Security: Allow PIN as alternative to biometrics for app login

I’d like to be able to set up my Bitwarden Authenticator app(s) to require a PIN to get into the app, instead of biometrics. The PIN should allow at least 8 digits.

This is for defence in depth, a key principle in security. If for some reason an attacker is able to spoof my phone’s biometrics, I don’t want them getting into my Bitwarden Authenticator app too. Have a PIN or password will block them.

How to handle multiple incorrect PIN guesses (e.g., 5 wrong guesses): The only way to do this that I can see it to introduce a password to serve as a fallback. If I make 6 wrong guesses, the PIN will be disabled and I’ll have to enter the password. This is how the Bitwarden mobile apps work.

BTW, I would think that this password would be useful as a fallback for the biometrics unlock too.

1 Like

+1

Great addition when using biometric unlock for the Bitwarden Password Manager. Having a PIN for the authenticator keeps the TOTP more secure

+1 for Password fallback (or username/password for multiple synced devices), and…

require this PIN or password for the import/export/backup functionality…