Any TouchID fingerprint can access to Bitwarden on iOS/iPad

Differentiate different login Touch ID’s on iPhones and iPads that have the Touch ID technology.

  • I have two different fingerprints enabled on my iPad 10th gen and both can access to my Bitwarden account. I would have expected that only mine would be able to access to my data. Sharing the iPad with other members who also have Touch ID enabled, does not help in making your bitwarden account more secure as other can access.

Feature function

  • What will this feature do differently?
    This feature will check if the current fingerprint relates to the Bitwarden user who sets it up.
  • What benefits will this feature bring?
    Data password safety

@vic2345 welcome! Are these fingerprints enrolled as part of the 5 total you can have on your iPad? (i.e. you have 4 of 5 enrolled now, 2 being yours and 2 being someone else’s)

Hello @tgreer. These fingerprints are enrolled as part of the 5 total you can have on the iPad. I enrolled mine and my partner’s and she is able to access to my Bitwarden too.

@vic2345 understood. iOS Biometrics is based on the device being single-user. All 5 fingerprints are general authentication into the device, and to the device, always belong to 1 “user” per se. Perhaps when iOS has a multi-user function, there may be separate biometric options, but currently, this is the expected behavior.

If you’d prefer Bitwarden not be accessible via Biometrics, using a PIN would be the best bet, aside from using the master password every time.