I use a real phone but my sister uses an iPhone and i just set her up with Bitwarden this weekend. All is good with the computer use and i found the keyboard auto-fill instructions so she can use the app on her iPhone. Unfortunately, every single time we try to autofill an account (web page or app), Bitwarden is asking her for the master password. I have no idea why. She is not logged out of Bitwarden, but this is not useful if this is how the app work on a stupid iPhone.
Any ideas? I was going to see if there was some sort of timed logout, but as I started this she did show me that shes not logged out of Bitwarden so i am even more confused. I guess she can copy and paste her user name and then her password, but that would not be a good introduction to this service I’ve been subscribed to for years. Which, i guess i shoukd ask; is this a paid vs non-paid account thing?
Hello and welcome to the community!
Have you set her up with Biometrics unlock? Bitwarden is set up with a secure option, which is to lock the application with the master password after some time. Here’s the instruction about setting up with Biometrics unlock:
Here’s an instruction about changing the time-out, but leaving it on default maybe is good enough; don’t set it to never, as she will be less safe.
1 Like
Thank you. We dont want to use biometric and i dont use it either. She is logged in to Bitwarden on the phone so it should just provide the stored info, but it always asks for the master password when trying to autofill. If she goes to the Bitwarden app she can see her vault without Bitwarden asking for the master password.
I can check out the timeout setting, but i dont think that is the issue
1 Like
I can check out the timeout setting, but i dont think that is the issue
From what you want, it may be the Settings → Account Security → Session timeout → Never.
As I mentioned before, this will make you less safe because your BW vault is always open. If your phone is stolen, unlocked, whoever gets your phone will have all your passwords, and they remain available even if the thief turn wifi/mobile off. Some people have had their phones robbed at gun points, forced to unlock the phones; if you ever get in this situation, they will also have all your passwords also, even offline (so you can’t wipe your phone remotely).
Thats not what i want nor is it how i have it on my phone. On my phone, i log in to bitwarden, then i go to the app or website i want to gain access, i click on the user name and/or password and Bitwarden offers my accounts available to autofill on those apps/websites. My bitwarden account will lock itself after about 5 minutes, so if i need to use a password later on i will have to enter my password. This is all i want to do on the iphone.
This is not a timeout issues.
As i mentioned, on the iphone, every single time we try to get an autofill, Bitwarden asks for the master password.
I took her phone, logged in to the Bitwarden app, then I opened the app she wanted to use, clicked on the username and I select the Bitwarden popup, its asks for the master password again. I can switch apps and go back to the Bitwarden app, copy the user name without needing to enter the master password again, jump back to the Bank app and paste it, jump back to Bitwarden, copy the password, back to the bank app and paste it, but i cannot click on the Bank app’s user name or password and autofill that data without Bitwarden asking for the Master password.
If this is how it is on an iPhone, then we will move on. If there is a way to use Bitwarden on the iPhone in the same manner i can on my phone(be logged in and select an autofill without having ro enter the master oassword again), then i think she will have a good experience. She is already unhappy that she will have to enter her master password literally every 15 seconds when she opens her 4 apps she logs into every morning. I don’t know what the difference is between the iPhone and my phone, but i can see her frustration and I would not want to work in this manner. My timeout is about 5 minutes and i still get mad at myself for having it that low, but I know that is a safe amount of time in case i lose my phone. Whatever her iphone setting is, is not a timeout issue since the app is open and logged in.
I can post a link to a video if this is not clear enough
1 Like
Thanks for the details. Sorry I couldn’t help you. I hope some other members with iPhone will have insights to what’s going on. People on iOS tend to have better autofilling experiences than on Android (which I have), so I hope this will work out for you.
The iPhone offers high security with ease of use by exploiting commonly used biometrics between scheduled vault logouts. It is possible to log in every time, as @SERGEANTd prefers, with attendant inconvenience for rapid new logins as observed.
My preference is to use FaceID with a scheduled logout interval. It is quick, seamless, practically no-touch. Each to their own.
We’re not giving biometrics to anyone. They’re not secure - Police can legally scan your face or place your finger on the phone to unlock your phone but they can’t legally make you to tell them your password to unlock your phone.
The issues is not the phone security, the issue is BW asking for the master password when we want an autofill even though I just entered the BW master password on the BW app.
What is the use of having a password manager if every 5 seconds I have to enter the BW master password? Is this really how it is supposed to work on an iPhone?
Of course people need to adapt to their own country’s laws and the risks they perceive. There are of course rapid-fire methods of disabling biometrics, including without touching the phone. That is not a topic here.
The alternative is to lock with PIN, which may be no more disclosable than a password in your country. With timed logout also implemented that may cover your situation.
Given the risks around information on our phones, it is a feature that Bitwarden requires at least some form of identification on iPhone before filling anything. How one selects or manages among the various methods offered is up to the individual.
Edit to add: I should have mentioned earlier that FaceID for unlocking a phone and for auto-filling passwords (and other things) are independent. If you cannot be compelled to unlock your phone with a passcode then using FaceID for auto-filling passwords is immaterial to security.
I think various options to be more secure than having the vault open and unable to be closed very rapidly on such a thievable device, even for five minutes.
Hi, I can confirm that I do not experience the same on my iphone. I have Bitwarden as my only auto-fill password manager (turned off Keychain) and my Bitwarden app vault is set to timeout as soon as I leave the app.
But I do have FaceID to unlock it, so I’d guess this is where the problem is.
I understand your concerns in using biometrics. Maybe to debug it, you could create a FaceID, add it to Bitwarden, see if that solves the problem and then delete the FaceID.
At least you would know if that is the issue and maybe we are one step closer.
Thanknyou for this. I was thinking about adding some fake biometric, so maybe i can add mine on her phone to test it out … i was thinking of how to use her knuckle or something fake loke thatn but now that you mentioned this i can use my finger.
Do other apps on an iPhone do this? Like do you have to enter your gmail password to get unto gmail and then enter a password again if you want to read your email? I know its absurd, but it makes no sense how Bitwarden acts on the iPhone
Thanks again for replying
Sorry for the late reply.
In my App Security Settings, I have set session timeout as immediately and action set to lock (check is not set to logout). I use Face ID to unlock it (you could also set a PIN)
What happens is that every time the app is launched/used (including switching apps), the vault is locked and requires either a FaceID (my case) or the master password or a PIN.
It seems to me that the issue could be that without a FaceID or PIN, the only method left to unlock the vault is the master password.
According to your description your vault is set to timeout after 5 minutes. Maybe it is logging out instead of locking it? Maybe it is locking it/logging out as you soon as you leave the app screen?
Good luck!