Stolen phone: extra security measurements
Currently, the possibility of having your smartphone stolen while it is unlocked (or even the thief requesting your access pin) is not negligible. I’ve seen several cases like theses happening in my city.
Although Bitwarden has several security measures, because of the local storage of the vault, I think it could be vulnerable in the following situation, where the thief sets the smartphone to airplane mode.
I imagined the following situation:
User has BW on an Android smartphone with fingerprint access activated. The user also set auto-lock timeout in the BW vault (activated immediately). In this way, whenever the user leaves the BW app, it is locked;
The user is robbed and the thief forces him to show his smartphone unlocking pattern;
In possession of the smartphone, the thief puts it in airplane mode;
The thief registers his own fingerprint on the smartphone;
The thief accesses the BW vault indefinitely, as the phone is in airplane mode.
Even if the cell phone owner accesses the BW from a desktop and requestes to force the re-authorization of all clients from the Web Vault, I think the request will not be executed on the stolen smartphone, as it is in airplane mode.
- An extra option to force the BW app to always check their server before unlocking the app. If the smartphone is not connected to the internet, the app asks for the master password;
Thanks in advance!
Hi @max1 - welcome!
Thanks for the feature request. I should mention that your second suggestion is already possible on Bitwarden if you set your Vault Timeout period to Never (or a really short time period) and your Vault Timeout Action to Logout.
Hi @dh024, thank you for your reply.
About your suggestion, if I followed it, I would need to re-enter my master password all the time, right?
I was thinking of something that would give me the flexibility of biometric unlocking in regular day-to-day use, but would require me to re-enter the master password if something unusual happened.
Yes, you will have to choose if you want to force a login each time, which always requires your master password because it is used to generate the key that decrypts your BW vault, or you can choose to store the key locally if you want to avoid re-entering your password. That’s why I like your first suggestion so much, because it provides a workaround to this issue. You might even consider modifying your request by removing the second suggestion entirely, because I don’t think it is feasible without becoming cumbersome. Totally up to you, though - I just toss this out there as something to consider! Cheers.
If I could have it “my way” (bear in mind I keep multiple secure json vault backups at home) I would like to see BW setup/allow a kill code PIN, which would be fully optional for ALL users. If someone entered the “kill PIN” BW would delete the vault from the device AND the cloud — > completely. It would be a simple code addition. Code wise: maybe the preset kill code would simple destroy the master key header, which would be simple. The vault itself would not have to be destroyed BUT without the needed derivation key the contents would be worthless. Then you simply delete your vault and restore from json backups. Simple
I have intentionally deleted one of my vaults numerous times and a FULL restore using a json backup is sooooooooooooo simple and it works every time.
We use a similar process on Crypto using Trezors.
Totally agree with you. I’ve just removed the 2nd suggestion.
I recently noticed that the Android app checks to see if the system fingerprints have changed since last login to the vault. When it detects a change then it requests the master passward again. Now, the concern I had reported in my post no longer makes sense. Now I feel safer.