Hi,
First: I have searched the forum and documentation for this for a reasonable amount of time.
I am investigating if I should switch to Bitwarden. Partly for myself, but the rest of my family also asks me for advice what to use, due to the large leaks lately.
I have a laptop and an iPhone as my main devices. (I don’t use Face ID and I don’t want to).
I have a few question regarding how it is supposed to work when logging into a website.
When I am on my laptop and I have my vault unlocked in the Chrome extension, this is how it works for me to log into GitHub:
I go to the GitHub login page, Bitwarden suggests that it can fill in the password, I click to allow it, and then I’m signed in. I think this is fine.
When I am on my iPhone and I have my vault unlocked (in the Bitwarden app), this is how it works for me to log into GitHub from the Firefox app:
I go to the GitHub login page, Bitwarden suggest that it can fill in the password, I click to allow it. I then need to fill in my master password. Then I have to select the correct entry to fill in. Then my passwords are filled in and I can login.
Even if I have a pin code set, it asks for my master password (unless I set the vault to never lock, which I think is a bad idea and won’t do).
My questions:
Is this how it is expected to work on iPhone?
Does it work the same way on Android?
Why does it work differently from the desktop? I mean the vault on my iPhone is already unlocked, I don’t see the extra security in asking for the password again. Rather the opposite, since someone could see my master password.
If I have fingerprint ID enabled on Android (asking for another family member) will they still have to enter the master password in the case above, or will it be enough with the fingerprint?