Autofill on iPhone takes two tries

I’ll play: Disable biometrics (temporarily), and use PIN only to unlock. Does auto-fill behave any different?

Hi @grb, Firstly, I erred in my previous post, which I will fix after this one. A PIN is used only on the desktop browser, because when the portable is folded while attached to an external display then I cannot access the fingerprint sensor. The iOS devices were using FaceID only.

  • I tested with PIN on, biometrics off. No success at all, not even with multiple attempts.
  • Tested with both PIN and biometric on: no success at all again.
  • Reverted to biometrics only: full success

In the first two cases, I was asked for my master password.

I could also try lowering Argon2 memory. It is overkill as it stands, especially with an above-rec pass phrase.

Edited for clarification

Could you actually just try changing from argon2 to PDKDF2 first. This will completely shed light if your issue is relating to argon2 or not.

For anyone messing around, Please make sure you have a backup or export just in case.

1 Like

Hi @Gerardv514 For clarification, I have no issue myself, preferring biometrics on iOS. While I understand the test you propose, it appears to me from this thread and some linked discussion that PBKDF2 is known to work, near certainly. Therefore it may be more productive to seek to distinguish Argon2 use v. Argon2 configuration. There may be a person already using PBKDF2 who could verify that while I focus on Argon2 which I am already using. Memory will be the first variable tested.

I am unlikely to be back on this immediately, but fairly soon…

1 Like

I’m curious, are you getting the memory warnings from Bitwarden?

It appeared to be from Bitwarden, and proved correct which is why it would not then autofill. This allows there may be a point where it moves from not working to part working before full working. The MacBook Pro has no such problem, probably owing to having 32GB with about 16GB spare to muck around in, although iOS ≠ MacOS also.

I conducted the following tests, with a caveat. An iPad with 6GB working RAM and 256 GB of storage was used for testing, with KDF changes made on the computer (it has a real keyboard for many of those master password entries). Site used was a local banking web site.

  1. Set iPad to PIN, not biometrics → fail
  2. Cut m from 256 to 128 → fail
  3. Cut m to 64 → succeed*
  4. Increased m to 96 → fail

In all four tests Bitwarden (by appearances) popped up a memory warning. Retrying made no difference. *In test 3 I dismissed the warning because the fields had already filled correctly behind. A problem appears to lie between and including 64 and 96 MB. I did not test whether the dismissible warning would disappear below 64 MB.

I then stopped testing and reverted to biometrics, no PIN with new KDF settings including m above 96, with which settings it works normally as previously found.

The caveat is that I forgot that logging out kills the PIN (logging in, I had to use master password anyway) so tests 3 and 4 were done without either of PIN or biometrics flags set, and no PIN anyway.

I believe the exact threshold will differ for each specific device. The iOS memory limit for auto-fill is 120 MiB, but this has to accommodate the app memory and the vault data in addition to the memory required for Argon2id hashing of the PIN or master password.

The warning should disappear below 48 MiB, so if the issue is caused by the warning notice itself (as opposed to running out of memory), then setting the memory to less than 48 MiB should fix it.

Regardless, all of your test results seem to be 100% consistent with what has been reported in Issue #2389 — i.e., there is no new issue here.

“Fixed” this issue. Since the Bit Warden UI allows both FaceID and Pin Code for unlocking, I checked them both. My theory was that since this was allowed, it might be that if FaceID unlocking failed for some reason, that the Pin Code would then be requested. Well, that’s not what happened, instead this caused autofill to take 2 tries. Which I didn’t associate with autofill taking two tries until I finally tried deselecting Pin Code unlocking.

I have no idea what’s going on with Bit Warden if you have both of these unlocking methods set, doesn’t seem to have well thought-out semantics. At least from the behavior that I see on my phone. My opinion (for what it’s worth, very little I’m sure) the UI should have these selections be mutually exclusive. Or have some sort of rational behavior if both are selected.

So I’m done here, thanks for all the help grb, really appreciate your working with me and being so helpful in talking about the problem. Keep up the good work.

Not quite :slight_smile:
#2389 speaks solely of Argon2 vs PBKDF2, whereas my tests show that above a certain level of memory then using or not using biometrics (at least, FaceID) is a critical factor.

As noted I have returned to a memory setting for Argon2id above the supposed 120MB limit mentioned in #2389. as well as the tested 64-96 MB area, yet with biometrics and without PIN this operates flawlessly in testing up to 256 MB (beyond that untested).

@MrDoh has just confirmed this (which I first mentioned here) as their fix in #29.

The 120-MiB limit for iOS auto-fill is not affected by the Argon2id setting if unlocking is done using biometrics (since this does not require any KDF calculation). So, what you’re observing is fully explained by known behavior (and the issue, when it occurs — i.e. , when non-biometric unlock methods are used — is exactly what is described in Issue #2389).