedUris.Add(new BlockAutofillUriItemViewModel(cleanedUri, EditUriCommand));
+                }
+
+                BlockedUris = new ObservableRangeCollection<BlockAutofillUriItemViewModel>(BlockedUris.OrderBy(b => b.Uri));
+                TriggerPropertyChanged(nameof(BlockedUris));
+                TriggerPropertyChanged(nameof(ShowList));
+            });
+            await UpdateAutofillBlacklistedUrisAsync();
+            _deviceActionService.Toast(AppResources.URISaved);
+        }
+
+        private async Task EditUriAsync(BlockAutofillUriItemViewModel uriItemViewModel)
+        {
+            var response = await _deviceActionService.DisplayValidatablePromptAsync(new Utilities.Prompts.ValidatablePromptConfig
+            {
+                Title = AppResources.EditURI,
+                Subtitle = AppResources.EnterURI,
+                Text = uriItemViewModel.Uri,
+                ValueSubInfo = string.Format(AppResources.FormatX, URI_FORMAT),
+                OkButtonText = AppResources.Save,
+                ThirdButtonText = AppResources.Remove,
+                ValidateText = text => ValidateUris(text, false)
+            });
+            if (response is null)
+            {
+                return;
+            }
+
+            if (response.Value.ExecuteThirdAction)
+            {
+                await MainThread.InvokeOnMainThreadAsync(() =>
+                {
+                    BlockedUris.Remove(uriItemViewModel);
+                    TriggerPropertyChanged(nameof(ShowList));
+                });
+                await UpdateAutofillBlacklistedUrisAsync();
+                _deviceActionService.Toast(AppResources.URIRemoved);
+                return;
+            }
+
+            var cleanedUri = response.Value.Text.Replace(Environment.NewLine, string.Empty).Trim();
+            await MainThread.InvokeOnMainThreadAsync(() =>
+            {
+                BlockedUris.Remove(uriItemViewModel);
+                BlockedUris.Add(new BlockAutofillUriItemViewModel(cleanedUri, EditUriCommand));
+                BlockedUris = new ObservableRangeCollection<BlockAutofillUriItemViewModel>(BlockedUris.OrderBy(b => b.Uri));
+                TriggerPropertyChanged(nameof(BlockedUris));
+                TriggerPropertyChanged(nameof(ShowList));
+            });
+            await UpdateAutofillBlacklistedUrisAsync();
+            _deviceActionService.Toast(AppResources.URISaved);
+        }
+
+        private string ValidateUris(string uris, bool allowMultipleUris)
+        {
+            if (string.IsNullOrWhiteSpace(uris))
+            {
+                return string.Format(AppResources.FormatX, URI_FORMAT);
+            }
+
+            if (!allowMultipleUris && uris.Contains(URI_SEPARARTOR))
+            {
+                return AppResources.CannotEditMultipleURIsAtOnce;
+            }
+
+            foreach (var uri in uris.Split(URI_SEPARARTOR).Where(u => !string.IsNullOrWhiteSpace(u)))
+            {
+                var cleanedUri = uri.Replace(Environment.NewLine, string.Empty).Trim();
+                if (!cleanedUri.StartsWith("http://") && !cleanedUri.StartsWith("https://") &&
+                    !cleanedUri.StartsWith(Constants.AndroidAppProtocol))
+                {
+                    return AppResources.InvalidFormatUseHttpsHttpOrAndroidApp;
+                }
+
+                if (!Uri.TryCreate(cleanedUri, UriKind.Absolute, out var _))
+                {
+                    return AppResources.InvalidURI;
+                }
+
+                if (BlockedUris.Any(uriItem => uriItem.Uri == cleanedUri))
+                {
+                    return string.Format(AppResources.TheURIXIsAlreadyBlocked, cleanedUri);
+                }
+            }
+
+            return null;
+        }
+
+        private async Task UpdateAutofillBlacklistedUrisAsync()
+        {
+            await _stateService.SetAutofillBlacklistedUrisAsync(BlockedUris.Any() ? BlockedUris.Select(bu => bu.Uri).ToList() : null);
+        }
+    }
+
+    public class BlockAutofillUriItemViewModel : ExtendedViewModel
+    {
+        public BlockAutofillUriItemViewModel(string uri, ICommand editUriCommand)
+        {
+            Uri = uri;
+            EditUriCommand = new Command(() => editUriCommand.Execute(this));
+        }
+
+        public string Uri { get; }
+
+        public ICommand EditUriCommand { get; }
+    }
+}
diff --git a/src/App/Pages/Settings/OptionsPage.xaml b/src/App/Pages/Settings/OptionsPage.xaml
index 8a6a407b5..39901574d 100644
--- a/src/App/Pages/Settings/OptionsPage.xaml
+++ b/src/App/Pages/Settings/OptionsPage.xaml
@@ -153,22 +153,14 @@
                     StyleClass="box-footer-label, box-footer-label-switch" />
             </StackLayout>
             <StackLayout StyleClass="box" IsVisible="{Binding ShowAndroidAutofillSettings}">
-                <StackLayout StyleClass="box-row, box-row-input">
-                    <Label
-                        Text="{u:I18n AutofillBlockedUris}"
-                        StyleClass="box-label" />
-                    <Editor
-                        x:Name="_autofillBlockedUrisEditor"
-                        Text="{Binding AutofillBlockedUris}"
-                        StyleClass="box-value"
-                        AutoSize="TextChanges"
-                        IsSpellCheckEnabled="False"
-                        IsTextPredictionEnabled="False"
-                        Keyboard="Url"
-                        Unfocused="AutofillBlockedUrisEditor_Unfocused" />
-                </StackLayout>
+                <StackLayout.GestureRecognizers>
+                    <TapGestureRecognizer Command="{Binding GoToBlockAutofillUrisCommand}" />
+                </StackLayout.GestureRecognizers>
                 <Label
-                    Text="{u:I18n AutofillBlockedUrisDescription}"
+                    Text="{u:I18n BlockAutoFill}"
+                    StyleClass="box-label-regular" />
+                <Label
+                    Text="{u:I18n AutoFillWillNotBeOfferedForTheseURIs}"
                     StyleClass="box-footer-label" />
             </StackLayout>
         </StackLayout>
diff --git a/src/App/Pages/Settings/OptionsPage.xaml.cs b/src/App/Pages/Settings/OptionsPage.xaml.cs
index 6cb54d21d..63c02605c 100644
--- a/src/App/Pages/Settings/OptionsPage.xaml.cs
+++ b/src/App/Pages/Settings/OptionsPage.xaml.cs
@@ -1,6 +1,4 @@
-using Bit.App.Abstractions;
-using Bit.App.Resources;
-using Bit.Core.Abstractions;
+using Bit.Core.Abstractions;
 using Bit.Core.Utilities;
 using Xamarin.Forms;
 using Xamarin.Forms.PlatformConfiguration;
@@ -44,17 +42,6 @@ namespace Bit.App.Pages
             await _vm.InitAsync();
         }
 
-        protected async override void OnDisappearing()
-        {
-            base.OnDisappearing();
-            await _vm.UpdateAutofillBlockedUris();
-        }
-
-        private async void AutofillBlockedUrisEditor_Unfocused(object sender, FocusEventArgs e)
-        {
-            await _vm.UpdateAutofillBlockedUris();
-        }
-
         private async void Close_Clicked(object sender, System.EventArgs e)
         {
             if (DoOnce())
diff --git a/src/App/Pages/Settings/OptionsPageViewModel.cs b/src/App/Pages/Settings/OptionsPageViewModel.cs
index ea36aad9c..8e0cbbc1d 100644
--- a/src/App/Pages/Settings/OptionsPageViewModel.cs
+++ b/src/App/Pages/Settings/OptionsPageViewModel.cs
@@ -1,12 +1,13 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using System.Windows.Input;
 using Bit.App.Resources;
 using Bit.App.Utilities;
-using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Utilities;
+using Xamarin.CommunityToolkit.ObjectModel;
 using Xamarin.Forms;
 
 namespace Bit.App.Pages
@@ -19,7 +20,6 @@ namespace Bit.App.Pages
         private readonly IPlatformUtilsService _platformUtilsService;
 
         private bool _autofillSavePrompt;
-        private string _autofillBlockedUris;
         private bool _favicon;
         private bool _autoTotpCopy;
         private int _clearClipboardSelectedIndex;
@@ -84,6 +84,10 @@ namespace Bit.App.Pages
                 new KeyValuePair<string, string>(null, AppResources.DefaultSystem)
             };
             LocalesOptions.AddRange(_i18nService.LocaleNames.ToList());
+
+            GoToBlockAutofillUrisCommand = new AsyncCommand(() => Page.Navigation.PushAsync(new BlockAutofillUrisPage()),
+                onException: ex => HandleException(ex),
+                allowsMultipleExecutions: false);
         }
 
         public List<KeyValuePair<int?, string>> ClearClipboardOptions { get; set; }
@@ -192,25 +196,18 @@ namespace Bit.App.Pages
             }
         }
 
-        public string AutofillBlockedUris
-        {
-            get => _autofillBlockedUris;
-            set => SetProperty(ref _autofillBlockedUris, value);
-        }
-
         public bool ShowAndroidAutofillSettings
         {
             get => _showAndroidAutofillSettings;
             set => SetProperty(ref _showAndroidAutofillSettings, value);
         }
 
+        public ICommand GoToBlockAutofillUrisCommand { get; }
+
         public async Task InitAsync()
         {
             AutofillSavePrompt = !(await _stateService.GetAutofillDisableSavePromptAsync()).GetValueOrDefault();
 
-            var blockedUrisList = await _stateService.GetAutofillBlacklistedUrisAsync();
-            AutofillBlockedUris = blockedUrisList != null ? string.Join(", ", blockedUrisList) : null;
-
             AutoTotpCopy = !(await _stateService.GetDisableAutoTotpCopyAsync() ?? false);
 
             Favicon = !(await _stateService.GetDisableFaviconAsync()).GetValueOrDefault();
@@ -288,41 +285,6 @@ namespace Bit.App.Pages
             }
         }
 
-        public async Task UpdateAutofillBlockedUris()
-        {
-            if (_inited)
-            {
-                if (string.IsNullOrWhiteSpace(AutofillBlockedUris))
-                {
-                    await _stateService.SetAutofillBlacklistedUrisAsync(null);
-                    AutofillBlockedUris = null;
-                    return;
-                }
-                try
-                {
-                    var csv = AutofillBlockedUris;
-                    var urisList = new List<string>();
-                    foreach (var uri in csv.Split(','))
-                    {
-                        if (string.IsNullOrWhiteSpace(uri))
-                        {
-                            continue;
-                        }
-                        var cleanedUri = uri.Replace(System.Environment.NewLine, string.Empty).Trim();
-                        if (!cleanedUri.StartsWith("http://") && !cleanedUri.StartsWith("https://") &&
-                            !cleanedUri.StartsWith(Constants.AndroidAppProtocol))
-                        {
-                            continue;
-                        }
-                        urisList.Add(cleanedUri);
-                    }
-                    await _stateService.SetAutofillBlacklistedUrisAsync(urisList);
-                    AutofillBlockedUris = string.Join(", ", urisList);
-                }
-                catch { }
-            }
-        }
-
         private async Task UpdateCurrentLocaleAsync()
         {
             if (!_inited)
diff --git a/src/App/Pages/Vault/AttachmentsPageViewModel.cs b/src/App/Pages/Vault/AttachmentsPageViewModel.cs
index 02e9b2ae6..2e4b99b34 100644
--- a/src/App/Pages/Vault/AttachmentsPageViewModel.cs
+++ b/src/App/Pages/Vault/AttachmentsPageViewModel.cs
@@ -74,7 +74,7 @@ namespace Bit.App.Pages
             _cipherDomain = await _cipherService.GetAsync(CipherId);
             Cipher = await _cipherDomain.DecryptAsync();
             LoadAttachments();
-            _hasUpdatedKey = await _cryptoService.HasEncKeyAsync();
+            _hasUpdatedKey = await _cryptoService.HasUserKeyAsync();
             var canAccessPremium = await _stateService.CanAccessPremiumAsync();
             _canAccessAttachments = canAccessPremium || Cipher.OrganizationId != null;
             if (!_canAccessAttachments)
diff --git a/src/App/Pages/Vault/CipherDetailsPage.xaml b/src/App/Pages/Vault/CipherDetailsPage.xaml
index dc1d6bdf0..f99196a6f 100644
--- a/src/App/Pages/Vault/CipherDetailsPage.xaml
+++ b/src/App/Pages/Vault/CipherDetailsPage.xaml
@@ -179,7 +179,7 @@
                                     AutomationProperties.Name="{u:I18n ToggleVisibility}"
                                     AutomationProperties.HelpText="{Binding PasswordVisibilityAccessibilityText}"
                                     IsVisible="{Binding Cipher.ViewPassword}"
-                                    AutomationId="ViewValueButton" />
+                                    AutomationId="ShowValueButton" />
                                 <controls:IconButton
                                     StyleClass="box-row-button, box-row-button-platform"
                                     Text="{Binding Source={x:Static core:BitwardenIcons.Clone}}"
diff --git a/src/App/Pages/Vault/CiphersPageViewModel.cs b/src/App/Pages/Vault/CiphersPageViewModel.cs
index 7ca3f82d8..9025c7341 100644
--- a/src/App/Pages/Vault/CiphersPageViewModel.cs
+++ b/src/App/Pages/Vault/CiphersPageViewModel.cs
@@ -208,6 +208,11 @@ namespace Bit.App.Pages
             }
             else if (selection == AppResources.Autofill || selection == AppResources.AutofillAndSave)
             {
+                if (cipher.Reprompt != CipherRepromptType.None && !await _passwordRepromptService.ShowPasswordPromptAsync())
+                {
+                    return;
+                }
+
                 if (selection == AppResources.AutofillAndSave)
                 {
                     var uris = cipher.Login?.Uris?.ToList();
diff --git a/src/App/Pages/Vault/GroupingsPage/GroupingsPageViewModel.cs b/src/App/Pages/Vault/GroupingsPage/GroupingsPageViewModel.cs
index 8b4af6a02..9b5acd5b2 100644
--- a/src/App/Pages/Vault/GroupingsPage/GroupingsPageViewModel.cs
+++ b/src/App/Pages/Vault/GroupingsPage/GroupingsPageViewModel.cs
@@ -330,13 +330,16 @@ namespace Bit.App.Pages
                         items.AddRange(itemGroup);
                     }
 
-                    if (Device.RuntimePlatform == Device.iOS)
+                    Device.BeginInvokeOnMainThread(() =>
                     {
-                        // HACK: [PS-536] Fix to avoid blank list after back navigation on unlocking with previous page info
-                        // because of update to XF v5.0.0.2401
-                        GroupedItems.Clear();
-                    }
-                    GroupedItems.ReplaceRange(items);
+                        if (Device.RuntimePlatform == Device.iOS)
+                        {
+                            // HACK: [PS-536] Fix to avoid blank list after back navigation on unlocking with previous page info
+                            // because of update to XF v5.0.0.2401
+                            GroupedItems.Clear();
+                        }
+                        GroupedItems.ReplaceRange(items);
+                    });
                 }
                 else
                 {
@@ -356,21 +359,24 @@ namespace Bit.App.Pages
                         items.AddRange(itemGroup);
                     }
 
-                    if (groupedItems.Any())
+                    Device.BeginInvokeOnMainThread(() =>
                     {
-                        if (Device.RuntimePlatform == Device.iOS)
+                        if (groupedItems.Any())
+                        {
+                            if (Device.RuntimePlatform == Device.iOS)
+                            {
+                                // HACK: [PS-536] Fix to avoid blank list after back navigation on unlocking with previous page info
+                                // because of update to XF v5.0.0.2401
+                                GroupedItems.Clear();
+                            }
+                            GroupedItems.ReplaceRange(new List<IGroupingsPageListItem> { new GroupingsPageHeaderListItem(groupedItems[0].Name, groupedItems[0].ItemCount) });
+                            GroupedItems.AddRange(items);
+                        }
+                        else
                         {
-                            // HACK: [PS-536] Fix to avoid blank list after back navigation on unlocking with previous page info
-                            // because of update to XF v5.0.0.2401
                             GroupedItems.Clear();
                         }
-                        GroupedItems.ReplaceRange(new List<IGroupingsPageListItem> { new GroupingsPageHeaderListItem(groupedItems[0].Name, groupedItems[0].ItemCount) });
-                        GroupedItems.AddRange(items);
-                    }
-                    else
-                    {
-                        GroupedItems.Clear();
-                    }
+                    });
                 }
             }
             finally
@@ -378,9 +384,12 @@ namespace Bit.App.Pages
                 _doingLoad = false;
                 Loaded = true;
                 Loading = false;
-                ShowNoData = (MainPage && !HasCiphers) || !groupedItems.Any();
-                ShowList = !ShowNoData;
-                DisableRefreshing();
+                Device.BeginInvokeOnMainThread(() =>
+                {
+                    ShowNoData = (MainPage && !HasCiphers) || !groupedItems.Any();
+                    ShowList = !ShowNoData;
+                    DisableRefreshing();
+                });
             }
         }
 
diff --git a/src/App/Resources/AppResources.Designer.cs b/src/App/Resources/AppResources.Designer.cs
index aab53c53c..9c83af8de 100644
--- a/src/App/Resources/AppResources.Designer.cs
+++ b/src/App/Resources/AppResources.Designer.cs
@@ -823,15 +823,6 @@ namespace Bit.App.Resources {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to Auto-fill will not be offered for blocked URIs. Separate multiple URIs with a comma. For example: &quot;https://twitter.com, androidapp://com.twitter.android&quot;..
-        /// </summary>
-        public static string AutofillBlockedUrisDescription {
-            get {
-                return ResourceManager.GetString("AutofillBlockedUrisDescription", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to Do you want to auto-fill or view this item?.
         /// </summary>
@@ -967,6 +958,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Auto-fill will not be offered for these URIs..
+        /// </summary>
+        public static string AutoFillWillNotBeOfferedForTheseURIs {
+            get {
+                return ResourceManager.GetString("AutoFillWillNotBeOfferedForTheseURIs", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Auto-fill with Bitwarden.
         /// </summary>
@@ -1255,6 +1255,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Block auto-fill.
+        /// </summary>
+        public static string BlockAutoFill {
+            get {
+                return ResourceManager.GetString("BlockAutoFill", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Brand.
         /// </summary>
@@ -1291,6 +1300,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Cannot edit multiple URIs at once.
+        /// </summary>
+        public static string CannotEditMultipleURIsAtOnce {
+            get {
+                return ResourceManager.GetString("CannotEditMultipleURIsAtOnce", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Cannot open the app &quot;{0}&quot;..
         /// </summary>
@@ -2173,6 +2191,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Edit URI.
+        /// </summary>
+        public static string EditURI {
+            get {
+                return ResourceManager.GetString("EditURI", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Email.
         /// </summary>
@@ -2326,6 +2353,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Enter URI.
+        /// </summary>
+        public static string EnterURI {
+            get {
+                return ResourceManager.GetString("EnterURI", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Enter the 6 digit verification code from your authenticator app..
         /// </summary>
@@ -2974,6 +3010,24 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Format: {0}.
+        /// </summary>
+        public static string FormatX {
+            get {
+                return ResourceManager.GetString("FormatX", resourceCulture);
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized string similar to Format: {0}. Separate multiple URIs with a comma..
+        /// </summary>
+        public static string FormatXSeparateMultipleURIsWithAComma {
+            get {
+                return ResourceManager.GetString("FormatXSeparateMultipleURIsWithAComma", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Forwarded email alias.
         /// </summary>
@@ -3316,6 +3370,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Invalid format. Use https://, http://, or androidapp://.
+        /// </summary>
+        public static string InvalidFormatUseHttpsHttpOrAndroidApp {
+            get {
+                return ResourceManager.GetString("InvalidFormatUseHttpsHttpOrAndroidApp", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Invalid master password. Try again..
         /// </summary>
@@ -3334,6 +3397,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Invalid URI.
+        /// </summary>
+        public static string InvalidURI {
+            get {
+                return ResourceManager.GetString("InvalidURI", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Invalid verification code.
         /// </summary>
@@ -4263,6 +4335,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to New blocked URI.
+        /// </summary>
+        public static string NewBlockedURI {
+            get {
+                return ResourceManager.GetString("NewBlockedURI", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to New custom field.
         /// </summary>
@@ -6182,6 +6263,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to There are no blocked URIs.
+        /// </summary>
+        public static string ThereAreNoBlockedURIs {
+            get {
+                return ResourceManager.GetString("ThereAreNoBlockedURIs", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to There are no items in your vault that match &quot;{0}&quot;.
         /// </summary>
@@ -6200,6 +6290,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to The URI {0} is already blocked.
+        /// </summary>
+        public static string TheURIXIsAlreadyBlocked {
+            get {
+                return ResourceManager.GetString("TheURIXIsAlreadyBlocked", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to 30 days.
         /// </summary>
@@ -6668,6 +6767,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to URI removed.
+        /// </summary>
+        public static string URIRemoved {
+            get {
+                return ResourceManager.GetString("URIRemoved", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to URIs.
         /// </summary>
@@ -6677,6 +6785,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to URI saved.
+        /// </summary>
+        public static string URISaved {
+            get {
+                return ResourceManager.GetString("URISaved", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to US.
         /// </summary>
diff --git a/src/App/Resources/AppResources.resx b/src/App/Resources/AppResources.resx
index 3076da1c9..f7c1be34b 100644
--- a/src/App/Resources/AppResources.resx
+++ b/src/App/Resources/AppResources.resx
@@ -1585,9 +1585,6 @@ Scanning will happen automatically.</value>
   <data name="AutofillBlockedUris" xml:space="preserve">
     <value>Auto-fill blocked URIs</value>
   </data>
-  <data name="AutofillBlockedUrisDescription" xml:space="preserve">
-    <value>Auto-fill will not be offered for blocked URIs. Separate multiple URIs with a comma. For example: "https://twitter.com, androidapp://com.twitter.android".</value>
-  </data>
   <data name="AskToAddLogin" xml:space="preserve">
     <value>Ask to add login</value>
   </data>
@@ -2678,5 +2675,50 @@ Do you want to switch to this account?</value>
   </data>
   <data name="VaultTimeoutActionChangedToLogOut" xml:space="preserve">
     <value>Vault timeout action changed to log out</value>
+  <data name="BlockAutoFill" xml:space="preserve">
+    <value>Block auto-fill</value>
+  </data>
+  <data name="AutoFillWillNotBeOfferedForTheseURIs" xml:space="preserve">
+    <value>Auto-fill will not be offered for these URIs.</value>
+  </data>
+  <data name="NewBlockedURI" xml:space="preserve">
+    <value>New blocked URI</value>
+  </data>
+  <data name="URISaved" xml:space="preserve">
+    <value>URI saved</value>
+  </data>
+  <data name="InvalidFormatUseHttpsHttpOrAndroidApp" xml:space="preserve">
+    <value>Invalid format. Use https://, http://, or androidapp://</value>
+    <comment>https://, http://, androidapp:// should not be translated</comment>
+  </data>
+  <data name="EditURI" xml:space="preserve">
+    <value>Edit URI</value>
+  </data>
+  <data name="EnterURI" xml:space="preserve">
+    <value>Enter URI</value>
+  </data>
+  <data name="FormatXSeparateMultipleURIsWithAComma" xml:space="preserve">
+    <value>Format: {0}. Separate multiple URIs with a comma.</value>
+  </data>
+  <data name="FormatX" xml:space="preserve">
+    <value>Format: {0}</value>
+  </data>
+  <data name="InvalidURI" xml:space="preserve">
+    <value>Invalid URI</value>
+  </data>
+  <data name="URISaved" xml:space="preserve">
+    <value>URI saved</value>
+  </data>
+  <data name="URIRemoved" xml:space="preserve">
+    <value>URI removed</value>
+  </data>
+  <data name="ThereAreNoBlockedURIs" xml:space="preserve">
+    <value>There are no blocked URIs</value>
+  </data>
+  <data name="TheURIXIsAlreadyBlocked" xml:space="preserve">
+    <value>The URI {0} is already blocked</value>
+  </data>
+  <data name="CannotEditMultipleURIsAtOnce" xml:space="preserve">
+    <value>Cannot edit multiple URIs at once</value>
   </data>
 </root>
diff --git a/src/App/Services/MobilePasswordRepromptService.cs b/src/App/Services/MobilePasswordRepromptService.cs
index 28a8e5a86..460e9df58 100644
--- a/src/App/Services/MobilePasswordRepromptService.cs
+++ b/src/App/Services/MobilePasswordRepromptService.cs
@@ -38,7 +38,7 @@ namespace Bit.App.Services
                 return false;
             };
 
-            return await _cryptoService.CompareAndUpdateKeyHashAsync(password, null);
+            return await _cryptoService.CompareAndUpdatePasswordHashAsync(password, null);
         }
 
         public async Task<bool> Enabled()
diff --git a/src/App/Styles/Base.xaml b/src/App/Styles/Base.xaml
index 1d74ba518..2dac11bf7 100644
--- a/src/App/Styles/Base.xaml
+++ b/src/App/Styles/Base.xaml
@@ -428,6 +428,22 @@
         <Setter Property="VerticalOptions"
                 Value="CenterAndExpand" />
     </Style>
+    <Style TargetType="Button"
+           ApplyToDerivedTypes="True"
+           Class="box-row-button-muted">
+        <Setter Property="BackgroundColor"
+                Value="Transparent" />
+        <Setter Property="BorderWidth"
+                Value="0" />
+        <Setter Property="Padding"
+                Value="0" />
+        <Setter Property="TextColor"
+                Value="{DynamicResource MutedColor}" />
+        <Setter Property="HorizontalOptions"
+                Value="End" />
+        <Setter Property="VerticalOptions"
+                Value="CenterAndExpand" />
+    </Style>
     <Style TargetType="Button"
            ApplyToDerivedTypes="True"
            Class="box-overlay">
diff --git a/src/App/Utilities/Prompts/ValidatablePromptConfig.cs b/src/App/Utilities/Prompts/ValidatablePromptConfig.cs
new file mode 100644
index 000000000..a1e7dfe5f
--- /dev/null
+++ b/src/App/Utilities/Prompts/ValidatablePromptConfig.cs
@@ -0,0 +1,29 @@
+using System;
+
+namespace Bit.App.Utilities.Prompts
+{
+    public class ValidatablePromptConfig
+    {
+        public string Title { get; set; }
+        public string Subtitle { get; set; }
+        public string Text { get; set; }
+        public Func<string, string> ValidateText { get; set; }
+        public string ValueSubInfo { get; set; }
+        public string OkButtonText { get; set; }
+        public string CancelButtonText { get; set; }
+        public string ThirdButtonText { get; set; }
+        public bool NumericKeyboard { get; set; }
+    }
+
+    public struct ValidatablePromptResponse
+    {
+        public ValidatablePromptResponse(string text, bool executeThirdAction)
+        {
+            Text = text;
+            ExecuteThirdAction = executeThirdAction;
+        }
+
+        public string Text { get; set; }
+        public bool ExecuteThirdAction { get; set; }
+    }
+}
diff --git a/src/Core/Abstractions/IApiService.cs b/src/Core/Abstractions/IApiService.cs
index 7b21a5c1e..269cb04ec 100644
--- a/src/Core/Abstractions/IApiService.cs
+++ b/src/Core/Abstractions/IApiService.cs
@@ -71,7 +71,7 @@ namespace Bit.Core.Abstractions
         Task<OrganizationAutoEnrollStatusResponse> GetOrganizationAutoEnrollStatusAsync(string identifier);
         Task PutOrganizationUserResetPasswordEnrollmentAsync(string orgId, string userId,
             OrganizationUserResetPasswordEnrollmentRequest request);
-        Task<KeyConnectorUserKeyResponse> GetUserKeyFromKeyConnector(string keyConnectorUrl);
+        Task<KeyConnectorUserKeyResponse> GetMasterKeyFromKeyConnector(string keyConnectorUrl);
         Task PostUserKeyToKeyConnector(string keyConnectorUrl, KeyConnectorUserKeyRequest request);
         Task PostSetKeyConnectorKey(SetKeyConnectorKeyRequest request);
         Task PostConvertToKeyConnector();
diff --git a/src/Core/Abstractions/ICryptoService.cs b/src/Core/Abstractions/ICryptoService.cs
index 060cd9887..3a388172a 100644
--- a/src/Core/Abstractions/ICryptoService.cs
+++ b/src/Core/Abstractions/ICryptoService.cs
@@ -9,49 +9,54 @@ namespace Bit.Core.Abstractions
 {
     public interface ICryptoService
     {
-        Task ClearEncKeyAsync(bool memoryOnly = false, string userId = null);
-        Task ClearKeyAsync(string userId = null);
-        Task ClearKeyHashAsync(string userId = null);
-        Task ClearKeyPairAsync(bool memoryOnly = false, string userId = null);
-        Task ClearKeysAsync(string userId = null);
-        Task ClearOrgKeysAsync(bool memoryOnly = false, string userId = null);
-        Task ClearPinProtectedKeyAsync(string userId = null);
         void ClearCache();
+        Task ToggleKeysAsync();
+        Task SetUserKeyAsync(UserKey userKey, string userId = null);
+        Task<UserKey> GetUserKeyAsync(string userId = null);
+        Task<UserKey> GetUserKeyWithLegacySupportAsync(string userId = null);
+        Task<bool> HasUserKeyAsync(string userId = null);
+        Task<bool> HasEncryptedUserKeyAsync(string userId = null);
+        Task<UserKey> MakeUserKeyAsync();
+        Task ClearUserKeyAsync(string userId = null);
+        Task SetMasterKeyEncryptedUserKeyAsync(string value, string userId = null);
+        Task SetMasterKeyAsync(MasterKey masterKey, string userId = null);
+        Task<MasterKey> GetMasterKeyAsync(string userId = null);
+        Task<MasterKey> MakeMasterKeyAsync(string password, string email, KdfConfig kdfConfig);
+        Task ClearMasterKeyAsync(string userId = null);
+        Task<Tuple<UserKey, EncString>> EncryptUserKeyWithMasterKeyAsync(MasterKey masterKey, UserKey userKey = null);
+        Task<UserKey> DecryptUserKeyWithMasterKeyAsync(MasterKey masterKey, EncString encUserKey = null, string userId = null);
+        Task<Tuple<SymmetricCryptoKey, EncString>> MakeDataEncKeyAsync(UserKey key);
+        Task<Tuple<SymmetricCryptoKey, EncString>> MakeDataEncKeyAsync(OrgKey key);
+        Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key, HashPurpose hashPurpose = HashPurpose.ServerAuthorization);
+        Task SetPasswordHashAsync(string keyHash);
+        Task<string> GetPasswordHashAsync();
+        Task ClearPasswordHashAsync(string userId = null);
+        Task<bool> CompareAndUpdatePasswordHashAsync(string masterPassword, MasterKey key);
+        Task SetOrgKeysAsync(IEnumerable<ProfileOrganizationResponse> orgs);
+        Task<OrgKey> GetOrgKeyAsync(string orgId);
+        Task<Dictionary<string, OrgKey>> GetOrgKeysAsync();
+        Task ClearOrgKeysAsync(bool memoryOnly = false, string userId = null);
+        Task<byte[]> GetPublicKeyAsync();
+        Task SetPrivateKeyAsync(string encPrivateKey);
+        Task<byte[]> GetPrivateKeyAsync();
+        Task<List<string>> GetFingerprintAsync(string userId, byte[] publicKey = null);
+        Task<Tuple<string, EncString>> MakeKeyPairAsync(SymmetricCryptoKey key = null);
+        Task ClearKeyPairAsync(bool memoryOnly = false, string userId = null);
+        Task<PinKey> MakePinKeyAsync(string pin, string salt, KdfConfig config);
+        Task ClearPinKeysAsync(string userId = null);
+        Task<UserKey> DecryptUserKeyWithPinAsync(string pin, string salt, KdfConfig kdfConfig, EncString pinProtectedUserKey = null);
+        Task<MasterKey> DecryptMasterKeyWithPinAsync(string pin, string salt, KdfConfig kdfConfig, EncString pinProtectedMasterKey = null);
+        Task<SymmetricCryptoKey> MakeSendKeyAsync(byte[] keyMaterial);
+        Task<EncString> RsaEncryptAsync(byte[] data, byte[] publicKey = null);
+        Task<byte[]> RsaDecryptAsync(string encValue, byte[] privateKey = null);
+        Task<int> RandomNumberAsync(int min, int max);
+        Task<string> RandomStringAsync(int length);
         Task<byte[]> DecryptFromBytesAsync(byte[] encBytes, SymmetricCryptoKey key);
         Task<byte[]> DecryptToBytesAsync(EncString encString, SymmetricCryptoKey key = null);
         Task<string> DecryptToUtf8Async(EncString encString, SymmetricCryptoKey key = null);
         Task<EncString> EncryptAsync(byte[] plainValue, SymmetricCryptoKey key = null);
         Task<EncString> EncryptAsync(string plainValue, SymmetricCryptoKey key = null);
         Task<EncByteArray> EncryptToBytesAsync(byte[] plainValue, SymmetricCryptoKey key = null);
-        Task<SymmetricCryptoKey> GetEncKeyAsync(SymmetricCryptoKey key = null);
-        Task<List<string>> GetFingerprintAsync(string userId, byte[] publicKey = null);
-        Task<SymmetricCryptoKey> GetKeyAsync(string userId = null);
-        Task<string> GetKeyHashAsync();
-        Task<SymmetricCryptoKey> GetOrgKeyAsync(string orgId);
-        Task<Dictionary<string, SymmetricCryptoKey>> GetOrgKeysAsync();
-        Task<byte[]> GetPrivateKeyAsync();
-        Task<byte[]> GetPublicKeyAsync();
-        Task<bool> CompareAndUpdateKeyHashAsync(string masterPassword, SymmetricCryptoKey key);
-        Task<bool> HasEncKeyAsync();
-        Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key, HashPurpose hashPurpose = HashPurpose.ServerAuthorization);
-        Task<bool> HasKeyAsync(string userId = null);
-        Task<Tuple<SymmetricCryptoKey, EncString>> MakeEncKeyAsync(SymmetricCryptoKey key);
-        Task<SymmetricCryptoKey> MakeKeyAsync(string password, string salt, KdfConfig config);
-        Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt, KdfConfig config, EncString protectedKeyEs = null);
-        Task<Tuple<string, EncString>> MakeKeyPairAsync(SymmetricCryptoKey key = null);
-        Task<SymmetricCryptoKey> MakePinKeyAysnc(string pin, string salt, KdfConfig config);
-        Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync();
-        Task<SymmetricCryptoKey> MakeSendKeyAsync(byte[] keyMaterial);
-        Task<int> RandomNumberAsync(int min, int max);
-        Task<string> RandomStringAsync(int length);
-        Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key);
-        Task<EncString> RsaEncryptAsync(byte[] data, byte[] publicKey = null);
-        Task<byte[]> RsaDecryptAsync(string encValue, byte[] privateKey = null);
-        Task SetEncKeyAsync(string encKey);
-        Task SetEncPrivateKeyAsync(string encPrivateKey);
-        Task SetKeyAsync(SymmetricCryptoKey key);
-        Task SetKeyHashAsync(string keyHash);
-        Task SetOrgKeysAsync(IEnumerable<ProfileOrganizationResponse> orgs);
-        Task ToggleKeyAsync();
+        Task<UserKey> DecryptAndMigrateOldPinKeyAsync(bool masterPasswordOnRestart, string pin, string email, KdfConfig kdfConfig, EncString oldPinKey);
     }
 }
diff --git a/src/Core/Abstractions/IStateService.cs b/src/Core/Abstractions/IStateService.cs
index dfa1c92ec..7a7d5a8e6 100644
--- a/src/Core/Abstractions/IStateService.cs
+++ b/src/Core/Abstractions/IStateService.cs
@@ -13,6 +13,12 @@ namespace Bit.Core.Abstractions
     public interface IStateService
     {
         List<AccountView> AccountViews { get; }
+        Task<UserKey> GetUserKeyAsync(string userId = null);
+        Task SetUserKeyAsync(UserKey value, string userId = null);
+        Task<MasterKey> GetMasterKeyAsync(string userId = null);
+        Task SetMasterKeyAsync(MasterKey value, string userId = null);
+        Task<string> GetUserKeyMasterKeyAsync(string userId = null);
+        Task SetUserKeyMasterKeyAsync(string value, string userId = null);
         Task<string> GetActiveUserIdAsync();
         Task<string> GetActiveUserEmailAsync();
         Task<T> GetActiveUserCustomDataAsync<T>(Func<Account, T> dataMapper);
@@ -36,22 +42,24 @@ namespace Bit.Core.Abstractions
         Task<bool> IsAccountBiometricIntegrityValidAsync(string bioIntegritySrcKey, string userId = null);
         Task SetAccountBiometricIntegrityValidAsync(string bioIntegritySrcKey, string userId = null);
         Task<bool> CanAccessPremiumAsync(string userId = null);
-        Task SetPersonalPremiumAsync(bool value, string userId = null);
         Task<string> GetProtectedPinAsync(string userId = null);
+        Task SetPersonalPremiumAsync(bool value, string userId = null);
+        Task<EncString> GetUserKeyPinAsync(string userId = null);
+        Task SetUserKeyPinAsync(EncString value, string userId = null);
+        Task<EncString> GetUserKeyPinEphemeralAsync(string userId = null);
+        Task SetUserKeyPinEphemeralAsync(EncString value, string userId = null);
         Task SetProtectedPinAsync(string value, string userId = null);
+        [Obsolete("Use GetUserKeyPinAsync instead, left for migration purposes")]
         Task<string> GetPinProtectedAsync(string userId = null);
+        [Obsolete("Use SetUserKeyPinAsync instead")]
         Task SetPinProtectedAsync(string value, string userId = null);
+        [Obsolete("Use GetUserKeyPinEphemeralAsync instead, left for migration purposes")]
         Task<EncString> GetPinProtectedKeyAsync(string userId = null);
+        [Obsolete("Use SetUserKeyPinEphemeralAsync instead")]
         Task SetPinProtectedKeyAsync(EncString value, string userId = null);
         Task SetKdfConfigurationAsync(KdfConfig config, string userId = null);
-        Task<string> GetKeyEncryptedAsync(string userId = null);
-        Task SetKeyEncryptedAsync(string value, string userId = null);
-        Task<SymmetricCryptoKey> GetKeyDecryptedAsync(string userId = null);
-        Task SetKeyDecryptedAsync(SymmetricCryptoKey value, string userId = null);
         Task<string> GetKeyHashAsync(string userId = null);
         Task SetKeyHashAsync(string value, string userId = null);
-        Task<string> GetEncKeyEncryptedAsync(string userId = null);
-        Task SetEncKeyEncryptedAsync(string value, string userId = null);
         Task<Dictionary<string, string>> GetOrgKeysEncryptedAsync(string userId = null);
         Task SetOrgKeysEncryptedAsync(Dictionary<string, string> value, string userId = null);
         Task<string> GetPrivateKeyEncryptedAsync(string userId = null);
@@ -181,5 +189,17 @@ namespace Bit.Core.Abstractions
         void SetConfigs(ConfigResponse value);
         Task<bool> GetShouldTrustDeviceAsync();
         Task SetShouldTrustDeviceAsync(bool value);
+        [Obsolete("Use GetUserKeyMasterKey instead")]
+        Task<string> GetEncKeyEncryptedAsync(string userId = null);
+        [Obsolete("Use SetUserKeyMasterKey instead")]
+        Task SetEncKeyEncryptedAsync(string value, string userId = null);
+        [Obsolete]
+        Task<string> GetKeyEncryptedAsync(string userId = null);
+        [Obsolete]
+        Task SetKeyEncryptedAsync(string value, string userId = null);
+        [Obsolete("Use GetMasterKey instead")]
+        Task<SymmetricCryptoKey> GetKeyDecryptedAsync(string userId = null);
+        [Obsolete("Use GetMasterKey instead")]
+        Task SetKeyDecryptedAsync(SymmetricCryptoKey value, string userId = null);
     }
 }
diff --git a/src/Core/Abstractions/IVaultTimeoutService.cs b/src/Core/Abstractions/IVaultTimeoutService.cs
index c74001b17..529806983 100644
--- a/src/Core/Abstractions/IVaultTimeoutService.cs
+++ b/src/Core/Abstractions/IVaultTimeoutService.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
+using Bit.Core.Services;
 
 namespace Bit.Core.Abstractions
 {
@@ -16,7 +17,7 @@ namespace Bit.Core.Abstractions
         Task<bool> ShouldLockAsync(string userId = null);
         Task<bool> IsLoggedOutByTimeoutAsync(string userId = null);
         Task<bool> ShouldLogOutByTimeoutAsync(string userId = null);
-        Task<Tuple<bool, bool>> IsPinLockSetAsync(string userId = null);
+        Task<PinLockEnum> IsPinLockSetAsync(string userId = null);
         Task<bool> IsBiometricLockSetAsync(string userId = null);
         Task LockAsync(bool allowSoftLock = false, bool userInitiated = false, string userId = null);
         Task LogOutAsync(bool userInitiated = true, string userId = null);
diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
index e7cfa0b50..7bfd1eb30 100644
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -1,4 +1,6 @@
-namespace Bit.Core
+using System;
+
+namespace Bit.Core
 {
     public static class Constants
     {
@@ -80,6 +82,7 @@
 
         public static string VaultTimeoutKey(string userId) => $"vaultTimeout_{userId}";
         public static string VaultTimeoutActionKey(string userId) => $"vaultTimeoutAction_{userId}";
+        public static string UserKeyKey(string userId) => $"userKey_{userId}";
         public static string CiphersKey(string userId) => $"ciphers_{userId}";
         public static string FoldersKey(string userId) => $"folders_{userId}";
         public static string CollectionsKey(string userId) => $"collections_{userId}";
@@ -88,13 +91,11 @@
         public static string NeverDomainsKey(string userId) => $"neverDomains_{userId}";
         public static string SendsKey(string userId) => $"sends_{userId}";
         public static string PoliciesKey(string userId) => $"policies_{userId}";
-        public static string KeyKey(string userId) => $"key_{userId}";
         public static string EncOrgKeysKey(string userId) => $"encOrgKeys_{userId}";
         public static string EncPrivateKeyKey(string userId) => $"encPrivateKey_{userId}";
-        public static string EncKeyKey(string userId) => $"encKey_{userId}";
         public static string DeviceKeyKey(string userId) => $"deviceKey_{userId}";
         public static string KeyHashKey(string userId) => $"keyHash_{userId}";
-        public static string PinProtectedKey(string userId) => $"pinProtectedKey_{userId}";
+        public static string UserKeyPinKey(string userId) => $"userKeyPin_{userId}";
         public static string PassGenOptionsKey(string userId) => $"passwordGenerationOptions_{userId}";
         public static string PassGenHistoryKey(string userId) => $"generatedPasswordHistory_{userId}";
         public static string TwoFactorTokenKey(string email) => $"twoFactorToken_{email}";
@@ -123,5 +124,11 @@
         public static string PushCurrentTokenKey(string userId) => $"pushCurrentToken_{userId}";
         public static string ShouldConnectToWatchKey(string userId) => $"shouldConnectToWatch_{userId}";
         public static string ScreenCaptureAllowedKey(string userId) => $"screenCaptureAllowed_{userId}";
+        [Obsolete]
+        public static string KeyKey(string userId) => $"key_{userId}";
+        [Obsolete]
+        public static string EncKeyKey(string userId) => $"encKey_{userId}";
+        [Obsolete]
+        public static string PinProtectedKey(string userId) => $"pinProtectedKey_{userId}";
     }
 }
diff --git a/src/Core/Models/Domain/Account.cs b/src/Core/Models/Domain/Account.cs
index f28a9867e..7b6ed9496 100644
--- a/src/Core/Models/Domain/Account.cs
+++ b/src/Core/Models/Domain/Account.cs
@@ -119,9 +119,14 @@ namespace Bit.Core.Models.Domain
 
         public class AccountVolatileData
         {
-            public SymmetricCryptoKey Key;
-            public EncString PinProtectedKey;
+            public UserKey UserKey;
+            public MasterKey MasterKey;
+            public EncString UserKeyPinEphemeral;
             public bool? BiometricLocked;
+            [Obsolete("Jul 6 2023: Key has been deprecated. We will use the User Key in the future. It remains here for migration during app upgrade.")]
+            public SymmetricCryptoKey Key;
+            [Obsolete("Jul 6 2023: PinProtectedKey has been deprecated in favor of UserKeyPinEphemeral. It remains here for migration during app upgrade.")]
+            public EncString PinProtectedKey;
         }
     }
 }
diff --git a/src/Core/Models/Domain/SymmetricCryptoKey.cs b/src/Core/Models/Domain/SymmetricCryptoKey.cs
index 91bce7550..2bf9c876c 100644
--- a/src/Core/Models/Domain/SymmetricCryptoKey.cs
+++ b/src/Core/Models/Domain/SymmetricCryptoKey.cs
@@ -74,4 +74,32 @@ namespace Bit.Core.Models.Domain
         public string EncKeyB64 { get; set; }
         public string MacKeyB64 { get; set; }
     }
+
+    public class UserKey : SymmetricCryptoKey
+    {
+        public UserKey(byte[] key, EncryptionType? encType = null)
+            : base(key, encType)
+        { }
+    }
+
+    public class MasterKey : SymmetricCryptoKey
+    {
+        public MasterKey(byte[] key, EncryptionType? encType = null)
+            : base(key, encType)
+        { }
+    }
+
+    public class PinKey : SymmetricCryptoKey
+    {
+        public PinKey(byte[] key, EncryptionType? encType = null)
+            : base(key, encType)
+        { }
+    }
+
+    public class OrgKey : SymmetricCryptoKey
+    {
+        public OrgKey(byte[] key, EncryptionType? encType = null)
+            : base(key, encType)
+        { }
+    }
 }
diff --git a/src/Core/Services/ApiService.cs b/src/Core/Services/ApiService.cs
index dc2a445a5..95af20a55 100644
--- a/src/Core/Services/ApiService.cs
+++ b/src/Core/Services/ApiService.cs
@@ -511,7 +511,7 @@ namespace Bit.Core.Services
 
         #region Key Connector
 
-        public async Task<KeyConnectorUserKeyResponse> GetUserKeyFromKeyConnector(string keyConnectorUrl)
+        public async Task<KeyConnectorUserKeyResponse> GetMasterKeyFromKeyConnector(string keyConnectorUrl)
         {
             using (var requestMessage = new HttpRequestMessage())
             {
diff --git a/src/Core/Services/AuthService.cs b/src/Core/Services/AuthService.cs
index b2c89bd34..d7203c9bd 100644
--- a/src/Core/Services/AuthService.cs
+++ b/src/Core/Services/AuthService.cs
@@ -30,7 +30,7 @@ namespace Bit.Core.Services
         private readonly bool _setCryptoKeys;
 
         private readonly LazyResolve<IWatchDeviceService> _watchDeviceService = new LazyResolve<IWatchDeviceService>();
-        private SymmetricCryptoKey _key;
+        private MasterKey _masterKey;
 
         private string _authedUserId;
         private MasterPasswordPolicyOptions _masterPasswordPolicy;
@@ -199,7 +199,7 @@ namespace Bit.Core.Services
         {
             var decKey = await _cryptoService.RsaDecryptAsync(userKeyCiphered, decryptionKey);
             var decPasswordHash = await _cryptoService.RsaDecryptAsync(localHashedPasswordCiphered, decryptionKey);
-            return await LogInHelperAsync(email, accessCode, Encoding.UTF8.GetString(decPasswordHash), null, null, null, new SymmetricCryptoKey(decKey), null, null,
+            return await LogInHelperAsync(email, accessCode, Encoding.UTF8.GetString(decPasswordHash), null, null, null, new MasterKey(decKey), null, null,
                 null, null, authRequestId: authRequestId);
         }
 
@@ -216,7 +216,7 @@ namespace Bit.Core.Services
             {
                 CaptchaToken = captchaToken;
             }
-            var result = await LogInHelperAsync(Email, MasterPasswordHash, LocalMasterPasswordHash, Code, CodeVerifier, SsoRedirectUrl, _key,
+            var result = await LogInHelperAsync(Email, MasterPasswordHash, LocalMasterPasswordHash, Code, CodeVerifier, SsoRedirectUrl, _masterKey,
                 twoFactorProvider, twoFactorToken, remember, CaptchaToken, authRequestId: AuthRequestId);
 
             // If we successfully authenticated and we have a saved _2faForcePasswordResetReason reason from LogInAsync()
@@ -337,7 +337,7 @@ namespace Bit.Core.Services
 
         // Helpers
 
-        private async Task<SymmetricCryptoKey> MakePreloginKeyAsync(string masterPassword, string email)
+        private async Task<MasterKey> MakePreloginKeyAsync(string masterPassword, string email)
         {
             email = email.Trim().ToLower();
             KdfConfig kdfConfig = KdfConfig.Default;
@@ -356,11 +356,11 @@ namespace Bit.Core.Services
                     throw;
                 }
             }
-            return await _cryptoService.MakeKeyAsync(masterPassword, email, kdfConfig);
+            return await _cryptoService.MakeMasterKeyAsync(masterPassword, email, kdfConfig);
         }
 
         private async Task<AuthResult> LogInHelperAsync(string email, string hashedPassword, string localHashedPassword,
-            string code, string codeVerifier, string redirectUrl, SymmetricCryptoKey key,
+            string code, string codeVerifier, string redirectUrl, MasterKey masterKey,
             TwoFactorProviderType? twoFactorProvider = null, string twoFactorToken = null, bool? remember = null,
             string captchaToken = null, string orgId = null, string authRequestId = null)
         {
@@ -426,7 +426,7 @@ namespace Bit.Core.Services
                 Code = code;
                 CodeVerifier = codeVerifier;
                 SsoRedirectUrl = redirectUrl;
-                _key = _setCryptoKeys ? key : null;
+                _masterKey = _setCryptoKeys ? masterKey : null;
                 TwoFactorProvidersData = response.TwoFactorResponse.TwoFactorProviders2;
                 result.TwoFactorProviders = response.TwoFactorResponse.TwoFactorProviders2;
                 CaptchaToken = response.TwoFactorResponse.CaptchaToken;
@@ -471,14 +471,10 @@ namespace Bit.Core.Services
             _messagingService.Send("accountAdded");
             if (_setCryptoKeys)
             {
-                if (key != null)
-                {
-                    await _cryptoService.SetKeyAsync(key);
-                }
 
                 if (localHashedPassword != null)
                 {
-                    await _cryptoService.SetKeyHashAsync(localHashedPassword);
+                    await _cryptoService.SetPasswordHashAsync(localHashedPassword);
                 }
 
                 if (code == null || tokenResponse.Key != null)
@@ -488,7 +484,14 @@ namespace Bit.Core.Services
                         await _keyConnectorService.GetAndSetKey(tokenResponse.KeyConnectorUrl);
                     }
 
-                    await _cryptoService.SetEncKeyAsync(tokenResponse.Key);
+                    await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(tokenResponse.Key);
+
+                    if (masterKey != null)
+                    {
+                        await _cryptoService.SetMasterKeyAsync(masterKey);
+                        var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
+                        await _cryptoService.SetUserKeyAsync(userKey);
+                    }
 
                     // User doesn't have a key pair yet (old account), let's generate one for them.
                     if (tokenResponse.PrivateKey == null)
@@ -506,19 +509,22 @@ namespace Bit.Core.Services
                         catch { }
                     }
 
-                    await _cryptoService.SetEncPrivateKeyAsync(tokenResponse.PrivateKey);
+                    await _cryptoService.SetPrivateKeyAsync(tokenResponse.PrivateKey);
                 }
                 else if (tokenResponse.KeyConnectorUrl != null)
                 {
                     // SSO Key Connector Onboarding
                     var password = await _cryptoFunctionService.RandomBytesAsync(64);
-                    var k = await _cryptoService.MakeKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.KdfConfig);
-                    var keyConnectorRequest = new KeyConnectorUserKeyRequest(k.EncKeyB64);
-                    await _cryptoService.SetKeyAsync(k);
+                    var newMasterKey = await _cryptoService.MakeMasterKeyAsync(Convert.ToBase64String(password), _tokenService.GetEmail(), tokenResponse.KdfConfig);
+                    var keyConnectorRequest = new KeyConnectorUserKeyRequest(newMasterKey.EncKeyB64);
+                    await _cryptoService.SetMasterKeyAsync(newMasterKey);
 
-                    var encKey = await _cryptoService.MakeEncKeyAsync(k);
-                    await _cryptoService.SetEncKeyAsync(encKey.Item2.EncryptedString);
-                    var keyPair = await _cryptoService.MakeKeyPairAsync();
+                    var (newUserKey, newProtectedUserKey) = await _cryptoService.EncryptUserKeyWithMasterKeyAsync(
+                        newMasterKey,
+                        await _cryptoService.MakeUserKeyAsync());
+
+                    await _cryptoService.SetUserKeyAsync(newUserKey);
+                    var (newPublicKey, newProtectedPrivateKey) = await _cryptoService.MakeKeyPairAsync();
 
                     try
                     {
@@ -531,11 +537,11 @@ namespace Bit.Core.Services
 
                     var keys = new KeysRequest
                     {
-                        PublicKey = keyPair.Item1,
-                        EncryptedPrivateKey = keyPair.Item2.EncryptedString
+                        PublicKey = newPublicKey,
+                        EncryptedPrivateKey = newProtectedPrivateKey.EncryptedString
                     };
                     var setPasswordRequest = new SetKeyConnectorKeyRequest(
-                        encKey.Item2.EncryptedString, keys, tokenResponse.KdfConfig, orgId
+                        newProtectedPrivateKey.EncryptedString, keys, tokenResponse.KdfConfig, orgId
                     );
                     await _apiService.PostSetKeyConnectorKey(setPasswordRequest);
                 }
@@ -550,7 +556,7 @@ namespace Bit.Core.Services
 
         private void ClearState()
         {
-            _key = null;
+            _masterKey = null;
             Email = null;
             CaptchaToken = null;
             MasterPasswordHash = null;
@@ -591,11 +597,16 @@ namespace Bit.Core.Services
         public async Task<PasswordlessLoginResponse> PasswordlessLoginAsync(string id, string pubKey, bool requestApproved)
         {
             var publicKey = CoreHelpers.Base64UrlDecode(pubKey);
-            var masterKey = await _cryptoService.GetKeyAsync();
+            var masterKey = await _cryptoService.GetMasterKeyAsync();
             var encryptedKey = await _cryptoService.RsaEncryptAsync(masterKey.EncKey, publicKey);
-            var encryptedMasterPassword = await _cryptoService.RsaEncryptAsync(Encoding.UTF8.GetBytes(await _stateService.GetKeyHashAsync()), publicKey);
+            var keyHash = await _stateService.GetKeyHashAsync();
+            EncString encryptedMasterPassword = null;
+            if (!string.IsNullOrEmpty(keyHash))
+            {
+                encryptedMasterPassword = await _cryptoService.RsaEncryptAsync(Encoding.UTF8.GetBytes(keyHash), publicKey);
+            }
             var deviceId = await _appIdService.GetAppIdAsync();
-            var response = await _apiService.PutAuthRequestAsync(id, encryptedKey.EncryptedString, encryptedMasterPassword.EncryptedString, deviceId, requestApproved);
+            var response = await _apiService.PutAuthRequestAsync(id, encryptedKey.EncryptedString, encryptedMasterPassword?.EncryptedString, deviceId, requestApproved);
             return await PopulateFingerprintPhraseAsync(response, await _stateService.GetEmailAsync());
         }
 
diff --git a/src/Core/Services/CipherService.cs b/src/Core/Services/CipherService.cs
index e289a1ae6..89003249d 100644
--- a/src/Core/Services/CipherService.cs
+++ b/src/Core/Services/CipherService.cs
@@ -249,7 +249,7 @@ namespace Bit.Core.Services
             {
                 try
                 {
-                    var hashKey = await _cryptoService.HasKeyAsync();
+                    var hashKey = await _cryptoService.HasUserKeyAsync();
                     if (!hashKey)
                     {
                         throw new Exception("No key.");
@@ -557,9 +557,20 @@ namespace Bit.Core.Services
 
         public async Task<Cipher> SaveAttachmentRawWithServerAsync(Cipher cipher, string filename, byte[] data)
         {
+            SymmetricCryptoKey attachmentKey;
+            EncString protectedAttachmentKey;
             var orgKey = await _cryptoService.GetOrgKeyAsync(cipher.OrganizationId);
+            if (orgKey != null)
+            {
+                (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(orgKey);
+            }
+            else
+            {
+                var userKey = await _cryptoService.GetUserKeyWithLegacySupportAsync();
+                (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(userKey);
+            }
+
             var encFileName = await _cryptoService.EncryptAsync(filename, orgKey);
-            var (attachmentKey, orgEncAttachmentKey) = await _cryptoService.MakeEncKeyAsync(orgKey);
             var encFileData = await _cryptoService.EncryptToBytesAsync(data, attachmentKey);
 
             CipherResponse response;
@@ -567,7 +578,7 @@ namespace Bit.Core.Services
             {
                 var request = new AttachmentRequest
                 {
-                    Key = orgEncAttachmentKey.EncryptedString,
+                    Key = protectedAttachmentKey.EncryptedString,
                     FileName = encFileName.EncryptedString,
                     FileSize = encFileData.Buffer.Length,
                 };
@@ -578,7 +589,7 @@ namespace Bit.Core.Services
             }
             catch (ApiException e) when (e.Error.StatusCode == System.Net.HttpStatusCode.NotFound || e.Error.StatusCode == System.Net.HttpStatusCode.MethodNotAllowed)
             {
-                response = await LegacyServerAttachmentFileUploadAsync(cipher.Id, encFileName, encFileData, orgEncAttachmentKey);
+                response = await LegacyServerAttachmentFileUploadAsync(cipher.Id, encFileName, encFileData, protectedAttachmentKey);
             }
 
             var userId = await _stateService.GetActiveUserIdAsync();
@@ -807,14 +818,27 @@ namespace Bit.Core.Services
 
             var bytes = await attachmentResponse.Content.ReadAsByteArrayAsync();
             var decBytes = await _cryptoService.DecryptFromBytesAsync(bytes, null);
-            var key = await _cryptoService.GetOrgKeyAsync(organizationId);
-            var encFileName = await _cryptoService.EncryptAsync(attachmentView.FileName, key);
-            var dataEncKey = await _cryptoService.MakeEncKeyAsync(key);
-            var encData = await _cryptoService.EncryptToBytesAsync(decBytes, dataEncKey.Item1);
+
+            SymmetricCryptoKey attachmentKey;
+            EncString protectedAttachmentKey;
+            var orgKey = await _cryptoService.GetOrgKeyAsync(organizationId);
+            if (orgKey != null)
+            {
+                (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(orgKey);
+            }
+            else
+            {
+                var userKey = await _cryptoService.GetUserKeyWithLegacySupportAsync();
+                (attachmentKey, protectedAttachmentKey) = await _cryptoService.MakeDataEncKeyAsync(userKey);
+            }
+
+            var encFileName = await _cryptoService.EncryptAsync(attachmentView.FileName, orgKey);
+            var encFileData = await _cryptoService.EncryptToBytesAsync(decBytes, attachmentKey);
+
             var boundary = string.Concat("--BWMobileFormBoundary", DateTime.UtcNow.Ticks);
             var fd = new MultipartFormDataContent(boundary);
-            fd.Add(new StringContent(dataEncKey.Item2.EncryptedString), "key");
-            fd.Add(new StreamContent(new MemoryStream(encData.Buffer)), "data", encFileName.EncryptedString);
+            fd.Add(new StringContent(protectedAttachmentKey.EncryptedString), "key");
+            fd.Add(new StreamContent(new MemoryStream(encFileData.Buffer)), "data", encFileName.EncryptedString);
             await _apiService.PostShareCipherAttachmentAsync(cipherId, attachmentView.Id, fd, organizationId);
         }
 
diff --git a/src/Core/Services/CollectionService.cs b/src/Core/Services/CollectionService.cs
index fe30159dc..f8e88e365 100644
--- a/src/Core/Services/CollectionService.cs
+++ b/src/Core/Services/CollectionService.cs
@@ -101,7 +101,7 @@ namespace Bit.Core.Services
             {
                 return _decryptedCollectionCache;
             }
-            var hasKey = await _cryptoService.HasKeyAsync();
+            var hasKey = await _cryptoService.HasUserKeyAsync();
             if (!hasKey)
             {
                 throw new Exception("No key.");
diff --git a/src/Core/Services/CryptoService.cs b/src/Core/Services/CryptoService.cs
index bfa7c5b82..2a314c119 100644
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
@@ -19,14 +19,12 @@ namespace Bit.Core.Services
         private readonly IStateService _stateService;
         private readonly ICryptoFunctionService _cryptoFunctionService;
 
-        private SymmetricCryptoKey _encKey;
         private SymmetricCryptoKey _legacyEtmKey;
-        private string _keyHash;
+        private string _passwordHash;
         private byte[] _publicKey;
         private byte[] _privateKey;
-        private Dictionary<string, SymmetricCryptoKey> _orgKeys;
-        private Task<SymmetricCryptoKey> _getEncKeysTask;
-        private Task<Dictionary<string, SymmetricCryptoKey>> _getOrgKeysTask;
+        private Dictionary<string, OrgKey> _orgKeys;
+        private Task<Dictionary<string, OrgKey>> _getOrgKeysTask;
 
         public CryptoService(
             IStateService stateService,
@@ -36,43 +34,247 @@ namespace Bit.Core.Services
             _cryptoFunctionService = cryptoFunctionService;
         }
 
-        public async Task SetKeyAsync(SymmetricCryptoKey key)
+        public void ClearCache()
         {
-            await _stateService.SetKeyDecryptedAsync(key);
-            var option = await _stateService.GetVaultTimeoutAsync();
-            var biometric = await _stateService.GetBiometricUnlockAsync();
-            if (option.HasValue && !biometric.GetValueOrDefault())
-            {
-                // If we have a lock option set, we do not store the key
-                return;
-            }
-            await _stateService.SetKeyEncryptedAsync(key?.KeyB64);
+            _legacyEtmKey = null;
+            _passwordHash = null;
+            _publicKey = null;
+            _privateKey = null;
+            _orgKeys = null;
         }
 
-        public async Task SetKeyHashAsync(string keyHash)
+        public async Task ToggleKeysAsync()
         {
-            _keyHash = keyHash;
+            // refresh or clear the pin key
+            await SetUserKeyAsync(await GetUserKeyAsync());
+
+            // refresh or clear the encrypted user key
+            var encUserKey = await _stateService.GetUserKeyMasterKeyAsync();
+            await _stateService.SetUserKeyMasterKeyAsync(null);
+            await _stateService.SetUserKeyMasterKeyAsync(encUserKey);
+        }
+
+        public async Task SetUserKeyAsync(UserKey userKey, string userId = null)
+        {
+            await _stateService.SetUserKeyAsync(userKey, userId);
+
+            // Refresh the Pin Key if the user has a Pin set
+            if (await _stateService.GetProtectedPinAsync(userId) != null)
+            {
+                await StorePinKey(userKey, userId);
+            }
+            else
+            {
+                await _stateService.SetUserKeyPinAsync(null, userId);
+                await _stateService.SetUserKeyPinEphemeralAsync(null, userId);
+            }
+        }
+
+        public async Task<UserKey> GetUserKeyAsync(string userId = null)
+        {
+            return await _stateService.GetUserKeyAsync(userId);
+        }
+
+        public async Task<UserKey> GetUserKeyWithLegacySupportAsync(string userId = null)
+        {
+            var userKey = await GetUserKeyAsync();
+            if (userKey != null)
+            {
+                return userKey;
+            }
+
+            // Legacy support: encryption used to be done with the master key (derived from master password).
+            // Users who have not migrated will have a null user key and must use the master key instead.
+            return (SymmetricCryptoKey)await GetMasterKeyAsync() as UserKey;
+        }
+
+        public async Task<bool> HasUserKeyAsync(string userId = null)
+        {
+            return await GetUserKeyAsync(userId) != null;
+        }
+
+        public async Task<bool> HasEncryptedUserKeyAsync(string userId = null)
+        {
+            return await _stateService.GetUserKeyMasterKeyAsync(userId) != null;
+        }
+
+        public async Task<UserKey> MakeUserKeyAsync()
+        {
+            return new UserKey(await _cryptoFunctionService.RandomBytesAsync(64));
+        }
+
+        public async Task ClearUserKeyAsync(string userId = null)
+        {
+            await _stateService.SetUserKeyAsync(null, userId);
+        }
+
+        public async Task SetMasterKeyEncryptedUserKeyAsync(string value, string userId = null)
+        {
+            await _stateService.SetUserKeyMasterKeyAsync(value, userId);
+        }
+
+        public async Task SetMasterKeyAsync(MasterKey masterKey, string userId = null)
+        {
+            await _stateService.SetMasterKeyAsync(masterKey, userId);
+
+        }
+
+        public async Task<MasterKey> GetMasterKeyAsync(string userId = null)
+        {
+            var masterKey = await _stateService.GetMasterKeyAsync(userId);
+            if (masterKey == null)
+            {
+                // Migration support
+                masterKey = await _stateService.GetKeyDecryptedAsync(userId) as MasterKey;
+                if (masterKey != null)
+                {
+                    await SetMasterKeyAsync(masterKey, userId);
+                }
+            }
+            return masterKey;
+        }
+
+        public async Task<MasterKey> MakeMasterKeyAsync(string password, string email, KdfConfig kdfConfig)
+        {
+            return await MakeKeyAsync(password, email, kdfConfig, keyBytes => new MasterKey(keyBytes));
+        }
+
+        public async Task ClearMasterKeyAsync(string userId = null)
+        {
+            await _stateService.SetMasterKeyAsync(null, userId);
+        }
+
+        public async Task<Tuple<UserKey, EncString>> EncryptUserKeyWithMasterKeyAsync(MasterKey masterKey, UserKey userKey = null)
+        {
+            userKey ??= await GetUserKeyAsync();
+            return await BuildProtectedSymmetricKey<UserKey>(masterKey, userKey.Key);
+        }
+
+        public async Task<UserKey> DecryptUserKeyWithMasterKeyAsync(MasterKey masterKey, EncString encUserKey = null, string userId = null)
+        {
+            masterKey ??= await GetMasterKeyAsync(userId);
+            if (masterKey == null)
+            {
+                throw new Exception("No master key found.");
+            }
+
+            if (encUserKey == null)
+            {
+                var userKeyMasterKey = await _stateService.GetUserKeyMasterKeyAsync(userId);
+                if (userKeyMasterKey == null)
+                {
+                    throw new Exception("No encrypted user key found");
+                }
+                encUserKey = new EncString(userKeyMasterKey);
+            }
+
+            byte[] decUserKey = null;
+            if (encUserKey.EncryptionType == EncryptionType.AesCbc256_B64)
+            {
+                decUserKey = await DecryptToBytesAsync(encUserKey, masterKey);
+            }
+            else if (encUserKey.EncryptionType == EncryptionType.AesCbc256_HmacSha256_B64)
+            {
+                var newKey = await StretchKeyAsync(masterKey);
+                decUserKey = await DecryptToBytesAsync(encUserKey, newKey);
+            }
+            else
+            {
+                throw new Exception("Unsupported encKey type.");
+            }
+
+            if (decUserKey == null)
+            {
+                return null;
+            }
+            return new UserKey(decUserKey);
+        }
+
+        public async Task<Tuple<SymmetricCryptoKey, EncString>> MakeDataEncKeyAsync(UserKey key)
+        {
+            if (key == null)
+            {
+                throw new Exception("No user key provided");
+            }
+
+            var newSymKey = await _cryptoFunctionService.RandomBytesAsync(64);
+            return await BuildProtectedSymmetricKey<SymmetricCryptoKey>(key, newSymKey);
+        }
+
+        public async Task<Tuple<SymmetricCryptoKey, EncString>> MakeDataEncKeyAsync(OrgKey key)
+        {
+            if (key == null)
+            {
+                throw new Exception("No org key provided");
+            }
+
+            var newSymKey = await _cryptoFunctionService.RandomBytesAsync(64);
+            return await BuildProtectedSymmetricKey<SymmetricCryptoKey>(key, newSymKey);
+        }
+
+        // TODO(Jake): Uses Master Key
+        public async Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key, HashPurpose hashPurpose = HashPurpose.ServerAuthorization)
+        {
+            if (key == null)
+            {
+                key = await GetMasterKeyAsync();
+            }
+            if (password == null || key == null)
+            {
+                throw new Exception("Invalid parameters.");
+            }
+            var iterations = hashPurpose == HashPurpose.LocalAuthorization ? 2 : 1;
+            var hash = await _cryptoFunctionService.Pbkdf2Async(key.Key, password, CryptoHashAlgorithm.Sha256, iterations);
+            return Convert.ToBase64String(hash);
+        }
+
+        public async Task SetPasswordHashAsync(string keyHash)
+        {
+            _passwordHash = keyHash;
             await _stateService.SetKeyHashAsync(keyHash);
         }
 
-        public async Task SetEncKeyAsync(string encKey)
+        public async Task<string> GetPasswordHashAsync()
         {
-            if (encKey == null)
+            if (_passwordHash != null)
             {
-                return;
+                return _passwordHash;
             }
-            await _stateService.SetEncKeyEncryptedAsync(encKey);
-            _encKey = null;
+            var passwordHash = await _stateService.GetKeyHashAsync();
+            if (passwordHash != null)
+            {
+                _passwordHash = passwordHash;
+            }
+            return _passwordHash;
         }
 
-        public async Task SetEncPrivateKeyAsync(string encPrivateKey)
+        public async Task ClearPasswordHashAsync(string userId = null)
         {
-            if (encPrivateKey == null)
+            _passwordHash = null;
+            await _stateService.SetKeyHashAsync(null, userId);
+        }
+
+        // TODO(Jake): Uses Master Key
+        public async Task<bool> CompareAndUpdatePasswordHashAsync(string masterPassword, MasterKey key)
+        {
+            var storedPasswordHash = await GetPasswordHashAsync();
+            if (masterPassword != null && storedPasswordHash != null)
             {
-                return;
+                var localPasswordHash = await HashPasswordAsync(masterPassword, key, HashPurpose.LocalAuthorization);
+                if (localPasswordHash != null && storedPasswordHash == localPasswordHash)
+                {
+                    return true;
+                }
+
+                var serverPasswordHash = await HashPasswordAsync(masterPassword, key, HashPurpose.ServerAuthorization);
+                if (serverPasswordHash != null & storedPasswordHash == serverPasswordHash)
+                {
+                    await SetPasswordHashAsync(localPasswordHash);
+                    return true;
+                }
             }
-            await _stateService.SetPrivateKeyEncryptedAsync(encPrivateKey);
-            _privateKey = null;
+
+            return false;
         }
 
         public async Task SetOrgKeysAsync(IEnumerable<ProfileOrganizationResponse> orgs)
@@ -82,95 +284,71 @@ namespace Bit.Core.Services
             await _stateService.SetOrgKeysEncryptedAsync(orgKeys);
         }
 
-        public async Task<SymmetricCryptoKey> GetKeyAsync(string userId = null)
+        public async Task<OrgKey> GetOrgKeyAsync(string orgId)
         {
-            var inMemoryKey = await _stateService.GetKeyDecryptedAsync(userId);
-            if (inMemoryKey != null)
+            if (string.IsNullOrWhiteSpace(orgId))
             {
-                return inMemoryKey;
+                return null;
             }
-            var key = await _stateService.GetKeyEncryptedAsync(userId);
-            if (key != null)
+            var orgKeys = await GetOrgKeysAsync();
+            if (orgKeys == null || !orgKeys.ContainsKey(orgId))
             {
-                inMemoryKey = new SymmetricCryptoKey(Convert.FromBase64String(key));
-                await _stateService.SetKeyDecryptedAsync(inMemoryKey, userId);
+                return null;
             }
-            return inMemoryKey;
+            return orgKeys[orgId];
         }
 
-        public async Task<string> GetKeyHashAsync()
+        public Task<Dictionary<string, OrgKey>> GetOrgKeysAsync()
         {
-            if (_keyHash != null)
+            if (_orgKeys != null && _orgKeys.Count > 0)
             {
-                return _keyHash;
+                return Task.FromResult(_orgKeys);
             }
-            var keyHash = await _stateService.GetKeyHashAsync();
-            if (keyHash != null)
+            if (_getOrgKeysTask != null && !_getOrgKeysTask.IsCompleted && !_getOrgKeysTask.IsFaulted)
             {
-                _keyHash = keyHash;
+                return _getOrgKeysTask;
             }
-            return _keyHash;
-        }
-
-        public Task<SymmetricCryptoKey> GetEncKeyAsync(SymmetricCryptoKey key = null)
-        {
-            if (_encKey != null)
-            {
-                return Task.FromResult(_encKey);
-            }
-            if (_getEncKeysTask != null && !_getEncKeysTask.IsCompleted && !_getEncKeysTask.IsFaulted)
-            {
-                return _getEncKeysTask;
-            }
-            async Task<SymmetricCryptoKey> doTask()
+            async Task<Dictionary<string, OrgKey>> doTask()
             {
                 try
                 {
-                    var encKey = await _stateService.GetEncKeyEncryptedAsync();
-                    if (encKey == null)
+                    var encOrgKeys = await _stateService.GetOrgKeysEncryptedAsync();
+                    if (encOrgKeys == null)
                     {
                         return null;
                     }
-
-                    if (key == null)
+                    var orgKeys = new Dictionary<string, OrgKey>();
+                    var setKey = false;
+                    foreach (var org in encOrgKeys)
                     {
-                        key = await GetKeyAsync();
-                    }
-                    if (key == null)
-                    {
-                        return null;
+                        var decValue = await RsaDecryptAsync(org.Value);
+                        orgKeys.Add(org.Key, new OrgKey(decValue));
+                        setKey = true;
                     }
 
-                    byte[] decEncKey = null;
-                    var encKeyCipher = new EncString(encKey);
-                    if (encKeyCipher.EncryptionType == EncryptionType.AesCbc256_B64)
+                    if (setKey)
                     {
-                        decEncKey = await DecryptToBytesAsync(encKeyCipher, key);
+                        _orgKeys = orgKeys;
                     }
-                    else if (encKeyCipher.EncryptionType == EncryptionType.AesCbc256_HmacSha256_B64)
-                    {
-                        var newKey = await StretchKeyAsync(key);
-                        decEncKey = await DecryptToBytesAsync(encKeyCipher, newKey);
-                    }
-                    else
-                    {
-                        throw new Exception("Unsupported encKey type.");
-                    }
-
-                    if (decEncKey == null)
-                    {
-                        return null;
-                    }
-                    _encKey = new SymmetricCryptoKey(decEncKey);
-                    return _encKey;
+                    return _orgKeys;
                 }
                 finally
                 {
-                    _getEncKeysTask = null;
+                    _getOrgKeysTask = null;
                 }
             }
-            _getEncKeysTask = doTask();
-            return _getEncKeysTask;
+            _getOrgKeysTask = doTask();
+            return _getOrgKeysTask;
+        }
+
+
+        public async Task ClearOrgKeysAsync(bool memoryOnly = false, string userId = null)
+        {
+            _orgKeys = null;
+            if (!memoryOnly)
+            {
+                await _stateService.SetOrgKeysEncryptedAsync(null, userId);
+            }
         }
 
         public async Task<byte[]> GetPublicKeyAsync()
@@ -188,6 +366,16 @@ namespace Bit.Core.Services
             return _publicKey;
         }
 
+        public async Task SetPrivateKeyAsync(string encPrivateKey)
+        {
+            if (encPrivateKey == null)
+            {
+                return;
+            }
+            await _stateService.SetPrivateKeyEncryptedAsync(encPrivateKey);
+            _privateKey = null;
+        }
+
         public async Task<byte[]> GetPrivateKeyAsync()
         {
             if (_privateKey != null)
@@ -218,117 +406,12 @@ namespace Bit.Core.Services
             return HashPhrase(userFingerprint);
         }
 
-        public Task<Dictionary<string, SymmetricCryptoKey>> GetOrgKeysAsync()
+        public async Task<Tuple<string, EncString>> MakeKeyPairAsync(SymmetricCryptoKey key = null)
         {
-            if (_orgKeys != null && _orgKeys.Count > 0)
-            {
-                return Task.FromResult(_orgKeys);
-            }
-            if (_getOrgKeysTask != null && !_getOrgKeysTask.IsCompleted && !_getOrgKeysTask.IsFaulted)
-            {
-                return _getOrgKeysTask;
-            }
-            async Task<Dictionary<string, SymmetricCryptoKey>> doTask()
-            {
-                try
-                {
-                    var encOrgKeys = await _stateService.GetOrgKeysEncryptedAsync();
-                    if (encOrgKeys == null)
-                    {
-                        return null;
-                    }
-                    var orgKeys = new Dictionary<string, SymmetricCryptoKey>();
-                    var setKey = false;
-                    foreach (var org in encOrgKeys)
-                    {
-                        var decValue = await RsaDecryptAsync(org.Value);
-                        orgKeys.Add(org.Key, new SymmetricCryptoKey(decValue));
-                        setKey = true;
-                    }
-
-                    if (setKey)
-                    {
-                        _orgKeys = orgKeys;
-                    }
-                    return _orgKeys;
-                }
-                finally
-                {
-                    _getOrgKeysTask = null;
-                }
-            }
-            _getOrgKeysTask = doTask();
-            return _getOrgKeysTask;
-        }
-
-        public async Task<SymmetricCryptoKey> GetOrgKeyAsync(string orgId)
-        {
-            if (string.IsNullOrWhiteSpace(orgId))
-            {
-                return null;
-            }
-            var orgKeys = await GetOrgKeysAsync();
-            if (orgKeys == null || !orgKeys.ContainsKey(orgId))
-            {
-                return null;
-            }
-            return orgKeys[orgId];
-        }
-
-        public async Task<bool> CompareAndUpdateKeyHashAsync(string masterPassword, SymmetricCryptoKey key)
-        {
-            var storedKeyHash = await GetKeyHashAsync();
-            if (masterPassword != null && storedKeyHash != null)
-            {
-                var localKeyHash = await HashPasswordAsync(masterPassword, key, HashPurpose.LocalAuthorization);
-                if (localKeyHash != null && storedKeyHash == localKeyHash)
-                {
-                    return true;
-                }
-
-                var serverKeyHash = await HashPasswordAsync(masterPassword, key, HashPurpose.ServerAuthorization);
-                if (serverKeyHash != null & storedKeyHash == serverKeyHash)
-                {
-                    await SetKeyHashAsync(localKeyHash);
-                    return true;
-                }
-            }
-
-            return false;
-        }
-
-        public async Task<bool> HasKeyAsync(string userId = null)
-        {
-            var key = await GetKeyAsync(userId);
-            return key != null;
-        }
-
-        public async Task<bool> HasEncKeyAsync()
-        {
-            var encKey = await _stateService.GetEncKeyEncryptedAsync();
-            return encKey != null;
-        }
-
-        public async Task ClearKeyAsync(string userId = null)
-        {
-            await _stateService.SetKeyDecryptedAsync(null, userId);
-            _legacyEtmKey = null;
-            await _stateService.SetKeyEncryptedAsync(null, userId);
-        }
-
-        public async Task ClearKeyHashAsync(string userId = null)
-        {
-            _keyHash = null;
-            await _stateService.SetKeyHashAsync(null, userId);
-        }
-
-        public async Task ClearEncKeyAsync(bool memoryOnly = false, string userId = null)
-        {
-            _encKey = null;
-            if (!memoryOnly)
-            {
-                await _stateService.SetEncKeyEncryptedAsync(null, userId);
-            }
+            var keyPair = await _cryptoFunctionService.RsaGenerateKeyPairAsync(2048);
+            var publicB64 = Convert.ToBase64String(keyPair.Item1);
+            var privateEnc = await EncryptAsync(keyPair.Item2, key);
+            return new Tuple<string, EncString>(publicB64, privateEnc);
         }
 
         public async Task ClearKeyPairAsync(bool memoryOnly = false, string userId = null)
@@ -340,142 +423,52 @@ namespace Bit.Core.Services
             }
         }
 
-        public async Task ClearOrgKeysAsync(bool memoryOnly = false, string userId = null)
+        public async Task<PinKey> MakePinKeyAsync(string pin, string salt, KdfConfig config)
         {
-            _orgKeys = null;
-            if (!memoryOnly)
+            var pinKey = await MakeKeyAsync(pin, salt, config, keyBytes => new PinKey(keyBytes));
+            return await StretchKeyAsync(pinKey) as PinKey;
+        }
+
+        public async Task ClearPinKeysAsync(string userId = null)
+        {
+            await _stateService.SetUserKeyPinAsync(null, userId);
+            await _stateService.SetUserKeyPinEphemeralAsync(null, userId);
+            await _stateService.SetProtectedPinAsync(null, userId);
+            await clearDeprecatedPinKeysAsync(userId);
+        }
+
+        public async Task<UserKey> DecryptUserKeyWithPinAsync(string pin, string salt, KdfConfig kdfConfig, EncString pinProtectedUserKey = null)
+        {
+            pinProtectedUserKey ??= await _stateService.GetUserKeyPinAsync();
+            pinProtectedUserKey ??= await _stateService.GetUserKeyPinEphemeralAsync();
+            if (pinProtectedUserKey == null)
             {
-                await _stateService.SetOrgKeysEncryptedAsync(null, userId);
+                throw new Exception("No PIN protected user key found.");
             }
+            var pinKey = await MakePinKeyAsync(pin, salt, kdfConfig);
+            var userKey = await DecryptToBytesAsync(pinProtectedUserKey, pinKey);
+            return new UserKey(userKey);
         }
 
-        public async Task ClearPinProtectedKeyAsync(string userId = null)
+        // Only for migration purposes
+        public async Task<MasterKey> DecryptMasterKeyWithPinAsync(
+            string pin,
+            string salt,
+            KdfConfig kdfConfig,
+            EncString pinProtectedMasterKey = null)
         {
-            await _stateService.SetPinProtectedAsync(null, userId);
-        }
-
-        public void ClearCache()
-        {
-            _encKey = null;
-            _legacyEtmKey = null;
-            _keyHash = null;
-            _publicKey = null;
-            _privateKey = null;
-            _orgKeys = null;
-        }
-
-        public async Task ClearKeysAsync(string userId = null)
-        {
-            await Task.WhenAll(new Task[]
+            if (pinProtectedMasterKey == null)
             {
-                ClearKeyAsync(userId),
-                ClearKeyHashAsync(userId),
-                ClearOrgKeysAsync(false, userId),
-                ClearEncKeyAsync(false, userId),
-                ClearKeyPairAsync(false, userId),
-                ClearPinProtectedKeyAsync(userId)
-            });
-        }
-
-        public async Task ToggleKeyAsync()
-        {
-            var key = await GetKeyAsync();
-            var option = await _stateService.GetVaultTimeoutAsync();
-            var biometric = await _stateService.GetBiometricUnlockAsync();
-            if (!biometric.GetValueOrDefault() && (option != null || option == 0))
-            {
-                await ClearKeyAsync();
-                await _stateService.SetKeyDecryptedAsync(key);
-                return;
+                var pinProtectedMasterKeyString = await _stateService.GetPinProtectedAsync();
+                if (pinProtectedMasterKeyString == null)
+                {
+                    throw new Exception("No PIN protected master key found.");
+                }
+                pinProtectedMasterKey = new EncString(pinProtectedMasterKeyString);
             }
-            await SetKeyAsync(key);
-        }
-
-        public async Task<SymmetricCryptoKey> MakeKeyAsync(string password, string salt, KdfConfig kdfConfig)
-        {
-            byte[] key = null;
-            if (kdfConfig.Type == null || kdfConfig.Type == KdfType.PBKDF2_SHA256)
-            {
-                var iterations = kdfConfig.Iterations.GetValueOrDefault(5000);
-                if (iterations < 5000)
-                {
-                    throw new Exception("PBKDF2 iteration minimum is 5000.");
-                }
-                key = await _cryptoFunctionService.Pbkdf2Async(password, salt,
-                    CryptoHashAlgorithm.Sha256, iterations);
-            }
-            else if (kdfConfig.Type == KdfType.Argon2id)
-            {
-                var iterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Argon2Iterations);
-                var memory = kdfConfig.Memory.GetValueOrDefault(Constants.Argon2MemoryInMB) * 1024;
-                var parallelism = kdfConfig.Parallelism.GetValueOrDefault(Constants.Argon2Parallelism);
-
-                if (kdfConfig.Iterations < 2)
-                {
-                    throw new Exception("Argon2 iterations minimum is 2");
-                }
-
-                if (kdfConfig.Memory < 16)
-                {
-                    throw new Exception("Argon2 memory minimum is 16 MB");
-                }
-                else if (kdfConfig.Memory > 1024)
-                {
-                    throw new Exception("Argon2 memory maximum is 1024 MB");
-                }
-
-                if (kdfConfig.Parallelism < 1)
-                {
-                    throw new Exception("Argon2 parallelism minimum is 1");
-                }
-
-                var saltHash = await _cryptoFunctionService.HashAsync(salt, CryptoHashAlgorithm.Sha256);
-                key = await _cryptoFunctionService.Argon2Async(password, saltHash, iterations, memory, parallelism);
-            }
-            else
-            {
-                throw new Exception("Unknown kdf.");
-            }
-            return new SymmetricCryptoKey(key);
-        }
-
-        public async Task<SymmetricCryptoKey> MakeKeyFromPinAsync(string pin, string salt,
-            KdfConfig config, EncString protectedKeyCs = null)
-        {
-            if (protectedKeyCs == null)
-            {
-                var pinProtectedKey = await _stateService.GetPinProtectedAsync();
-                if (pinProtectedKey == null)
-                {
-                    throw new Exception("No PIN protected key found.");
-                }
-                protectedKeyCs = new EncString(pinProtectedKey);
-            }
-            var pinKey = await MakePinKeyAysnc(pin, salt, config);
-            var decKey = await DecryptToBytesAsync(protectedKeyCs, pinKey);
-            return new SymmetricCryptoKey(decKey);
-        }
-
-        public async Task<Tuple<EncString, SymmetricCryptoKey>> MakeShareKeyAsync()
-        {
-            var shareKey = await _cryptoFunctionService.RandomBytesAsync(64);
-            var publicKey = await GetPublicKeyAsync();
-            var encShareKey = await RsaEncryptAsync(shareKey, publicKey);
-            return new Tuple<EncString, SymmetricCryptoKey>(encShareKey, new SymmetricCryptoKey(shareKey));
-        }
-
-        public async Task<Tuple<string, EncString>> MakeKeyPairAsync(SymmetricCryptoKey key = null)
-        {
-            var keyPair = await _cryptoFunctionService.RsaGenerateKeyPairAsync(2048);
-            var publicB64 = Convert.ToBase64String(keyPair.Item1);
-            var privateEnc = await EncryptAsync(keyPair.Item2, key);
-            return new Tuple<string, EncString>(publicB64, privateEnc);
-        }
-
-        public async Task<SymmetricCryptoKey> MakePinKeyAysnc(string pin, string salt, KdfConfig config)
-        {
-            var pinKey = await MakeKeyAsync(pin, salt, config);
-            return await StretchKeyAsync(pinKey);
+            var pinKey = await MakePinKeyAsync(pin, salt, kdfConfig);
+            var masterKey = await DecryptToBytesAsync(pinProtectedMasterKey, pinKey);
+            return new MasterKey(masterKey);
         }
 
         public async Task<SymmetricCryptoKey> MakeSendKeyAsync(byte[] keyMaterial)
@@ -484,75 +477,6 @@ namespace Bit.Core.Services
             return new SymmetricCryptoKey(sendKey);
         }
 
-        public async Task<string> HashPasswordAsync(string password, SymmetricCryptoKey key, HashPurpose hashPurpose = HashPurpose.ServerAuthorization)
-        {
-            if (key == null)
-            {
-                key = await GetKeyAsync();
-            }
-            if (password == null || key == null)
-            {
-                throw new Exception("Invalid parameters.");
-            }
-            var iterations = hashPurpose == HashPurpose.LocalAuthorization ? 2 : 1;
-            var hash = await _cryptoFunctionService.Pbkdf2Async(key.Key, password, CryptoHashAlgorithm.Sha256, iterations);
-            return Convert.ToBase64String(hash);
-        }
-
-        public async Task<Tuple<SymmetricCryptoKey, EncString>> MakeEncKeyAsync(SymmetricCryptoKey key)
-        {
-            var theKey = await GetKeyForEncryptionAsync(key);
-            var encKey = await _cryptoFunctionService.RandomBytesAsync(64);
-            return await BuildEncKeyAsync(theKey, encKey);
-        }
-
-        public async Task<Tuple<SymmetricCryptoKey, EncString>> RemakeEncKeyAsync(SymmetricCryptoKey key)
-        {
-            var encKey = await GetEncKeyAsync();
-            return await BuildEncKeyAsync(key, encKey.Key);
-        }
-
-        public async Task<EncString> EncryptAsync(string plainValue, SymmetricCryptoKey key = null)
-        {
-            if (plainValue == null)
-            {
-                return null;
-            }
-            return await EncryptAsync(Encoding.UTF8.GetBytes(plainValue), key);
-        }
-
-        public async Task<EncString> EncryptAsync(byte[] plainValue, SymmetricCryptoKey key = null)
-        {
-            if (plainValue == null)
-            {
-                return null;
-            }
-            var encObj = await AesEncryptAsync(plainValue, key);
-            var iv = Convert.ToBase64String(encObj.Iv);
-            var data = Convert.ToBase64String(encObj.Data);
-            var mac = encObj.Mac != null ? Convert.ToBase64String(encObj.Mac) : null;
-            return new EncString(encObj.Key.EncType, data, iv, mac);
-        }
-
-        public async Task<EncByteArray> EncryptToBytesAsync(byte[] plainValue, SymmetricCryptoKey key = null)
-        {
-            var encValue = await AesEncryptAsync(plainValue, key);
-            var macLen = 0;
-            if (encValue.Mac != null)
-            {
-                macLen = encValue.Mac.Length;
-            }
-            var encBytes = new byte[1 + encValue.Iv.Length + macLen + encValue.Data.Length];
-            Buffer.BlockCopy(new byte[] { (byte)encValue.Key.EncType }, 0, encBytes, 0, 1);
-            Buffer.BlockCopy(encValue.Iv, 0, encBytes, 1, encValue.Iv.Length);
-            if (encValue.Mac != null)
-            {
-                Buffer.BlockCopy(encValue.Mac, 0, encBytes, 1 + encValue.Iv.Length, encValue.Mac.Length);
-            }
-            Buffer.BlockCopy(encValue.Data, 0, encBytes, 1 + encValue.Iv.Length + macLen, encValue.Data.Length);
-            return new EncByteArray(encBytes);
-        }
-
         public async Task<EncString> RsaEncryptAsync(byte[] data, byte[] publicKey = null)
         {
             if (publicKey == null)
@@ -567,204 +491,6 @@ namespace Bit.Core.Services
             return new EncString(EncryptionType.Rsa2048_OaepSha1_B64, Convert.ToBase64String(encBytes));
         }
 
-        public async Task<byte[]> DecryptToBytesAsync(EncString encString, SymmetricCryptoKey key = null)
-        {
-            var iv = Convert.FromBase64String(encString.Iv);
-            var data = Convert.FromBase64String(encString.Data);
-            var mac = !string.IsNullOrWhiteSpace(encString.Mac) ? Convert.FromBase64String(encString.Mac) : null;
-            return await AesDecryptToBytesAsync(encString.EncryptionType, data, iv, mac, key);
-        }
-
-        public async Task<string> DecryptToUtf8Async(EncString encString, SymmetricCryptoKey key = null)
-        {
-            return await AesDecryptToUtf8Async(encString.EncryptionType, encString.Data,
-                encString.Iv, encString.Mac, key);
-        }
-
-        public async Task<byte[]> DecryptFromBytesAsync(byte[] encBytes, SymmetricCryptoKey key)
-        {
-            if (encBytes == null)
-            {
-                throw new Exception("no encBytes.");
-            }
-
-            var encType = (EncryptionType)encBytes[0];
-            byte[] ctBytes = null;
-            byte[] ivBytes = null;
-            byte[] macBytes = null;
-
-            switch (encType)
-            {
-                case EncryptionType.AesCbc128_HmacSha256_B64:
-                case EncryptionType.AesCbc256_HmacSha256_B64:
-                    if (encBytes.Length < 49) // 1 + 16 + 32 + ctLength
-                    {
-                        return null;
-                    }
-                    ivBytes = new ArraySegment<byte>(encBytes, 1, 16).ToArray();
-                    macBytes = new ArraySegment<byte>(encBytes, 17, 32).ToArray();
-                    ctBytes = new ArraySegment<byte>(encBytes, 49, encBytes.Length - 49).ToArray();
-                    break;
-                case EncryptionType.AesCbc256_B64:
-                    if (encBytes.Length < 17) // 1 + 16 + ctLength
-                    {
-                        return null;
-                    }
-                    ivBytes = new ArraySegment<byte>(encBytes, 1, 16).ToArray();
-                    ctBytes = new ArraySegment<byte>(encBytes, 17, encBytes.Length - 17).ToArray();
-                    break;
-                default:
-                    return null;
-            }
-
-            return await AesDecryptToBytesAsync(encType, ctBytes, ivBytes, macBytes, key);
-        }
-
-        public async Task<int> RandomNumberAsync(int min, int max)
-        {
-            // Make max inclusive
-            max = max + 1;
-
-            var diff = (long)max - min;
-            var upperBound = uint.MaxValue / diff * diff;
-            uint ui;
-            do
-            {
-                ui = await _cryptoFunctionService.RandomNumberAsync();
-            } while (ui >= upperBound);
-            return (int)(min + (ui % diff));
-        }
-
-        /// <summary>
-        /// Makes random string with length <paramref name="length"/> based on the charset <see cref="RANDOM_STRING_CHARSET"/>
-        /// </summary>
-        public async Task<string> RandomStringAsync(int length)
-        {
-            var sb = new StringBuilder();
-
-            for (var i = 0; i < length; i++)
-            {
-                var randomCharIndex = await RandomNumberAsync(0, RANDOM_STRING_CHARSET.Length - 1);
-                sb.Append(RANDOM_STRING_CHARSET[randomCharIndex]);
-            }
-
-            return sb.ToString();
-        }
-
-        // Helpers
-
-        private async Task<EncryptedObject> AesEncryptAsync(byte[] data, SymmetricCryptoKey key)
-        {
-            var obj = new EncryptedObject
-            {
-                Key = await GetKeyForEncryptionAsync(key),
-                Iv = await _cryptoFunctionService.RandomBytesAsync(16)
-            };
-            obj.Data = await _cryptoFunctionService.AesEncryptAsync(data, obj.Iv, obj.Key.EncKey);
-            if (obj.Key.MacKey != null)
-            {
-                var macData = new byte[obj.Iv.Length + obj.Data.Length];
-                Buffer.BlockCopy(obj.Iv, 0, macData, 0, obj.Iv.Length);
-                Buffer.BlockCopy(obj.Data, 0, macData, obj.Iv.Length, obj.Data.Length);
-                obj.Mac = await _cryptoFunctionService.HmacAsync(macData, obj.Key.MacKey, CryptoHashAlgorithm.Sha256);
-            }
-            return obj;
-        }
-
-        private async Task<string> AesDecryptToUtf8Async(EncryptionType encType, string data, string iv, string mac,
-            SymmetricCryptoKey key)
-        {
-            var keyForEnc = await GetKeyForEncryptionAsync(key);
-            var theKey = ResolveLegacyKey(encType, keyForEnc);
-            if (theKey.MacKey != null && mac == null)
-            {
-                // Mac required.
-                return null;
-            }
-            if (theKey.EncType != encType)
-            {
-                // encType unavailable.
-                return null;
-            }
-
-            // "Fast params" conversion
-            var encKey = theKey.EncKey;
-            var dataBytes = Convert.FromBase64String(data);
-            var ivBytes = Convert.FromBase64String(iv);
-
-            var macDataBytes = new byte[ivBytes.Length + dataBytes.Length];
-            Buffer.BlockCopy(ivBytes, 0, macDataBytes, 0, ivBytes.Length);
-            Buffer.BlockCopy(dataBytes, 0, macDataBytes, ivBytes.Length, dataBytes.Length);
-
-            byte[] macKey = null;
-            if (theKey.MacKey != null)
-            {
-                macKey = theKey.MacKey;
-            }
-            byte[] macBytes = null;
-            if (mac != null)
-            {
-                macBytes = Convert.FromBase64String(mac);
-            }
-
-            // Compute mac
-            if (macKey != null && macBytes != null)
-            {
-                var computedMac = await _cryptoFunctionService.HmacAsync(macDataBytes, macKey,
-                    CryptoHashAlgorithm.Sha256);
-                var macsEqual = await _cryptoFunctionService.CompareAsync(macBytes, computedMac);
-                if (!macsEqual)
-                {
-                    // Mac failed
-                    return null;
-                }
-            }
-
-            var decBytes = await _cryptoFunctionService.AesDecryptAsync(dataBytes, ivBytes, encKey);
-            return Encoding.UTF8.GetString(decBytes);
-        }
-
-        private async Task<byte[]> AesDecryptToBytesAsync(EncryptionType encType, byte[] data, byte[] iv, byte[] mac,
-            SymmetricCryptoKey key)
-        {
-
-            var keyForEnc = await GetKeyForEncryptionAsync(key);
-            var theKey = ResolveLegacyKey(encType, keyForEnc);
-            if (theKey.MacKey != null && mac == null)
-            {
-                // Mac required.
-                return null;
-            }
-            if (theKey.EncType != encType)
-            {
-                // encType unavailable.
-                return null;
-            }
-
-            // Compute mac
-            if (theKey.MacKey != null && mac != null)
-            {
-                var macData = new byte[iv.Length + data.Length];
-                Buffer.BlockCopy(iv, 0, macData, 0, iv.Length);
-                Buffer.BlockCopy(data, 0, macData, iv.Length, data.Length);
-
-                var computedMac = await _cryptoFunctionService.HmacAsync(macData, theKey.MacKey,
-                    CryptoHashAlgorithm.Sha256);
-                if (computedMac == null)
-                {
-                    return null;
-                }
-                var macsMatch = await _cryptoFunctionService.CompareAsync(mac, computedMac);
-                if (!macsMatch)
-                {
-                    // Mac failed
-                    return null;
-                }
-            }
-
-            return await _cryptoFunctionService.AesDecryptAsync(data, iv, theKey.EncKey);
-        }
-
         public async Task<byte[]> RsaDecryptAsync(string encValue, byte[] privateKey = null)
         {
             var headerPieces = encValue.Split('.');
@@ -820,20 +546,267 @@ namespace Bit.Core.Services
             return await _cryptoFunctionService.RsaDecryptAsync(data, privateKey, alg);
         }
 
-        private async Task<SymmetricCryptoKey> GetKeyForEncryptionAsync(SymmetricCryptoKey key = null)
+        public async Task<int> RandomNumberAsync(int min, int max)
         {
-            if (key != null)
+            // Make max inclusive
+            max = max + 1;
+
+            var diff = (long)max - min;
+            var upperBound = uint.MaxValue / diff * diff;
+            uint ui;
+            do
             {
-                return key;
-            }
-            var encKey = await GetEncKeyAsync();
-            if (encKey != null)
-            {
-                return encKey;
-            }
-            return await GetKeyAsync();
+                ui = await _cryptoFunctionService.RandomNumberAsync();
+            } while (ui >= upperBound);
+            return (int)(min + (ui % diff));
         }
 
+        /// <summary>
+        /// Makes random string with length <paramref name="length"/> based on the charset <see cref="RANDOM_STRING_CHARSET"/>
+        /// </summary>
+        public async Task<string> RandomStringAsync(int length)
+        {
+            var sb = new StringBuilder();
+
+            for (var i = 0; i < length; i++)
+            {
+                var randomCharIndex = await RandomNumberAsync(0, RANDOM_STRING_CHARSET.Length - 1);
+                sb.Append(RANDOM_STRING_CHARSET[randomCharIndex]);
+            }
+
+            return sb.ToString();
+        }
+
+        // TODO: The following operations should be moved to a new encrypt service
+
+        public async Task<byte[]> DecryptFromBytesAsync(byte[] encBytes, SymmetricCryptoKey key)
+        {
+            if (encBytes == null)
+            {
+                throw new Exception("no encBytes.");
+            }
+
+            var encType = (EncryptionType)encBytes[0];
+            byte[] ctBytes = null;
+            byte[] ivBytes = null;
+            byte[] macBytes = null;
+
+            switch (encType)
+            {
+                case EncryptionType.AesCbc128_HmacSha256_B64:
+                case EncryptionType.AesCbc256_HmacSha256_B64:
+                    if (encBytes.Length < 49) // 1 + 16 + 32 + ctLength
+                    {
+                        return null;
+                    }
+                    ivBytes = new ArraySegment<byte>(encBytes, 1, 16).ToArray();
+                    macBytes = new ArraySegment<byte>(encBytes, 17, 32).ToArray();
+                    ctBytes = new ArraySegment<byte>(encBytes, 49, encBytes.Length - 49).ToArray();
+                    break;
+                case EncryptionType.AesCbc256_B64:
+                    if (encBytes.Length < 17) // 1 + 16 + ctLength
+                    {
+                        return null;
+                    }
+                    ivBytes = new ArraySegment<byte>(encBytes, 1, 16).ToArray();
+                    ctBytes = new ArraySegment<byte>(encBytes, 17, encBytes.Length - 17).ToArray();
+                    break;
+                default:
+                    return null;
+            }
+
+            return await AesDecryptToBytesAsync(encType, ctBytes, ivBytes, macBytes, key);
+        }
+
+        public async Task<byte[]> DecryptToBytesAsync(EncString encString, SymmetricCryptoKey key = null)
+        {
+            var iv = Convert.FromBase64String(encString.Iv);
+            var data = Convert.FromBase64String(encString.Data);
+            var mac = !string.IsNullOrWhiteSpace(encString.Mac) ? Convert.FromBase64String(encString.Mac) : null;
+            return await AesDecryptToBytesAsync(encString.EncryptionType, data, iv, mac, key);
+        }
+
+        public async Task<string> DecryptToUtf8Async(EncString encString, SymmetricCryptoKey key = null)
+        {
+            return await AesDecryptToUtf8Async(encString.EncryptionType, encString.Data,
+                encString.Iv, encString.Mac, key);
+        }
+
+        public async Task<EncString> EncryptAsync(string plainValue, SymmetricCryptoKey key = null)
+        {
+            if (plainValue == null)
+            {
+                return null;
+            }
+            return await EncryptAsync(Encoding.UTF8.GetBytes(plainValue), key);
+        }
+
+        public async Task<EncString> EncryptAsync(byte[] plainValue, SymmetricCryptoKey key = null)
+        {
+            if (plainValue == null)
+            {
+                return null;
+            }
+            var encObj = await AesEncryptAsync(plainValue, key);
+            var iv = Convert.ToBase64String(encObj.Iv);
+            var data = Convert.ToBase64String(encObj.Data);
+            var mac = encObj.Mac != null ? Convert.ToBase64String(encObj.Mac) : null;
+            return new EncString(encObj.Key.EncType, data, iv, mac);
+        }
+
+        public async Task<EncByteArray> EncryptToBytesAsync(byte[] plainValue, SymmetricCryptoKey key = null)
+        {
+            var encValue = await AesEncryptAsync(plainValue, key);
+            var macLen = 0;
+            if (encValue.Mac != null)
+            {
+                macLen = encValue.Mac.Length;
+            }
+            var encBytes = new byte[1 + encValue.Iv.Length + macLen + encValue.Data.Length];
+            Buffer.BlockCopy(new byte[] { (byte)encValue.Key.EncType }, 0, encBytes, 0, 1);
+            Buffer.BlockCopy(encValue.Iv, 0, encBytes, 1, encValue.Iv.Length);
+            if (encValue.Mac != null)
+            {
+                Buffer.BlockCopy(encValue.Mac, 0, encBytes, 1 + encValue.Iv.Length, encValue.Mac.Length);
+            }
+            Buffer.BlockCopy(encValue.Data, 0, encBytes, 1 + encValue.Iv.Length + macLen, encValue.Data.Length);
+            return new EncByteArray(encBytes);
+        }
+
+        // --HELPER METHODS--
+
+        private async Task StorePinKey(UserKey userKey, string userId = null)
+        {
+            var pin = await DecryptToUtf8Async(new EncString(await _stateService.GetProtectedPinAsync(userId)));
+            var pinKey = await MakePinKeyAsync(
+                pin,
+                await _stateService.GetEmailAsync(userId),
+                await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile))
+            );
+            var encPin = await EncryptAsync(userKey.Key, pinKey);
+
+            // TODO(Jake): Does this logic make sense? Should we save something in state to indicate the preference?
+            if (await _stateService.GetUserKeyPinAsync(userId) != null)
+            {
+                await _stateService.SetUserKeyPinAsync(encPin, userId);
+                return;
+            }
+            await _stateService.SetUserKeyPinEphemeralAsync(encPin, userId);
+        }
+
+        private async Task<EncryptedObject> AesEncryptAsync(byte[] data, SymmetricCryptoKey key)
+        {
+            var obj = new EncryptedObject
+            {
+                Key = key ?? await GetUserKeyWithLegacySupportAsync(),
+                Iv = await _cryptoFunctionService.RandomBytesAsync(16)
+            };
+            obj.Data = await _cryptoFunctionService.AesEncryptAsync(data, obj.Iv, obj.Key.EncKey);
+            if (obj.Key.MacKey != null)
+            {
+                var macData = new byte[obj.Iv.Length + obj.Data.Length];
+                Buffer.BlockCopy(obj.Iv, 0, macData, 0, obj.Iv.Length);
+                Buffer.BlockCopy(obj.Data, 0, macData, obj.Iv.Length, obj.Data.Length);
+                obj.Mac = await _cryptoFunctionService.HmacAsync(macData, obj.Key.MacKey, CryptoHashAlgorithm.Sha256);
+            }
+            return obj;
+        }
+
+        private async Task<string> AesDecryptToUtf8Async(EncryptionType encType, string data, string iv, string mac,
+            SymmetricCryptoKey key)
+        {
+            var keyForEnc = key ?? await GetUserKeyWithLegacySupportAsync();
+            var theKey = ResolveLegacyKey(encType, keyForEnc);
+            if (theKey.MacKey != null && mac == null)
+            {
+                // Mac required.
+                return null;
+            }
+            if (theKey.EncType != encType)
+            {
+                // encType unavailable.
+                return null;
+            }
+
+            // "Fast params" conversion
+            var encKey = theKey.EncKey;
+            var dataBytes = Convert.FromBase64String(data);
+            var ivBytes = Convert.FromBase64String(iv);
+
+            var macDataBytes = new byte[ivBytes.Length + dataBytes.Length];
+            Buffer.BlockCopy(ivBytes, 0, macDataBytes, 0, ivBytes.Length);
+            Buffer.BlockCopy(dataBytes, 0, macDataBytes, ivBytes.Length, dataBytes.Length);
+
+            byte[] macKey = null;
+            if (theKey.MacKey != null)
+            {
+                macKey = theKey.MacKey;
+            }
+            byte[] macBytes = null;
+            if (mac != null)
+            {
+                macBytes = Convert.FromBase64String(mac);
+            }
+
+            // Compute mac
+            if (macKey != null && macBytes != null)
+            {
+                var computedMac = await _cryptoFunctionService.HmacAsync(macDataBytes, macKey,
+                    CryptoHashAlgorithm.Sha256);
+                var macsEqual = await _cryptoFunctionService.CompareAsync(macBytes, computedMac);
+                if (!macsEqual)
+                {
+                    // Mac failed
+                    return null;
+                }
+            }
+
+            var decBytes = await _cryptoFunctionService.AesDecryptAsync(dataBytes, ivBytes, encKey);
+            return Encoding.UTF8.GetString(decBytes);
+        }
+
+        private async Task<byte[]> AesDecryptToBytesAsync(EncryptionType encType, byte[] data, byte[] iv, byte[] mac,
+            SymmetricCryptoKey key)
+        {
+
+            var keyForEnc = key ?? await GetUserKeyWithLegacySupportAsync();
+            var theKey = ResolveLegacyKey(encType, keyForEnc);
+            if (theKey.MacKey != null && mac == null)
+            {
+                // Mac required.
+                return null;
+            }
+            if (theKey.EncType != encType)
+            {
+                // encType unavailable.
+                return null;
+            }
+
+            // Compute mac
+            if (theKey.MacKey != null && mac != null)
+            {
+                var macData = new byte[iv.Length + data.Length];
+                Buffer.BlockCopy(iv, 0, macData, 0, iv.Length);
+                Buffer.BlockCopy(data, 0, macData, iv.Length, data.Length);
+
+                var computedMac = await _cryptoFunctionService.HmacAsync(macData, theKey.MacKey,
+                    CryptoHashAlgorithm.Sha256);
+                if (computedMac == null)
+                {
+                    return null;
+                }
+                var macsMatch = await _cryptoFunctionService.CompareAsync(mac, computedMac);
+                if (!macsMatch)
+                {
+                    // Mac failed
+                    return null;
+                }
+            }
+
+            return await _cryptoFunctionService.AesDecryptAsync(data, iv, theKey.EncKey);
+        }
+
+
         private SymmetricCryptoKey ResolveLegacyKey(EncryptionType encKey, SymmetricCryptoKey key)
         {
             if (encKey == EncryptionType.AesCbc128_HmacSha256_B64 && key.EncType == EncryptionType.AesCbc256_B64)
@@ -882,8 +855,8 @@ namespace Bit.Core.Services
             return phrase;
         }
 
-        private async Task<Tuple<SymmetricCryptoKey, EncString>> BuildEncKeyAsync(SymmetricCryptoKey key,
-            byte[] encKey)
+        private async Task<Tuple<T, EncString>> BuildProtectedSymmetricKey<T>(SymmetricCryptoKey key,
+            byte[] encKey) where T : SymmetricCryptoKey
         {
             EncString encKeyEnc = null;
             if (key.Key.Length == 32)
@@ -899,7 +872,57 @@ namespace Bit.Core.Services
             {
                 throw new Exception("Invalid key size.");
             }
-            return new Tuple<SymmetricCryptoKey, EncString>(new SymmetricCryptoKey(encKey), encKeyEnc);
+            return new Tuple<T, EncString>(new SymmetricCryptoKey(encKey) as T, encKeyEnc);
+        }
+
+        // TODO: This intantiator needs to be moved into each key type in order to get rid of the keyCreator hack
+        private async Task<TKey> MakeKeyAsync<TKey>(string password, string salt, KdfConfig kdfConfig, Func<byte[], TKey> keyCreator)
+        where TKey : SymmetricCryptoKey
+        {
+            byte[] key = null;
+            if (kdfConfig.Type == null || kdfConfig.Type == KdfType.PBKDF2_SHA256)
+            {
+                var iterations = kdfConfig.Iterations.GetValueOrDefault(5000);
+                if (iterations < 5000)
+                {
+                    throw new Exception("PBKDF2 iteration minimum is 5000.");
+                }
+                key = await _cryptoFunctionService.Pbkdf2Async(password, salt,
+                    CryptoHashAlgorithm.Sha256, iterations);
+            }
+            else if (kdfConfig.Type == KdfType.Argon2id)
+            {
+                var iterations = kdfConfig.Iterations.GetValueOrDefault(Constants.Argon2Iterations);
+                var memory = kdfConfig.Memory.GetValueOrDefault(Constants.Argon2MemoryInMB) * 1024;
+                var parallelism = kdfConfig.Parallelism.GetValueOrDefault(Constants.Argon2Parallelism);
+
+                if (kdfConfig.Iterations < 2)
+                {
+                    throw new Exception("Argon2 iterations minimum is 2");
+                }
+
+                if (kdfConfig.Memory < 16)
+                {
+                    throw new Exception("Argon2 memory minimum is 16 MB");
+                }
+                else if (kdfConfig.Memory > 1024)
+                {
+                    throw new Exception("Argon2 memory maximum is 1024 MB");
+                }
+
+                if (kdfConfig.Parallelism < 1)
+                {
+                    throw new Exception("Argon2 parallelism minimum is 1");
+                }
+
+                var saltHash = await _cryptoFunctionService.HashAsync(salt, CryptoHashAlgorithm.Sha256);
+                key = await _cryptoFunctionService.Argon2Async(password, saltHash, iterations, memory, parallelism);
+            }
+            else
+            {
+                throw new Exception("Unknown kdf.");
+            }
+            return keyCreator(key);
         }
 
         private class EncryptedObject
@@ -909,5 +932,57 @@ namespace Bit.Core.Services
             public byte[] Mac { get; set; }
             public SymmetricCryptoKey Key { get; set; }
         }
+
+        // --MIGRATION METHODS--
+        // We previously used the master key for additional keys, but now we use the user key.
+        // These methods support migrating the old keys to the new ones.
+
+        public async Task<UserKey> DecryptAndMigrateOldPinKeyAsync(
+            bool masterPasswordOnRestart,
+            string pin,
+            string email,
+            KdfConfig kdfConfig,
+            EncString oldPinKey)
+        {
+            // Decrypt
+            var masterKey = await DecryptMasterKeyWithPinAsync(
+                pin,
+                email,
+                kdfConfig,
+                oldPinKey
+            );
+            var encUserKey = await _stateService.GetEncKeyEncryptedAsync();
+            var userKey = await DecryptUserKeyWithMasterKeyAsync(
+                masterKey,
+                new EncString(encUserKey)
+            );
+
+            // Migrate
+            var pinKey = await MakePinKeyAsync(pin, email, kdfConfig);
+            var pinProtectedKey = await EncryptAsync(userKey.Key, pinKey);
+
+            if (masterPasswordOnRestart)
+            {
+                await _stateService.SetPinProtectedKeyAsync(null);
+                await _stateService.SetUserKeyPinEphemeralAsync(pinProtectedKey);
+            }
+            else
+            {
+                await _stateService.SetPinProtectedAsync(null);
+                await _stateService.SetUserKeyPinAsync(pinProtectedKey);
+
+                // We previously only set the protected pin if MP on Restart was enabled
+                // now we set it regardless
+                var encPin = await EncryptAsync(pin, userKey);
+                await _stateService.SetProtectedPinAsync(encPin.EncryptedString);
+            }
+            return userKey;
+        }
+
+        public async Task clearDeprecatedPinKeysAsync(string userId = null)
+        {
+            await _stateService.SetPinProtectedAsync(null);
+            await _stateService.SetPinProtectedKeyAsync(null);
+        }
     }
 }
diff --git a/src/Core/Services/DeviceTrustCryptoService.cs b/src/Core/Services/DeviceTrustCryptoService.cs
index 75d0b2bc3..e25739fb2 100644
--- a/src/Core/Services/DeviceTrustCryptoService.cs
+++ b/src/Core/Services/DeviceTrustCryptoService.cs
@@ -44,7 +44,7 @@ namespace Bit.Core.Services
         public async Task<DeviceResponse> TrustDeviceAsync()
         {
             // Attempt to get user key
-            var userKey = await _cryptoService.GetEncKeyAsync();
+            var userKey = await _cryptoService.GetUserKeyAsync();
             if (userKey == null)
             {
                 return null;
diff --git a/src/Core/Services/FolderService.cs b/src/Core/Services/FolderService.cs
index 044ee2b93..4aa2e9f3d 100644
--- a/src/Core/Services/FolderService.cs
+++ b/src/Core/Services/FolderService.cs
@@ -77,7 +77,7 @@ namespace Bit.Core.Services
             {
                 return _decryptedFolderCache;
             }
-            var hasKey = await _cryptoService.HasKeyAsync();
+            var hasKey = await _cryptoService.HasUserKeyAsync();
             if (!hasKey)
             {
                 throw new Exception("No key.");
diff --git a/src/Core/Services/KeyConnectorService.cs b/src/Core/Services/KeyConnectorService.cs
index dbeb8cd06..a997c5c40 100644
--- a/src/Core/Services/KeyConnectorService.cs
+++ b/src/Core/Services/KeyConnectorService.cs
@@ -28,10 +28,10 @@ namespace Bit.Core.Services
         {
             try
             {
-                var userKeyResponse = await _apiService.GetUserKeyFromKeyConnector(url);
-                var keyArr = Convert.FromBase64String(userKeyResponse.Key);
-                var k = new SymmetricCryptoKey(keyArr);
-                await _cryptoService.SetKeyAsync(k);
+                var masterKeyResponse = await _apiService.GetMasterKeyFromKeyConnector(url);
+                var masterKeyArr = Convert.FromBase64String(masterKeyResponse.Key);
+                var masterKey = new MasterKey(masterKeyArr);
+                await _cryptoService.SetMasterKeyAsync(masterKey);
             }
             catch (Exception e)
             {
@@ -60,11 +60,11 @@ namespace Bit.Core.Services
         public async Task MigrateUser()
         {
             var organization = await GetManagingOrganization();
-            var key = await _cryptoService.GetKeyAsync();
+            var masterKey = await _cryptoService.GetMasterKeyAsync();
 
             try
             {
-                var keyConnectorRequest = new KeyConnectorUserKeyRequest(key.EncKeyB64);
+                var keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.EncKeyB64);
                 await _apiService.PostUserKeyToKeyConnector(organization.KeyConnectorUrl, keyConnectorRequest);
             }
             catch (Exception e)
diff --git a/src/Core/Services/PasswordGenerationService.cs b/src/Core/Services/PasswordGenerationService.cs
index 3210cccad..a3b3a853b 100644
--- a/src/Core/Services/PasswordGenerationService.cs
+++ b/src/Core/Services/PasswordGenerationService.cs
@@ -247,7 +247,7 @@ namespace Bit.Core.Services
 
         public async Task<List<GeneratedPasswordHistory>> GetHistoryAsync()
         {
-            var hasKey = await _cryptoService.HasKeyAsync();
+            var hasKey = await _cryptoService.HasUserKeyAsync();
             if (!hasKey)
             {
                 return new List<GeneratedPasswordHistory>();
@@ -262,7 +262,7 @@ namespace Bit.Core.Services
 
         public async Task AddHistoryAsync(string password, CancellationToken token = default(CancellationToken))
         {
-            var hasKey = await _cryptoService.HasKeyAsync();
+            var hasKey = await _cryptoService.HasUserKeyAsync();
             if (!hasKey)
             {
                 return;
diff --git a/src/Core/Services/SendService.cs b/src/Core/Services/SendService.cs
index b59fad7e6..c2d24109b 100644
--- a/src/Core/Services/SendService.cs
+++ b/src/Core/Services/SendService.cs
@@ -143,7 +143,7 @@ namespace Bit.Core.Services
                 return _decryptedSendsCache;
             }
 
-            var hasKey = await _cryptoService.HasKeyAsync();
+            var hasKey = await _cryptoService.HasUserKeyAsync();
             if (!hasKey)
             {
                 throw new Exception("No Key.");
diff --git a/src/Core/Services/StateService.cs b/src/Core/Services/StateService.cs
index a952c2c4f..c3b1cd7ad 100644
--- a/src/Core/Services/StateService.cs
+++ b/src/Core/Services/StateService.cs
@@ -302,6 +302,48 @@ namespace Bit.Core.Services
                 true, reconciledOptions);
         }
 
+        public async Task<UserKey> GetUserKeyAsync(string userId = null)
+        {
+            return (await GetAccountAsync(
+                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
+            ))?.VolatileData?.UserKey;
+        }
+
+        public async Task SetUserKeyAsync(UserKey value, string userId = null)
+        {
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
+                await GetDefaultInMemoryOptionsAsync());
+            var account = await GetAccountAsync(reconciledOptions);
+            account.VolatileData.UserKey = value;
+            await SaveAccountAsync(account, reconciledOptions);
+        }
+
+        public async Task<MasterKey> GetMasterKeyAsync(string userId = null)
+        {
+            return (await GetAccountAsync(
+                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
+            ))?.VolatileData?.MasterKey;
+        }
+
+        public async Task SetMasterKeyAsync(MasterKey value, string userId = null)
+        {
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
+                await GetDefaultInMemoryOptionsAsync());
+            var account = await GetAccountAsync(reconciledOptions);
+            account.VolatileData.MasterKey = value;
+            await SaveAccountAsync(account, reconciledOptions);
+        }
+
+        public async Task<string> GetUserKeyMasterKeyAsync(string userId = null)
+        {
+            return await _storageMediatorService.GetAsync<string>(Constants.UserKeyKey(userId), false);
+        }
+
+        public async Task SetUserKeyMasterKeyAsync(string value, string userId = null)
+        {
+            await _storageMediatorService.SaveAsync(Constants.UserKeyKey(userId), value, false);
+        }
+
         public async Task<bool> CanAccessPremiumAsync(string userId = null)
         {
             if (userId == null)
@@ -353,6 +395,34 @@ namespace Bit.Core.Services
             await SetValueAsync(Constants.ProtectedPinKey(reconciledOptions.UserId), value, reconciledOptions);
         }
 
+        public async Task<EncString> GetUserKeyPinAsync(string userId = null)
+        {
+            var key = await _storageMediatorService.GetAsync<string>(Constants.UserKeyPinKey(userId), false);
+            return key != null ? new EncString(key) : null;
+        }
+
+        public async Task SetUserKeyPinAsync(EncString value, string userId = null)
+        {
+            await _storageMediatorService.SaveAsync(Constants.UserKeyPinKey(userId), value?.EncryptedString, false);
+        }
+
+        public async Task<EncString> GetUserKeyPinEphemeralAsync(string userId = null)
+        {
+            return (await GetAccountAsync(
+                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
+            ))?.VolatileData?.UserKeyPinEphemeral;
+        }
+
+        public async Task SetUserKeyPinEphemeralAsync(EncString value, string userId = null)
+        {
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
+                await GetDefaultInMemoryOptionsAsync());
+            var account = await GetAccountAsync(reconciledOptions);
+            account.VolatileData.UserKeyPinEphemeral = value;
+            await SaveAccountAsync(account, reconciledOptions);
+        }
+
+        [Obsolete("Use GetUserKeyPinAsync instead, left for migration purposes")]
         public async Task<string> GetPinProtectedAsync(string userId = null)
         {
             var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
@@ -360,6 +430,7 @@ namespace Bit.Core.Services
             return await GetValueAsync<string>(Constants.PinProtectedKey(reconciledOptions.UserId), reconciledOptions);
         }
 
+        [Obsolete("Use SetUserKeyPinAsync instead")]
         public async Task SetPinProtectedAsync(string value, string userId = null)
         {
             var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
@@ -367,6 +438,7 @@ namespace Bit.Core.Services
             await SetValueAsync(Constants.PinProtectedKey(reconciledOptions.UserId), value, reconciledOptions);
         }
 
+        [Obsolete("Use GetUserKeyPinEphemeralAsync instead, left for migration purposes")]
         public async Task<EncString> GetPinProtectedKeyAsync(string userId = null)
         {
             return (await GetAccountAsync(
@@ -374,6 +446,7 @@ namespace Bit.Core.Services
             ))?.VolatileData?.PinProtectedKey;
         }
 
+        [Obsolete("Use SetUserKeyPinEphemeralAsync instead")]
         public async Task SetPinProtectedKeyAsync(EncString value, string userId = null)
         {
             var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
@@ -395,35 +468,6 @@ namespace Bit.Core.Services
             await SaveAccountAsync(account, reconciledOptions);
         }
 
-        public async Task<string> GetKeyEncryptedAsync(string userId = null)
-        {
-            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
-                await GetDefaultSecureStorageOptionsAsync());
-            return await GetValueAsync<string>(Constants.KeyKey(reconciledOptions.UserId), reconciledOptions);
-        }
-
-        public async Task SetKeyEncryptedAsync(string value, string userId)
-        {
-            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
-                await GetDefaultSecureStorageOptionsAsync());
-            await SetValueAsync(Constants.KeyKey(reconciledOptions.UserId), value, reconciledOptions);
-        }
-
-        public async Task<SymmetricCryptoKey> GetKeyDecryptedAsync(string userId = null)
-        {
-            return (await GetAccountAsync(
-                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
-            ))?.VolatileData?.Key;
-        }
-
-        public async Task SetKeyDecryptedAsync(SymmetricCryptoKey value, string userId = null)
-        {
-            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
-                await GetDefaultInMemoryOptionsAsync());
-            var account = await GetAccountAsync(reconciledOptions);
-            account.VolatileData.Key = value;
-            await SaveAccountAsync(account, reconciledOptions);
-        }
 
         public async Task<string> GetKeyHashAsync(string userId = null)
         {
@@ -439,19 +483,6 @@ namespace Bit.Core.Services
             await SetValueAsync(Constants.KeyHashKey(reconciledOptions.UserId), value, reconciledOptions);
         }
 
-        public async Task<string> GetEncKeyEncryptedAsync(string userId = null)
-        {
-            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
-                await GetDefaultStorageOptionsAsync());
-            return await GetValueAsync<string>(Constants.EncKeyKey(reconciledOptions.UserId), reconciledOptions);
-        }
-
-        public async Task SetEncKeyEncryptedAsync(string value, string userId)
-        {
-            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
-                await GetDefaultStorageOptionsAsync());
-            await SetValueAsync(Constants.EncKeyKey(reconciledOptions.UserId), value, reconciledOptions);
-        }
 
         public async Task<Dictionary<string, string>> GetOrgKeysEncryptedAsync(string userId = null)
         {
@@ -1684,5 +1715,55 @@ namespace Bit.Core.Services
             await SetValueAsync(Constants.LastUserShouldConnectToWatchKey,
                 shouldConnect ?? await GetShouldConnectToWatchAsync(), await GetDefaultStorageOptionsAsync());
         }
+
+        [Obsolete]
+        public async Task<string> GetEncKeyEncryptedAsync(string userId = null)
+        {
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
+                await GetDefaultStorageOptionsAsync());
+            return await GetValueAsync<string>(Constants.EncKeyKey(reconciledOptions.UserId), reconciledOptions);
+        }
+
+        [Obsolete]
+        public async Task SetEncKeyEncryptedAsync(string value, string userId)
+        {
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
+                await GetDefaultStorageOptionsAsync());
+            await SetValueAsync(Constants.EncKeyKey(reconciledOptions.UserId), value, reconciledOptions);
+        }
+
+        [Obsolete]
+        public async Task<string> GetKeyEncryptedAsync(string userId = null)
+        {
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
+                await GetDefaultSecureStorageOptionsAsync());
+            return await GetValueAsync<string>(Constants.KeyKey(reconciledOptions.UserId), reconciledOptions);
+        }
+
+        [Obsolete]
+        public async Task SetKeyEncryptedAsync(string value, string userId)
+        {
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
+                await GetDefaultSecureStorageOptionsAsync());
+            await SetValueAsync(Constants.KeyKey(reconciledOptions.UserId), value, reconciledOptions);
+        }
+
+        [Obsolete]
+        public async Task<SymmetricCryptoKey> GetKeyDecryptedAsync(string userId = null)
+        {
+            return (await GetAccountAsync(
+                ReconcileOptions(new StorageOptions { UserId = userId }, await GetDefaultInMemoryOptionsAsync())
+            ))?.VolatileData?.Key;
+        }
+
+        [Obsolete]
+        public async Task SetKeyDecryptedAsync(SymmetricCryptoKey value, string userId = null)
+        {
+            var reconciledOptions = ReconcileOptions(new StorageOptions { UserId = userId },
+                await GetDefaultInMemoryOptionsAsync());
+            var account = await GetAccountAsync(reconciledOptions);
+            account.VolatileData.Key = value;
+            await SaveAccountAsync(account, reconciledOptions);
+        }
     }
 }
diff --git a/src/Core/Services/SyncService.cs b/src/Core/Services/SyncService.cs
index 4351e0f08..2763a8e0d 100644
--- a/src/Core/Services/SyncService.cs
+++ b/src/Core/Services/SyncService.cs
@@ -327,8 +327,8 @@ namespace Bit.Core.Services
                 }
                 return;
             }
-            await _cryptoService.SetEncKeyAsync(response.Key);
-            await _cryptoService.SetEncPrivateKeyAsync(response.PrivateKey);
+            await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(response.Key);
+            await _cryptoService.SetPrivateKeyAsync(response.PrivateKey);
             await _cryptoService.SetOrgKeysAsync(response.Organizations);
             await _stateService.SetSecurityStampAsync(response.SecurityStamp);
             var organizations = response.Organizations.ToDictionary(o => o.Id, o => new OrganizationData(o));
diff --git a/src/Core/Services/UserVerificationService.cs b/src/Core/Services/UserVerificationService.cs
index 74031b55c..554c0d49a 100644
--- a/src/Core/Services/UserVerificationService.cs
+++ b/src/Core/Services/UserVerificationService.cs
@@ -44,7 +44,7 @@ namespace Bit.Core.Services
             }
             else
             {
-                var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(secret, null);
+                var passwordValid = await _cryptoService.CompareAndUpdatePasswordHashAsync(secret, null);
                 if (!passwordValid)
                 {
                     await InvalidSecretErrorAsync(verificationType);
diff --git a/src/Core/Services/VaultTimeoutService.cs b/src/Core/Services/VaultTimeoutService.cs
index f5bd7d4bd..f1060c2e1 100644
--- a/src/Core/Services/VaultTimeoutService.cs
+++ b/src/Core/Services/VaultTimeoutService.cs
@@ -7,6 +7,13 @@ using Bit.Core.Models.Domain;
 
 namespace Bit.Core.Services
 {
+    public enum PinLockEnum
+    {
+        Disabled,
+        Persistent,
+        Transient
+    }
+
     public class VaultTimeoutService : IVaultTimeoutService
     {
         private readonly ICryptoService _cryptoService;
@@ -54,7 +61,7 @@ namespace Bit.Core.Services
 
         public async Task<bool> IsLockedAsync(string userId = null)
         {
-            var hasKey = await _cryptoService.HasKeyAsync(userId);
+            var hasKey = await _cryptoService.HasUserKeyAsync(userId);
             if (hasKey)
             {
                 var biometricSet = await IsBiometricLockSetAsync(userId);
@@ -165,11 +172,13 @@ namespace Bit.Core.Services
 
             if (await _keyConnectorService.GetUsesKeyConnector())
             {
-                var (isPinProtected, isPinProtectedWithKey) = await IsPinLockSetAsync(userId);
-                var pinLock = (isPinProtected && await _stateService.GetPinProtectedKeyAsync(userId) != null) ||
-                              isPinProtectedWithKey;
+                var pinStatus = await IsPinLockSetAsync(userId);
+                var ephemeralPinSet = await _stateService.GetUserKeyPinEphemeralAsync()
+                    ?? await _stateService.GetPinProtectedKeyAsync();
+                var pinEnabled = (pinStatus == PinLockEnum.Transient && ephemeralPinSet != null) ||
+                          pinStatus == PinLockEnum.Persistent;
 
-                if (!pinLock && !await IsBiometricLockSetAsync())
+                if (!pinEnabled && !await IsBiometricLockSetAsync())
                 {
                     await LogOutAsync(userInitiated, userId);
                     return;
@@ -187,10 +196,10 @@ namespace Bit.Core.Services
                 }
             }
             await Task.WhenAll(
-                _cryptoService.ClearKeyAsync(userId),
+                _cryptoService.ClearUserKeyAsync(userId),
+                _cryptoService.ClearMasterKeyAsync(userId),
                 _cryptoService.ClearOrgKeysAsync(true, userId),
-                _cryptoService.ClearKeyPairAsync(true, userId),
-                _cryptoService.ClearEncKeyAsync(true, userId));
+                _cryptoService.ClearKeyPairAsync(true, userId));
 
             if (isActiveAccount)
             {
@@ -214,15 +223,30 @@ namespace Bit.Core.Services
         {
             await _stateService.SetVaultTimeoutAsync(timeout);
             await _stateService.SetVaultTimeoutActionAsync(action);
-            await _cryptoService.ToggleKeyAsync();
+            await _cryptoService.ToggleKeysAsync();
             await _tokenService.ToggleTokensAsync();
         }
 
-        public async Task<Tuple<bool, bool>> IsPinLockSetAsync(string userId = null)
+        public async Task<PinLockEnum> IsPinLockSetAsync(string userId = null)
         {
-            var protectedPin = await _stateService.GetProtectedPinAsync(userId);
-            var pinProtectedKey = await _stateService.GetPinProtectedAsync(userId);
-            return new Tuple<bool, bool>(protectedPin != null, pinProtectedKey != null);
+            // we can't depend on only the protected pin being set because old
+            // versions only used it for MP on Restart
+            var pinIsEnabled = await _stateService.GetProtectedPinAsync(userId);
+            var userKeyPin = await _stateService.GetUserKeyPinAsync(userId);
+            var oldUserKeyPin = await _stateService.GetPinProtectedAsync(userId);
+
+            if (userKeyPin != null || oldUserKeyPin != null)
+            {
+                return PinLockEnum.Persistent;
+            }
+            else if (pinIsEnabled != null && userKeyPin == null && oldUserKeyPin == null)
+            {
+                return PinLockEnum.Transient;
+            }
+            else
+            {
+                return PinLockEnum.Disabled;
+            }
         }
 
         public async Task<bool> IsBiometricLockSetAsync(string userId = null)
@@ -233,8 +257,7 @@ namespace Bit.Core.Services
 
         public async Task ClearAsync(string userId = null)
         {
-            await _stateService.SetPinProtectedKeyAsync(null, userId);
-            await _stateService.SetProtectedPinAsync(null, userId);
+            await _cryptoService.ClearPinKeysAsync(userId);
         }
 
         public async Task<int?> GetVaultTimeout(string userId = null)
diff --git a/src/iOS.Autofill/Info.plist b/src/iOS.Autofill/Info.plist
index 00d9aeca6..c64a7c640 100644
--- a/src/iOS.Autofill/Info.plist
+++ b/src/iOS.Autofill/Info.plist
@@ -11,7 +11,7 @@
 	<key>CFBundleIdentifier</key>
 	<string>com.8bit.bitwarden.autofill</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2023.5.1</string>
+	<string>2023.7.1</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>CFBundleLocalizations</key>
diff --git a/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs b/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
index 0edccc732..bebc7e925 100644
--- a/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
+++ b/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
@@ -8,11 +8,13 @@ using Bit.App.Utilities;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Bit.iOS.Core.Utilities;
 using Bit.iOS.Core.Views;
 using Foundation;
 using UIKit;
+using Xamarin.Essentials;
 using Xamarin.Forms;
 
 namespace Bit.iOS.Core.Controllers
@@ -28,10 +30,9 @@ namespace Bit.iOS.Core.Controllers
         private IBiometricService _biometricService;
         private IKeyConnectorService _keyConnectorService;
         private IAccountsManager _accountManager;
-        private bool _isPinProtected;
-        private bool _isPinProtectedWithKey;
-        private bool _pinLock;
-        private bool _biometricLock;
+        private PinLockEnum _pinStatus;
+        private bool _pinEnabled;
+        private bool _biometricEnabled;
         private bool _biometricIntegrityValid = true;
         private bool _passwordReprompt = false;
         private bool _usesKeyConnector;
@@ -85,7 +86,7 @@ namespace Bit.iOS.Core.Controllers
         }
 
         public abstract UITableView TableView { get; }
-        
+
         public override async void ViewDidLoad()
         {
             _vaultTimeoutService = ServiceContainer.Resolve<IVaultTimeoutService>("vaultTimeoutService");
@@ -103,25 +104,28 @@ namespace Bit.iOS.Core.Controllers
             if (autofillExtension && await _stateService.GetPasswordRepromptAutofillAsync())
             {
                 _passwordReprompt = true;
-                _isPinProtected = false;
-                _isPinProtectedWithKey = false;
-                _pinLock = false;
-                _biometricLock = false;
+                _pinStatus = PinLockEnum.Disabled;
+                _pinEnabled = false;
+                _biometricEnabled = false;
             }
             else
             {
-                (_isPinProtected, _isPinProtectedWithKey) = await _vaultTimeoutService.IsPinLockSetAsync();
-                _pinLock = (_isPinProtected && await _stateService.GetPinProtectedKeyAsync() != null) ||
-                           _isPinProtectedWithKey;
-                _biometricLock = await _vaultTimeoutService.IsBiometricLockSetAsync() &&
-                                 await _cryptoService.HasKeyAsync();
+                _pinStatus = await _vaultTimeoutService.IsPinLockSetAsync();
+
+                var ephemeralPinSet = await _stateService.GetUserKeyPinEphemeralAsync()
+                    ?? await _stateService.GetPinProtectedKeyAsync();
+                _pinEnabled = (_pinStatus == PinLockEnum.Transient && ephemeralPinSet != null) ||
+                    _pinStatus == PinLockEnum.Persistent;
+
+                _biometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync()
+                    && await _cryptoService.HasEncryptedUserKeyAsync();
                 _biometricIntegrityValid =
                     await _platformUtilsService.IsBiometricIntegrityValidAsync(BiometricIntegritySourceKey);
                 _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
-                _biometricUnlockOnly = _usesKeyConnector && _biometricLock && !_pinLock;
+                _biometricUnlockOnly = _usesKeyConnector && _biometricEnabled && !_pinEnabled;
             }
 
-            if (_pinLock)
+            if (_pinEnabled)
             {
                 BaseNavItem.Title = AppResources.VerifyPIN;
             }
@@ -150,7 +154,7 @@ namespace Bit.iOS.Core.Controllers
 
             if (!_biometricUnlockOnly)
             {
-                MasterPasswordCell.Label.Text = _pinLock ? AppResources.PIN : AppResources.MasterPassword;
+                MasterPasswordCell.Label.Text = _pinEnabled ? AppResources.PIN : AppResources.MasterPassword;
                 MasterPasswordCell.TextField.SecureTextEntry = true;
                 MasterPasswordCell.TextField.ReturnKeyType = UIReturnKeyType.Go;
                 MasterPasswordCell.TextField.ShouldReturn += (UITextField tf) =>
@@ -158,7 +162,7 @@ namespace Bit.iOS.Core.Controllers
                     CheckPasswordAsync().FireAndForget();
                     return true;
                 };
-                if (_pinLock)
+                if (_pinEnabled)
                 {
                     MasterPasswordCell.TextField.KeyboardType = UIKeyboardType.NumberPad;
                 }
@@ -177,7 +181,7 @@ namespace Bit.iOS.Core.Controllers
 
             base.ViewDidLoad();
 
-            if (_biometricLock)
+            if (_biometricEnabled)
             {
                 if (!_biometricIntegrityValid)
                 {
@@ -198,18 +202,18 @@ namespace Bit.iOS.Core.Controllers
             // Users with key connector and without biometric or pin has no MP to unlock with
             if (_usesKeyConnector)
             {
-                if (!(_pinLock || _biometricLock) ||
-                    (_biometricLock && !_biometricIntegrityValid))
+                if (!(_pinEnabled || _biometricEnabled) ||
+                    (_biometricEnabled && !_biometricIntegrityValid))
                 {
                     PromptSSO();
                 }
             }
-            else if (!_biometricLock || !_biometricIntegrityValid)
+            else if (!_biometricEnabled || !_biometricIntegrityValid)
             {
                 MasterPasswordCell.TextField.BecomeFirstResponder();
             }
         }
-        
+
         protected async Task CheckPasswordAsync()
         {
             if (_checkingPassword)
@@ -224,7 +228,7 @@ namespace Bit.iOS.Core.Controllers
                 {
                     var alert = Dialogs.CreateAlert(AppResources.AnErrorHasOccurred,
                         string.Format(AppResources.ValidationFieldRequired,
-                            _pinLock ? AppResources.PIN : AppResources.MasterPassword),
+                            _pinEnabled ? AppResources.PIN : AppResources.MasterPassword),
                         AppResources.Ok);
                     PresentViewController(alert, true, null);
                     return;
@@ -246,33 +250,53 @@ namespace Bit.iOS.Core.Controllers
                     return;
                 }
 
-                if (_pinLock)
+                if (_pinEnabled)
                 {
                     var failed = true;
                     try
                     {
-                        if (_isPinProtected)
+                        EncString userKeyPin = null;
+                        EncString oldPinProtected = null;
+                        if (_pinStatus == PinLockEnum.Persistent)
                         {
-                            var key = await _cryptoService.MakeKeyFromPinAsync(inputtedValue, email,
+                            userKeyPin = await _stateService.GetUserKeyPinAsync();
+                            var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
+                            oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
+                        }
+                        else if (_pinStatus == PinLockEnum.Transient)
+                        {
+                            userKeyPin = await _stateService.GetUserKeyPinEphemeralAsync();
+                            oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
+                        }
+
+                        UserKey userKey;
+                        if (oldPinProtected != null)
+                        {
+                            userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
+                                _pinStatus == PinLockEnum.Transient,
+                                inputtedValue,
+                                email,
                                 kdfConfig,
-                                await _stateService.GetPinProtectedKeyAsync());
-                            var encKey = await _cryptoService.GetEncKeyAsync(key);
-                            var protectedPin = await _stateService.GetProtectedPinAsync();
-                            var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
-                            failed = decPin != inputtedValue;
-                            if (!failed)
-                            {
-                                await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                                await SetKeyAndContinueAsync(key);
-                            }
+                                oldPinProtected
+                            );
                         }
                         else
                         {
-                            var key2 = await _cryptoService.MakeKeyFromPinAsync(inputtedValue, email,
-                                kdfConfig);
-                            failed = false;
+                            userKey = await _cryptoService.DecryptUserKeyWithPinAsync(
+                                inputtedValue,
+                                email,
+                                kdfConfig,
+                                userKeyPin
+                            );
+                        }
+
+                        var protectedPin = await _stateService.GetProtectedPinAsync();
+                        var decryptedPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), userKey);
+                        failed = decryptedPin != inputtedValue;
+                        if (!failed)
+                        {
                             await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                            await SetKeyAndContinueAsync(key2);
+                            await SetKeyAndContinueAsync(userKey);
                         }
                     }
                     catch
@@ -286,33 +310,27 @@ namespace Bit.iOS.Core.Controllers
                 }
                 else
                 {
-                    var key2 = await _cryptoService.MakeKeyAsync(inputtedValue, email, kdfConfig);
+                    var masterKey = await _cryptoService.MakeMasterKeyAsync(inputtedValue, email, kdfConfig);
 
-                    var storedKeyHash = await _cryptoService.GetKeyHashAsync();
-                    if (storedKeyHash == null)
+                    var storedPasswordHash = await _cryptoService.GetPasswordHashAsync();
+                    if (storedPasswordHash == null)
                     {
                         var oldKey = await _secureStorageService.GetAsync<string>("oldKey");
-                        if (key2.KeyB64 == oldKey)
+                        if (masterKey.KeyB64 == oldKey)
                         {
-                            var localKeyHash = await _cryptoService.HashPasswordAsync(inputtedValue, key2, HashPurpose.LocalAuthorization);
+                            var localPasswordHash = await _cryptoService.HashPasswordAsync(inputtedValue, masterKey, HashPurpose.LocalAuthorization);
                             await _secureStorageService.RemoveAsync("oldKey");
-                            await _cryptoService.SetKeyHashAsync(localKeyHash);
+                            await _cryptoService.SetPasswordHashAsync(localPasswordHash);
                         }
                     }
-                    var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(inputtedValue, key2);
+                    var passwordValid = await _cryptoService.CompareAndUpdatePasswordHashAsync(inputtedValue, masterKey);
                     if (passwordValid)
                     {
-                        if (_isPinProtected)
-                        {
-                            var protectedPin = await _stateService.GetProtectedPinAsync();
-                            var encKey = await _cryptoService.GetEncKeyAsync(key2);
-                            var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
-                            var pinKey = await _cryptoService.MakePinKeyAysnc(decPin, email,
-                                kdfConfig);
-                            await _stateService.SetPinProtectedKeyAsync(await _cryptoService.EncryptAsync(key2.Key, pinKey));
-                        }
                         await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                        await SetKeyAndContinueAsync(key2, true);
+
+                        var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
+                        await _cryptoService.SetMasterKeyAsync(masterKey);
+                        await SetKeyAndContinueAsync(userKey, true);
                     }
                     else
                     {
@@ -339,12 +357,12 @@ namespace Bit.iOS.Core.Controllers
 
         public async Task PromptBiometricAsync()
         {
-            if (!_biometricLock || !_biometricIntegrityValid)
+            if (!_biometricEnabled || !_biometricIntegrityValid)
             {
                 return;
             }
             var success = await _platformUtilsService.AuthenticateBiometricAsync(null,
-                _pinLock ? AppResources.PIN : AppResources.MasterPassword,
+                _pinEnabled ? AppResources.PIN : AppResources.MasterPassword,
                 () => MasterPasswordCell.TextField.BecomeFirstResponder());
             await _stateService.SetBiometricLockedAsync(!success);
             if (success)
@@ -371,12 +389,12 @@ namespace Bit.iOS.Core.Controllers
             PresentViewController(loginController, true, null);
         }
 
-        private async Task SetKeyAndContinueAsync(SymmetricCryptoKey key, bool masterPassword = false)
+        private async Task SetKeyAndContinueAsync(UserKey userKey, bool masterPassword = false)
         {
-            var hasKey = await _cryptoService.HasKeyAsync();
+            var hasKey = await _cryptoService.HasUserKeyAsync();
             if (!hasKey)
             {
-                await _cryptoService.SetKeyAsync(key);
+                await _cryptoService.SetUserKeyAsync(userKey);
             }
             DoContinue(masterPassword);
         }
@@ -396,7 +414,7 @@ namespace Bit.iOS.Core.Controllers
         private async Task EnableBiometricsIfNeeded()
         {
             // Re-enable biometrics if initial use
-            if (_biometricLock & !_biometricIntegrityValid)
+            if (_biometricEnabled & !_biometricIntegrityValid)
             {
                 await _biometricService.SetupBiometricAsync(BiometricIntegritySourceKey);
             }
@@ -405,7 +423,7 @@ namespace Bit.iOS.Core.Controllers
         private void InvalidValue()
         {
             var alert = Dialogs.CreateAlert(AppResources.AnErrorHasOccurred,
-                string.Format(null, _pinLock ? AppResources.PIN : AppResources.InvalidMasterPassword),
+                string.Format(null, _pinEnabled ? AppResources.PIN : AppResources.InvalidMasterPassword),
                 AppResources.Ok, (a) =>
                 {
 
@@ -490,7 +508,7 @@ namespace Bit.iOS.Core.Controllers
                     return 0;
                 }
 
-                return (!controller._biometricUnlockOnly && controller._biometricLock) ||
+                return (!controller._biometricUnlockOnly && controller._biometricEnabled) ||
                     controller._passwordReprompt
                     ? 2
                     : 1;
diff --git a/src/iOS.Core/Controllers/LockPasswordViewController.cs b/src/iOS.Core/Controllers/LockPasswordViewController.cs
index 8db432c46..9d4019a47 100644
--- a/src/iOS.Core/Controllers/LockPasswordViewController.cs
+++ b/src/iOS.Core/Controllers/LockPasswordViewController.cs
@@ -14,6 +14,7 @@ using Bit.Core.Enums;
 using Bit.App.Pages;
 using Bit.App.Models;
 using Xamarin.Forms;
+using Bit.Core.Services;
 
 namespace Bit.iOS.Core.Controllers
 {
@@ -29,10 +30,9 @@ namespace Bit.iOS.Core.Controllers
         private IPlatformUtilsService _platformUtilsService;
         private IBiometricService _biometricService;
         private IKeyConnectorService _keyConnectorService;
-        private bool _isPinProtected;
-        private bool _isPinProtectedWithKey;
-        private bool _pinLock;
-        private bool _biometricLock;
+        private PinLockEnum _pinStatus;
+        private bool _pinEnabled;
+        private bool _biometricEnabled;
         private bool _biometricIntegrityValid = true;
         private bool _passwordReprompt = false;
         private bool _usesKeyConnector;
@@ -96,25 +96,28 @@ namespace Bit.iOS.Core.Controllers
             if (autofillExtension && await _stateService.GetPasswordRepromptAutofillAsync())
             {
                 _passwordReprompt = true;
-                _isPinProtected = false;
-                _isPinProtectedWithKey = false;
-                _pinLock = false;
-                _biometricLock = false;
+                _pinStatus = PinLockEnum.Disabled;
+                _pinEnabled = false;
+                _biometricEnabled = false;
             }
             else
             {
-                (_isPinProtected, _isPinProtectedWithKey) = await _vaultTimeoutService.IsPinLockSetAsync();
-                _pinLock = (_isPinProtected && await _stateService.GetPinProtectedKeyAsync() != null) ||
-                           _isPinProtectedWithKey;
-                _biometricLock = await _vaultTimeoutService.IsBiometricLockSetAsync() &&
-                                 await _cryptoService.HasKeyAsync();
+                _pinStatus = await _vaultTimeoutService.IsPinLockSetAsync();
+
+                var ephemeralPinSet = await _stateService.GetUserKeyPinEphemeralAsync()
+                    ?? await _stateService.GetPinProtectedKeyAsync();
+                _pinEnabled = (_pinStatus == PinLockEnum.Transient && ephemeralPinSet != null) ||
+                    _pinStatus == PinLockEnum.Persistent;
+
+                _biometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync()
+                    && await _cryptoService.HasEncryptedUserKeyAsync();
                 _biometricIntegrityValid =
                     await _platformUtilsService.IsBiometricIntegrityValidAsync(BiometricIntegritySourceKey);
                 _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
-                _biometricUnlockOnly = _usesKeyConnector && _biometricLock && !_pinLock;
+                _biometricUnlockOnly = _usesKeyConnector && _biometricEnabled && !_pinEnabled;
             }
 
-            if (_pinLock)
+            if (_pinEnabled)
             {
                 BaseNavItem.Title = AppResources.VerifyPIN;
             }
@@ -143,7 +146,7 @@ namespace Bit.iOS.Core.Controllers
 
             if (!_biometricUnlockOnly)
             {
-                MasterPasswordCell.Label.Text = _pinLock ? AppResources.PIN : AppResources.MasterPassword;
+                MasterPasswordCell.Label.Text = _pinEnabled ? AppResources.PIN : AppResources.MasterPassword;
                 MasterPasswordCell.TextField.SecureTextEntry = true;
                 MasterPasswordCell.TextField.ReturnKeyType = UIReturnKeyType.Go;
                 MasterPasswordCell.TextField.ShouldReturn += (UITextField tf) =>
@@ -151,7 +154,7 @@ namespace Bit.iOS.Core.Controllers
                     CheckPasswordAsync().GetAwaiter().GetResult();
                     return true;
                 };
-                if (_pinLock)
+                if (_pinEnabled)
                 {
                     MasterPasswordCell.TextField.KeyboardType = UIKeyboardType.NumberPad;
                 }
@@ -165,7 +168,7 @@ namespace Bit.iOS.Core.Controllers
 
             base.ViewDidLoad();
 
-            if (_biometricLock)
+            if (_biometricEnabled)
             {
                 if (!_biometricIntegrityValid)
                 {
@@ -186,13 +189,13 @@ namespace Bit.iOS.Core.Controllers
             // Users with key connector and without biometric or pin has no MP to unlock with
             if (_usesKeyConnector)
             {
-                if (!(_pinLock || _biometricLock) ||
-                    (_biometricLock && !_biometricIntegrityValid))
+                if (!(_pinEnabled || _biometricEnabled) ||
+                    (_biometricEnabled && !_biometricIntegrityValid))
                 {
                     PromptSSO();
                 }
             }
-            else if (!_biometricLock || !_biometricIntegrityValid)
+            else if (!_biometricEnabled || !_biometricIntegrityValid)
             {
                 MasterPasswordCell.TextField.BecomeFirstResponder();
             }
@@ -204,7 +207,7 @@ namespace Bit.iOS.Core.Controllers
             {
                 var alert = Dialogs.CreateAlert(AppResources.AnErrorHasOccurred,
                     string.Format(AppResources.ValidationFieldRequired,
-                        _pinLock ? AppResources.PIN : AppResources.MasterPassword),
+                        _pinEnabled ? AppResources.PIN : AppResources.MasterPassword),
                     AppResources.Ok);
                 PresentViewController(alert, true, null);
                 return;
@@ -214,33 +217,53 @@ namespace Bit.iOS.Core.Controllers
             var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
             var inputtedValue = MasterPasswordCell.TextField.Text;
 
-            if (_pinLock)
+            if (_pinEnabled)
             {
                 var failed = true;
                 try
                 {
-                    if (_isPinProtected)
+                    EncString userKeyPin = null;
+                    EncString oldPinProtected = null;
+                    if (_pinStatus == PinLockEnum.Persistent)
                     {
-                        var key = await _cryptoService.MakeKeyFromPinAsync(inputtedValue, email,
+                        userKeyPin = await _stateService.GetUserKeyPinAsync();
+                        var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
+                        oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
+                    }
+                    else if (_pinStatus == PinLockEnum.Transient)
+                    {
+                        userKeyPin = await _stateService.GetUserKeyPinEphemeralAsync();
+                        oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
+                    }
+
+                    UserKey userKey;
+                    if (oldPinProtected != null)
+                    {
+                        userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
+                            _pinStatus == PinLockEnum.Transient,
+                            inputtedValue,
+                            email,
                             kdfConfig,
-                            await _stateService.GetPinProtectedKeyAsync());
-                        var encKey = await _cryptoService.GetEncKeyAsync(key);
-                        var protectedPin = await _stateService.GetProtectedPinAsync();
-                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
-                        failed = decPin != inputtedValue;
-                        if (!failed)
-                        {
-                            await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                            await SetKeyAndContinueAsync(key);
-                        }
+                            oldPinProtected
+                        );
                     }
                     else
                     {
-                        var key2 = await _cryptoService.MakeKeyFromPinAsync(inputtedValue, email,
-                            kdfConfig);
-                        failed = false;
+                        userKey = await _cryptoService.DecryptUserKeyWithPinAsync(
+                            inputtedValue,
+                            email,
+                            kdfConfig,
+                            userKeyPin
+                        );
+                    }
+
+                    var protectedPin = await _stateService.GetProtectedPinAsync();
+                    var decryptedPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), userKey);
+                    failed = decryptedPin != inputtedValue;
+                    if (!failed)
+                    {
                         await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                        await SetKeyAndContinueAsync(key2);
+                        await SetKeyAndContinueAsync(userKey);
                     }
                 }
                 catch
@@ -260,33 +283,27 @@ namespace Bit.iOS.Core.Controllers
             }
             else
             {
-                var key2 = await _cryptoService.MakeKeyAsync(inputtedValue, email, kdfConfig);
+                var masterKey = await _cryptoService.MakeMasterKeyAsync(inputtedValue, email, kdfConfig);
                 
-                var storedKeyHash = await _cryptoService.GetKeyHashAsync();
-                if (storedKeyHash == null)
+                var storedPasswordHash = await _cryptoService.GetPasswordHashAsync();
+                if (storedPasswordHash == null)
                 {
                     var oldKey = await _secureStorageService.GetAsync<string>("oldKey");
-                    if (key2.KeyB64 == oldKey)
+                    if (masterKey.KeyB64 == oldKey)
                     {
-                        var localKeyHash = await _cryptoService.HashPasswordAsync(inputtedValue, key2, HashPurpose.LocalAuthorization);
+                        var localPasswordHash = await _cryptoService.HashPasswordAsync(inputtedValue, masterKey, HashPurpose.LocalAuthorization);
                         await _secureStorageService.RemoveAsync("oldKey");
-                        await _cryptoService.SetKeyHashAsync(localKeyHash);
+                        await _cryptoService.SetPasswordHashAsync(localPasswordHash);
                     }
                 }
-                var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(inputtedValue, key2);
+                var passwordValid = await _cryptoService.CompareAndUpdatePasswordHashAsync(inputtedValue, masterKey);
                 if (passwordValid)
                 {
-                    if (_isPinProtected)
-                    {
-                        var protectedPin = await _stateService.GetProtectedPinAsync();
-                        var encKey = await _cryptoService.GetEncKeyAsync(key2);
-                        var decPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), encKey);
-                        var pinKey = await _cryptoService.MakePinKeyAysnc(decPin, email,
-                           kdfConfig);
-                        await _stateService.SetPinProtectedKeyAsync(await _cryptoService.EncryptAsync(key2.Key, pinKey));
-                    }
                     await AppHelpers.ResetInvalidUnlockAttemptsAsync();
-                    await SetKeyAndContinueAsync(key2, true);
+
+                    var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
+                    await _cryptoService.SetMasterKeyAsync(masterKey);
+                    await SetKeyAndContinueAsync(userKey, true);
                 }
                 else
                 {
@@ -303,12 +320,12 @@ namespace Bit.iOS.Core.Controllers
 
         public async Task PromptBiometricAsync()
         {
-            if (!_biometricLock || !_biometricIntegrityValid)
+            if (!_biometricEnabled || !_biometricIntegrityValid)
             {
                 return;
             }
             var success = await _platformUtilsService.AuthenticateBiometricAsync(null,
-                _pinLock ? AppResources.PIN : AppResources.MasterPassword,
+                _pinEnabled ? AppResources.PIN : AppResources.MasterPassword,
                 () => MasterPasswordCell.TextField.BecomeFirstResponder());
             await _stateService.SetBiometricLockedAsync(!success);
             if (success)
@@ -335,12 +352,12 @@ namespace Bit.iOS.Core.Controllers
             PresentViewController(loginController, true, null);
         }
 
-        private async Task SetKeyAndContinueAsync(SymmetricCryptoKey key, bool masterPassword = false)
+        private async Task SetKeyAndContinueAsync(UserKey userKey, bool masterPassword = false)
         {
-            var hasKey = await _cryptoService.HasKeyAsync();
+            var hasKey = await _cryptoService.HasUserKeyAsync();
             if (!hasKey)
             {
-                await _cryptoService.SetKeyAsync(key);
+                await _cryptoService.SetUserKeyAsync(userKey);
             }
             DoContinue(masterPassword);
         }
@@ -360,7 +377,7 @@ namespace Bit.iOS.Core.Controllers
         private async Task EnableBiometricsIfNeeded()
         {
             // Re-enable biometrics if initial use
-            if (_biometricLock & !_biometricIntegrityValid)
+            if (_biometricEnabled & !_biometricIntegrityValid)
             {
                 await _biometricService.SetupBiometricAsync(BiometricIntegritySourceKey);
             }
@@ -369,7 +386,7 @@ namespace Bit.iOS.Core.Controllers
         private void InvalidValue()
         {
             var alert = Dialogs.CreateAlert(AppResources.AnErrorHasOccurred,
-                string.Format(null, _pinLock ? AppResources.PIN : AppResources.InvalidMasterPassword),
+                string.Format(null, _pinEnabled ? AppResources.PIN : AppResources.InvalidMasterPassword),
                 AppResources.Ok, (a) =>
                     {
 
@@ -444,7 +461,7 @@ namespace Bit.iOS.Core.Controllers
 
             public override nint NumberOfSections(UITableView tableView)
             {
-                return (!_controller._biometricUnlockOnly && _controller._biometricLock) ||
+                return (!_controller._biometricUnlockOnly && _controller._biometricEnabled) ||
                     _controller._passwordReprompt
                     ? 2
                     : 1;
diff --git a/src/iOS.Core/Services/DeviceActionService.cs b/src/iOS.Core/Services/DeviceActionService.cs
index 21de54abe..23640f95a 100644
--- a/src/iOS.Core/Services/DeviceActionService.cs
+++ b/src/iOS.Core/Services/DeviceActionService.cs
@@ -3,6 +3,7 @@ using System.Linq;
 using System.Threading.Tasks;
 using Bit.App.Abstractions;
 using Bit.App.Resources;
+using Bit.App.Utilities.Prompts;
 using Bit.Core.Enums;
 using Bit.iOS.Core.Utilities;
 using Bit.iOS.Core.Views;
@@ -147,6 +148,11 @@ namespace Bit.iOS.Core.Services
             return result.Task;
         }
 
+        public Task<ValidatablePromptResponse?> DisplayValidatablePromptAsync(ValidatablePromptConfig config)
+        {
+            throw new NotImplementedException();
+        }
+
         public void RateApp()
         {
             string uri = null;
diff --git a/src/iOS.Extension/Info.plist b/src/iOS.Extension/Info.plist
index ee48ccdf5..e3ec1d841 100644
--- a/src/iOS.Extension/Info.plist
+++ b/src/iOS.Extension/Info.plist
@@ -11,7 +11,7 @@
 	<key>CFBundleIdentifier</key>
 	<string>com.8bit.bitwarden.find-login-action-extension</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2023.5.1</string>
+	<string>2023.7.1</string>
 	<key>CFBundleLocalizations</key>
 	<array>
 		<string>en</string>
diff --git a/src/iOS.ShareExtension/Info.plist b/src/iOS.ShareExtension/Info.plist
index 4e2ed6ff9..222522a03 100644
--- a/src/iOS.ShareExtension/Info.plist
+++ b/src/iOS.ShareExtension/Info.plist
@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>XPC!</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2023.5.1</string>
+	<string>2023.7.1</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>MinimumOSVersion</key>
diff --git a/src/iOS/Info.plist b/src/iOS/Info.plist
index 1dd43ff9f..a5307b7ab 100644
--- a/src/iOS/Info.plist
+++ b/src/iOS/Info.plist
@@ -11,7 +11,7 @@
 	<key>CFBundleIdentifier</key>
 	<string>com.8bit.bitwarden</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2023.5.1</string>
+	<string>2023.7.1</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>CFBundleIconName</key>
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/af.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/af.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/af.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ar.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ar.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ar.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/az.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/az.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/az.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/be.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/be.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/be.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/bg.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/bg.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/bg.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/bn.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/bn.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/bn.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/bs.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/bs.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/bs.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ca.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ca.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ca.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/cs.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/cs.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/cs.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/cy.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/cy.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/cy.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/da.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/da.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/da.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/de.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/de.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/de.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/el.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/el.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/el.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en-GB.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en-GB.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en-GB.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en-IN.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en-IN.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/en-IN.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/es.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/es.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/es.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/et.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/et.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/et.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/eu.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/eu.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/eu.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fa.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fa.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fa.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fi.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fi.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fi.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fil.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fil.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fil.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fr.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fr.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/fr.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/gl.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/gl.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/gl.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/he.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/he.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/he.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/hi.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/hi.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/hi.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/hr.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/hr.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/hr.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/hu.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/hu.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/hu.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/id.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/id.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/id.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/it.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/it.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/it.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ja.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ja.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ja.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ka.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ka.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ka.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/kn.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/kn.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/kn.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ko.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ko.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ko.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/lt.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/lt.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/lt.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/lv.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/lv.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/lv.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ml.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ml.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ml.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/my.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/my.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/my.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/nb.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/nb.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/nb.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ne.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ne.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ne.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/nl.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/nl.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/nl.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/nn.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/nn.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/nn.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/or.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/or.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/or.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/pl.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/pl.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/pl.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/pt-BR.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/pt-BR.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/pt-BR.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/pt-PT.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/pt-PT.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/pt-PT.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ro.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ro.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ro.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ru.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ru.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ru.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/si.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/si.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/si.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sk.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sk.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sk.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sl.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sl.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sl.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sr.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sr.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sr.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sv.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sv.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/sv.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ta.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ta.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/ta.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/te.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/te.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/te.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/th.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/th.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/th.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/tr.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/tr.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/tr.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/uk.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/uk.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/uk.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/vi.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/vi.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/vi.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/zh-Hans.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/zh-Hans.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/zh-Hans.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/zh-Hant.lproj/Localizable.strings b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/zh-Hant.lproj/Localizable.strings
new file mode 100644
index 000000000..948845d62
--- /dev/null
+++ b/src/watchOS/bitwarden/bitwarden WatchKit Extension/Localization/zh-Hant.lproj/Localizable.strings	
@@ -0,0 +1,10 @@
+"ThereAreNoItemsToList"="There are no items to list";
+"ToViewVerificationCodesUpgradeToPremium"="To view verification codes, upgrade to premium";
+"Add2FactorAutenticationToAnItemToViewVerificationCodes"="Add 2 factor authentication to an item to view the verification codes";
+"LogInToBitwardenOnYourIPhoneToViewVerificationCodes"="Log in to Bitwarden on your iPhone to view verification codes";
+"SyncingItemsContainingVerificationCodes"="Syncing items containing verification codes";
+"UnlockBitwardenOnYourIPhoneToViewVerificationCodes"="Unlock Bitwarden on your iPhone to view verification codes";
+"SetUpBitwardenToViewItemsContainingVerificationCodes"="Set up Bitwarden to view items containing verification codes";
+"Search"="Search";
+"NoItemsFound"="No items found";
+"SetUpAppleWatchPasscodeInOrderToUseBitwarden"="Set up Apple Watch passcode in order to use Bitwarden";
diff --git a/src/watchOS/bitwarden/bitwarden.xcodeproj/project.pbxproj b/src/watchOS/bitwarden/bitwarden.xcodeproj/project.pbxproj
index 8720e755d..32102d6bd 100644
--- a/src/watchOS/bitwarden/bitwarden.xcodeproj/project.pbxproj
+++ b/src/watchOS/bitwarden/bitwarden.xcodeproj/project.pbxproj
@@ -207,6 +207,66 @@
 		1BDBFEB2290B5D07009C78C7 /* CoreDataHelper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CoreDataHelper.swift; sourceTree = "<group>"; };
 		1BF5F6DA29103066002DDC0C /* CipherService.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CipherService.swift; sourceTree = "<group>"; };
 		1BF5F6DD29103B86002DDC0C /* CipherServiceMock.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CipherServiceMock.swift; sourceTree = "<group>"; };
+		B78CEC4A2A25402900539F0D /* es */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = es; path = es.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC4B2A2540A200539F0D /* af */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = af; path = af.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC4C2A2540A800539F0D /* ar */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ar; path = ar.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC4D2A2540E700539F0D /* az */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = az; path = az.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC4E2A25411000539F0D /* be */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = be; path = be.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC4F2A25412100539F0D /* bg */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = bg; path = bg.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC502A25413300539F0D /* bn */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = bn; path = bn.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC512A25414C00539F0D /* bs */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = bs; path = bs.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC522A25415400539F0D /* ca */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ca; path = ca.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC532A25415D00539F0D /* cs */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = cs; path = cs.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC542A2541B900539F0D /* cy */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = cy; path = cy.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC552A2541C300539F0D /* da */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = da; path = da.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC562A2541CB00539F0D /* de */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = de; path = de.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC572A2541F700539F0D /* el */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = el; path = el.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC582A25420000539F0D /* en-GB */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "en-GB"; path = "en-GB.lproj/Localizable.strings"; sourceTree = "<group>"; };
+		B78CEC592A25420600539F0D /* en-IN */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "en-IN"; path = "en-IN.lproj/Localizable.strings"; sourceTree = "<group>"; };
+		B78CEC5A2A25422500539F0D /* et */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = et; path = et.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC5B2A25425A00539F0D /* eu */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = eu; path = eu.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC5C2A25427E00539F0D /* fa */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = fa; path = fa.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC5D2A25429C00539F0D /* fi */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = fi; path = fi.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC5E2A2542CD00539F0D /* fil */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = fil; path = fil.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC5F2A2542D400539F0D /* fr */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = fr; path = fr.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC602A2542EC00539F0D /* gl */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = gl; path = gl.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC612A25430800539F0D /* he */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = he; path = he.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC622A25431900539F0D /* hi */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = hi; path = hi.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC632A25432900539F0D /* hr */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = hr; path = hr.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC642A25433100539F0D /* hu */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = hu; path = hu.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC652A25433600539F0D /* id */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = id; path = id.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC662A25433C00539F0D /* it */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = it; path = it.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC672A25434200539F0D /* ja */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ja; path = ja.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC682A25435600539F0D /* ka */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ka; path = ka.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC692A25437200539F0D /* kn */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = kn; path = kn.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC6A2A25437E00539F0D /* ko */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ko; path = ko.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC6B2A25438F00539F0D /* lt */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = lt; path = lt.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC6C2A2543A500539F0D /* lv */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = lv; path = lv.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC6D2A2543BE00539F0D /* ml */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ml; path = ml.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC6E2A2543D900539F0D /* my */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = my; path = my.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC6F2A2543F000539F0D /* nb */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = nb; path = nb.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC702A25440200539F0D /* ne */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ne; path = ne.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC712A25441700539F0D /* nl */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = nl; path = nl.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC722A25442D00539F0D /* nn */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = nn; path = nn.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC732A25444C00539F0D /* or */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = or; path = or.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC742A25446600539F0D /* pl */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = pl; path = pl.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC752A25447100539F0D /* pt-BR */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "pt-BR"; path = "pt-BR.lproj/Localizable.strings"; sourceTree = "<group>"; };
+		B78CEC762A25447500539F0D /* pt-PT */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "pt-PT"; path = "pt-PT.lproj/Localizable.strings"; sourceTree = "<group>"; };
+		B78CEC772A25448100539F0D /* ro */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ro; path = ro.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC782A25448700539F0D /* ru */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ru; path = ru.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC792A25449B00539F0D /* si */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = si; path = si.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC7A2A2544B300539F0D /* sk */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = sk; path = sk.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC7B2A2544CD00539F0D /* sl */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = sl; path = sl.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC7C2A2544DF00539F0D /* sr */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = sr; path = sr.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC7D2A2544EF00539F0D /* sv */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = sv; path = sv.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC7E2A25450800539F0D /* ta */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = ta; path = ta.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC7F2A25451A00539F0D /* te */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = te; path = te.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC802A25453600539F0D /* th */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = th; path = th.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC812A25454600539F0D /* tr */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = tr; path = tr.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC822A25454E00539F0D /* uk */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = uk; path = uk.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC832A25455400539F0D /* vi */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = vi; path = vi.lproj/Localizable.strings; sourceTree = "<group>"; };
+		B78CEC842A25455D00539F0D /* zh-Hans */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "zh-Hans"; path = "zh-Hans.lproj/Localizable.strings"; sourceTree = "<group>"; };
+		B78CEC852A25456400539F0D /* zh-Hant */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "zh-Hant"; path = "zh-Hant.lproj/Localizable.strings"; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
@@ -576,6 +636,66 @@
 			knownRegions = (
 				en,
 				Base,
+				es,
+				af,
+				ar,
+				az,
+				be,
+				bg,
+				bn,
+				bs,
+				ca,
+				cs,
+				cy,
+				da,
+				de,
+				el,
+				"en-GB",
+				"en-IN",
+				et,
+				eu,
+				fa,
+				fi,
+				fil,
+				fr,
+				gl,
+				he,
+				hi,
+				hr,
+				hu,
+				id,
+				it,
+				ja,
+				ka,
+				kn,
+				ko,
+				lt,
+				lv,
+				ml,
+				my,
+				nb,
+				ne,
+				nl,
+				nn,
+				or,
+				pl,
+				"pt-BR",
+				"pt-PT",
+				ro,
+				ru,
+				si,
+				sk,
+				sl,
+				sr,
+				sv,
+				ta,
+				te,
+				th,
+				tr,
+				uk,
+				vi,
+				"zh-Hans",
+				"zh-Hant",
 			);
 			mainGroup = 1B15612628B7F3D400610B9B;
 			packageReferences = (
@@ -725,6 +845,66 @@
 			isa = PBXVariantGroup;
 			children = (
 				1B5AFF0829197822004478F9 /* en */,
+				B78CEC4A2A25402900539F0D /* es */,
+				B78CEC4B2A2540A200539F0D /* af */,
+				B78CEC4C2A2540A800539F0D /* ar */,
+				B78CEC4D2A2540E700539F0D /* az */,
+				B78CEC4E2A25411000539F0D /* be */,
+				B78CEC4F2A25412100539F0D /* bg */,
+				B78CEC502A25413300539F0D /* bn */,
+				B78CEC512A25414C00539F0D /* bs */,
+				B78CEC522A25415400539F0D /* ca */,
+				B78CEC532A25415D00539F0D /* cs */,
+				B78CEC542A2541B900539F0D /* cy */,
+				B78CEC552A2541C300539F0D /* da */,
+				B78CEC562A2541CB00539F0D /* de */,
+				B78CEC572A2541F700539F0D /* el */,
+				B78CEC582A25420000539F0D /* en-GB */,
+				B78CEC592A25420600539F0D /* en-IN */,
+				B78CEC5A2A25422500539F0D /* et */,
+				B78CEC5B2A25425A00539F0D /* eu */,
+				B78CEC5C2A25427E00539F0D /* fa */,
+				B78CEC5D2A25429C00539F0D /* fi */,
+				B78CEC5E2A2542CD00539F0D /* fil */,
+				B78CEC5F2A2542D400539F0D /* fr */,
+				B78CEC602A2542EC00539F0D /* gl */,
+				B78CEC612A25430800539F0D /* he */,
+				B78CEC622A25431900539F0D /* hi */,
+				B78CEC632A25432900539F0D /* hr */,
+				B78CEC642A25433100539F0D /* hu */,
+				B78CEC652A25433600539F0D /* id */,
+				B78CEC662A25433C00539F0D /* it */,
+				B78CEC672A25434200539F0D /* ja */,
+				B78CEC682A25435600539F0D /* ka */,
+				B78CEC692A25437200539F0D /* kn */,
+				B78CEC6A2A25437E00539F0D /* ko */,
+				B78CEC6B2A25438F00539F0D /* lt */,
+				B78CEC6C2A2543A500539F0D /* lv */,
+				B78CEC6D2A2543BE00539F0D /* ml */,
+				B78CEC6E2A2543D900539F0D /* my */,
+				B78CEC6F2A2543F000539F0D /* nb */,
+				B78CEC702A25440200539F0D /* ne */,
+				B78CEC712A25441700539F0D /* nl */,
+				B78CEC722A25442D00539F0D /* nn */,
+				B78CEC732A25444C00539F0D /* or */,
+				B78CEC742A25446600539F0D /* pl */,
+				B78CEC752A25447100539F0D /* pt-BR */,
+				B78CEC762A25447500539F0D /* pt-PT */,
+				B78CEC772A25448100539F0D /* ro */,
+				B78CEC782A25448700539F0D /* ru */,
+				B78CEC792A25449B00539F0D /* si */,
+				B78CEC7A2A2544B300539F0D /* sk */,
+				B78CEC7B2A2544CD00539F0D /* sl */,
+				B78CEC7C2A2544DF00539F0D /* sr */,
+				B78CEC7D2A2544EF00539F0D /* sv */,
+				B78CEC7E2A25450800539F0D /* ta */,
+				B78CEC7F2A25451A00539F0D /* te */,
+				B78CEC802A25453600539F0D /* th */,
+				B78CEC812A25454600539F0D /* tr */,
+				B78CEC822A25454E00539F0D /* uk */,
+				B78CEC832A25455400539F0D /* vi */,
+				B78CEC842A25455D00539F0D /* zh-Hans */,
+				B78CEC852A25456400539F0D /* zh-Hant */,
 			);
 			name = Localizable.strings;
 			sourceTree = "<group>";
@@ -736,6 +916,7 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES;
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
@@ -795,6 +976,7 @@
 			isa = XCBuildConfiguration;
 			buildSettings = {
 				ALWAYS_SEARCH_USER_PATHS = NO;
+				CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES;
 				CLANG_ANALYZER_NONNULL = YES;
 				CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE;
 				CLANG_CXX_LANGUAGE_STANDARD = "gnu++17";
diff --git a/test/Core.Test/Services/CipherServiceTests.cs b/test/Core.Test/Services/CipherServiceTests.cs
index 494fa192c..f63d115c7 100644
--- a/test/Core.Test/Services/CipherServiceTests.cs
+++ b/test/Core.Test/Services/CipherServiceTests.cs
@@ -29,7 +29,7 @@ namespace Bit.Core.Test.Services
                 .Returns(encFileName);
             sutProvider.GetDependency<ICryptoService>().EncryptToBytesAsync(data.Buffer, Arg.Any<SymmetricCryptoKey>())
                 .Returns(data);
-            sutProvider.GetDependency<ICryptoService>().MakeEncKeyAsync(Arg.Any<SymmetricCryptoKey>()).Returns(new Tuple<SymmetricCryptoKey, EncString>(null, encKey));
+            sutProvider.GetDependency<ICryptoService>().MakeDataEncKeyAsync(Arg.Any<UserKey>()).Returns(new Tuple<SymmetricCryptoKey, EncString>(null, encKey));
             sutProvider.GetDependency<IApiService>().PostCipherAttachmentAsync(cipher.Id, Arg.Any<AttachmentRequest>())
                 .Returns(uploadDataResponse);
 
@@ -50,7 +50,7 @@ namespace Bit.Core.Test.Services
                 .Returns(new EncString(fileName));
             sutProvider.GetDependency<ICryptoService>().EncryptToBytesAsync(data.Buffer, Arg.Any<SymmetricCryptoKey>())
                 .Returns(data);
-            sutProvider.GetDependency<ICryptoService>().MakeEncKeyAsync(Arg.Any<SymmetricCryptoKey>()).Returns(new Tuple<SymmetricCryptoKey, EncString>(null, encKey));
+            sutProvider.GetDependency<ICryptoService>().MakeDataEncKeyAsync(Arg.Any<UserKey>()).Returns(new Tuple<SymmetricCryptoKey, EncString>(null, encKey));
             sutProvider.GetDependency<IApiService>().PostCipherAttachmentAsync(cipher.Id, Arg.Any<AttachmentRequest>())
                 .Throws(new ApiException(new ErrorResponse { StatusCode = statusCode }));
             sutProvider.GetDependency<IApiService>().PostCipherAttachmentLegacyAsync(cipher.Id, Arg.Any<MultipartFormDataContent>())
@@ -70,7 +70,7 @@ namespace Bit.Core.Test.Services
                 .Returns(new EncString(fileName));
             sutProvider.GetDependency<ICryptoService>().EncryptToBytesAsync(data.Buffer, Arg.Any<SymmetricCryptoKey>())
                 .Returns(data);
-            sutProvider.GetDependency<ICryptoService>().MakeEncKeyAsync(Arg.Any<SymmetricCryptoKey>())
+            sutProvider.GetDependency<ICryptoService>().MakeDataEncKeyAsync(Arg.Any<UserKey>())
                 .Returns(new Tuple<SymmetricCryptoKey, EncString>(null, encKey));
             var expectedException = new ApiException(new ErrorResponse { StatusCode = HttpStatusCode.BadRequest });
             sutProvider.GetDependency<IApiService>().PostCipherAttachmentAsync(cipher.Id, Arg.Any<AttachmentRequest>())
diff --git a/test/Core.Test/Services/SendServiceTests.cs b/test/Core.Test/Services/SendServiceTests.cs
index 6038465d5..688d0fef0 100644
--- a/test/Core.Test/Services/SendServiceTests.cs
+++ b/test/Core.Test/Services/SendServiceTests.cs
@@ -145,7 +145,7 @@ namespace Bit.Core.Test.Services
             return;
 
             var sendDataDict = sendDatas.ToDictionary(d => d.Id, d => d);
-            sutProvider.GetDependency<ICryptoService>().HasKeyAsync().Returns(true);
+            sutProvider.GetDependency<ICryptoService>().HasUserKeyAsync().Returns(true);
             ServiceContainer.Register("cryptoService", sutProvider.GetDependency<ICryptoService>());
             sutProvider.GetDependency<II18nService>().StringComparer.Returns(StringComparer.CurrentCulture);
             sutProvider.GetDependency<IStateService>().GetActiveUserIdAsync().Returns(userId);