On my father’s iPhone 11 I set up an PIN for easy access but when he tries to auto fill on Chrome or Safari Bitwarden demands the master password instead of the PIN and because he can’t be bothered to learn the password he is locked out of his passwords. Opening Bitwarden directly works as expected.
I’m seeing something similar. Master password required on all login attempts made for anything in the vault - whether attempted from the site on its own or when the site was launched from the BW app.
iPhone11/iOS 13.3.1 using Safari/Firefox with following settings:
BW app extension enabled
BW password autofill on, had same issue with autofill off
BW Lock Options set to 15min
BW Unlock with PIN Code disabled
BW vault is synced with Win10 laptop where BW runs well (master password normally only required after computer restart)
iOS settings for AutoFill Passwords: Keychain off, BW on
I’m not familiar with the PIN code feature (not seeing anything about it in the Help Center) - how does this help/is it required for iOS use?
Am seeing little discussion of iOS generally on the Help Center and it appears others may be experiencing something similar with Mac/Safari in the community - am I missing a setting somewhere that needs to be adjusted to get beyond the continuous master password requirement?
Follow-up here - I noticed that YouTube user suzana is experiencing the same issue - she posted the following on BW’s “iOS App Walkthru” video https://youtu.be/u5VxhIkVTv4
@Bitwarden Hi, I cannot find any video tutorial on how to properly use this on the i-phone. It seems that every time i need to log in somewhere I have to re enter my master pass (and its a lonngg pass). Is there an easy way? I tried entering the master pass to unlock the Bitwarden app but even though I have the app open when I try to log in to lets say to my instagram it asks for the master pass again… Any help would be greatly appreciated!
Greatly appreciate any insight the community can offer…
Same here. I’m in my trial period and don’t want to use biometrics. If I don’t use bio, it prompts for full password even though PIN is set. Any news on a fix?
I am using Fingerprint to open BW, I don’t think that this is a security issue as the FP gets not forwarded to BW but is just a local method in the iPhone.
I have however tried what you explain, for me Pin works also for Autofill.
I have noticed that you have to set some options when you enter the Pin first time. When you choose open with Pin and enter it first time in the settings, you need to decide if you want the Pin to unlock the Vault one the App is re-started or if the Master Password shall be used. If have chosen “Pin”, then it worked for me as expected. Same when I restarted the App after locking it - you can open it with the Pin. However you need to take care that you don’t push the Logoff button below the entry field for the Pin, but push the button on the top.
Thank you so much! It’s worded in a confusing way. I selected NO not to use master password to unlock after app restart and it works. Other apps generally do not restart themselves unless the app is killed or the device is restarted. That is what I found confusing.
Regards,
Rob
This is great feedback. We’re working on more FAQs for stuff like this. I’ll make sure this gets added to the list
I noticed the same on Android recently, “Yes/No” questions should really be avoided. Instead it should have buttons saying “Use PIN” or “Master password”.
Hey - can I confirm here that you have to use either the master password, touch ID, face ID or PIN number every single time (depending on what your phone can do and which settings you have enable).
There is no way to get around needing to enter something every time you log in to a wesbite on an iPhone? is that right?
iPhone 13 Pro / iOS 15.5
Latest bitwarden
My findings here are that
- if Vault Timeout is set to any setting besides Never, OR
- if Face ID is turned on:
Then when using autofill on iOS, bitwarden will always popup to “Verify Master Password” or “Verify Pin” if pin setting was enabled.
The only way to prevent a screen from popping up each usage is to turn Vault Timeout to Never and then Face ID off in the Bitwarden app. Once you do this and try to autofill a password, something in the OS triggers FaceID anyways which is good.
The shortcoming here is that setting the app to never is a big security risk, if someone happens to come across my unlocked phone they could presumably access any of my account passwords if they know where to look. For some reason Autofill is not respecting the Vault Timeout setting
There are some older threads about this being a known issue on iPads without biometrics support, but I’m using an iPhone 13 Pro with Face ID.
LastPass appears to be managing this issue better by providing more config options:
- “Lock Options” : Bitwarden’s “Vault Timeout”
- “Skip reprompt after login” : no counterpart
- “Auto Logout” : no counterpart
Thanks for the info! It doesn’t look like there is an existing issue for this on Github, you can create a new one and provide your details for the team to investigate.
This issue has not been fixed yet? I have been experiencing the same problem when I choose Bitwarden to open via a PIN. It’s not about opening the Birwarden app on iOS, it works just fine with a PIN. However, when trying to access Bitwarden to log into other websites, it always asks for the master passowrd. Of course, with biometric it works fine.
Hello @eyayaw
I use to have this issue but not experiencing anymore.
Since ios 15.7
Currently running IOS16.2 and not having this issue
Bitwarden latest version also
Here is how I have my setup
Hope this helps
My settings are exactly the same, the only difference being I have iPhone 7 Plus and iOS15.6 is the latest version I can have at the moment.
I have the same problem posted by the OP and reiterated by eyayaw: on an iPhone/iPad with iOS/iPadOS 16.3 (the latest), if “Unlock with PIN code” is set, auto-fill does not accept a PIN code, instead it demands the master password.
As background I want unlock with PIN instead of biometrics because my phone unlocks with biometrics, so I don’t want a critical app – Bitwarden – to unlock in the same way. Defense in depth.
That’s really not how I expect it to work. The app is in memory, but the dialog to choose the password record ignores this fact. And asks for the master password instead of the PIN.
Enabling PIN even for cases when app is totally closed is not the answer. It reduces the defence.
I submitted a bug report for this back in July: