Thanks to the OP for this. I posted a new feature request but was specifically referring to 2nd layer PIN unlock. This would be a great addition I think.
Yes! I don’t need fingerprint for first-time logging into the vault (I like the security of the password), but I would love it for re-prompting - would speed up my life a lot!!
Great explanation. I agree that we’d like biometrics to the 2nd layer. I would hope that, if we wanted, we could opt for having the fingerprint ONLY for 2nd layer (not for first).
I’m coming to upvote this request, is it in the roadmap yet please? It would be convenient to have a pin or fingerprint as a 2nd layer reprompt instead of master password.
Hey everyone! We are currently investigating how we can improve the password reprompt functionality.
Thank you for the update, @bw-admin. Is there something users / customers can help with this investigation?
From my specific perspective, I have a few troubles with Master Password Re-Prompt:
- Current thread - biometrics / PIN can authenticate the re-prompt
- Feature request / thread 34300 - re-prompt’d secure note content should not be visible [duplicate feature request]
- Feature Request / thread 18842 (wrongly closed) - autofill keyboard shortcut triggers the re-prompt
- Feature Request / thread 32894 - add a timeout so users don’t re-authenticate every 10 seconds
I believe 34300 has a confirmed fix, so that is great to hear:
Hey @ikjadoon, the upcoming enhancement to the master password re-prompt will apply to the whole vault item, not just the password field, and biometrics will be an option
This would definitely be useful on Mobile. Having to enter a long Master Password on Mobile to view/copy credentials on mobile is quite tiresome. Would it be possible to check? IE if the user is on mobile, then use biometric login instead (if enabled) to use open/view a credential
Ah, that is fantastic, @bw-admin. My apologies for missing your reply. I appreciate this has been given attention for a future update; it’s really quite useful, once people can get used to it.
Thank you so much.
Another feature that I wanted, that I found in search. Glad to see it is under investigation. Is there any timeline on this though, since I see that comment was 8 months ago. (lol, not sure how to better word it, to not sound like I’m demanding an ETA)
Hey @Warden1 thanks for checking in, no specific eta at this time, but we will be sure to share information as it becomes available.
- Fingerprint instead of Master Password when “Require Master Password” selected
On my phone, I have a couple of entries set up that require the Master Password before allowing access to their data. LastPass’ android app used to allow biometrics as an alternative to typing in the password. It would be nice to have this in BW too
Re-prompt but for pin instead of master password.
In Settings, a user will be able to check “Re-prompt with pin”, in addition to “Re-prompt with master password”.
In an item window, there will be the general option to “Require re-prompt for access” instead of specifically “Master password re-prompt”.
Then, if re-prompt with pin had been activated, when the user has an item that requires re-prompting, the user will be able to enter their pin instead of their more sophisticated or much longer master password.
This makes the app more secure in the using because it prevents the user from either choosing a short master password to make re-prompting less of a hassle or not using re-prompting at all due to what a hassle it is to input a sophisticated or long passphrase every time.
The master password should only be used for encryption/decryption purposes, and the user should be encouraged to make it a sophisticated or long passphrase.
After decryption has finished, we should be able to use an easy-to-remember and quick-to-enter pin for access to sensitive items.
(There is a related request but it is worded vaguely and is not gaining any votes so I wrote this request in a way that is clear and easy to get behind).
Responding that this is still an issue that I’d like solved please!
UP… Came from Lastpass and this feature is critical for me. I hope they tackle this soon.
It would be nice to allow Yubikeys or other Phisical Security Keys as well
Any updates regarding this?
Created an account only to upvote this. This feature would be really great to have, being able to re-authenticate or confirm password with fingerprint when trying to access cards or bank details. Definitely needed! Currently the only missing feature for me.
Is this on a roadmap in near future?
Wish you’d work on this, please, or let us know why you don’t think it’s a good idea.
I particularly hate not having this for sites/apps that don’t show the username and password in the same screen. That means I have to type my password twice. It’s a real pain on Android, with a complex password and a thumb-keyboard.
It’s the same for copying a username and then a password.
Not having it makes bitwarden less secure because most people will just turn off password re-prompt for the annoying site. There is one that I use every day.
It could be resentment of former Lastpass users who descended on the Bitwarden platform demanding Master Password Reprompt. It was implemented in pretty fast time but those users are still not happy, sparking more resentment. Only a guess.