See this
If an attacker has the MacOS password then that attacker can add his/her fingerprints to the account so is there anyway to achieve what the OP wants?
The same implementation in iOS. There should be a system flag for when fingerprints are added/removed to reprompt for a password instead of biometrics(this occurs in many banking apps) - so if the fingerprints are altered, the vault disables TouchID login and requires a master password input.
The current implementation means that with your iOS 4 or six digit passcode, you can add a new fingerprint and use that to log into bitwarden, bypassing the need for a master password.
Hi all,
is there any update on this? It’s been a while and I think this is making the TouchID feature unusable until it’s fixed 
Thanks!
This behavior has been a known problem (feature NOT) for a long time. In my opinion this is a huge security hole and makes using Touch ID unwise (or just plain unusable).
Without being able to use biometrics to unlock the Bitwarden vault, people will fallback to using short, easy type master passwords which is also a bad idea.
When is this going to be fixed?
Agree that this is a huge security flaw, and I’m surprised this has been an issue for at least two years now. At the very least, I think the entire biometric unlock feature should be disabled until a fix arrives for this and the issue posted by @remestore.
Just noticed this behaviour today when my finger got wrinkled from the cold and Touch ID didn’t let unlock Bitwarden. And then it showed the fallback to the password of the Mac and not Bitwarden’s password. This is a quite a bad security flaw and really should get addressed.
Related issue on GitHub: Bitwarden desktop app allows laptop password to unlock vault · Issue #10444 · bitwarden/clients · GitHub
I loved the touchID feature until I came across this gap. Please address!
This is very disappointing. I wonder if the problem is rooted in the way MacOS manages TouchID. Either way, until it is sorted out, I guess I’m turning off TouchID for access to my vault. Will look into using a Yubikey instead.
Still waiting on this one after 5 years! 1Password is looking more appealing…
macOS Bitwarden desktop app allows the user unlock the vault with the device’s password if TouchID fails or the user chooses not to use biometrics.
This introduces a vulnerability: if someone sees me enter my device’s password and steals my device, it gives them the ability to not only unlock my computer but also unlock the vault.
Ideally, the vault should only take biometrics or master password. It should not allow the system password as a backup.
1Password implements this well. They have an option for you to toggle whether or not you want to allow the system password as an option.
We should make this option available in Bitwarden!
I’ve attached screenshot to show the difference.
@unknown I merged your post with the existing feature request on the same topic.