On iOS, instead of PIN unlock with a custom PIN, it would be nice to be able to unlock with a device passcode.
A user should be able to choose, “unlock with device passcode”, and after decrypting the vault with the master password, the user should be able to do future unlocks via the device screenlock passcode (and not touch/faceID or a custom PIN).
Why?
-
I suspect (from comments on hxxs://community.bitwarden.com/t/dont-repeatedly-display-unlocking-may-fail-due-to-insufficient-memory-warning/58281) it would resolve most of that FR. I am guessing the reason you don’t have a memory warning on biometric unlock is because, with biometric unlock, the unlock key is stored in Keychain, but with PIN unlock it is not. But with passcode unlock, it can be (hxxs://://developer.apple.com/documentation/security/secaccesscontrolcreateflags/1394326-devicepasscode), I think.
-
It would also resolve hxxs://community.bitwarden.com/t/allow-iphone-passcode-pop-up-to-unlock-vault-when-face-id-fails/36899.
-
I suspect for the majority of users, their Bitwarden PIN (if they use one) is the same as their device PIN but not the same as their master password. (Rationale: the Bitwarden vault is subject to brute forcing which an iPhone is not, since the iPhone passcode is not used for KDF but, instead, to unlock a TEE.) So they’re probably already reusing the PIN!
-
And if my guess as to how it works is correct–that PIN-unlock uses a locally-derived key to re-encrypt the vault–it seems more secure (given the potential for low-entropy PINs) to take advantage of Keychain’s TEE for storage, I think? (Yet, users who want to use Keystore may not want to use biometrics, given the risk of being forced to unlock, etc.)
How:
- I am not an iOS developer, but I would think, based on the docs and hxxs://://medium.com/@alx.gridnev/biometry-protected-entries-in-ios-keychain-6125e130e0d5, it is as simple as reusing the Keychain storage already implemented for biometric key storage, but changing the ACL flags.
Let me know if I can add detail here!