Adding Biometric/PIN authentication with Master password re-prompt

THEOCKID · December 6, 2021, 1:58pm

OK so It looks like (upon removing and re-installing my browser BW extension (Opera, using the Chrome version)) that biometric reauthentication may now be an option?

ikjadoon · December 7, 2021, 1:04am

I believe that “unlock with biometrics” can only unlock the extension. The master password re-prompt is a 2nd layer and at the moment, I’m seeing it still only can be unlocked using the master password (as of BW Extension 1.54.0 on Microsoft Edge 96.0.1054.43).

Unlock the extension (1st layer):

Master password
Biometrics
PIN

Unlock re-prompt items (2nd layer, optional):

Master password

We’d like to add biometrics to the 2nd layer:

2021-12-06_19-56-05

//

I agree with @Caign: the feature’s name probably needs to be changed. Not “master password re-prompt”: I also like “authentication re-prompt”.

Now, “authentication” also implies PIN unlock, so perhaps that is something Bitwarden also wants to explore.

ftyr · December 30, 2021, 5:30pm

I also made an account just to comment and vote on this thread. I think this would be a real quality of life improvement and a useful feature as my master password is quite long. One should be able to re-prompt with biometrics or a pin.

DearHunter · January 5, 2022, 2:10pm

Feature name

PIN Lock for Indivual Logins and Notes

What will this feature do differently? It aids additional security in the event that a bad actor or so-called ‘friend’ uses or gains access to your unlocked vault. The option to PIN protect credit card info, secure notes and other very personal items would be a welcome additional layer of security.
What benefits will this feature bring? It is a lot easier/quicker than having to use master password re-prompts with the additional benefit of not having to expose your master password as often (less chance of onlookers and keyloggers stealing your master password.)
Remember to add a tag for each client application that will be affected. This likely is more useful for desktop and web/browser apps, but certainly could be useful for mobile too.

Related topics + references

Are there any related topics that may help explain the need and function of this feature? It’s quite a difficult term to search for specifically.
Are there any references to this feature or function on other platforms that may be helpful? This feature is available on Lastpass - the previous password manager I used before I knew about Bitwarden. It’s the only fairly major thing I can think of that is missing.

Thank you!

DearHunter · January 5, 2022, 2:30pm

Thanks to the OP for this. I posted a new feature request but was specifically referring to 2nd layer PIN unlock. This would be a great addition I think.

ColeM40 · January 11, 2022, 2:53am

Yes! I don’t need fingerprint for first-time logging into the vault (I like the security of the password), but I would love it for re-prompting - would speed up my life a lot!!

ColeM40 · January 11, 2022, 2:55am

Great explanation. I agree that we’d like biometrics to the 2nd layer. I would hope that, if we wanted, we could opt for having the fingerprint ONLY for 2nd layer (not for first).

truemagic · April 2, 2022, 2:24am

I’m coming to upvote this request, is it in the roadmap yet please? It would be convenient to have a pin or fingerprint as a 2nd layer reprompt instead of master password.

dwbit · April 4, 2022, 10:00am

Hey everyone! We are currently investigating how we can improve the password reprompt functionality.

ikjadoon · May 9, 2022, 6:19pm

Thank you for the update, @dwbit. Is there something users / customers can help with this investigation?

From my specific perspective, I have a few troubles with Master Password Re-Prompt:

Current thread - biometrics / PIN can authenticate the re-prompt
Feature request / thread 34300 - re-prompt’d secure note content should not be visible [duplicate feature request]
Feature Request / thread 18842 (wrongly closed) - autofill keyboard shortcut triggers the re-prompt
Feature Request / thread 32894 - add a timeout so users don’t re-authenticate every 10 seconds

//

I believe 34300 has a confirmed fix, so that is great to hear:

dwbit · May 9, 2022, 7:38pm

Hey @ikjadoon, the upcoming enhancement to the master password re-prompt will apply to the whole vault item, not just the password field, and biometrics will be an option

darrenius · October 21, 2022, 9:42am

This would definitely be useful on Mobile. Having to enter a long Master Password on Mobile to view/copy credentials on mobile is quite tiresome. Would it be possible to check? IE if the user is on mobile, then use biometric login instead (if enabled) to use open/view a credential

ikjadoon · November 14, 2022, 4:42am

Ah, that is fantastic, @dwbit. My apologies for missing your reply. I appreciate this has been given attention for a future update; it’s really quite useful, once people can get used to it.

Thank you so much.

Warden1 · January 3, 2023, 7:43am

Another feature that I wanted, that I found in search. Glad to see it is under investigation. Is there any timeline on this though, since I see that comment was 8 months ago. (lol, not sure how to better word it, to not sound like I’m demanding an ETA)

dwbit · January 3, 2023, 10:05am

Hey @Warden1 thanks for checking in, no specific eta at this time, but we will be sure to share information as it becomes available.

SEJHemming · March 7, 2023, 10:42am

Feature name

Fingerprint instead of Master Password when “Require Master Password” selected

Feature function

On my phone, I have a couple of entries set up that require the Master Password before allowing access to their data. LastPass’ android app used to allow biometrics as an alternative to typing in the password. It would be nice to have this in BW too

strijdhaftig · December 16, 2022, 1:56am

Feature name

Re-prompt but for pin instead of master password.

Feature function

In Settings, a user will be able to check “Re-prompt with pin”, in addition to “Re-prompt with master password”.
In an item window, there will be the general option to “Require re-prompt for access” instead of specifically “Master password re-prompt”.

Then, if re-prompt with pin had been activated, when the user has an item that requires re-prompting, the user will be able to enter their pin instead of their more sophisticated or much longer master password.

This makes the app more secure in the using because it prevents the user from either choosing a short master password to make re-prompting less of a hassle or not using re-prompting at all due to what a hassle it is to input a sophisticated or long passphrase every time.

The master password should only be used for encryption/decryption purposes, and the user should be encouraged to make it a sophisticated or long passphrase.

After decryption has finished, we should be able to use an easy-to-remember and quick-to-enter pin for access to sensitive items.

(There is a related request but it is worded vaguely and is not gaining any votes so I wrote this request in a way that is clear and easy to get behind).

Noah_Forman · March 7, 2023, 11:10pm

Responding that this is still an issue that I’d like solved please!

cavr · April 11, 2023, 4:24am

UP… Came from Lastpass and this feature is critical for me. I hope they tackle this soon.

JuanPabloTyrlik · May 21, 2023, 1:31am

It would be nice to allow Yubikeys or other Phisical Security Keys as well