Feature: biometric unlock options
Add a feature that allows you to choose biometric unlock options individually. So you can choose just fingerprint, or just face ID (facial recognition), or both. As of right now on the android app, I can choose biometrics as a whole to be enabled or disabled.
Facial recognition is known to have a much higher False acceptance rate.
While I want the convenience of facial recognition unlock for my phone, I don’t want this option to unlock my bitwarden vault.
Hi @bassilap - welcome!
This is already a feature available in the Bitwarden app for Android. When prompted to provide your biometrics, you can click on the Thumbprint or Face icons to choose which one you want (assuming both are enabled on your device).
Here is a photo of the screen on my Android 11 phone so you can see what I mean:
You misunderstand my request.
I want an option in the settings where I can select which biometric options I want available to unlock my vault.
This would look like a setting that allows me to disable facial recognition as an option but keep using fingerprint or vice versa.
OK, so what you are asking for is an option to DISABLE different types of biometric logins, not switch between them. Got it.
I have updated your request title to make this clear - I hope you don’t mind.
Yup! That’s a better way to phrase it. Don’t mind at all.
I second this request. I don’t trust facial recognition all the data I have in Bitwarden. But I do trust the fingerprint sensor. Most banking apps I use allow only fingerprint login (they don’t have a switch to facial) and I want to set Bitwarden to that level of security as well.
I agree. This is really needed. it has me looking at other password program options.
I want to use face unlock for my phone but NOT for Bitwarden.
Add the ability to disable the much less secure Android Face unlock from vault login
Samsung clearly states that face unlock is less secure than fingerprint and PIN. It can misidentify people that look like you or even, in some cases, unlock when shown a picture of you (this is all displayed in warnings on Samsung phones, likely other single-camera face unlock phones are the same).
It can be turned off but it’s not in Bitwarden. Many banks only allow fingerprint. Secure face unlock requires multiple cameras and special equipment. Otherwise, using face unlock to protect all your passwords is not recommended.
I searched and there was another topic requesting face unlock. It has since been activated in Bitwarden. If you are using face unlock to unlock your phone, you will be given the option to use face unlock your vault. You can avoid this by not setting up face unlock on your phone. Unfortunately, it takes away other opportunities to safely use it.
Feature request: Optional face unlock capability.
I want to use face unlock for my phone but NOT for Bitwarden. However, if face unlock is active on the phone and you want to use fingerprint login for Bitwarden then Face Unlock is available. Can we have a way to have Face Unlock available used on the phone but have Bitwarden ignore that biometric so we can only use fingerprint login for BW?
I thought maybe they had fixed this so I loaded my face again. Bitwarden still gives me the option to use fingerprint or face. Chase doesn’t. Even GoodRx doesn’t. They are FP only.
I tried to attach a screenshot below of what Samsung says about face unlock when you click for more info during setup. Mostly bullet #1 applies.
Hoping it’s something that can be done. I know developers work hard on Bitwarden and I appreciate that. I’m not a developer so I don’t know how hard this is to implement.
I have been also annoyed by BitWarden allowing me to unlock via face and I’ve gone down the rabbit hole to find out how to disable it.
From the looks of it BitWarden uses a plugin called Xamarin-Fingerprint to perform the authentication on both iOS and Android, and for Android there’s no support to select which authenticator to use.
I’ve created a pull request for that plugin adding some functionality for Android (although it’s a bit rough), hopefully that feature will be accepted and then BitWarden can start requesting only STRONG authentication instead of allowing both STRONG and WEAK.
Hey @eblis, can post your PR contribution in the GitHub Contributions - Bitwarden Community Forums channel for the team/community to review?
I’ve created this, but it’s not in a BitWarden project, it first needs to be implemented in one of Bitwarden’s dependencies.
Hmm, so apparently my post was hidden.
The system flagged it due to multiple links, I’ve restored them.
Does someone know if this problem will ever be fixed in some way? I think it could be a precious and essential security feature. I still miss it so much! Thank you!