TouchID on macOS: prevent fallback to macOS Account Password

Hopefully this issue will be addressed soon because it means that using TouchID is not secure unless I have a secure macOS device password. I think for many people that’s not practical, generally we have shorter passwords or PINs for device logins (6-8 chars) whereas my BitWarden password is 15+ chars.

I recently realised that if you add a new touchID fingerprint to macOS, you can use the new fingerprint to unlock Bitwarden without having to reauthenticate with your master password. This seemed like a big security flaw and while searching for it I found this post. In both cases I think the most worrying thing is that they are not obvious to users (or maybe I’m losing my touch :grimacing:). So I’ve been using Bitwarden for over a year and the whole time someone could have have full access to my vault if they had access to my laptop and device password.

The first and easiest fix would be a clear warning when users enable TouchID. Currently you just check a box, scan your finger and assume all is well.

The ideal solution for me would be to prevent falling back to macOS device password AND detect if there have been any changes to stored fingerprints.

I love Bitwarden and really appreciate your work. I also understand that this is probably not a trivial fix, it must be leveraging baked-in macOS functionality and it might not even be possible to use the fingerprint sensor without these security tradeoffs.

Please can you comment on the possibility of these changes. In the meantime I need to make a choice between disabling TouchID and using a 15 character device login - I’m still deciding!

1 Like