Unlock vault with PIN

Add the ability to “lock” a vault with a PIN code, similar to the mobile apps.

Definitely yes!
I’m using the browser extension with the auto-lock, which is a great security setting. I access my vault several times a day and have to re-type my (long) master password each time which becomes annoying.

Having a pin for the browser extension and desktop apps would solve this annoyance in an elegant way.

And I don’t mind re-typing the password after a browser restart.

2 Likes

Ditto this. Enpass has this and it was a welcome option.

Wait, I didn’t think about a detail… What if the person saves the master password to keep it logged in all the time and restarts the browser? Would it be possible to re-open the vault and unlock with a PIN yet?

yes please - while it is great having to type my 50+ char password multiple times a day this first couple of weeks to learn it! I’m pretty sure I’ve remembered it now and need a faster way to unlock the extension please.

Also please set a “minimum pin” and leave the maximum up to the user, like Windows Hello

2 Likes

Might as well use KeePass to store the first 46 of the master password and have you fill in the last 4. Have a simple master password on KeePass. Just a thought.

I like Bitwarden but the lack of quick unlocking is the most significant drawback for me, because I can not migrate to Bitwarden

2 Likes

This is the only feature keeping me from fully utilizing and paying for Bitwarden, has there been any progress on it? Does Bitwarden have a bounty program?

What kind of bounty program do you mean?

1 Like

Some of the open source items I use utilize https://www.bountysource.com/ and individuals offer a bounty for a feature/rewrite/fix/etc.

Nice idea! Added a feature request here:
https://community.bitwarden.com/t/bounty-program/

+1

@WorstBitNightmare BTW, Bounty Source doen’t support Discourse: https://github.com/bountysource/core/issues/1364

Yes please!
As discussed elsewhere:

  • it should ask for master password after a while or browser restart (browser extension) or system lock/sleep (desktop app).
  • it should be unforgiving and ask for master password after a failed attempt.

This functionality would be very great.
+1

Would love to see this implemented too!

Preferably with more stages:

  • Soft-Password after X minutes inactivity (Pin, Fingerprint, short-pass)
    -> Combined with: Soft-lock after screensaver/lockscreen/…
    -> Optional: Hard-Lock after X minutes of soft-locked.
  • Unlock from Hard-Lock with fingerprint

This would be a fantastic option. Also, one could use an RSA key to authenticate and the key could be protected by say an OS level password protection.

Something else I forgot to ask: will the PIN be set locally (for each device) or cloud-synced as well? :thinking:

Now that there’s the desktop app for the 3 major platforms, there should be some way of doing so (at least for the desktop apps).

What about encrypting the encryption key with the pin code and only storing that in the bowser until unlock?

Please have three distinct operations.

  • Log in: Requires password and two-factor authentication. Identifies account and decrypts data.
  • Decrypt: Requires password. Decrypts data.
  • Unlock: Requires PIN or short password. Data already decrypted, merely allows access.

If Unlock fails a small number of times, or a suitable timeout has occurred, the decrypted data will be deleted, and a Decrypt operation will be required.

2 Likes