diff --git a/README.md b/README.md
index cae19edf..080ac580 100644
--- a/README.md
+++ b/README.md
@@ -34,3 +34,8 @@ To watch for changes use `grunt watch`
 ## Contributors
 Add yours when creating a pull request!
 - None
+
+
+## FAQ
+**Are you adding something to check if malicious code is executing on the browser?**   
+No, because malitous code could edit the functions that check for malicious code.
\ No newline at end of file
diff --git a/controller/vaultcontroller.php b/controller/vaultcontroller.php
index d6009b18..191d1d9a 100644
--- a/controller/vaultcontroller.php
+++ b/controller/vaultcontroller.php
@@ -38,9 +38,26 @@ class VaultController extends ApiController {
 	 * @NoAdminRequired
 	 */
 	public function listVaults() {
-
+		$result = array();
 		$vaults = $this->vaultService->getByUser($this->userId);
-		return new JSONResponse($vaults);
+
+		$protected_credential_fields = array('getDescription','getEmail','getUsername','getPassword');
+
+		foreach($vaults as $vault){
+			$credential = $this->credentialService->getRandomCredentialByVaultId($vault->getId(), $this->userId);
+			$secret_field = $protected_credential_fields[array_rand($protected_credential_fields)];
+			array_push($result, array(
+				'vault_id' => $vault->getId(),
+				'guid' => $vault->getGuid(),
+				'name' => $vault->getName(),
+				'created' => $vault->getCreated(),
+				'public_sharing_key' => $vault->getPublicSharingKey(),
+				'last_access' => $vault->getlastAccess(),
+				'challenge_password' => $credential->{$secret_field}()
+			));
+		}
+
+		return new JSONResponse($result);
 	}
 
 	/**
diff --git a/js/app/controllers/credential.js b/js/app/controllers/credential.js
index 459af364..3beed800 100644
--- a/js/app/controllers/credential.js
+++ b/js/app/controllers/credential.js
@@ -22,7 +22,7 @@ angular.module('passmanApp')
 					_vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
 					VaultService.setActiveVault(_vault);
 					$scope.active_vault = _vault;
-
+					console.log(_vault)
 					//@TODO check if vault exists
 				}
 
diff --git a/js/app/controllers/edit_credential.js b/js/app/controllers/edit_credential.js
index 11a7f600..21dfc8d5 100644
--- a/js/app/controllers/edit_credential.js
+++ b/js/app/controllers/edit_credential.js
@@ -18,13 +18,25 @@ angular.module('passmanApp')
 			} else {
 				if (SettingsService.getSetting('defaultVault') && SettingsService.getSetting('defaultVaultPass')) {
 					var _vault = angular.copy(SettingsService.getSetting('defaultVault'));
-					_vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
-					VaultService.setActiveVault(_vault);
-					$scope.active_vault = _vault;
+					VaultService.getVault(_vault).then(function (vault) {
+						vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
+						VaultService.setActiveVault(vault);
+						$scope.active_vault = vault;
 
-					//@TODO check if vault exists
+						$scope.pwSettings = VaultService.getVaultSetting('pwSettings',
+							{
+								'length': 12,
+								'useUppercase': true,
+								'useLowercase': true,
+								'useDigits': true,
+								'useSpecialChars': true,
+								'minimumDigitCount': 3,
+								'avoidAmbiguousCharacters': false,
+								'requireEveryCharType': true,
+								'generateOnCreate': true
+							})
+					})
 				}
-
 			}
 
 			$scope.tabs = [{
diff --git a/js/app/controllers/revision.js b/js/app/controllers/revision.js
index 79f12a85..5de9c639 100644
--- a/js/app/controllers/revision.js
+++ b/js/app/controllers/revision.js
@@ -18,12 +18,27 @@ angular.module('passmanApp')
 			} else {
 				if (SettingsService.getSetting('defaultVault') && SettingsService.getSetting('defaultVaultPass')) {
 					var _vault = angular.copy(SettingsService.getSetting('defaultVault'));
-					_vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
-					VaultService.setActiveVault(_vault);
-					$scope.active_vault = _vault;
-
+					VaultService.getVault(_vault).then(function (vault) {
+						vault.vaultKey = SettingsService.getSetting('defaultVaultPass');
+						VaultService.setActiveVault(vault);
+						$scope.active_vault = vault;
+						$scope.$parent.selectedVault = true;
+						$scope.vault_settings.pwSettings = VaultService.getVaultSetting('pwSettings',
+							{
+								'length': 12,
+								'useUppercase': true,
+								'useLowercase': true,
+								'useDigits': true,
+								'useSpecialChars': true,
+								'minimumDigitCount': 3,
+								'avoidAmbiguousCharacters': false,
+								'requireEveryCharType': true,
+								'generateOnCreate': true
+							})
+					})
 				}
 			}
+
 			if ($scope.active_vault) {
 				$scope.$parent.selectedVault = true;
 			}
diff --git a/js/app/controllers/share.js b/js/app/controllers/share.js
index beddbb83..59da86f7 100644
--- a/js/app/controllers/share.js
+++ b/js/app/controllers/share.js
@@ -105,12 +105,15 @@ angular.module('passmanApp')
 				var list = $scope.share_settings.credentialSharedWithUserAndGroup;
 				console.log(list);
 				for (var i = 0; i < list.length; i++){
+					console.log(list[i]);
 					if (list[i].type == "user") {
 						ShareService.getVaultsByUser(list[i].userId).then(function (data) {
+							console.log(list);
+							console.log(i);
 							list[i].vaults = data;
 							console.log(data);
 							var start = new Date().getTime() / 1000;
-							;
+
 							ShareService.cypherRSAStringWithPublicKeyBulkAsync(data, key)
 								.progress(function (data) {
 									console.log(data);
@@ -131,7 +134,7 @@ angular.module('passmanApp')
 								list[i].vaults = data;
 								console.log(data);
 								var start = new Date().getTime() / 1000;
-								;
+
 								ShareService.cypherRSAStringWithPublicKeyBulkAsync(data, key)
 									.progress(function (data) {
 										console.log(data);
diff --git a/js/app/controllers/vault.js b/js/app/controllers/vault.js
index 2959ce11..2f64271c 100644
--- a/js/app/controllers/vault.js
+++ b/js/app/controllers/vault.js
@@ -101,19 +101,17 @@ angular.module('passmanApp')
 			_vault.vaultKey = angular.copy(vault_key);
 
 			VaultService.setActiveVault(_vault);
-			VaultService.getVault(vault).then(function (vault) {
-				var credential = vault.credentials[0];
-				try {
-					var c = CredentialService.decryptCredential(credential);
-					if ($scope.remember_vault_password) {
-						SettingsService.setSetting('defaultVaultPass', vault_key);
-					}
-					_loginToVault(vault, vault_key);
-
-				} catch (e) {
-					$scope.error = 'Incorrect vault password!'
+			try {
+				var c = EncryptService.decryptString(vault.challenge_password);
+				if ($scope.remember_vault_password) {
+					SettingsService.setSetting('defaultVaultPass', vault_key);
 				}
-			})
+				_loginToVault(vault, vault_key);
+
+			} catch (e) {
+				$scope.error = 'Incorrect vault password!'
+			}
+
 		};
 
 
diff --git a/js/templates.js b/js/templates.js
index 6bbd1668..606ad011 100644
--- a/js/templates.js
+++ b/js/templates.js
@@ -113,7 +113,7 @@ angular.module('views/share_credential.html', []).run(['$templateCache', functio
 angular.module('views/show_vault.html', []).run(['$templateCache', function($templateCache) {
   'use strict';
   $templateCache.put('views/show_vault.html',
-    '<div id="passman-controls"><div class="breadcrumb"><div class="breadcrumb"><div class="crumb svg ui-droppable" data-dir="/"><a><i class="fa fa-home"></i></a></div><div class="crumb svg last"><a>{{active_vault.name}}</a></div></div></div><span class="title" ng-if="delete_time">Showing deleted since: <span ng-if="delete_time == 1">All time</span> <span ng-if="delete_time > 1">{{delete_time | date:\'dd-MM-yyyy @ HH:mm:ss\'}}</span></span> <span class="title" ng-show="active_vault.credentials && !delete_time">Showing {{filtered_credentials.length}} of {{active_vault.credentials.length}} credentials</span><div class="actions creatable"><span ng-click="menuOpen = !menuOpen" class="button new" ng-init="menuOpen = false" off-click="menuOpen = false;"><span>+</span></span><div class="actionList popovermenu bubble menu" ng-show="menuOpen"><ul><li><span ng-click="addCredential()" class="menuitem action"><span class="icon icon-rename"></span> <span>New credential</span></span></li><li><span href="#" class="menuitem action"><span class="icon icon-shared"></span> <span>New shared credential</span></span></li></ul></div></div><div class="searchboxContainer"><input type="text" ng-model="filterOptions.filterText" class="searchbox" placeholder="Search credential..." select-on-click></div><div class="viewModes"><div class="view-mode" ng-class="{\'active\': view_mode === \'list\' }" ng-click="switchViewMode(\'list\')"><i class="fa fa-list"></i></div><div class="view-mode" ng-class="{\'active\': view_mode === \'grid\' }" ng-click="switchViewMode(\'grid\')"><i class="fa fa-th-large"></i></div></div></div><div off-click="closeSelected()"><div class="loaderContainer" ng-if="show_spinner"><div class="loader" use-theme type="\'border-bottom-color\'"></div></div><div ng-init="menuOpen = false;"><table class="credential-table" ng-if="view_mode === \'list\'"><tr ng-repeat="credential in active_vault.credentials | credentialSearch:filterOptions | tagFilter:selectedtags | orderBy:\'label\'| as:this:\'filtered_credentials\'" ng-if="credential.hidden == 0 && showCredentialRow(credential)" ng-click="selectCredential(credential)" ng-class="{\'selected\': selectedCredential.credential_id == credential.credential_id}"><td><span class="icon"><i class="fa fa-lock"></i></span> <span class="label">{{credential.label}}</span> <span class="tags"><span class="tag" ng-repeat="tag in credential.tags_raw">{{tag.text}}</span></span></td></tr></table><ul class="grid-view" ng-if="view_mode === \'grid\'"><li class="credential" ng-repeat="credential in active_vault.credentials | credentialSearch:filterOptions | tagFilter:selectedtags | orderBy:\'label\'| as:this:\'filtered_credentials\'" ng-if="credential.hidden == 0 && showCredentialRow(credential)" ng-click="selectCredential(credential)" use-theme type="\'border-color\'"><div class="credential_content"><div class="label">{{credential.label}}</div><div class="tags"><div class="tag" ng-repeat="tag in credential.tags_raw">{{tag.text}}</div></div></div></li></ul></div><div id="app-sidebar" class="detailsView scroll-container app_sidebar" ng-show="selectedCredential"><span class="close icon-close" ng-click="closeSelected()" alt="Close"></span><table><tr ng-show="selectedCredential.label"><td>Label</td><td>{{selectedCredential.label}}</td></tr><tr ng-show="selectedCredential.username"><td>Account</td><td><span credential-field value="selectedCredential.username"></span></td></tr><tr ng-show="selectedCredential.password"><td>Password</td><td><span credential-field value="selectedCredential.password" secret="\'true\'"></span></td></tr><tr ng-show="selectedCredential.otp.secret"><td>OTP</td><td><span otp-generator secret="selectedCredential.otp.secret"></span></td></tr><tr ng-show="selectedCredential.email"><td>E-mail</td><td><span credential-field value="selectedCredential.email"></span></td></tr><tr ng-show="selectedCredential.url"><td>URL</td><td><span credential-field value="selectedCredential.url"></span></td></tr><tr ng-show="selectedCredential.files.length > 0"><td>Files</td><td><div ng-repeat="file in selectedCredential.files" class="link" ng-click="downloadFile(file)">{{file.filename}} ({{file.size | bytes}})</div></td></tr><tr ng-repeat="field in selectedCredential.custom_fields"><td>{{field.label}}</td><td><span credential-field value="field.value" secret="field.secret"></span></td></tr><tr ng-show="selectedCredential.expire_time > 0"><td>Expire time</td><td>{{selectedCredential.expire_time * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}</td></tr><tr ng-show="selectedCredential.changed"><td>Changed</td><td>{{selectedCredential.changed * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}</td></tr><tr ng-show="selectedCredential.created"><td>Created</td><td>{{selectedCredential.created * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}</td></tr></table><div class="tags"><span class="tag" ng-repeat="tag in selectedCredential.tags">{{tag.text}}</span></div><div ng-show="selectedCredential"><button class="button" ng-click="editCredential(selectedCredential)" ng-if="selectedCredential.delete_time == 0"><span class="fa fa-edit"></span> Edit</button> <button class="button" ng-click="deleteCredential(selectedCredential)" ng-if="selectedCredential.delete_time == 0"><span class="fa fa-trash"></span> Delete</button> <button class="button" ng-click="shareCredential(selectedCredential)" ng-if="selectedCredential.delete_time == 0"><span class="fa fa-share"></span> Share</button> <button class="button" ng-click="getRevisions(selectedCredential)" ng-if="selectedCredential.delete_time == 0"><span class="fa fa-undo"></span> Revisions</button> <button class="button" ng-if="selectedCredential.delete_time > 0" ng-click="recoverCredential(selectedCredential)"><span class="fa fa-recycle"></span> Recover</button> <button class="button" ng-if="selectedCredential.delete_time > 0" ng-click="destroyCredential(selectedCredential)"><span class="fa fa-bomb"></span> Destroy</button></div></div></div>');
+    '<div id="passman-controls"><div class="breadcrumb"><div class="breadcrumb"><div class="crumb svg ui-droppable" data-dir="/"><a><i class="fa fa-home"></i></a></div><div class="crumb svg last"><a>{{active_vault.name}}</a></div></div></div><span class="title" ng-if="delete_time">Showing deleted since: <span ng-if="delete_time == 1">All time</span> <span ng-if="delete_time > 1">{{delete_time | date:\'dd-MM-yyyy @ HH:mm:ss\'}}</span></span> <span class="title" ng-show="active_vault.credentials && !delete_time">Showing {{filtered_credentials.length}} of {{active_vault.credentials.length}} credentials</span><div class="actions creatable"><span ng-click="menuOpen = !menuOpen" class="button new" ng-init="menuOpen = false" off-click="menuOpen = false;"><span>+</span></span><div class="actionList popovermenu bubble menu" ng-show="menuOpen"><ul><li><span ng-click="addCredential()" class="menuitem action"><span class="icon icon-rename"></span> <span>New credential</span></span></li><li><span href="#" class="menuitem action"><span class="icon icon-shared"></span> <span>New shared credential</span></span></li></ul></div></div><div class="searchboxContainer"><input type="text" ng-model="filterOptions.filterText" class="searchbox" placeholder="Search credential..." select-on-click></div><div class="viewModes"><div class="view-mode" ng-class="{\'active\': view_mode === \'list\' }" ng-click="switchViewMode(\'list\')"><i class="fa fa-list"></i></div><div class="view-mode" ng-class="{\'active\': view_mode === \'grid\' }" ng-click="switchViewMode(\'grid\')"><i class="fa fa-th-large"></i></div></div></div>{{filtered_credentials}}<div off-click="closeSelected()"><div class="loaderContainer" ng-if="show_spinner"><div class="loader" use-theme type="\'border-bottom-color\'"></div></div><div ng-init="menuOpen = false;"><table class="credential-table" ng-if="view_mode === \'list\'"><tr ng-repeat="credential in active_vault.credentials | credentialSearch:filterOptions | tagFilter:selectedtags | orderBy:\'label\'| as:this:\'filtered_credentials\'" ng-if="credential.hidden == 0 && showCredentialRow(credential)" ng-click="selectCredential(credential)" ng-class="{\'selected\': selectedCredential.credential_id == credential.credential_id}"><td><span class="icon"><i class="fa fa-lock"></i></span> <span class="label">{{ ::credential.label}}</span> <span class="tags"><span class="tag" ng-repeat="tag in credential.tags_raw">{{ ::tag.text}}</span></span></td></tr></table><ul class="grid-view" ng-if="view_mode === \'grid\'"><li class="credential" ng-repeat="credential in active_vault.credentials | credentialSearch:filterOptions | tagFilter:selectedtags | orderBy:\'label\'| as:this:\'filtered_credentials\'" ng-if="credential.hidden == 0 && showCredentialRow(credential)" ng-click="selectCredential(credential)" use-theme type="\'border-color\'"><div class="credential_content"><div class="label">{{ ::credential.label}}</div><div class="tags"><div class="tag" ng-repeat="tag in credential.tags_raw">{{ ::tag.text}}</div></div></div></li></ul></div><div id="app-sidebar" class="detailsView scroll-container app_sidebar" ng-show="selectedCredential"><span class="close icon-close" ng-click="closeSelected()" alt="Close"></span><table><tr ng-show="selectedCredential.label"><td>Label</td><td>{{selectedCredential.label}}</td></tr><tr ng-show="selectedCredential.username"><td>Account</td><td><span credential-field value="selectedCredential.username"></span></td></tr><tr ng-show="selectedCredential.password"><td>Password</td><td><span credential-field value="selectedCredential.password" secret="\'true\'"></span></td></tr><tr ng-show="selectedCredential.otp.secret"><td>OTP</td><td><span otp-generator secret="selectedCredential.otp.secret"></span></td></tr><tr ng-show="selectedCredential.email"><td>E-mail</td><td><span credential-field value="selectedCredential.email"></span></td></tr><tr ng-show="selectedCredential.url"><td>URL</td><td><span credential-field value="selectedCredential.url"></span></td></tr><tr ng-show="selectedCredential.files.length > 0"><td>Files</td><td><div ng-repeat="file in selectedCredential.files" class="link" ng-click="downloadFile(file)">{{file.filename}} ({{file.size | bytes}})</div></td></tr><tr ng-repeat="field in selectedCredential.custom_fields"><td>{{field.label}}</td><td><span credential-field value="field.value" secret="field.secret"></span></td></tr><tr ng-show="selectedCredential.expire_time > 0"><td>Expire time</td><td>{{selectedCredential.expire_time * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}</td></tr><tr ng-show="selectedCredential.changed"><td>Changed</td><td>{{selectedCredential.changed * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}</td></tr><tr ng-show="selectedCredential.created"><td>Created</td><td>{{selectedCredential.created * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}</td></tr></table><div class="tags"><span class="tag" ng-repeat="tag in selectedCredential.tags">{{tag.text}}</span></div><div ng-show="selectedCredential"><button class="button" ng-click="editCredential(selectedCredential)" ng-if="selectedCredential.delete_time == 0"><span class="fa fa-edit"></span> Edit</button> <button class="button" ng-click="deleteCredential(selectedCredential)" ng-if="selectedCredential.delete_time == 0"><span class="fa fa-trash"></span> Delete</button> <button class="button" ng-click="shareCredential(selectedCredential)" ng-if="selectedCredential.delete_time == 0"><span class="fa fa-share"></span> Share</button> <button class="button" ng-click="getRevisions(selectedCredential)" ng-if="selectedCredential.delete_time == 0"><span class="fa fa-undo"></span> Revisions</button> <button class="button" ng-if="selectedCredential.delete_time > 0" ng-click="recoverCredential(selectedCredential)"><span class="fa fa-recycle"></span> Recover</button> <button class="button" ng-if="selectedCredential.delete_time > 0" ng-click="destroyCredential(selectedCredential)"><span class="fa fa-bomb"></span> Destroy</button></div></div></div>');
 }]);
 
 angular.module('views/vaults.html', []).run(['$templateCache', function($templateCache) {
diff --git a/lib/Db/CredentialMapper.php b/lib/Db/CredentialMapper.php
index 519e7301..f60cffdf 100644
--- a/lib/Db/CredentialMapper.php
+++ b/lib/Db/CredentialMapper.php
@@ -32,6 +32,12 @@ class CredentialMapper extends Mapper {
 		return $this->findEntities($sql, [$user_id, $vault_id]);
 	}
 
+	public function getRandomCredentialByVaultId($vault_id, $user_id) {
+		$sql = 'SELECT * FROM `*PREFIX*passman_credentials` ' .
+			'WHERE `user_id` = ? and vault_id = ? ORDER BY RAND() LIMIT 1';
+		return $this->findEntities($sql, [$user_id, $vault_id]);
+	}
+
 	public function getExpiredCredentials($timestamp){
 		$sql = 'SELECT * FROM `*PREFIX*passman_credentials` ' .
 			'WHERE `expire_time` > 0 AND `expire_time` < ?';
diff --git a/lib/Db/Vault.php b/lib/Db/Vault.php
index c840cdea..61b00ae6 100644
--- a/lib/Db/Vault.php
+++ b/lib/Db/Vault.php
@@ -49,7 +49,7 @@ class Vault extends Entity implements  \JsonSerializable{
 	protected $privateSharingKey;
 	protected $sharingKeysGenerated;
 	protected $vaultSettings;
-
+	
 	public function __construct() {
 		// add types in constructor
 		$this->addType('created', 'integer');
diff --git a/lib/Service/CredentialService.php b/lib/Service/CredentialService.php
index 56e1239b..9dbf8f33 100644
--- a/lib/Service/CredentialService.php
+++ b/lib/Service/CredentialService.php
@@ -44,6 +44,10 @@ class CredentialService {
 		return $this->credentialMapper->getCredentialsByVaultId($vault_id, $user_id);
 	}
 
+	public function getRandomCredentialByVaultId($vault_id, $user_id) {
+		return array_pop($this->credentialMapper->getRandomCredentialByVaultId($vault_id, $user_id));
+	}
+
 	public function getExpiredCredentials($timestamp) {
 		return $this->credentialMapper->getExpiredCredentials($timestamp);
 	}
diff --git a/templates/views/show_vault.html b/templates/views/show_vault.html
index 73a6d442..4333afda 100644
--- a/templates/views/show_vault.html
+++ b/templates/views/show_vault.html
@@ -57,6 +57,7 @@
 		</div>
 	</div>
 </div>
+{{filtered_credentials}}
 <div off-click="closeSelected()">
 
 	<div class="loaderContainer" ng-if="show_spinner">
@@ -71,9 +72,9 @@
 				ng-class="{'selected': selectedCredential.credential_id == credential.credential_id}">
 				<td>
 					<span class="icon"><i class="fa fa-lock"></i> </span>
-					<span class="label">{{credential.label}}</span>
+					<span class="label">{{ ::credential.label}}</span>
 					<span class="tags">
-				<span class="tag" ng-repeat="tag in credential.tags_raw">{{tag.text}}</span>
+				<span class="tag" ng-repeat="tag in credential.tags_raw">{{ ::tag.text}}</span>
 
 			</span>
 				</td>
@@ -85,9 +86,9 @@
 					ng-click="selectCredential(credential)"
 					use-theme type="'border-color'">
 					<div class="credential_content" >
-						<div class="label">{{credential.label}}</div>
+						<div class="label">{{ ::credential.label}}</div>
 						<div class="tags">
-							<div class="tag" ng-repeat="tag in credential.tags_raw">{{tag.text}}</div>
+							<div class="tag" ng-repeat="tag in credential.tags_raw">{{ ::tag.text}}</div>
 						</div>
 					</div>
 				</li>