Android pin code needs to support non numeric keys (like the browser extensions do)

Apologies for my off-topic comment to @OpSec earlier.

I don’t know why the mobile apps only allow numerical PINs, but I have to assume it’s a technical limitation, as Bitwarden strives to be cross-platform compatible as much as possible. I looked through the original Feature Request for PIN unlock support on non-mobile apps, but couldn’t find any clues (although I did see that the mobile implementation only allowed 4 digits at the time). A search through the Github pull requests suggests that PR #446 may be relevant, although I believe that is just for the keyboard displayed (the restriction to an all-numeric code preceded this PR); you may find additional clues by digging through the Github repos.

FYI, a Feature Request identical to yours was made in 2021, but apparently did not gain any traction.

Part of the reason for the lack of interest may be that most users consider the threat profile of their mobile device to be sufficiently well-managed that a PIN with 27 bits of entropy should offer sufficient protection against a local attack (especially since it is apparently not clear whether it is even possible to extract the local vault data from a non-rooted device), perhaps because they also lock the device itself when not in use.

Those users who are concerned about being able to maintain sufficient operational security to guard their mobile devices still have the option to unlock using their master password instead of a PIN. You are making this option much too difficult for yourself by using a random 57-character string as your master password, which is also atypical for most Bitwarden users. Such a password has 374 bits of entropy, which is overkill. You gain zero security advantage for any password that has more than 256 bits of entropy, and even 256 bits is overkill. All the additional characters only create problems (making it difficult to memorize and type the master password), with no added benefits.

Unless the total value of assets that would be lost if your vault were compromised runs in the billions, a master password providing 65-90 bits of entropy should be sufficient. A randomly generated passphrase containing 5-7 words will provide this level of security, and such passphrases can be memorized and typed out without too much trouble.