If biometrics fail to unlock, defaults to Windows password

polomora · May 26, 2025, 4:53pm

Hello,

I just noticed this strange behaviour. I did a quick search, I couldn’t find any previous similar questions, hence the question.

I use biometrics to log onto my Windows 10 PC, and also to unlock Bitwarden. I’m often busy with DIY in my house, and as a result my fingerpront is temporarily not recognised by Bitwarden, I think because my fingerprints are temporarily erased. After a while, my fingerprints “recover”.

However, when the biometric fails when unlocking Bitwarden, it uses Windows Security to login which means using my Windows password. Is this safe? Wouldn’t it safer to insist on using the Bitwarden master password in this case?

My apologies if this has already been addressed.

Paul

Neuron5569 · May 26, 2025, 7:39pm

Hello,

Apparently, when Bitwarden hands over biometrics authentication to Windows Hello, there is no option to disable the PIN used as a backup authentication method. This is unlike Android’s authentication service. See these threads:

https://superuser.com/questions/1689768/windows-hello-face-recognition-without-pin
Is it possible to exclude Windows Hello PIN as an unlock option when using biometrics | 1Password Community

Windows PIN is TPM-protected, though, so it has the mechanism to protect against brute-forcing. With biometrics authentication as the normal workflow, you can select a strong PIN that is alphanumeric and randomly generated to prevent unauthorized access.