Unlock with hardware key with optional 'require pin' setting

Currently we have an option to unlock with pin and biometric, however, we cant use hardware tokens like a yubikey as an unlock method. I propose we add unlock with webauthn and can have a checkbox to require the pin for the yubikey or not, so the user can simply press the physical button to unlock, while still enabling the feature of “Require master password on startup”.

This way unlocking is both easier and secure. And the attack vector would be limited to needing physical access

Also, there should be an option for “Forget master password token”, where you are prompted for the master password if:

A> if your device has gone to sleep.
B> Prefixed /configurable time , maybe X minutes/hours

2 Likes

Hey @satish let me know if this post covers you’re request and I’ll merge them: Unlock Bitwarden with 2FA, e.g. Yubikey (instead of, not in addition to password)

Yes, I think it can be merged. However, I think the option to ASK for the yubikey pin should be optional while setting up with a checkbox . Similar to setting up a pin in the browser extension requiring master password on startup. So people can choose how they want to interact with it. Also another feature would be to logout after X time/ Screenlock, where the yubikey can login but requires pin auth as well.(extended validation) This way a person can walk away from their desktop / laptop and even if the laptop is stolen, but not shut down, the timeout /screenlock would force extended validation with pin.

I’ve updated the post title to refer to the feature request specifically. For any additional feature requests you can break them out into specific posts for voting/discussion.