In relation to feature request 228 I would like to request the following, as feature request 228 is very broad:
Add the option to store the PIN of a card in Bitwarden. To be honest, I don’t understand why it’s not already there. It’s nice to store the CVC, but this is written on the card, so it’s actually not a secret that needs to be protected. And a CVC is something that only credit cards have, while all Maestro or V-Pay cards will have a PIN. However, the PIN is something that I need when I pay with my card or when I want to get cash. So it’s essential to know my PIN.
Therefore, please allow storing the PIN along with the card. I hope this is a smaller feature that can be implemented on short-term.
Yes, it’s possible via a custom field. However, I think a PIN is something that should be part of the default entry, as basically every credit card (at least in Europe) also has a PIN for payment or getting cash.
Interesting–in .us, we’d never enter a PIN online–only at either a POS terminal when making a purchase, or at an ATM to get cash. This might be why there isn’t already a field for this, but I certainly wouldn’t want to speak for the developer.
I create different PIN for different services, voicemail, ATM, App shortcut. I want to use Bitwarden to create and store PIN. I also have to generate PIN for some employees for certain services.
For some reason the minimum all numeric password that can be generated is 5-digits. Please allow 4-digit.
The developer is thinking too small here.Bitwarden should be the KEEPER of all of the user’s PIN and passwords, security questions. Allow for this and embrace it. The more things the developer disallows or makes very hard to do in Bitwarden the more users will look to other apps like 1Password or LastPass.
The developer should want Bitwarden to be the ONLY tool people use for storing their PWs, PIN, security questions, CC and banking details. Limiting that, limits if not caps Bitwarden’s appeal.
Personally I managed this by adding a custom hidden field in the card metadata through bitwarden app. Called it PIN.
This way, the original secured field is used to autofill forms in the websites, while the custom hidden field is used when I need to manually enter a pin somewhere (so I use the phone app to see the code when I forgot it)
Is it ok from a security point of view?
Right but BW password generator’s minimum length is 5. I end up having to male one of the digits non-numerical, then omit it from the PIN.
AND the user can’t use the PW generator within the item if it already has a PW. The user has to use the app or extension (which ever they’re not currently using) to create the PIN then (oh the horror) actually TYPE in the 4-digit PIN. It’s too much work.
I have several credit cards like Visa, Mastercard etc and all these cards have a pin code. Next to the Maestro cards that are used here. I do can use “custom field” but it’s not that neat. Specially not on the webvault as the custom field is always shown, even when empty and the custom field cannot be moved next to the CC number and CVV.
Could someone explain why the PIN isn’t part of the default credit card fields? Is it because these records are used in autofill and having a the PIN there would pose a risk that it might be revealed in an autofill procedure?
I’ll add what hopefully might be a solution to the impasse. Basically PCI-DSS requirements (for business customers) are that you cannot store the PIN. So, not even having the capability makes it an easy claim of “PCI-DSS compliant” for BitWarden in selling to business customers.
However, individual consumers want it. Perhaps there is a compromise in that this could be a feature that is added to the current “Card” vault object and there is a configuration setting to disable it from view/use and the UI itself. Make that a global setting for an organization and I think BitWarden can have both interests addressed.
This could also be leveraged for individual user vaults to require the BitWarden application or extension to require unlocking to view the PIN value in a Card vault object. Or for organizations that don’t disable PINs for Card objects/entries.