Unlock vault with biometrics *and* PIN together

Feature name

• Unlock mobile app vault with biometrics and PIN together

Feature function

• The mobile app vault can currently be unlocked with biometrics or a PIN. This feature would add an option in the settings to require both biometrics and a PIN to unlock the vault, instead of only one or the other.
• This feature would bring greater security to the mobile app with only a slight increase in inconvenience. This would theoretically improve security in situations such as: phone being stolen, crossing an international border, attacker shoulder-surfing in public. The combination helps reduce the mutually exclusive weaknesses of biometrics and PINs.
• This option could be accessed in Settings>Security after the “Unlock with [biometrics]” and “Unlock with PIN Code” options, with the vault timeout options working in the same way.

Related topics + references

• A similar request was made here Allow to set a PIN in addition to biometrics for chosen items. But this new request may be easier to implement as both features are already implemented.
• GrapheneOS added a similar feature at the phone level add support for setting a PIN as a 2nd factor for fingerprint unlock · Issue #28 · GrapheneOS/os-issue-tracker · GitHub and it seems Windows can also do this. I can’t find examples of iOS or stock Android allowing this however, which leaves Bitwarden and its passwords potentially more vulnerable on these platforms.

Thank you for your time and for the great product that is Bitwarden.

I very much support this feature request!

As you said, this really “helps reduce the mutually exclusive weaknesses of biometrics and PINs.” Unfortunately I’m left typing my password every time which is a huge pain, but I don’t believe biometric or a pin are secure enough on their own.

It’s unfortunate that Android/iOS doesn’t natively allow this, but I imagine it would be reasonable enough for Bitwarden to use the OS’s biometric then implement their own PIN unlock if need be.

As a minor correction, GrapheneOS hasn’t added this feature, it’s just a topic that’s been discused but not implemented. (Though it looks like it may happen soon)

Hello!

I completely support this feathure in security options.
The master password, as well as the PIN code, can be spied on, a finger can be placed without the will of the account owner. But both requirements together to open a session reduce the risk of access by persons who have the ability to physically access the device.
I’m sure it’s easy to implement.
I don’t need to enable two-step authentication, which only helps against remote login attempts and creates additional inconvenience for me.
I asking a developer to add double unlock using biometrics and pin code together to access the bitwarden.

Best regards