Hello,
I started using the bitwarden web version. I noticed there’s no option to use pin to unlock after timeout. (I think it’s also called a passcode?)
It would be really convenient instead of having to input master pass every single time.
I tried to search fort his feature and couldn’t find anything.
Thank you.
It may be difficult to implement this in a way that is both secure and convenient.
The PIN-protected encryption key (required for vault unlocking) is normally stored only in volatile memory, and this memory is cleared anytime that an app is closed; therefore, the default behavior is for the app to use the master password to encrypt the PIN-protected key and write that encrypted key to persistent storage (e.g., the local cache file saved to your hard drive) — this is why you normally have to enter your master password the first time you unlock your vault after restarting an app.
It is possible that PIN unlock could be implemented and work as expected in the Web Vault if you always lock the Web Vault by automatic timeout or by using the “Lock Now” function in the account profile pop-up menu. However, if you refresh the browser tab, the memory used by the Web Vault process is cleared and reset, which causes the vault to lock, but would also erase the PIN-protected key. Thus, you would be asked for your master password to unlock the vault, even if a PIN had been enabled.
Other apps have the option to disable the requirement to unlock with master password on restart, but this introduces security vulnerabilities.
