Way to decrease wrong PIN entries before logout?

I read somewhere that Bitwarden will cause a logout if the PIN is entered wrong 5 times. 5 times seems way too many times to me. I would be much more comfortable with wrong entries 2 times in a row or a max of 3 times.

Is there a way to reduce the number of wrong PIN entries before Bitwarden causes logout?

No, this is not a user-adjustable setting.

However, please note:

  • An unsophisticated attacker with access to your unlocked device would have a 0.005% chance of guessing a 5-digit PIN in 5 tries, a 0.0005% chance of guessing a 6-digit PIN, etc.

  • A sophisticated attacker with access to your unlocked device could make a copy the locally cached vault, which would allow them to conduct an off-line brute-force attack against your PIN, completely bypassing the five-attempt limit.

In either case, your best strategy is to improve device opsec and increase the strength of your PIN. Reducing the number of allowed attempts is not going to significantly improve the resistance against an unsophisticated attack, and it will do nothing to prevent an off-line attack on an exfiltrated copy of your vault.

1 Like