What you probably remember seeing it this request, which is different. That request involves storing a user-specific code on the user’s devices, and using that code in combination with the master password to decrypt the vault. Even if you extend that request to include also PIN-lock use cases, that approach would not help if somebody steals the PIN-locked vault from one of your devices, (because the same attacker would also be able to steal the code that is stored on the same device).
Yes you are right (on both counts) been trying to get my head around the PIN options the last 2 days and what the security ramifications are of using them - so yes that was what I was recalling (if slightly out of context for this discussion)…
(…the inclusion of PIN options are one of the main reasons I am migrating from 1PW to BW.)
As I’ve written in a comment on the other feature request topic, you can achieve essentially equivalent behavior in 1Password by setting your vault password to be a simple PIN. The vault that is stored in the cloud would still be sufficiently protected because of the way that 1Password combines your vault password with the “secret key” stored only on your devices.
Indeed. I hadn’t realised that previously (nor fully comprehended your original comment when I first saw it the other day was aimed at 1PW).
(That said - I’m migrating regardless as 1PW have annoyed me very convincingly with both their attitude to users and their approach over some things - like the v8 upgrade - and they have really shitty communication with their customers - I think the ownership change(?) has been detrimental… And as I spend more time understanding BW I think it’s a better product for me, despite having some trackers and some lesser features not as good as 1PW.)
Except for some unconfirmed reports of tracking in the online stand-alone password generator (which I’ve recently discussed here), tracking is only done for the purpose of crash reporting on mobile clients, and can be disabled completely by installing the F-Droid build; this is explained here.
Cheers. Yes I was aware they weren’t in anywhere critical (but thanks for the link as hadn’t seen that article yet and wasn’t yet aware of F-Droid option).
