Currently, the Bitwarden Authenticator app will not consistently lock and prompt the user to reauthenticate with their biometric ID after leaving then opening the app. The behavior I expected for this feature is for it to be identical to the mobile password manager app, where the app is always locked after leaving it and I am immediately prompted to reauthenticate with my biometric ID.
To reproduce:
Download Bitwarden Authenticator
Skip the launch tutorial and go to Settings
Enable biometric login (e.g., Unlock with Touch ID)
Leave the app
Open the app
Version: 2023.5.0 (23)
OS: iOS 17.4.1
Model: iPhone SE
I tested how long the BW Authenticator would remain unlocked after Touch ID unlock on my iPad, and it’s at least 3 hours. (I didn’t test longer.) That is much too long and it’s a security issue.
A timeout locking setting within the app, and automatically locking when the phone locks, are capabilities I expected as well, I’m switching from Aegis.
I’d be interested to understand the rational behind not adding locking within the app as, based on the feedback to the ticket I opened in Github, this was a conscious decision and I may be falsely assuming this adds incremental security with this capability, when it doesn’t actually.
Interesting. – I just even resetted the Android authenticator app 2025.5.0 on my device - and even when I toggle biometrics on/off - I don’t see any session timeout options.
So, for now, it seems it’s only there on iOS, but not on Android.
I’ve written to Bitwarden support regarding this and was told to open a “Feature request” only to find out that others have noticed this to (would be surprisnig if they didn’t).
It’s mind boggling that iOS has this feature but on Android it isn’t available.
