Hi,
This would be a great security upgrade: allow the option for the app to require both fingerprint and a pin to log in.
Would you be able to support this?
This is a bad idea, since it requires the fingerprint to succeed 100% or else you are locked out.
Even apple and android both say “If your face/finger scanner fails, you can fall back on the PIN” because they recognize there may be a time when you can not scan your face or finger properly.
Scan finger with fallback enter PIN is great as is.
Requiring the ability to succeed the fingerprint scan 100% of the time is a bad idea.
2 Likes
Then why not allow it and have the same setup as if your pin is forgotten-the ability to reset it? I’m not asking for 100% reliability. At least the choice would be nice.
It seems a pin can always be monitored, and a fingerprint can always be found/used, but both - 2 factors- can’t be. Just an idea.to further the security of the app.
1 Like
But don’t forget that after 5 incorrect PIN attempts you are automatically logged out. This means that now you MUST know your master password and not merely the PIN to get in your vault. Very unlikely anyone can guess a four digit PIN in only 5 guesses, don’t you think? Clearly your BW PIN should be something you never use elsewhere and your fine!
Considering iPhones (and Androids) can be forced to use biometric unlocking (https://www.wired.com/story/police-unlock-iphone-face-id-legal-rights/) I’m certain this is now the time to allow the option of dual security steps - it’s basically 2fa anyway but with something you know and have, so it’s no more succeptable to being locked out, and considering this opens up the keys to the kingdom I’m frankly baffled as to why this is being dismissed so quickly. Anyone can face/fingerprint unlock your vault against your will if they wanted to, so why not at least give users the option of thwarting this attack route?
I would like to second this for the mobile apps only. The master password + TOTP is great for PC logins and initial log ins on mobile, but master passwords are really inconvenient on phone keyboards. But as pointed out, biometrics are not super secure (from a legal standpoint). So for the mobile application a biometric + PIN would be an easy interface for the user to have convenience AND security, especially if the master password is required on device restart.
If this feature was possible, don’t you think Apple / Samsung / Google would include it in their phones by default???
They don’t have a “DISABLE PIN FALLBACK FOR BIOMETRICS” option because they can’t add the feature because it makes no sense when you understand how biometrics protects / locks the data…
Again, this isn’t “oh man those nerds don’t understand the needs of the people!”
This is “There is no way to implement this feature that makes any sense from a technical standpoint. It’d be like painting a picture of a lock on your door and saying “look, one more lock! much more secure now!””
Understanding the lock you have and how it works and what risks you face in the outside world is important. (ie. someone posted the airport forcing biometric unlocks… that means you should disable TouchID when you go through airports. Simple.)
Isn’t that exactly how the Android app works today? Fingerprint OR PIN with fallback to Master Password via Log Out.
Sorry if it sounds like I’m asking for you to change how the hardware works, I’m not a mobile developer and am not familiar with javascript and Android/Xamarin APIs (if it were python, MatLab, java or Fortran on the other hand… yes - I know its a weird set of languages). From a user perspective it would just be a feature that would give me peace of mind.
You might be able to get around the system API’s via using the following logic to unlock the bitwarden vault:
if multi_unlock_authentication_option:
# do system fingerprint authentication
# ...
if fingerprint_authentication_successful:
# do bitwarden pin authentication
# ....
if pin_authentication_successful:
# unlock vault
If the user sets fingerprint_authentication_successful=True there might be a prompt mentioning that they should ensure that the fallback method for the fingerprint unlock should be a different pin/mechanism than the bitwarden pin.
I would think that with the above logic the fingerprint step would be equivalent to the current fingerprint, and the pin would be equivalent to the current pin, so I think this actually does something more than just security theater (the paint on the door analogy above). It would end up kinda silly in the fallback mode in that you would just end up entering 2 pins… but 2 pins is harder than just a fingerprint or 1 pin and would lead to an even higher likelihood of falling back onto the password+TOTP method.
@dabura667 I understand that this is a low-vote feature that’s at best going to use some funky authentication logic (above) if its possible at all and so will likely languish - but out of curiosity do you see any reason why the Xamarin API’s would not support the above logic?
I would really like a feature as supposed, since airport security or police might force your biometrics, but they cant force a PIN. You might still enable unlocking with your master password as an alternative in case you forgot your PIN. This way it is possible to increase security while still being convenient and you also have a backup method for unlocking. I would love to see this.
1 Like