See this
If an attacker has the MacOS password then that attacker can add his/her fingerprints to the account so is there anyway to achieve what the OP wants?
The same implementation in iOS. There should be a system flag for when fingerprints are added/removed to reprompt for a password instead of biometrics(this occurs in many banking apps) - so if the fingerprints are altered, the vault disables TouchID login and requires a master password input.
The current implementation means that with your iOS 4 or six digit passcode, you can add a new fingerprint and use that to log into bitwarden, bypassing the need for a master password.
Hi all,
is there any update on this? It’s been a while and I think this is making the TouchID feature unusable until it’s fixed
Thanks!
This behavior has been a known problem (feature NOT) for a long time. In my opinion this is a huge security hole and makes using Touch ID unwise (or just plain unusable).
Without being able to use biometrics to unlock the Bitwarden vault, people will fallback to using short, easy type master passwords which is also a bad idea.
When is this going to be fixed?
Agree that this is a huge security flaw, and I’m surprised this has been an issue for at least two years now. At the very least, I think the entire biometric unlock feature should be disabled until a fix arrives for this and the issue posted by @remestore.
Just noticed this behaviour today when my finger got wrinkled from the cold and Touch ID didn’t let unlock Bitwarden. And then it showed the fallback to the password of the Mac and not Bitwarden’s password. This is a quite a bad security flaw and really should get addressed.